| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2009-2644 |
362 |
|
DoS |
2009-07-29 |
2017-09-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds." |
|
2 |
CVE-2008-3870 |
189 |
|
Exec Code Overflow |
2009-05-26 |
2018-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation. |
|
3 |
CVE-2008-3869 |
119 |
|
Exec Code Overflow |
2009-05-26 |
2018-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters. |
|
4 |
CVE-2007-6180 |
362 |
|
DoS |
2007-11-30 |
2017-07-29 |
7.6 |
None |
Local Network |
Medium |
Not required |
Partial |
Complete |
Complete |
|
Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of service (NULL dereference and panic) via unspecified vectors. |
|
5 |
CVE-2007-5632 |
|
|
DoS |
2007-10-23 |
2017-09-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions. |
|
6 |
CVE-2007-5462 |
20 |
|
DoS |
2007-10-15 |
2017-07-29 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems. |
|
7 |
CVE-2007-5365 |
119 |
|
DoS Exec Code Overflow |
2007-10-11 |
2018-10-15 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. |
|
8 |
CVE-2007-5132 |
362 |
|
DoS |
2007-09-27 |
2017-09-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts." |
|
9 |
CVE-2007-5118 |
|
|
DoS |
2007-09-27 |
2017-09-29 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors. |
|
10 |
CVE-2007-4732 |
20 |
|
DoS |
2007-09-06 |
2017-09-29 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function. |
|
11 |
CVE-2007-4070 |
|
|
|
2007-07-30 |
2017-09-29 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun Solaris 8 through 10 before 20070725 allows local users to read arbitrary files with root group ownership via unknown vectors. |
|
12 |
CVE-2007-3471 |
|
|
Exec Code Overflow |
2007-06-28 |
2017-09-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors. |
|
13 |
CVE-2007-3458 |
|
|
DoS |
2007-06-27 |
2017-10-11 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors. |
|
14 |
CVE-2007-3283 |
|
|
|
2007-06-19 |
2017-10-11 |
6.8 |
None |
Local |
Low |
??? |
Complete |
Complete |
Complete |
|
GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root is logged into the console, does not automatically lock the screen after a session has been inactive, which might allow physically proximate attackers to access the console. |
|
15 |
CVE-2007-2989 |
|
|
DoS |
2007-06-01 |
2017-10-11 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298. |
|
16 |
CVE-2007-0895 |
|
|
|
2007-02-13 |
2018-10-30 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
|
Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user running rm by moving a low-level directory to a higher level as it is being deleted, which causes rm to chdir to a ".." directory that is higher than expected, possibly up to the root file system, a related issue to CVE-2002-0435. |
|
17 |
CVE-2007-0503 |
|
|
Exec Code |
2007-01-25 |
2018-10-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors. |
|
18 |
CVE-2007-0470 |
|
|
+Priv |
2007-01-24 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors. |
|
19 |
CVE-2007-0393 |
|
|
+Priv |
2007-01-19 |
2018-10-16 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. |
|
20 |
CVE-2007-0165 |
|
|
DoS |
2007-01-10 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind. |
|
21 |
CVE-2006-7028 |
|
|
DoS |
2007-02-23 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the console, or a hardware error. |
|
22 |
CVE-2006-6495 |
|
|
Exec Code Overflow |
2006-12-13 |
2018-10-30 |
6.6 |
None |
Local |
Medium |
??? |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494. |
|
23 |
CVE-2006-6494 |
|
|
Exec Code Dir. Trav. |
2006-12-13 |
2018-10-30 |
6.6 |
None |
Local |
Medium |
??? |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers. |
|
24 |
CVE-2006-6275 |
362 |
|
DoS |
2006-12-04 |
2018-10-30 |
4.7 |
None |
Local |
Medium |
Not required |
None |
None |
Complete |
|
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals. |
|
25 |
CVE-2006-5215 |
|
|
|
2006-10-10 |
2018-10-30 |
2.6 |
None |
Local |
High |
Not required |
Partial |
Partial |
None |
|
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. |
|
26 |
CVE-2006-5214 |
|
|
|
2006-10-10 |
2018-10-30 |
1.2 |
None |
Local |
High |
Not required |
Partial |
None |
None |
|
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users. |
|
27 |
CVE-2006-5073 |
|
|
DoS |
2006-09-29 |
2018-10-30 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013. |
|
28 |
CVE-2006-5012 |
|
|
DoS |
2006-09-27 |
2018-10-30 |
6.6 |
None |
Local |
Low |
Not required |
None |
Complete |
Complete |
|
Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors. |
|
29 |
CVE-2006-4655 |
|
|
Overflow +Priv |
2006-09-09 |
2018-10-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value. |
|
30 |
CVE-2006-4319 |
|
|
Exec Code Overflow |
2006-08-24 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307. |
|
31 |
CVE-2006-4307 |
|
|
|
2006-08-23 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319. |
|
32 |
CVE-2006-4306 |
|
|
Exec Code |
2006-08-23 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile. |
|
33 |
CVE-2006-3920 |
|
|
DoS |
2006-07-28 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm. |
|
34 |
CVE-2006-3664 |
|
|
DoS |
2006-07-18 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors. |
|
35 |
CVE-2006-3606 |
|
|
DoS |
2006-07-18 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Sun Solaris X Inter Client Exchange library (libICE) on Solaris 8 and 9 allows context-dependent attackers to cause a denial of service (application crash) to applications that use the library. |
|
36 |
CVE-2006-1782 |
|
|
|
2006-04-13 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with the -w option, including (2) ldapadd, (3) ldapdelete, (4) ldapmodify, (5) ldapmodrdn, and (6) ldapsearch. |
|
37 |
CVE-2006-1780 |
|
|
DoS |
2006-04-13 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation of temporary files. |
|
38 |
CVE-2006-1092 |
|
|
DoS |
2006-03-09 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the pagedata subsystem of the process file system (/proc) in Solaris 8 through 10 allows local users to cause a denial of service (system hang or panic) via unknown attack vectors that cause cause the kmem_oversize arena to allocate a large amount of system memory that does not get freed. |
|
39 |
CVE-2006-0901 |
|
|
DoS Exec Code |
2006-02-27 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and 10 allows unspecified attackers to cause a denial of service (panic) or execute arbitrary code. |
|
40 |
CVE-2006-0227 |
|
|
|
2006-01-17 |
2018-10-30 |
2.6 |
None |
Local |
High |
Not required |
None |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors. |
|
41 |
CVE-2006-0190 |
|
|
DoS +Priv |
2006-01-13 |
2017-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver. |
|
42 |
CVE-2006-0161 |
|
|
|
2006-01-10 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown impact and attack vectors. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this is related to CVE-2004-0780. |
|
43 |
CVE-2005-4797 |
|
|
Dir. Trav. |
2005-12-31 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command. |
|
44 |
CVE-2005-4796 |
|
|
|
2005-12-31 |
2018-10-30 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits. |
|
45 |
CVE-2005-3674 |
|
|
DoS |
2005-11-18 |
2011-03-08 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to. |
|
46 |
CVE-2005-3398 |
200 |
|
+Info |
2005-11-01 |
2018-10-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers. |
|
47 |
CVE-2005-3099 |
|
|
Exec Code |
2005-09-28 |
2018-10-30 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code. |
|
48 |
CVE-2005-3071 |
|
|
DoS |
2005-09-27 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS. |
|
49 |
CVE-2005-2072 |
264 |
|
+Priv |
2005-06-29 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT. |
|
50 |
CVE-2005-2032 |
|
|
|
2005-06-16 |
2018-10-30 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files. |
