Vulnerabilities (CVE)

Filtered by vendor Sun Subscribe
Total 1711 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-4075 1 Sun 2 Opensolaris, Solaris 2025-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv_99 through snv_123, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors that trigger a "dangling sshd authentication thread."
CVE-2007-5319 1 Sun 1 Solaris 2025-04-09 3.5 LOW N/A
Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors.
CVE-2008-5352 1 Sun 2 Jdk, Jre 2025-04-09 9.3 HIGH N/A
Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow.
CVE-2006-5215 3 Netbsd, Sun, X.org 4 Netbsd, Solaris, Sunos and 1 more 2025-04-09 2.6 LOW N/A
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file.
CVE-2007-5632 1 Sun 1 Solaris 2025-04-09 4.9 MEDIUM N/A
Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 through 10 allow local users to cause a denial of service (panic), related to the support for retrieval of kernel statistics, and possibly related to the sfmmu_mlspl_enter or sfmmu_mlist_enter functions.
CVE-2007-5225 1 Sun 1 Sunos 2025-04-09 4.9 MEDIUM N/A
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
CVE-2006-7034 9 Apple, Hp, Ibm and 6 more 18 Mac Os X, Hp-ux, Tru64 and 15 more 2025-04-09 7.5 HIGH N/A
SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter.
CVE-2008-4910 1 Sun 1 Java Web Start 2025-04-09 10.0 HIGH N/A
The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method.
CVE-2006-5213 1 Sun 1 Solaris 2025-04-09 3.6 LOW N/A
Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation).
CVE-2007-4126 1 Sun 1 Solaris 2025-04-09 1.5 LOW N/A
Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs.
CVE-2008-5357 1 Sun 3 Jdk, Jre, Sdk 2025-04-09 9.3 HIGH N/A
Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow.
CVE-2009-2719 1 Sun 1 Java Se 2025-04-09 5.0 MEDIUM N/A
The Java Web Start implementation in Sun Java SE 6 before Update 15 allows context-dependent attackers to cause a denial of service (NullPointerException) via a crafted .jnlp file, as demonstrated by the jnlp_file/appletDesc/index.html#misc test in the Technology Compatibility Kit (TCK) for the Java Network Launching Protocol (JNLP).
CVE-2009-2029 1 Sun 2 Opensolaris, Solaris 2025-04-09 5.0 MEDIUM N/A
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.
CVE-2007-2989 1 Sun 1 Solaris 2025-04-09 7.8 HIGH N/A
The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.
CVE-2008-2552 1 Sun 2 Service Tag, Sunos 2025-04-09 4.9 MEDIUM N/A
Unspecified vulnerability in the Service Tag Registry on Sun Solaris 10, and Sun Service Tag before 1.1.3, allows local users to cause a denial of service (disk consumption) via unspecified vectors.
CVE-2007-1093 4 Hitachi, Hp, Microsoft and 1 more 12 Cm2-network Node Manager, Cm2-network Node Manager 250, Hi Ux We2 and 9 more 2025-04-09 10.0 HIGH N/A
Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.
CVE-2009-1098 1 Sun 3 Jdk, Jre, Sdk 2025-04-09 9.3 HIGH N/A
Buffer overflow in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files or execute arbitrary code via a crafted GIF image, aka CR 6804998.
CVE-2007-0634 1 Sun 1 Solaris 2025-04-09 7.8 HIGH N/A
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
CVE-2008-4747 1 Sun 2 Java Access Manager, Java System Ldap Jdk 2025-04-09 2.1 LOW N/A
Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library.
CVE-2007-2191 7 Bsd, Freepbx, Hp and 4 more 8 Bsd, Freepbx, Hp-ux and 5 more 2025-04-09 6.8 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x allow remote attackers to inject arbitrary web script or HTML via the (1) From, (2) To, (3) Call-ID, (4) User-Agent, and unspecified other SIP protocol fields, which are stored in /var/log/asterisk/full and displayed by admin/modules/logfiles/asterisk-full-log.php.