Filtered by vendor Sun
Subscribe
Total
1712 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2009-1170 | 1 Sun | 1 Opensolaris | 2017-08-17 | 6.9 MEDIUM | N/A |
Unspecified vulnerability in Sun OpenSolaris snv_100 through snv_101 allows local users, with privileges in a non-global zone, to execute arbitrary code in the global zone when a global-zone user is using mdb on a non-global zone process. | |||||
CVE-2009-1084 | 1 Sun | 1 Java System Identity Manager | 2017-08-17 | 6.4 MEDIUM | N/A |
Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not properly restrict access to the System Configuration object, which allows remote authenticated administrators and possibly remote attackers to have an unspecified impact by modifying this object. | |||||
CVE-2009-0926 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-17 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in the UFS filesystem functionality in Sun OpenSolaris snv_86 through snv_91, when running in 32-bit mode on x86 systems, allows local users to cause a denial of service (panic) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6679732. | |||||
CVE-2009-0925 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-17 | 4.7 MEDIUM | N/A |
Unspecified vulnerability in Sun Solaris 10 on SPARC sun4v systems, and OpenSolaris snv_47 through snv_85, allows local users to cause a denial of service (hang of UFS filesystem write) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6425723. | |||||
CVE-2009-0924 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-17 | 4.7 MEDIUM | N/A |
Unspecified vulnerability in Sun OpenSolaris snv_39 through snv_45, when running in 64-bit mode on x86 architectures, allows local users to cause a denial of service (hang of UFS filesystem write) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6442712. | |||||
CVE-2009-0876 | 2 Linux, Sun | 2 Linux Kernel, Xvm Virtualbox | 2017-08-17 | 6.9 MEDIUM | N/A |
Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN. | |||||
CVE-2009-0872 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-17 | 6.8 MEDIUM | N/A |
The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes. | |||||
CVE-2009-0870 | 1 Sun | 2 Opensolaris, Solaris | 2017-08-17 | 4.7 MEDIUM | N/A |
The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv_111, allow local users to cause a denial of service (infinite loop and system hang) by accessing an hsfs filesystem that is shared through NFSv4, related to the rfs4_op_readdir function. | |||||
CVE-2009-0868 | 3 Fujitsu, Microsoft, Sun | 3 Jasmine2000, Windows, Solaris | 2017-08-17 | 6.8 MEDIUM | N/A |
CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | |||||
CVE-2009-0857 | 1 Sun | 2 Management Center, Solaris | 2017-08-17 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console. | |||||
CVE-2009-0576 | 1 Sun | 1 Java System Directory Server | 2017-08-17 | 7.8 HIGH | N/A |
Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests. | |||||
CVE-2008-6192 | 1 Sun | 1 Java System Portal Server | 2017-08-17 | 4.3 MEDIUM | N/A |
Multiple cross-site scripting (XSS) vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
CVE-2003-1590 | 2 Microsoft, Sun | 2 Windows, One Web Server | 2017-08-17 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 through SP5 on Windows allows remote attackers to cause a denial of service (daemon crash) via unknown vectors. | |||||
CVE-2003-1589 | 2 Microsoft, Sun | 2 Windows, One Web Server | 2017-08-17 | 5.0 MEDIUM | N/A |
Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 before SP13 and 6.0 before SP6 on Windows allows attackers to cause a denial of service (daemon crash) via unknown vectors. | |||||
CVE-2003-1588 | 1 Sun | 1 Cluster | 2017-08-17 | 1.9 LOW | N/A |
Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, stores database credentials in cleartext in a cluster configuration file, which allows local users to obtain sensitive information by reading this file. | |||||
CVE-2003-1578 | 1 Sun | 1 One Web Server | 2017-08-17 | 4.3 MEDIUM | N/A |
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to hide HTTP requests from the log-preview functionality by accompanying the requests with crafted DNS responses specifying a domain name beginning with a "format=" substring, related to an "Inverse Lookup Log Corruption (ILLC)" issue. | |||||
CVE-2003-1577 | 1 Sun | 1 One Web Server | 2017-08-17 | 2.6 LOW | N/A |
Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, when DNS resolution is enabled for client IP addresses, allows remote attackers to inject arbitrary text into log files, and conduct cross-site scripting (XSS) attacks involving the iPlanet Log Analyzer, via an HTTP request in conjunction with a crafted DNS response, related to an "Inverse Lookup Log Corruption (ILLC)" issue, a different vulnerability than CVE-2002-1315 and CVE-2002-1316. | |||||
CVE-2003-1573 | 1 Sun | 1 J2ee | 2017-08-17 | 10.0 HIGH | N/A |
The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages." | |||||
CVE-2009-0348 | 1 Sun | 1 Java System Access Manager | 2017-08-08 | 5.0 MEDIUM | N/A |
The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), 7 2005Q4 (aka 7.0), and 7.1 responds differently to a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames. | |||||
CVE-2009-0278 | 1 Sun | 1 Java System Application Server | 2017-08-08 | 5.0 MEDIUM | N/A |
Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request. |