Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.
Max CVSS
3.8
EPSS Score
0.04%
Published
2013-04-17
Updated
2017-09-19
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.
Max CVSS
3.7
EPSS Score
0.04%
Published
2002-08-12
Updated
2008-09-10
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.
Max CVSS
3.7
EPSS Score
0.06%
Published
2003-12-03
Updated
2018-10-30
Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors.
Max CVSS
3.7
EPSS Score
0.04%
Published
2006-04-19
Updated
2017-07-20
Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.2_29 and earlier for Solaris and Linux allows local standalone applications to affect confidentiality, integrity, and availability via unknown vectors related to Launcher. NOTE: the previous information was obtained from the February 2011 CPU. Oracle has not commented on claims from a downstream vendor that this issue is an untrusted search path vulnerability involving an empty LD_LIBRARY_PATH environment variable.
Max CVSS
3.7
EPSS Score
0.09%
Published
2011-02-17
Updated
2018-10-30
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel.
Max CVSS
3.7
EPSS Score
0.04%
Published
2011-04-20
Updated
2012-08-03
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect availability, related to LOFS.
Max CVSS
3.7
EPSS Score
0.04%
Published
2011-04-20
Updated
2012-08-03
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier, when running on Solaris, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking.
Max CVSS
3.7
EPSS Score
0.06%
Published
2012-06-16
Updated
2022-05-13
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot.
Max CVSS
3.7
EPSS Score
0.04%
Published
2013-04-17
Updated
2017-09-19
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Networking. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to improper enforcement of exclusive port binds when running on Windows, which allows attackers to bind to ports that are already in use.
Max CVSS
3.7
EPSS Score
0.06%
Published
2013-06-18
Updated
2022-05-13
cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.
Max CVSS
3.6
EPSS Score
0.06%
Published
1999-11-08
Updated
2016-10-18
StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice.
Max CVSS
3.6
EPSS Score
0.04%
Published
2001-01-09
Updated
2017-12-19
Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.
Max CVSS
3.6
EPSS Score
0.04%
Published
2005-05-02
Updated
2008-09-05
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.
Max CVSS
3.6
EPSS Score
0.04%
Published
2005-12-31
Updated
2018-10-30
pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871.
Max CVSS
3.6
EPSS Score
0.04%
Published
2006-08-29
Updated
2017-10-11

CVE-2006-4842

Public exploit
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
Max CVSS
3.6
EPSS Score
0.06%
Published
2006-10-12
Updated
2018-10-17
Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation).
Max CVSS
3.6
EPSS Score
0.04%
Published
2006-10-10
Updated
2017-07-20
Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.
Max CVSS
3.6
EPSS Score
0.04%
Published
2011-01-19
Updated
2017-08-17
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon.
Max CVSS
3.6
EPSS Score
0.04%
Published
2011-01-19
Updated
2017-08-17
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp.
Max CVSS
3.6
EPSS Score
0.04%
Published
2011-04-20
Updated
2011-04-20
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade.
Max CVSS
3.6
EPSS Score
0.04%
Published
2011-07-21
Updated
2011-10-05
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP.
Max CVSS
3.6
EPSS Score
0.04%
Published
2012-01-18
Updated
2018-01-06
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx.
Max CVSS
3.6
EPSS Score
0.04%
Published
2012-10-17
Updated
2013-10-11
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.
Max CVSS
3.6
EPSS Score
0.04%
Published
2013-04-17
Updated
2017-09-19
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local users to affect confidentiality and integrity via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to weak permissions for shared memory.
Max CVSS
3.6
EPSS Score
0.06%
Published
2013-06-18
Updated
2022-05-13
45 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!