| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2009-2644 |
362 |
|
DoS |
2009-07-29 |
2017-09-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds." |
|
2 |
CVE-2009-2029 |
|
|
DoS |
2009-06-11 |
2017-09-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks. |
|
3 |
CVE-2008-3870 |
189 |
|
Exec Code Overflow |
2009-05-26 |
2018-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation. |
|
4 |
CVE-2008-3869 |
119 |
|
Exec Code Overflow |
2009-05-26 |
2018-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters. |
|
5 |
CVE-2007-6180 |
362 |
|
DoS |
2007-11-30 |
2017-07-29 |
7.6 |
None |
Local Network |
Medium |
Not required |
Partial |
Complete |
Complete |
|
Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors. |
|
6 |
CVE-2007-5632 |
|
|
DoS |
2007-10-23 |
2017-09-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions. |
|
7 |
CVE-2007-5462 |
20 |
|
DoS |
2007-10-15 |
2017-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems. |
|
8 |
CVE-2007-5365 |
119 |
|
DoS Exec Code Overflow |
2007-10-11 |
2018-10-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. |
|
9 |
CVE-2007-5319 |
|
|
DoS |
2007-10-09 |
2017-09-29 |
3.5 |
None |
Remote |
Medium |
??? |
None |
None |
Partial |
|
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors. |
|
10 |
CVE-2007-5132 |
362 |
|
DoS |
2007-09-27 |
2017-09-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts." |
|
11 |
CVE-2007-4732 |
20 |
|
DoS |
2007-09-06 |
2017-09-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function. |
|
12 |
CVE-2007-4495 |
|
|
DoS |
2007-08-23 |
2011-03-08 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service (system panic) via an unspecified ioctl function, aka Bug 6433124. |
|
13 |
CVE-2007-4492 |
|
|
DoS |
2007-08-23 |
2017-07-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Multiple unspecified vulnerabilities in the ata disk driver in Sun Solaris 8, 9, and 10 on the x86 platform before 20070821 allow local users to cause a denial of service (system panic) via unspecified ioctl functions, aka Bug 6433123. |
|
14 |
CVE-2007-4070 |
|
|
|
2007-07-30 |
2017-09-29 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors. |
|
15 |
CVE-2007-3471 |
|
|
Exec Code Overflow |
2007-06-28 |
2017-09-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors. |
|
16 |
CVE-2007-3458 |
|
|
DoS |
2007-06-27 |
2017-10-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors. |
|
17 |
CVE-2007-3283 |
|
|
|
2007-06-19 |
2017-10-11 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
|
GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console. |
|
18 |
CVE-2007-3094 |
|
|
Exec Code |
2007-06-06 |
2018-10-30 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server. |
|
19 |
CVE-2007-3093 |
|
|
Exec Code |
2007-06-06 |
2018-10-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server. |
|
20 |
CVE-2007-2989 |
|
|
DoS |
2007-06-01 |
2017-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298. |
|
21 |
CVE-2007-2882 |
|
|
DoS |
2007-05-30 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets. |
|
22 |
CVE-2007-2465 |
|
|
DoS |
2007-05-02 |
2018-10-30 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing (BSM) is enabled for file read, write, attribute modify, create, or delete audit classes, allows local users to cause a denial of service (panic) via unknown vectors, possibly related to the audit_savepath function. |
|
23 |
CVE-2006-6275 |
362 |
|
DoS |
2006-12-04 |
2018-10-30 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals. |
|
24 |
CVE-2006-5215 |
|
|
|
2006-10-10 |
2018-10-30 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
|
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. |
|
25 |
CVE-2006-5012 |
|
|
DoS |
2006-09-27 |
2018-10-30 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
|
Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors. |
|
26 |
CVE-2006-4655 |
|
|
Overflow +Priv |
2006-09-09 |
2018-10-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value. |
|
27 |
CVE-2006-4319 |
|
|
Exec Code Overflow |
2006-08-24 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307. |
|
28 |
CVE-2006-4307 |
|
|
|
2006-08-23 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319. |
|
29 |
CVE-2006-4306 |
|
|
Exec Code |
2006-08-23 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile. |
|
30 |
CVE-2006-3664 |
|
|
DoS |
2006-07-18 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors. |
|
31 |
CVE-2006-0901 |
|
|
DoS Exec Code |
2006-02-27 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code. |
|
32 |
CVE-2005-4797 |
|
|
Dir. Trav. |
2005-12-31 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command. |
|
33 |
CVE-2005-4796 |
|
|
|
2005-12-31 |
2018-10-30 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits. |
|
34 |
CVE-2005-2072 |
264 |
|
+Priv |
2005-06-29 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT. |
|
35 |
CVE-2005-2032 |
|
|
|
2005-06-16 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files. |
|
36 |
CVE-2005-1518 |
|
|
DoS |
2005-05-11 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500. |
|
37 |
CVE-2005-0816 |
|
|
Overflow +Priv |
2005-05-02 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges. |
|
38 |
CVE-2005-0576 |
|
|
|
2005-05-02 |
2008-09-05 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files. |
|
39 |
CVE-2005-0248 |
|
|
|
2005-05-02 |
2018-10-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts. |
|
40 |
CVE-2005-0109 |
|
|
+Info |
2005-03-05 |
2018-10-16 |
4.7 |
None |
Local |
Medium |
Not required |
Complete |
None |
None |
|
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. |
|
41 |
CVE-2004-2686 |
22 |
|
Dir. Trav. |
2004-12-31 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure. |
|
42 |
CVE-2004-2306 |
|
|
|
2004-12-31 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection. |
|
43 |
CVE-2004-1767 |
264 |
|
+Priv |
2004-12-31 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function. |
|
44 |
CVE-2004-1360 |
|
|
|
2004-02-27 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files. |
|
45 |
CVE-2004-1359 |
|
|
Exec Code Overflow |
2004-03-04 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user. |
|
46 |
CVE-2004-1358 |
|
|
|
2004-03-12 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged. |
|
47 |
CVE-2004-1357 |
|
|
|
2004-04-07 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities. |
|
48 |
CVE-2004-1356 |
|
|
DoS |
2004-04-23 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors. |
|
49 |
CVE-2004-1354 |
22 |
|
Dir. Trav. +Info |
2004-05-14 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack. |
|
50 |
CVE-2004-1353 |
|
|
Exec Code |
2004-10-19 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges. |
