Filtered by vendor Sun
Subscribe
Total
1712 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4842 | 2 Netscape, Sun | 2 Portable Runtime Api, Solaris | 2018-10-17 | 3.6 LOW | N/A |
| The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. | |||||
| CVE-2006-4655 | 2 Sco, Sun | 2 Unixware, Solaris | 2018-10-17 | 4.6 MEDIUM | N/A |
| Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value. | |||||
| CVE-2006-3824 | 1 Sun | 1 Solaris | 2018-10-17 | 4.9 MEDIUM | N/A |
| systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow. | |||||
| CVE-2007-1898 | 8 Apple, Hp, Jetbox and 5 more | 16 Mac Os X, Hp-ux, Tru64 and 13 more | 2018-10-16 | 5.8 MEDIUM | N/A |
| formmail.php in Jetbox CMS 2.1 allows remote attackers to send arbitrary e-mails (spam) via modified recipient, _SETTINGS[allowed_email_hosts][], and subject parameters. | |||||
| CVE-2007-1681 | 1 Sun | 2 Java Web Console, Solaris | 2018-10-16 | 7.5 HIGH | N/A |
| Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog. | |||||
| CVE-2007-1043 | 9 Apple, Ezboo, Hp and 6 more | 18 Mac Os X, Webstats, Hp-ux and 15 more | 2018-10-16 | 7.5 HIGH | N/A |
| Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php. | |||||
| CVE-2007-0393 | 1 Sun | 1 Solaris | 2018-10-16 | 4.6 MEDIUM | N/A |
| Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | |||||
| CVE-2007-0014 | 1 Sun | 1 Chainkey Java Code Protection | 2018-10-16 | 4.4 MEDIUM | N/A |
| ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM. | |||||
| CVE-2007-0012 | 1 Sun | 1 Jre | 2018-10-16 | 4.3 MEDIUM | N/A |
| Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM. | |||||
| CVE-2006-7034 | 9 Apple, Hp, Ibm and 6 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2018-10-16 | 7.5 HIGH | N/A |
| SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. | |||||
| CVE-2005-0109 | 5 Freebsd, Redhat, Sco and 2 more | 8 Freebsd, Enterprise Linux, Enterprise Linux Desktop and 5 more | 2018-10-16 | 4.7 MEDIUM | 5.6 MEDIUM |
| Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. | |||||
| CVE-2008-0628 | 1 Sun | 2 Jdk, Jre | 2018-10-15 | 7.8 HIGH | N/A |
| The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. | |||||
| CVE-2008-0241 | 1 Sun | 1 Java System Identity Manager | 2018-10-15 | 5.8 MEDIUM | N/A |
| Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter. | |||||
| CVE-2008-0240 | 1 Sun | 1 Java System Identity Manager | 2018-10-15 | 4.3 MEDIUM | N/A |
| /idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection." | |||||
| CVE-2008-0239 | 1 Sun | 1 Java System Identity Manager | 2018-10-15 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp. | |||||
| CVE-2008-0212 | 4 Hp, Linux, Microsoft and 1 more | 5 Hp-ux, Openview Network Node Manager, Linux Kernel and 2 more | 2018-10-15 | 7.8 HIGH | N/A |
| ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access. | |||||
| CVE-2008-0006 | 2 Sun, X.org | 3 Solaris Libfont, Solaris Libxfont, Xserver | 2018-10-15 | 7.5 HIGH | N/A |
| Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. | |||||
| CVE-2007-5365 | 5 Debian, Openbsd, Redhat and 2 more | 7 Debian Linux, Openbsd, Enterprise Linux and 4 more | 2018-10-15 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. | |||||
| CVE-2007-4938 | 11 Apple, Hp, Ibm and 8 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2018-10-15 | 7.6 HIGH | N/A |
| Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. | |||||
| CVE-2007-4511 | 1 Sun | 1 Java System Application Server | 2018-10-15 | 5.0 MEDIUM | N/A |
| The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy. | |||||