U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:sun:sunos:5.9:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 134 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2010-4435

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.

Published: January 19, 2011; 12:00:02 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2010-4415

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc.

Published: January 19, 2011; 11:00:03 AM -0500
V3.x:(not available)
V2.0: 4.1 MEDIUM
CVE-2010-3586

Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.

Published: January 19, 2011; 11:00:02 AM -0500
V3.x:(not available)
V2.0: 3.6 LOW
CVE-2010-2632

Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames.

Published: January 19, 2011; 11:00:02 AM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2009-4080

Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors.

Published: November 29, 2009; 8:07:52 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2008-5009

Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.

Published: November 10, 2008; 10:23:19 AM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2008-4619

The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165.

Published: October 20, 2008; 8:10:54 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-0964

Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.

Published: August 08, 2008; 2:41:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-0965

Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.

Published: August 08, 2008; 2:41:00 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2008-3450

Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.

Published: August 04, 2008; 2:41:00 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2008-3426

Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru.

Published: July 31, 2008; 6:41:00 PM -0400
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2008-2946

The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to cause a denial of service (daemon crash) via malformed packets.

Published: June 30, 2008; 6:41:00 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2008-2144

Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.

Published: May 12, 2008; 3:20:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2008-2121

The TCP implementation in Sun Solaris 8, 9, and 10 allows remote attackers to cause a denial of service (CPU consumption and new connection timeouts) via a TCP SYN flood attack.

Published: May 09, 2008; 11:20:00 AM -0400
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2008-1778

Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger incorrect calculations via unknown vectors.

Published: April 14, 2008; 12:05:00 PM -0400
V3.x:(not available)
V2.0: 6.6 MEDIUM
CVE-2008-1095

Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.

Published: February 29, 2008; 6:44:00 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2007-6480

The Oracle database component in Sun Management Center (Sun MC) 3.6.1, 3.6, and 3.5 Update 1 has a default account, which allows remote attackers to obtain database access and execute arbitrary code.

Published: December 20, 2007; 3:46:00 PM -0500
V3.x:(not available)
V2.0: 9.4 HIGH
CVE-2007-6482

Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in Sun Ray Server Software 2.0, 3.0, 3.1, and 3.1.1 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors.

Published: December 20, 2007; 3:46:00 PM -0500
V3.x:(not available)
V2.0: 7.8 HIGH
CVE-2007-3880

Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog.

Published: November 13, 2007; 8:46:00 PM -0500
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2007-5921

Unspecified vulnerability in the ioctl interface in the Solaris Volume Manager (SVM) in Sun Solaris 9 and 10 allows local users to cause a denial of service (panic) via unspecified vectors, a different vulnerability than CVE-2004-1346.

Published: November 09, 2007; 9:46:00 PM -0500
V3.x:(not available)
V2.0: 4.7 MEDIUM