Filtered by vendor Sun
Subscribe
Total
1712 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-3905 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. NOTE: this is associated with the "first issue" identified in SUNALERT:102003. | |||||
| CVE-2005-3904 | 1 Sun | 2 Jdk, Jre | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors. | |||||
| CVE-2005-3781 | 1 Sun | 2 Solaris, Sunos | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries." | |||||
| CVE-2005-3674 | 1 Sun | 1 Solaris | 2024-11-21 | 7.8 HIGH | N/A |
| The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. | |||||
| CVE-2005-3583 | 1 Sun | 2 Jre, Sdk | 2024-11-21 | 7.8 HIGH | N/A |
| (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss. | |||||
| CVE-2005-3472 | 1 Sun | 1 Java System Communications Express | 2024-11-21 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files. | |||||
| CVE-2005-3398 | 1 Sun | 2 Solaris, Sunos | 2024-11-21 | 4.3 MEDIUM | N/A |
| The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers. | |||||
| CVE-2005-3269 | 1 Sun | 4 Java System Directory Proxy Server, Java System Directory Server, One Administration Server and 1 more | 2024-11-21 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges. | |||||
| CVE-2005-3250 | 1 Sun | 1 Solaris | 2024-11-21 | 2.1 LOW | N/A |
| Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference. | |||||
| CVE-2005-3238 | 1 Sun | 1 Solaris | 2024-11-21 | 2.1 LOW | N/A |
| Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors. | |||||
| CVE-2005-3099 | 1 Sun | 2 Solaris, Sunos | 2024-11-21 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code. | |||||
| CVE-2005-3071 | 1 Sun | 2 Solaris, Sunos | 2024-11-21 | 2.1 LOW | N/A |
| Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS. | |||||
| CVE-2005-3001 | 1 Sun | 1 Solaris | 2024-11-21 | 2.1 LOW | N/A |
| Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors. | |||||
| CVE-2005-2870 | 1 Sun | 1 Solaris | 2024-11-21 | 7.5 HIGH | N/A |
| Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses. | |||||
| CVE-2005-2738 | 1 Sun | 1 Java | 2024-11-21 | 5.0 MEDIUM | N/A |
| Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program. | |||||
| CVE-2005-2530 | 1 Sun | 1 Java | 2024-11-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions." | |||||
| CVE-2005-2529 | 1 Sun | 1 Java | 2024-11-20 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives." | |||||
| CVE-2005-2527 | 1 Sun | 1 Java | 2024-11-20 | 1.2 LOW | N/A |
| Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack. | |||||
| CVE-2005-2094 | 1 Sun | 1 One Web Server | 2024-11-20 | 4.3 MEDIUM | N/A |
| Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | |||||
| CVE-2005-2072 | 1 Sun | 2 Solaris, Sunos | 2024-11-20 | 7.2 HIGH | N/A |
| The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT. | |||||