| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2015-0429 |
|
|
|
2015-01-21 |
2017-09-07 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility. |
|
2 |
CVE-2013-5883 |
|
|
|
2014-01-15 |
2017-08-28 |
3.2 |
None |
Local |
Low |
Single system |
None |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Solaris 8 allows local users to affect integrity and availability via unknown vectors related to Kernel. |
|
3 |
CVE-2013-5797 |
|
|
|
2013-10-16 |
2018-01-04 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc. |
|
4 |
CVE-2013-2451 |
|
|
|
2013-06-18 |
2018-01-04 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use. |
|
5 |
CVE-2013-1530 |
|
|
|
2013-04-17 |
2017-09-18 |
3.8 |
None |
Local |
High |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. |
|
6 |
CVE-2013-1500 |
|
|
|
2013-06-18 |
2018-01-04 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory. |
|
7 |
CVE-2013-0414 |
|
|
|
2013-01-16 |
2013-10-10 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Utility/ksh93. |
|
8 |
CVE-2013-0412 |
|
|
|
2013-04-17 |
2017-09-18 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax. |
|
9 |
CVE-2013-0404 |
|
|
|
2013-04-17 |
2017-09-18 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot. |
|
10 |
CVE-2012-4296 |
399 |
|
DoS Overflow |
2012-08-16 |
2018-10-30 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet. |
|
11 |
CVE-2012-4295 |
20 |
|
DoS |
2012-08-16 |
2017-09-18 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Array index error in the channelised_fill_sdh_g707_format function in epan/dissectors/packet-erf.c in the ERF dissector in Wireshark 1.8.x before 1.8.2 might allow remote attackers to cause a denial of service (application crash) via a crafted speed (aka rate) value. |
|
12 |
CVE-2012-4293 |
189 |
|
DoS |
2012-08-16 |
2018-10-30 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly handle certain integer fields, which allows remote attackers to cause a denial of service (application exit) via a malformed packet. |
|
13 |
CVE-2012-4292 |
20 |
|
DoS |
2012-08-16 |
2018-10-30 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The dissect_stun_message function in epan/dissectors/packet-stun.c in the STUN dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 does not properly interact with key-destruction behavior in a certain tree library, which allows remote attackers to cause a denial of service (application crash) via a malformed packet. |
|
14 |
CVE-2012-4291 |
399 |
|
DoS |
2012-08-16 |
2018-10-30 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet. |
|
15 |
CVE-2012-4290 |
399 |
|
DoS |
2012-08-16 |
2018-10-30 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a malformed packet. |
|
16 |
CVE-2012-4289 |
399 |
|
DoS |
2012-08-16 |
2018-10-30 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop and CPU consumption) via a large number of ACL entries. |
|
17 |
CVE-2012-4288 |
189 |
|
DoS Overflow |
2012-08-16 |
2018-10-30 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the dissect_xtp_ecntl function in epan/dissectors/packet-xtp.c in the XTP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (loop or application crash) via a large value for a span length. |
|
18 |
CVE-2012-4285 |
189 |
|
DoS |
2012-08-16 |
2018-10-30 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before 1.6.10, and 1.8.x before 1.8.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a zero-length message. |
|
19 |
CVE-2012-3165 |
|
|
|
2012-10-16 |
2013-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx. |
|
20 |
CVE-2012-1720 |
|
|
|
2012-06-16 |
2017-09-18 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. |
|
21 |
CVE-2012-0569 |
|
|
|
2013-01-16 |
2017-09-18 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch. |
|
22 |
CVE-2012-0109 |
|
|
|
2012-01-18 |
2018-01-05 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP. |
|
23 |
CVE-2011-3553 |
|
|
|
2011-10-19 |
2018-01-05 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS. |
|
24 |
CVE-2011-2289 |
|
|
|
2011-07-20 |
2011-10-04 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade. |
|
25 |
CVE-2011-0839 |
|
|
|
2011-04-20 |
2012-08-03 |
3.7 |
None |
Local |
High |
Multiple systems |
None |
None |
Complete |
|
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS. |
|
26 |
CVE-2011-0821 |
|
|
|
2011-04-20 |
2012-08-03 |
3.0 |
None |
Local |
Medium |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors related to uucp. |
|
27 |
CVE-2011-0812 |
|
|
|
2011-04-20 |
2012-08-03 |
3.7 |
None |
Local |
High |
Multiple systems |
None |
None |
Complete |
|
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel. |
|
28 |
CVE-2011-0801 |
|
|
|
2011-04-19 |
2011-04-20 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp. |
|
29 |
CVE-2010-4460 |
|
|
|
2011-01-19 |
2017-08-16 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon. |
|
30 |
CVE-2010-4450 |
|
|
|
2011-02-17 |
2018-10-30 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable. |
|
31 |
CVE-2010-3586 |
|
|
|
2011-01-19 |
2017-08-16 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver. |
|
32 |
CVE-2010-1183 |
59 |
|
|
2010-03-29 |
2018-10-10 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager. |
|
33 |
CVE-2009-2856 |
200 |
|
+Info |
2009-08-18 |
2009-08-21 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network. |
|
34 |
CVE-2007-6505 |
16 |
|
|
2007-12-20 |
2017-09-28 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities. |
|
35 |
CVE-2007-5319 |
|
|
DoS |
2007-10-09 |
2017-09-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors. |
|
36 |
CVE-2006-5213 |
|
|
|
2006-10-10 |
2017-07-19 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation). |
|
37 |
CVE-2006-4842 |
20 |
|
|
2006-10-11 |
2018-10-17 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. |
|
38 |
CVE-2006-4439 |
|
|
|
2006-08-29 |
2017-10-10 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871. |
|
39 |
CVE-2006-1830 |
|
|
Exec Code |
2006-04-19 |
2017-07-19 |
3.7 |
User |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors. |
|
40 |
CVE-2005-4796 |
|
|
|
2005-12-31 |
2018-10-30 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits. |
|
41 |
CVE-2005-0576 |
|
|
|
2005-05-02 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files. |
|
42 |
CVE-2003-1058 |
|
|
DoS |
2003-12-03 |
2018-10-30 |
3.7 |
User |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files. |
|
43 |
CVE-2002-0430 |
|
|
Bypass |
2002-08-12 |
2008-09-10 |
3.7 |
User |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php. |
|
44 |
CVE-2000-1156 |
|
|
|
2001-01-09 |
2017-12-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice. |
|
45 |
CVE-1999-1530 |
|
|
|
1999-11-08 |
2016-10-17 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system. |
