SUN : Security Vulnerabilities, CVEs, CVSS score between 4 and 4.99
Unknown vulnerability in the System Serial Console terminal in Solaris 2.5.1, 2.6, and 7 allows local users to monitor keystrokes and possibly steal sensitive information.
Max CVSS
4.9
EPSS Score
0.04%
Published
2002-12-31
Updated
2018-10-30
Unspecified vulnerability in the environmental monitoring subsystem in Solaris 8 running on Sun Fire 280R, V480 and V880 allows local users to cause a denial of service by setting volatile properties.
Max CVSS
4.9
EPSS Score
0.04%
Published
2002-12-31
Updated
2018-10-30
Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2005-3250.
Max CVSS
4.9
EPSS Score
0.06%
Published
2006-01-13
Updated
2017-10-11
Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris 10, when running on x86, allows local users to cause a denial of service (system hang) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.06%
Published
2006-07-24
Updated
2017-10-11
Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors involving (1) the /net mount point and (2) the "-hosts" map in a mount point.
Max CVSS
4.9
EPSS Score
0.06%
Published
2006-07-24
Updated
2017-07-20
systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer overflow, but it is probably more like a signedness error or integer underflow.
Max CVSS
4.9
EPSS Score
0.04%
Published
2006-07-25
Updated
2018-10-17
The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service (system crash) via a TCP loopback connection with both endpoints on the same system.
Max CVSS
4.9
EPSS Score
0.06%
Published
2006-10-18
Updated
2017-10-11
alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures.
Max CVSS
4.9
EPSS Score
0.04%
Published
2006-11-06
Updated
2011-03-08
Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-06-01
Updated
2017-10-11
The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-06-27
Updated
2017-10-11
Unspecified vulnerability in the TCP Loopback/Fusion implementation in Sun Solaris 10 allows local users to cause a denial of service (resource exhaustion and service hang) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-06-28
Updated
2017-09-29
Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-07-30
Updated
2017-09-29
Multiple unspecified vulnerabilities in the ata disk driver in Sun Solaris 8, 9, and 10 on the x86 platform before 20070821 allow local users to cause a denial of service (system panic) via unspecified ioctl functions, aka Bug 6433123.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-08-23
Updated
2017-07-29
Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service (system panic) via an unspecified ioctl function, aka Bug 6433124.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-08-23
Updated
2011-03-08
Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-09-06
Updated
2017-09-29
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts."
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-09-27
Updated
2017-09-29
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-10-05
Updated
2018-10-30
Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-10-11
Updated
2017-09-29
Multiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local users to cause a denial of service (multiple application hang) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-10-11
Updated
2017-09-29
Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-10-12
Updated
2018-10-30
Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-10-23
Updated
2017-09-29
Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used on the x86 platform, allows local users in a Linux (lx) branded zone to cause a denial of service (panic) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2007-12-04
Updated
2017-07-29
Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-01-15
Updated
2018-10-30
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 9 and 10 on x86 architectures allows local users to cause a denial of service (panic) via unspecified vectors that trigger a NULL pointer dereference in the vuid3ps2 module, a different issue than CVE-2007-5319.
Max CVSS
4.9
EPSS Score
0.04%
Published
2008-02-20
Updated
2011-03-08
Unspecified vulnerability in Sun Solaris 8 directory functions allows local users to cause a denial of service (panic) via an unspecified sequence of system calls or commands.
Max CVSS
4.9
EPSS Score
0.05%
Published
2008-03-03
Updated
2017-09-29