# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2014-6529 |
|
|
|
2014-10-15 |
2014-11-19 |
6.8 |
None |
Local Network |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver. |
2 |
CVE-2014-6518 |
|
|
|
2015-01-21 |
2016-12-07 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS). |
3 |
CVE-2014-6470 |
|
|
|
2014-10-15 |
2015-11-06 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility. |
4 |
CVE-2014-4225 |
|
|
|
2014-07-17 |
2018-10-09 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Patch installation scripts. |
5 |
CVE-2013-5834 |
|
|
|
2014-01-15 |
2017-08-29 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Solaris 8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ps. |
6 |
CVE-2013-5812 |
|
|
|
2013-10-16 |
2022-05-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. |
7 |
CVE-2013-5804 |
|
|
|
2013-10-16 |
2022-05-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, and JRockit R27.7.6 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Javadoc. |
8 |
CVE-2013-5783 |
|
|
|
2013-10-16 |
2022-05-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Swing. |
9 |
CVE-2013-3829 |
|
|
|
2013-10-16 |
2022-05-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the Java SE, Java SE Embedded component in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. |
10 |
CVE-2013-3786 |
|
|
|
2013-07-17 |
2017-09-19 |
6.0 |
None |
Local |
High |
??? |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. |
11 |
CVE-2013-3757 |
|
|
|
2013-07-17 |
2017-09-19 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/File Locking Services. |
12 |
CVE-2013-2467 |
|
|
|
2013-06-18 |
2022-05-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 5.0 Update 45 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Java installer. |
13 |
CVE-2013-2439 |
|
|
|
2013-04-17 |
2022-05-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install. |
14 |
CVE-2013-2407 |
|
|
|
2013-06-18 |
2022-05-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality and availability via unknown vectors related to Libraries. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "XML security and the class loader." |
15 |
CVE-2013-0432 |
|
|
|
2013-02-02 |
2022-05-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, 5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality and integrity via vectors related to AWT. NOTE: the previous information is from the February 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "insufficient clipboard access premission checks." |
16 |
CVE-2013-0430 |
|
|
|
2013-02-02 |
2022-05-13 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11 and 6 through Update 38, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process of the client. |
17 |
CVE-2013-0415 |
|
|
|
2013-01-17 |
2017-09-19 |
6.0 |
None |
Local |
High |
??? |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package. |
18 |
CVE-2013-0405 |
|
|
|
2013-04-17 |
2017-09-19 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6. |
19 |
CVE-2013-0400 |
|
|
|
2013-01-17 |
2017-09-19 |
6.6 |
None |
Local |
Medium |
??? |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs. |
20 |
CVE-2013-0399 |
|
|
|
2013-01-17 |
2017-09-19 |
6.6 |
None |
Local |
Medium |
??? |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount. |
21 |
CVE-2012-5071 |
|
|
|
2012-10-16 |
2022-05-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. |
22 |
CVE-2012-4416 |
|
|
|
2012-10-16 |
2022-05-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot. |
23 |
CVE-2012-3187 |
|
|
|
2012-10-17 |
2013-10-11 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. |
24 |
CVE-2012-1694 |
|
|
|
2012-05-03 |
2017-12-07 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality and integrity, related to libsasl. |
25 |
CVE-2012-1691 |
|
|
|
2012-05-03 |
2017-12-07 |
6.6 |
None |
Local |
Medium |
??? |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Privileges. |
26 |
CVE-2012-0539 |
|
|
|
2012-05-03 |
2017-12-07 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv. |
27 |
CVE-2012-0502 |
|
|
|
2012-02-15 |
2022-05-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and availability, related to AWT. |
28 |
CVE-2012-0100 |
|
|
|
2012-01-18 |
2018-01-06 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos. |
29 |
CVE-2011-3563 |
|
|
|
2012-02-15 |
2022-05-13 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
None |
Partial |
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, 5.0 Update 33 and earlier, and 1.4.2_35 and earlier allows remote attackers to affect confidentiality and availability via unknown vectors related to Sound. |
30 |
CVE-2011-3560 |
|
|
|
2011-10-19 |
2018-01-06 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality and integrity, related to JSSE. |
31 |
CVE-2011-3557 |
|
|
|
2011-10-19 |
2018-01-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3556. |
32 |
CVE-2011-3555 |
|
|
|
2011-10-19 |
2017-12-22 |
6.1 |
None |
Remote |
High |
Not required |
None |
Partial |
Complete |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, and 7 allows remote untrusted Java Web Start applications and untrusted Java applets to affect integrity and availability via unknown vectors. |
33 |
CVE-2011-0800 |
|
|
|
2011-04-20 |
2011-04-20 |
6.5 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities. |
34 |
CVE-2010-4444 |
|
|
|
2011-01-19 |
2017-08-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Oracle Sun Java System Access Manager and Oracle OpenSSO 7, 7.1, and 8 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
35 |
CVE-2010-3557 |
|
|
|
2010-10-19 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is related to the modification of "behavior and state of certain JDK classes" and "mutable static." |
36 |
CVE-2010-3549 |
|
|
|
2010-10-19 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is an HTTP request splitting vulnerability involving the handling of the chunked transfer encoding method by the HttpURLConnection class. |
37 |
CVE-2010-0310 |
264 |
|
+Priv |
2010-01-14 |
2017-09-19 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates. |
38 |
CVE-2010-0095 |
|
|
|
2010-04-01 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0093. |
39 |
CVE-2010-0088 |
|
|
|
2010-04-01 |
2018-10-30 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0085. |
40 |
CVE-2009-4440 |
362 |
|
|
2009-12-28 |
2010-06-13 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593. |
41 |
CVE-2009-3839 |
|
|
Exec Code |
2009-11-02 |
2017-09-19 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server. |
42 |
CVE-2009-3468 |
|
|
Exec Code Bypass |
2009-09-29 |
2017-08-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in Common Desktop Environment (CDE) in Sun Solaris 10, when Trusted Extensions is enabled, allow local users to execute arbitrary commands or bypass the Mandatory Access Control (MAC) policy via unknown vectors, related to a menu typo and the Style Manager. |
43 |
CVE-2009-1357 |
20 |
|
Http R.Spl. |
2009-04-23 |
2018-10-10 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
CRLF injection vulnerability in da/DA/Login in Sun Java System Delegated Administrator 6.2 through 6.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the HELP_PAGE parameter. |
44 |
CVE-2009-1170 |
|
|
Exec Code |
2009-03-30 |
2017-08-17 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Sun OpenSolaris snv_100 through snv_101 allows local users, with privileges in a non-global zone, to execute arbitrary code in the global zone when a global-zone user is using mdb on a non-global zone process. |
45 |
CVE-2009-1106 |
20 |
|
Bypass |
2009-03-25 |
2018-10-10 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948. |
46 |
CVE-2009-1103 |
|
|
Exec Code |
2009-03-25 |
2018-10-10 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860. |
47 |
CVE-2009-1102 |
94 |
|
Exec Code |
2009-03-25 |
2018-10-10 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation." |
48 |
CVE-2009-1084 |
264 |
|
|
2009-03-25 |
2017-08-17 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object. |
49 |
CVE-2009-1077 |
264 |
|
|
2009-03-25 |
2009-10-06 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
The Change My Password implementation in the admin interface in Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not enforce the RequiresChallenge property setting, which allows remote authenticated users to change the passwords of other users, as demonstrated by changing the administrator's password. |
50 |
CVE-2009-0875 |
362 |
|
DoS +Priv Bypass |
2009-03-12 |
2009-04-02 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server. |