Filtered by vendor Sun
Subscribe
Total
1711 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-4139 | 1 Sun | 1 Solaris | 2025-04-03 | 5.4 MEDIUM | N/A |
| Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries. | |||||
| CVE-2000-0431 | 1 Sun | 2 Cobalt Raq 2, Cobalt Raq 3i | 2025-04-03 | 7.5 HIGH | N/A |
| Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files. | |||||
| CVE-2004-1307 | 10 Apple, Avaya, Conectiva and 7 more | 19 Mac Os X, Mac Os X Server, Call Management System Server and 16 more | 2025-04-03 | 7.5 HIGH | N/A |
| Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. | |||||
| CVE-1999-1118 | 1 Sun | 1 Solaris | 2025-04-03 | 2.1 LOW | N/A |
| ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters. | |||||
| CVE-2004-1352 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | 7.2 HIGH | N/A |
| Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code. | |||||
| CVE-2021-43360 | 1 Sun | 1 Ehrd | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services. | |||||
| CVE-2021-43359 | 1 Sun | 1 Ehrd | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services. | |||||
| CVE-2021-43358 | 1 Sun | 1 Ehrd | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files. | |||||
| CVE-2020-10510 | 1 Sun | 1 Ehrd | 2024-11-21 | 4.0 MEDIUM | 8.1 HIGH |
| Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data. | |||||
| CVE-2020-10509 | 1 Sun | 1 Ehrd | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. | |||||
| CVE-2020-10508 | 1 Sun | 1 Ehrd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information. | |||||