| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Format string vulnerabilities in iPlanet Directory Server 4.1.4 and earlier (LDAP) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. |
| Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic). |
| Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. |
| Vulnerability in Java Runtime Environment (JRE) allows remote malicious web sites to hijack or sniff a web client's sessions, when an HTTP proxy is being used, via a Java applet that redirects the session to another server, as seen in (1) Netscape 6.0 through 6.1 and 4.79 and earlier, (2) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, and possibly other implementations that use vulnerable versions of SDK or JDK. |
| Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument. |
| Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path. |
| Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code. |
| Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. |
| Sun's ftpd daemon can be subjected to a denial of service. |
| Buffer overflow of rlogin program using TERM environmental variable. |
| JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to read arbitrary files via a full pathname in the argument to the Download parameter. NOTE: Sun and Apache dispute this issue. Sun states: "The report makes references to source code and files that do not exist in the mentioned products. |
| Unknown vulnerability in Sun ONE Application Server 6.5 SP1 Maintenance Update 6 and earlier allows attackers to read files. |
| Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. |
| The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname. |
| Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used in multiple products and platforms including (1) HP-UX and (2) APC PowerChute, allows applications to assign permissions to themselves and gain privileges. |
| Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request. |
| Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL. |
| The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT. |
| Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability. |
| Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files. |
