# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2015-0397 |
|
|
|
2015-01-21 |
2017-09-08 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600. |
2 |
CVE-2014-6501 |
|
|
|
2014-10-15 |
2015-11-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH. |
3 |
CVE-2013-5872 |
|
|
|
2014-01-15 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD). |
4 |
CVE-2013-5803 |
|
|
|
2013-10-16 |
2022-05-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect availability via vectors related to JGSS. |
5 |
CVE-2013-5772 |
|
|
|
2013-10-16 |
2022-05-13 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the Java SE component in Oracle Java SE Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote attackers to affect integrity via unknown vectors related to jhat. |
6 |
CVE-2013-3842 |
|
|
|
2013-10-16 |
2017-09-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability Oracle Solaris 10 allows local users to affect confidentiality via vectors related to Oracle Configuration Manager (OCM). |
7 |
CVE-2013-3745 |
|
|
|
2013-07-17 |
2017-09-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc. |
8 |
CVE-2012-5077 |
|
|
|
2012-10-16 |
2022-05-13 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security. |
9 |
CVE-2012-3216 |
|
|
|
2012-10-16 |
2022-05-13 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. |
10 |
CVE-2012-3205 |
|
|
|
2012-10-17 |
2013-10-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via unknown vectors related to Vino server. |
11 |
CVE-2012-3203 |
|
|
|
2012-10-17 |
2013-10-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Gnome Display Manager GDM. |
12 |
CVE-2012-3178 |
|
|
|
2013-01-17 |
2013-10-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the kernel in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors. |
13 |
CVE-2012-3122 |
|
|
|
2012-07-17 |
2017-08-29 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local users to affect confidentiality and integrity via unknown vectors related to sort. |
14 |
CVE-2012-1698 |
|
|
|
2012-05-03 |
2017-12-07 |
2.1 |
None |
Remote |
High |
??? |
Partial |
None |
None |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote authenticated users to affect confidentiality, related to Kernel/GLD. |
15 |
CVE-2012-0570 |
|
|
|
2013-04-17 |
2017-09-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc. |
16 |
CVE-2012-0568 |
|
|
|
2013-04-17 |
2017-09-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality via unknown vectors related to Utility/fdformat. |
17 |
CVE-2012-0563 |
|
|
|
2012-07-17 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist. |
18 |
CVE-2012-0099 |
|
|
|
2012-01-18 |
2018-01-06 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd. |
19 |
CVE-2012-0097 |
|
|
|
2012-01-18 |
2017-08-29 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell. |
20 |
CVE-2011-3552 |
|
|
|
2011-10-19 |
2018-01-06 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote attackers to affect integrity via unknown vectors related to Networking. |
21 |
CVE-2011-0865 |
|
|
|
2011-06-14 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Deserialization. |
22 |
CVE-2011-0412 |
255 |
|
|
2011-04-19 |
2017-08-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks. |
23 |
CVE-2010-4474 |
|
|
|
2011-02-17 |
2017-12-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the Java DB component in Oracle Java SE and Java for Business 6 Update 23, and, and earlier allows local users to affect confidentiality via unknown vectors related to Security, a similar vulnerability to CVE-2009-4269. |
24 |
CVE-2010-4472 |
|
|
|
2011-02-17 |
2017-12-22 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier allows remote attackers to affect availability, related to XML Digital Signature and unspecified APIs. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves the replacement of the "XML DSig Transform or C14N algorithm implementations." |
25 |
CVE-2010-4448 |
|
|
|
2011-02-17 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity via unknown vectors related to Networking. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue involves "DNS cache poisoning by untrusted applets." |
26 |
CVE-2010-3560 |
|
|
|
2010-10-19 |
2017-09-19 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality via unknown vectors. |
27 |
CVE-2009-4080 |
|
|
DoS |
2009-11-29 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors. |
28 |
CVE-2009-3940 |
|
|
DoS |
2009-11-16 |
2010-03-04 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors. |
29 |
CVE-2009-2712 |
264 |
|
|
2009-08-07 |
2009-08-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and OpenSSO Enterprise 8.0; when AMConfig.properties enables the debug flag, allows local users to discover cleartext passwords by reading debug files. |
30 |
CVE-2009-2489 |
|
|
|
2009-07-16 |
2017-08-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the utdmsession program in Sun Ray Server Software (SRSS) 4.0 allows local users to access the sessions of arbitrary users via unknown vectors. |
31 |
CVE-2009-2268 |
79 |
|
XSS |
2009-07-01 |
2010-05-25 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
32 |
CVE-2009-2031 |
200 |
|
+Info |
2009-06-11 |
2009-06-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes. |
33 |
CVE-2008-5690 |
255 |
|
DoS |
2008-12-19 |
2017-09-29 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. |
34 |
CVE-2008-3426 |
|
|
DoS |
2008-07-31 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru. |
35 |
CVE-2007-5375 |
16 |
|
|
2007-10-11 |
2008-11-15 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM. |
36 |
CVE-2007-5273 |
|
|
|
2007-10-08 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. NOTE: this is similar to CVE-2007-5232. |
37 |
CVE-2007-5238 |
264 |
|
+Info |
2007-10-06 |
2018-10-30 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to obtain sensitive information (the Java Web Start cache location) via an untrusted application, aka "three vulnerabilities." |
38 |
CVE-2007-3723 |
|
|
DoS |
2007-07-12 |
2008-11-15 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." |
39 |
CVE-2007-0895 |
|
|
|
2007-02-13 |
2018-10-30 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435. |
40 |
CVE-2006-5215 |
|
|
|
2006-10-10 |
2018-10-30 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. |
41 |
CVE-2006-4303 |
|
|
DoS |
2006-08-23 |
2017-07-20 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion). |
42 |
CVE-2006-4049 |
|
|
|
2006-08-09 |
2017-07-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Unspecified vulnerability in the utxconfig utility in Sun Ray Server Software 3.x allows local users to create or overwrite arbitrary files via unknown attack vectors. |
43 |
CVE-2006-3825 |
|
|
Bypass |
2006-07-25 |
2017-07-20 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication. |
44 |
CVE-2006-3225 |
|
|
XSS |
2006-06-26 |
2017-07-20 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors. |
45 |
CVE-2006-3159 |
|
|
|
2006-06-22 |
2017-07-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message. |
46 |
CVE-2006-1782 |
|
|
|
2006-04-13 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch. |
47 |
CVE-2006-1780 |
|
|
DoS |
2006-04-13 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files. |
48 |
CVE-2006-1092 |
|
|
DoS |
2006-03-09 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed. |
49 |
CVE-2006-0516 |
|
|
DoS |
2006-02-02 |
2017-10-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Unspecified vulnerability in the kernel processing in Solaris 10 64 bit platform, when running in 64-bit mode, allows local users to cause a denial of service (system panic) via unknown attack vectors. |
50 |
CVE-2006-0227 |
|
|
|
2006-01-17 |
2018-10-30 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors. |