CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

SUN » Sunos : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2011-3508 2011-10-18 2012-11-06
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect confidentiality, integrity, and availability, related to LDAP library.
2 CVE-2010-4435 1 Overflow 2011-01-19 2011-09-21
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.
3 CVE-2007-0882 94 2007-02-12 2011-06-13
10.0
Admin Remote Low Not required Complete Complete Complete
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.
4 CVE-2002-0797 Overflow +Priv 2002-08-12 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
5 CVE-2002-0796 +Priv 2002-08-12 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
6 CVE-1999-1584 +Priv 1999-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586.
7 CVE-1999-1467 Exec Code 1989-10-26 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user.
8 CVE-1999-0696 Overflow 1999-07-01 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).
9 CVE-1999-0320 1998-03-01 2008-09-09
9.3
Admin Remote Medium Not required Complete Complete Complete
SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.
10 CVE-1999-0214 DoS 1992-07-21 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
Denial of service by sending forged ICMP unreachable packets.
11 CVE-1999-0165 1997-03-01 2008-09-09
10.0
None Remote Low Not required Complete Complete Complete
NFS cache poisoning.
12 CVE-1999-0099 Overflow +Priv 1995-10-19 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.
13 CVE-1999-0097 Exec Code 1997-10-29 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
14 CVE-1999-0046 Overflow 1997-02-06 2008-09-09
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow of rlogin program using TERM environmental variable.
Total number of vulnerabilities : 14   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.