Vulnerabilities (CVE)

Filtered by vendor Sun Subscribe
Total 1712 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2006-3941 1 Sun 1 N1 Grid Engine 2024-11-21 7.5 HIGH N/A
Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 and N1 Grid Engine 6.0 allows local users to cause a denial of service (grid service shutdown) and possibly execute arbitrary code using buffer overflows via unknown vectors that cause (1) qmaster or (2) execd to terminate.
CVE-2006-3921 1 Sun 2 Java System Application Server, Java System Web Server 2024-11-21 4.0 MEDIUM N/A
Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI.
CVE-2006-3920 1 Sun 2 Solaris, Sunos 2024-11-21 5.0 MEDIUM N/A
The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.
CVE-2006-3825 1 Sun 1 Solaris 2024-11-21 2.1 LOW N/A
The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.
CVE-2006-3824 1 Sun 1 Solaris 2024-11-21 4.9 MEDIUM N/A
systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.
CVE-2006-3783 1 Sun 1 Solaris 2024-11-21 4.9 MEDIUM N/A
Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors involving (1) the /net mount point and (2) the "-hosts" map in a mount point.
CVE-2006-3782 1 Sun 1 Solaris 2024-11-21 4.9 MEDIUM N/A
Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors.
CVE-2006-3781 1 Sun 1 Solaris 2024-11-21 7.8 HIGH N/A
Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API.
CVE-2006-3728 1 Sun 2 Solaris, Sunos 2024-11-21 6.8 MEDIUM N/A
Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and without patch 118833-11 (118855-08) allows remote authenticated users to cause a denial of service via unspecified vectors that lead to "kernel data structure corruption" that can trigger a system panic, application failure, or "data corruption."
CVE-2006-3664 1 Sun 2 Solaris, Sunos 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors.
CVE-2006-3606 1 Sun 2 Solaris, Sunos 2024-11-21 5.0 MEDIUM N/A
Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library.
CVE-2006-3225 1 Sun 2 Java System Application Server, One Application Server 2024-11-21 2.6 LOW N/A
Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors.
CVE-2006-3159 1 Sun 2 Iplanet Messaging Server, One Messaging Server 2024-11-21 2.1 LOW N/A
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message.
CVE-2006-3127 1 Sun 2 Java Enterprise System, Java System Directory Server 2024-11-21 7.8 HIGH N/A
Memory leak in Network Security Services (NSS) 3.11, as used in Sun Java Enterprise System 2003Q4 through 2005Q1 and Java System Directory Server 5.2, allows remote attackers to cause a denial of service (memory consumption) by performing a large number of RSA cryptographic operations.
CVE-2006-3117 2 Openoffice, Sun 2 Openoffice, Staroffice 2024-11-21 7.6 HIGH N/A
Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability."
CVE-2006-2930 1 Sun 2 Grid Engine, N1 Grid Engine 2024-11-21 4.6 MEDIUM N/A
Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid Engine 6.0, when configured in Certificate Security Protocol (CSP) Mode, allows local users to shut down the grid service or gain access, even if access is denied.
CVE-2006-2790 1 Sun 1 Storage Automated Diagnostic Environment 2024-11-21 7.2 HIGH N/A
A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges.
CVE-2006-2614 1 Sun 1 N1 System Manager 2024-11-21 4.6 MEDIUM N/A
Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts (1) /cr/hd_jobs_db.sh, (2) /cr/hd_plan_checkin.sh, and (3) /cr/oracle_plan_checkin.sh, which allows local users to obtain System Manager passwords.
CVE-2006-2513 1 Sun 1 Java System Directory Server 2024-11-21 7.5 HIGH N/A
Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges.
CVE-2006-2501 1 Sun 4 Java System Application Server, Java System Web Server, One Application Server and 1 more 2024-11-21 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages.