Search Results (Refine Search)
- CPE Product Version: cpe:/o:sun:sunos:5.10
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2008-2121 |
The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack. Published: May 09, 2008; 11:20:00 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2008-1778 |
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors. Published: April 14, 2008; 12:05:00 PM -0400 |
V3.x:(not available) V2.0: 6.6 MEDIUM |
CVE-2008-1480 |
rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request. Published: March 24, 2008; 6:44:00 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2008-1369 |
A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors. Published: March 18, 2008; 1:44:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2008-1095 |
Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly. Published: February 29, 2008; 6:44:00 AM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2008-0269 |
Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors. Published: January 15, 2008; 3:00:00 PM -0500 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2007-6480 |
The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code. Published: December 20, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 9.4 HIGH |
CVE-2007-6482 |
Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. Published: December 20, 2007; 3:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-6216 |
Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs. Published: December 04, 2007; 10:46:00 AM -0500 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2007-3880 |
Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog. Published: November 13, 2007; 8:46:00 PM -0500 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2007-5921 |
Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346. Published: November 09, 2007; 9:46:00 PM -0500 |
V3.x:(not available) V2.0: 4.7 MEDIUM |
CVE-2007-5422 |
Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors. Published: October 12, 2007; 5:17:00 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2007-5225 |
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl. Published: October 04, 2007; 8:17:00 PM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2007-3717 |
rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225. Published: July 12, 2007; 12:30:00 PM -0400 |
V3.x:(not available) V2.0: 6.9 MEDIUM |
CVE-2007-3223 |
Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions. Published: June 14, 2007; 7:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2007-3093 |
Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server. Published: June 06, 2007; 5:30:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2007-3094 |
Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server. Published: June 06, 2007; 5:30:00 PM -0400 |
V3.x:(not available) V2.0: 9.0 HIGH |
CVE-2007-2882 |
Unspecified vulnerability in the NFS client module in Sun Solaris 8 through 10 before 20070524, when operating as an NFS server, allows remote attackers to cause a denial of service (crash) via certain Access Control List (acl) packets. Published: May 29, 2007; 9:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2007-2529 |
Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL. Published: May 08, 2007; 8:19:00 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2007-0882 |
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account. Published: February 12, 2007; 3:28:00 PM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |