Filtered by vendor Sun
Subscribe
Total
1712 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-5699 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 4.6 MEDIUM | N/A |
| The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors. | |||||
| CVE-2008-5690 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 2.1 LOW | N/A |
| The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. | |||||
| CVE-2008-5689 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 7.2 HIGH | N/A |
| tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference. | |||||
| CVE-2008-5685 | 1 Sun | 3 Netra, Scapp, Sun Fire | 2024-11-21 | 10.0 HIGH | N/A |
| Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause a denial of service (shutdown or reboot), via spoofed IP packets. | |||||
| CVE-2008-5684 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session). | |||||
| CVE-2008-5662 | 1 Sun | 1 Java Wireless Toolkit For Cldc | 2024-11-21 | 9.3 HIGH | N/A |
| Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC 2.5.2 and earlier allow downloaded programs to execute arbitrary code via unknown vectors. | |||||
| CVE-2008-5661 | 1 Sun | 2 Opensolaris, Solaris | 2024-11-21 | 5.4 MEDIUM | N/A |
| The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference. | |||||
| CVE-2008-5550 | 1 Sun | 3 Java Web Console, Solaris, Sunos | 2024-11-21 | 4.3 MEDIUM | N/A |
| Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter. | |||||
| CVE-2008-5549 | 1 Sun | 1 Java System Portal Server | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Sun Java Web Console components in Sun Java System Portal Server 7.1 and 7.2 allows remote attackers to access local files and read the product's configuration information via unknown vectors related to "access to secure files by ThemeServlet." | |||||
| CVE-2008-5423 | 3 Novell, Redhat, Sun | 6 Suse Linux Enterprise Server, Enterprise Linux, Java Desktop System and 3 more | 2024-11-21 | 4.3 MEDIUM | N/A |
| Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. | |||||
| CVE-2008-5422 | 3 Novell, Redhat, Sun | 5 Suse Linux Enterprise Server, Enterprise Linux, Java Desktop System and 2 more | 2024-11-21 | 7.5 HIGH | N/A |
| Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. | |||||
| CVE-2008-5410 | 1 Sun | 1 Solaris | 2024-11-21 | 7.8 HIGH | N/A |
| The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions. | |||||
| CVE-2008-5360 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 6.4 MEDIUM | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier creates temporary files with predictable file names, which allows attackers to write malicious JAR files via unknown vectors. | |||||
| CVE-2008-5359 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 9.3 HIGH | N/A |
| Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library. | |||||
| CVE-2008-5358 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 9.3 HIGH | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. | |||||
| CVE-2008-5357 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 9.3 HIGH | N/A |
| Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-5356 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. | |||||
| CVE-2008-5355 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 10.0 HIGH | N/A |
| The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. | |||||
| CVE-2008-5354 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. | |||||
| CVE-2008-5353 | 1 Sun | 3 Jdk, Jre, Sdk | 2024-11-21 | 10.0 HIGH | N/A |
| The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects". | |||||