Filtered by vendor Sun
Subscribe
Total
1716 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0480 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets. | |||||
| CVE-2009-0346 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| The IP-in-IP packet processing implementation in the IPsec and IP stacks in the kernel in Sun Solaris 9 and 10, and OpenSolaris snv_01 though snv_85, allows local users to cause a denial of service (panic) via a self-encapsulated packet that lacks IPsec protection. | |||||
| CVE-2009-0319 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 6.9 MEDIUM | N/A |
| Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems." | |||||
| CVE-2009-0304 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 7.8 HIGH | N/A |
| The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c. | |||||
| CVE-2009-0268 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl. | |||||
| CVE-2009-0267 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 5.0 MEDIUM | N/A |
| libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does not properly check packets, which allows remote attackers to cause a denial of service (in.iked daemon crash) via an unspecified IKE packet, a different vulnerability than CVE-2007-2989. | |||||
| CVE-2009-0168 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to a failure to "include all cache files," and improper handling of temporary files. | |||||
| CVE-2009-0167 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris snv_61 through snv_106 allows local users to cause a denial of service via unspecified vectors, related to enumeration of "wrong printers," aka a "Temporary file vulnerability." | |||||
| CVE-2008-5690 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 2.1 LOW | N/A |
| The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, and OpenSolaris build snv_01 through snv_104, allows local users to cause a denial of service (authentication failure) via unspecified vectors related to incorrect cache file permissions, and lack of credential storage by the store_cred function in pam_krb5. | |||||
| CVE-2008-5684 | 1 Sun | 2 Opensolaris, Solaris | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the X Inter Client Exchange library (aka libICE) in Sun Solaris 8 through 10 and OpenSolaris before snv_85 allows context-dependent attackers to cause a denial of service (application crash), as demonstrated by a port scan that triggers a segmentation violation in the Gnome session manager (aka gnome-session). | |||||
| CVE-2008-5410 | 1 Sun | 1 Solaris | 2017-09-29 | 7.8 HIGH | N/A |
| The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric keys, which allows context-dependent attackers to cause a denial of service (failed cryptographic operations) via unspecified vectors, related to the (1) RSA_sign and (2) RSA_verify functions. | |||||
| CVE-2008-5358 | 1 Sun | 2 Jdk, Jre | 2017-09-29 | 9.3 HIGH | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. | |||||
| CVE-2008-5356 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. | |||||
| CVE-2008-5355 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 10.0 HIGH | N/A |
| The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not verify the signature of the JRE that is downloaded, which allows remote attackers to execute arbitrary code via DNS man-in-the-middle attacks. | |||||
| CVE-2008-5354 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows locally-launched and possibly remote untrusted Java applications to execute arbitrary code via a JAR file with a long Main-Class manifest entry. | |||||
| CVE-2008-5352 | 1 Sun | 2 Jdk, Jre | 2017-09-29 | 9.3 HIGH | N/A |
| Integer overflow in the JAR unpacking utility (unpack200) in the unpack library (unpack.dll) in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier, and JDK and JRE 5.0 Update 16 and earlier, allows untrusted applications and applets to gain privileges via a Pack200 compressed JAR file that triggers a heap-based buffer overflow. | |||||
| CVE-2008-5351 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 7.5 HIGH | N/A |
| Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier accepts UTF-8 encodings that are not the "shortest" form, which makes it easier for attackers to bypass protection mechanisms for other applications that rely on shortest-form UTF-8 encodings. | |||||
| CVE-2008-5350 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allows untrusted applications and applets to list the contents of the operating user's directory via unknown vectors. | |||||
| CVE-2008-5348 | 1 Sun | 3 Jdk, Jre, Sdk | 2017-09-29 | 7.1 HIGH | N/A |
| Unspecified vulnerability in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier, when using Kerberos authentication, allows remote attackers to cause a denial of service (OS resource consumption) via unknown vectors. | |||||
| CVE-2008-5347 | 1 Sun | 2 Jdk, Jre | 2017-09-29 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier allow untrusted applets and applications to gain privileges via vectors related to access to inner classes in the (1) JAX-WS and (2) JAXB packages. | |||||