SUN : Security Vulnerabilities, CVEs, Published In January 2007
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
Max CVSS
7.8
EPSS Score
5.25%
Published
2007-01-31
Updated
2017-10-11
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
4.3
EPSS Score
0.72%
Published
2007-01-31
Updated
2017-07-29
Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.
Max CVSS
6.9
EPSS Score
0.04%
Published
2007-01-25
Updated
2018-10-30
cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack.
Max CVSS
4.6
EPSS Score
0.04%
Published
2007-01-25
Updated
2017-07-29
Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2007-01-24
Updated
2018-10-30
Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.
Max CVSS
4.6
EPSS Score
0.04%
Published
2007-01-19
Updated
2018-10-16
Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
Max CVSS
6.8
EPSS Score
42.36%
Published
2007-01-17
Updated
2018-10-30
Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
6.8
EPSS Score
0.99%
Published
2007-01-12
Updated
2008-11-15
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
Max CVSS
7.8
EPSS Score
41.44%
Published
2007-01-10
Updated
2018-10-30
Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors.
Max CVSS
5.0
EPSS Score
0.94%
Published
2007-01-09
Updated
2017-07-29
ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM.
Max CVSS
4.4
EPSS Score
0.05%
Published
2007-01-17
Updated
2018-10-16
11 vulnerabilities found