Vulnerabilities (CVE)

Filtered by vendor Sun Subscribe
Total 1712 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-1095 1 Sun 2 Solaris, Sunos 2024-11-21 6.8 MEDIUM N/A
Unspecified vulnerability in the Internet Protocol (IP) implementation in Sun Solaris 8, 9, and 10 allows remote attackers to bypass intended firewall policies or cause a denial of service (panic) via unknown vectors, possibly related to ICMP packets and IP fragment reassembly.
CVE-2008-0965 1 Sun 3 Opensolaris, Solaris, Sunos 2024-11-21 9.3 HIGH N/A
Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.
CVE-2008-0964 1 Sun 3 Opensolaris, Solaris, Sunos 2024-11-21 9.3 HIGH N/A
Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.
CVE-2008-0960 6 Cisco, Ecos Sourceware, Ingate and 3 more 25 Ace 10 6504 Bundle With 4 Gbps Throughput, Ace 10 6509 Bundle With 8 Gbps Throughput, Ace 10 Service Module and 22 more 2024-11-21 10.0 HIGH N/A
SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
CVE-2008-0938 1 Sun 1 Solaris 2024-11-21 4.7 MEDIUM N/A
Unspecified vulnerability in the dynamic tracing framework (DTrace) in Sun Solaris 10 allows local users with PRIV_DTRACE_USER or PRIV_DTRACE_PROC privileges to obtain sensitive kernel information via unspecified vectors, a different vulnerability than CVE-2007-4126.
CVE-2008-0933 1 Sun 1 Solaris 2024-11-21 4.7 MEDIUM N/A
Multiple race conditions in the CPU Performance Counters (cpc) subsystem in the kernel in Sun Solaris 10 allow local users to cause a denial of service (panic) via unspecified vectors related to kcpc_unbind and kcpc_restore.
CVE-2008-0836 1 Sun 1 Solaris 2024-11-21 4.9 MEDIUM N/A
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than CVE-2007-5319.
CVE-2008-0730 1 Sun 1 Solaris 2024-11-21 4.6 MEDIUM N/A
The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and (4) Thai language input methods in Sun Solaris 10 create files and directories with weak permissions under (a) .iiim/le and (b) .Xlocale in home directories, which might allow local users to write to, or read from, the home directories of other users.
CVE-2008-0718 1 Sun 1 Solaris 2024-11-21 4.7 MEDIUM N/A
Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in Sun Solaris 9 and 10, when 64-bit mode is enabled, allows local users to cause a denial of service (panic) via unspecified vectors.
CVE-2008-0709 4 Hp, Microsoft, Redhat and 1 more 6 Hp-ux, Select Identity, Windows 2003 Server and 3 more 2024-11-21 5.5 MEDIUM N/A
Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214.
CVE-2008-0657 1 Sun 2 Jdk, Jre 2024-11-21 10.0 HIGH N/A
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
CVE-2008-0628 1 Sun 2 Jdk, Jre 2024-11-21 7.8 HIGH N/A
The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources.
CVE-2008-0269 1 Sun 1 Sunos 2024-11-21 4.9 MEDIUM N/A
Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.
CVE-2008-0242 1 Sun 1 Solaris 2024-11-21 7.2 HIGH N/A
Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions.
CVE-2008-0241 1 Sun 1 Java System Identity Manager 2024-11-21 5.8 MEDIUM N/A
Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter.
CVE-2008-0240 1 Sun 1 Java System Identity Manager 2024-11-21 4.3 MEDIUM N/A
/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection."
CVE-2008-0239 1 Sun 1 Java System Identity Manager 2024-11-21 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.
CVE-2008-0212 4 Hp, Linux, Microsoft and 1 more 5 Hp-ux, Openview Network Node Manager, Linux Kernel and 2 more 2024-11-21 7.8 HIGH N/A
ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access.
CVE-2008-0006 2 Sun, X.org 3 Solaris Libfont, Solaris Libxfont, Xserver 2024-11-21 7.5 HIGH N/A
Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
CVE-2007-6572 1 Sun 2 Java System Web Proxy Server, Java System Web Server 2024-11-21 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204.