The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
Max CVSS
5.8
EPSS Score
1.09%
Published
2007-03-07
Updated
2018-10-30
ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, when running on a DNS server with Network Address Translation (NAT) configured, improperly changes the source port of a packet when the destination port is the DNS port, which allows remote attackers to bypass an intended CVE-2008-1447 protection mechanism and spoof the responses to DNS queries sent by named.
Max CVSS
5.8
EPSS Score
0.27%
Published
2008-11-18
Updated
2017-08-08
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
Max CVSS
5.6
EPSS Score
0.08%
Published
2005-03-05
Updated
2018-10-16
The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads"). NOTE: the original report specifies the function name as "drain_squeue," but this is likely incorrect.
Max CVSS
5.4
EPSS Score
6.03%
Published
2006-08-14
Updated
2017-07-20
Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries.
Max CVSS
5.4
EPSS Score
0.42%
Published
2006-08-14
Updated
2017-07-20
The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference.
Max CVSS
5.4
EPSS Score
1.34%
Published
2008-12-17
Updated
2017-08-08
Unspecified vulnerability in the NFSv4 client module in the kernel on Sun Solaris 10 and OpenSolaris before snv_37, when automountd is used, allows user-assisted remote attackers to cause a denial of service (unresponsive NFS filesystems) via unknown vectors.
Max CVSS
5.4
EPSS Score
1.87%
Published
2009-02-02
Updated
2017-08-08
DNS cache poisoning via BIND, by predictable query IDs.
Max CVSS
5.0
EPSS Score
0.75%
Published
1997-08-13
Updated
2022-08-17
Sun's ftpd daemon can be subjected to a denial of service.
Max CVSS
5.0
EPSS Score
4.97%
Published
1998-06-10
Updated
2018-10-30
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
Max CVSS
5.0
EPSS Score
14.31%
Published
1998-01-05
Updated
2022-08-17
Denial of service in BIND named via consuming more than "fdmax" file descriptors.
Max CVSS
5.0
EPSS Score
0.33%
Published
1999-11-10
Updated
2018-10-30
Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.
Max CVSS
5.0
EPSS Score
0.25%
Published
1999-09-23
Updated
2018-10-30
rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.
Max CVSS
5.0
EPSS Score
0.40%
Published
1997-08-24
Updated
2017-12-19
Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.
Max CVSS
5.0
EPSS Score
4.96%
Published
1999-12-22
Updated
2018-10-30
cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.
Max CVSS
5.0
EPSS Score
2.91%
Published
2002-03-15
Updated
2018-10-30
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
Max CVSS
5.0
EPSS Score
0.43%
Published
2002-10-28
Updated
2018-10-30
Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows an NFS client to cause a denial of service by killing the lockd daemon.
Max CVSS
5.0
EPSS Score
0.26%
Published
2002-10-28
Updated
2018-10-30
Directory traversal vulnerabilities in multiple FTP clients on UNIX systems allow remote malicious FTP servers to create or overwrite files as the client user via filenames containing /absolute/path or .. (dot dot) sequences.
Max CVSS
5.0
EPSS Score
0.13%
Published
2002-12-23
Updated
2018-10-30
Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for SPARC allows remote attackers to cause a denial of service via certain packets that cause some network interfaces to stop responding to TCP traffic.
Max CVSS
5.0
EPSS Score
7.97%
Published
2002-11-08
Updated
2018-10-30
CVE-2003-0027
Public exploit
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
Max CVSS
5.0
EPSS Score
52.35%
Published
2003-02-07
Updated
2018-10-30
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
Max CVSS
5.0
EPSS Score
2.03%
Published
2003-02-19
Updated
2020-01-21
The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference.
Max CVSS
5.0
EPSS Score
6.87%
Published
2003-10-27
Updated
2018-10-30
Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.
Max CVSS
5.0
EPSS Score
2.00%
Published
2003-12-31
Updated
2018-10-30
The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (CPU consumption by infinite loop).
Max CVSS
5.0
EPSS Score
3.53%
Published
2003-06-03
Updated
2018-10-30
Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).
Max CVSS
5.0
EPSS Score
7.91%
Published
2003-04-28
Updated
2018-10-30