Total
545 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-6413 | 1 Sun | 1 Solaris | 2024-02-28 | 9.3 HIGH | N/A |
Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user. | |||||
CVE-2006-5075 | 1 Sun | 1 Solaris | 2024-02-28 | 7.8 HIGH | N/A |
The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client. | |||||
CVE-2007-0165 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind. | |||||
CVE-2007-1918 | 8 Apple, Hp, Ibm and 5 more | 11 Macos, Hp-ux, Tru64 and 8 more | 2024-02-28 | 5.0 MEDIUM | N/A |
The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 and 7.00 before 20070109 implements an option for exclusive access to an RFC server, which allows remote attackers to cause a denial of service (client lockout) via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. | |||||
CVE-2007-6505 | 1 Sun | 1 Solaris | 2024-02-28 | 3.5 LOW | N/A |
Solaris 9, with Solaris Auditing enabled and certain patches for sshd installed, can generate audit records with an audit-ID of 0 even when the user logging into ssh is not root, which makes it easier for attackers to avoid detection and can make it more difficult to conduct forensics activities. | |||||
CVE-2006-5201 | 1 Sun | 9 Jdk, Jre, Jsse and 6 more | 2024-02-28 | 4.0 MEDIUM | N/A |
Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. | |||||
CVE-2007-4070 | 1 Sun | 1 Solaris | 2024-02-28 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors. | |||||
CVE-2007-0914 | 1 Sun | 1 Solaris | 2024-02-28 | 7.1 HIGH | N/A |
Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors. | |||||
CVE-2007-1086 | 5 Hp, Ibm, Linux and 2 more | 6 Hp-ux, Aix, Db2 Universal Database and 3 more | 2024-02-28 | 7.2 HIGH | N/A |
Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access." | |||||
CVE-2007-6232 | 8 Ftp, Hp, Ibm and 5 more | 9 Admin, Hp-ux, Tru64 and 6 more | 2024-02-28 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action. | |||||
CVE-2007-3223 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 7.8 HIGH | N/A |
Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions. | |||||
CVE-2006-4842 | 2 Netscape, Sun | 2 Portable Runtime Api, Solaris | 2024-02-28 | 3.6 LOW | N/A |
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files. | |||||
CVE-2007-5367 | 1 Sun | 1 Solaris | 2024-02-28 | 4.9 MEDIUM | N/A |
Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors. | |||||
CVE-2007-4938 | 11 Apple, Hp, Ibm and 8 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2024-02-28 | 7.6 HIGH | N/A |
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. | |||||
CVE-2007-3471 | 1 Sun | 1 Solaris | 2024-02-28 | 7.2 HIGH | N/A |
Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors. | |||||
CVE-2006-5013 | 1 Sun | 1 Solaris | 2024-02-28 | 7.8 HIGH | N/A |
Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets. | |||||
CVE-2006-6275 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 4.7 MEDIUM | N/A |
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals. | |||||
CVE-2007-0503 | 1 Sun | 2 Solaris, Sunos | 2024-02-28 | 6.9 MEDIUM | N/A |
Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors. | |||||
CVE-2007-1093 | 4 Hitachi, Hp, Microsoft and 1 more | 12 Cm2-network Node Manager, Cm2-network Node Manager 250, Hi Ux We2 and 9 more | 2024-02-28 | 10.0 HIGH | N/A |
Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior. | |||||
CVE-2006-7034 | 9 Apple, Hp, Ibm and 6 more | 18 Mac Os X, Hp-ux, Tru64 and 15 more | 2024-02-28 | 7.5 HIGH | N/A |
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. |