CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN » Sunos : Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-6529 2014-10-15 2014-11-18
6.8
None Local Network High Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver.
2 CVE-2014-6518 2015-01-21 2016-12-06
6.6
None Local Low Not required None Complete Complete
Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).
3 CVE-2014-6470 2014-10-15 2015-11-06
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility.
4 CVE-2014-4225 2014-07-17 2018-10-09
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Patch installation scripts.
5 CVE-2013-5834 2014-01-15 2017-08-28
6.2
None Local High Not required Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ps.
6 CVE-2013-3786 2013-07-17 2017-09-18
6.0
None Local High Single system Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.
7 CVE-2013-3757 2013-07-17 2017-09-18
6.4
None Remote Low Not required None Partial Partial
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows remote attackers to affect integrity and availability via vectors related to SMF/File Locking Services.
8 CVE-2013-0415 2013-01-16 2017-09-18
6.0
None Local High Single system Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package.
9 CVE-2013-0405 2013-04-17 2017-09-18
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6.
10 CVE-2013-0400 2013-01-16 2017-09-18
6.6
None Local Medium Single system Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs.
11 CVE-2013-0399 2013-01-16 2017-09-18
6.6
None Local Medium Single system Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount.
12 CVE-2012-3187 2012-10-16 2013-10-10
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.
13 CVE-2012-1694 2012-05-03 2017-12-06
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality and integrity, related to libsasl.
14 CVE-2012-1691 2012-05-03 2017-12-06
6.6
None Local Medium Single system Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Privileges.
15 CVE-2012-0539 2012-05-03 2017-12-06
6.2
None Local High Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv.
16 CVE-2012-0100 2012-01-18 2018-01-05
6.8
None Local Low Single system Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos.
17 CVE-2011-0800 2011-04-19 2011-04-20
6.5
None Local Low Multiple systems Complete Complete Complete
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities.
18 CVE-2009-0873 264 Bypass 2009-03-11 2018-10-30
6.8
User Remote Medium Not required Partial Partial Partial
The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other."
19 CVE-2008-1778 16 DoS 2008-04-14 2018-10-30
6.6
None Local Low Not required None Complete Complete
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.
20 CVE-2008-1095 264 DoS Bypass 2008-02-29 2018-10-30
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.
21 CVE-2007-3717 +Priv 2007-07-12 2018-10-30
6.9
Admin Local Medium Not required Complete Complete Complete
rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225.
22 CVE-2007-0503 Exec Code 2007-01-25 2018-10-30
6.9
Admin Local Medium Not required Complete Complete Complete
Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.
23 CVE-2006-6495 Exec Code Overflow 2006-12-12 2018-10-30
6.6
Admin Local Medium Single system Complete Complete Complete
Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.
24 CVE-2006-6494 Exec Code Dir. Trav. 2006-12-12 2018-10-30
6.6
Admin Local Medium Single system Complete Complete Complete
Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.
25 CVE-2006-5012 DoS 2006-09-26 2018-10-30
6.6
None Local Low Not required None Complete Complete
Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.
26 CVE-2006-3728 DoS 2006-07-21 2018-10-30
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and without patch 118833-11 (118855-08) allows remote authenticated users to cause a denial of service via unspecified vectors that lead to "kernel data structure corruption" that can trigger a system panic, application failure, or "data corruption."
27 CVE-2001-0421 2001-07-02 2018-10-30
6.4
None Remote Low Not required Partial None Partial
FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.
28 CVE-2001-0059 2001-02-12 2018-10-30
6.2
Admin Local High Not required Complete Complete Complete
patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.
29 CVE-1999-1468 +Priv 1991-10-22 2008-09-10
6.2
Admin Local High Not required Complete Complete Complete
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
30 CVE-1999-1388 1994-05-13 2008-09-05
6.2
Admin Local High Not required Complete Complete Complete
passwd in SunOS 4.1.x allows local users to overwrite arbitrary files via a symlink attack and the -F command line argument.
31 CVE-1999-0164 1995-08-29 2008-09-09
6.2
Admin Local High Not required Complete Complete Complete
A race condition in the Solaris ps command allows an attacker to overwrite critical files.
Total number of vulnerabilities : 31   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.