| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2015-0397 |
|
|
|
2015-01-21 |
2017-09-07 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600. |
|
2 |
CVE-2014-6501 |
|
|
|
2014-10-15 |
2015-11-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH. |
|
3 |
CVE-2013-6335 |
264 |
|
Bypass |
2014-08-26 |
2017-08-28 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
|
The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for Space Management 5.x and 6.x before 6.2.5.3, 6.3.x before 6.3.2, 6.4.x before 6.4.2, and 7.1.x before 7.1.0.3 on Linux and AIX, and 5.x and 6.x before 6.1.5.6 on Solaris and HP-UX, does not preserve file permissions across backup and restore operations, which allows local users to bypass intended access restrictions via standard filesystem operations. |
|
4 |
CVE-2013-5872 |
|
|
|
2014-01-15 |
2017-08-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD). |
|
5 |
CVE-2013-5803 |
|
|
|
2013-10-16 |
2018-01-04 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS. |
|
6 |
CVE-2013-5772 |
|
|
|
2013-10-16 |
2018-01-04 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat. |
|
7 |
CVE-2013-3842 |
|
|
|
2013-10-16 |
2017-09-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability Oracle Solaris 10 allows local users to affect confidentiality via vectors related to Oracle Configuration Manager (OCM). |
|
8 |
CVE-2013-3745 |
|
|
|
2013-07-17 |
2017-09-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc. |
|
9 |
CVE-2012-5077 |
|
|
|
2012-10-16 |
2017-09-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security. |
|
10 |
CVE-2012-3216 |
|
|
|
2012-10-16 |
2017-09-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. |
|
11 |
CVE-2012-3205 |
|
|
|
2012-10-16 |
2013-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via unknown vectors related to Vino server. |
|
12 |
CVE-2012-3203 |
|
|
|
2012-10-16 |
2013-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Gnome Display Manager GDM. |
|
13 |
CVE-2012-3178 |
|
|
|
2013-01-16 |
2013-10-10 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the kernel in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors. |
|
14 |
CVE-2012-3122 |
|
|
|
2012-07-17 |
2017-08-28 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local users to affect confidentiality and integrity via unknown vectors related to sort. |
|
15 |
CVE-2012-1717 |
|
|
|
2012-06-16 |
2018-01-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows local users to affect confidentiality via unknown vectors related to printing on Solaris or Linux. |
|
16 |
CVE-2012-1698 |
|
|
|
2012-05-03 |
2017-12-06 |
2.1 |
None |
Remote |
High |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD. |
|
17 |
CVE-2012-0570 |
|
|
|
2013-04-17 |
2017-09-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc. |
|
18 |
CVE-2012-0568 |
|
|
|
2013-04-17 |
2017-09-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality via unknown vectors related to Utility/fdformat. |
|
19 |
CVE-2012-0563 |
|
|
|
2012-07-17 |
2017-08-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist. |
|
20 |
CVE-2012-0099 |
|
|
|
2012-01-18 |
2018-01-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd. |
|
21 |
CVE-2012-0097 |
|
|
|
2012-01-18 |
2017-08-28 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell. |
|
22 |
CVE-2011-3552 |
|
|
|
2011-10-19 |
2018-01-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. |
|
23 |
CVE-2011-0865 |
|
|
|
2011-06-14 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. |
|
24 |
CVE-2011-0412 |
255 |
|
|
2011-04-19 |
2017-08-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks. |
|
25 |
CVE-2010-4474 |
|
|
|
2011-02-17 |
2017-12-21 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269. |
|
26 |
CVE-2010-4472 |
|
|
|
2011-02-17 |
2017-12-21 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." |
|
27 |
CVE-2010-4448 |
|
|
|
2011-02-17 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." |
|
28 |
CVE-2010-3560 |
|
|
|
2010-10-19 |
2017-09-18 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. |
|
29 |
CVE-2009-4080 |
|
|
DoS |
2009-11-29 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors. |
|
30 |
CVE-2009-3940 |
|
|
DoS |
2009-11-16 |
2010-03-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors. |
|
31 |
CVE-2009-2712 |
264 |
|
|
2009-08-07 |
2009-08-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. |
|
32 |
CVE-2009-2489 |
|
|
|
2009-07-16 |
2017-08-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the utdmsession program in Sun Ray Server Software (SRSS) 4.0 allows local users to access the sessions of arbitrary users via unknown vectors. |
|
33 |
CVE-2009-2314 |
362 |
|
|
2009-07-05 |
2010-05-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Race condition in the Sun Lightweight Availability Collection Tool 3.0 on Solaris 7 through 10 allows local users to overwrite arbitrary files via unspecified vectors. |
|
34 |
CVE-2009-2268 |
79 |
|
XSS |
2009-07-01 |
2010-05-25 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
35 |
CVE-2009-2031 |
200 |
|
+Info |
2009-06-11 |
2009-06-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes. |
|
36 |
CVE-2009-1276 |
200 |
|
+Info |
2009-04-09 |
2009-08-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. |
|
37 |
CVE-2008-5690 |
255 |
|
DoS |
2008-12-19 |
2017-09-28 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. |
|
38 |
CVE-2008-4747 |
200 |
|
+Info |
2008-10-27 |
2017-08-07 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library. |
|
39 |
CVE-2008-3426 |
|
|
DoS |
2008-07-31 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru. |
|
40 |
CVE-2007-5375 |
20 |
|
|
2007-10-11 |
2008-11-15 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM. |
|
41 |
CVE-2007-5274 |
|
|
|
2007-10-08 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. NOTE: this is similar to CVE-2007-5232. |
|
42 |
CVE-2007-5273 |
|
|
|
2007-10-08 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232. |
|
43 |
CVE-2007-5238 |
264 |
|
+Info |
2007-10-05 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." |
|
44 |
CVE-2007-3723 |
|
|
DoS |
2007-07-12 |
2008-11-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." |
|
45 |
CVE-2007-2617 |
|
|
|
2007-05-11 |
2017-10-10 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options. |
|
46 |
CVE-2007-0895 |
|
|
|
2007-02-12 |
2018-10-30 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
|
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435. |
|
47 |
CVE-2006-5215 |
|
|
|
2006-10-10 |
2018-10-30 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
|
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. |
|
48 |
CVE-2006-4303 |
|
|
DoS |
2006-08-22 |
2017-07-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion). |
|
49 |
CVE-2006-4049 |
|
|
|
2006-08-09 |
2017-07-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors. |
|
50 |
CVE-2006-3825 |
|
|
Bypass |
2006-07-25 |
2017-07-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication. |
