Sun

Solaris

451 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.2

CVE-2006-4306

  • EPSS 0.06%
  • Published 23.08.2006 19:04:00
  • Last modified 03.04.2025 01:03:51

Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile.

7.2

CVE-2006-4307

  • EPSS 0.05%
  • Published 23.08.2006 19:04:00
  • Last modified 03.04.2025 01:03:51

Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than...

2.6

CVE-2006-4303

  • EPSS 0.74%
  • Published 23.08.2006 01:04:00
  • Last modified 03.04.2025 01:03:51

Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion).

5.4

CVE-2006-4139

  • EPSS 0.76%
  • Published 14.08.2006 23:04:00
  • Last modified 03.04.2025 01:03:51

Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries.

5.4

CVE-2006-4117

  • EPSS 0.92%
  • Published 14.08.2006 21:04:00
  • Last modified 03.04.2025 01:03:51

The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads")....

5

CVE-2006-3968

  • EPSS 0.59%
  • Published 01.08.2006 22:04:00
  • Last modified 03.04.2025 01:03:51

The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified.

5

CVE-2006-3920

  • EPSS 2.03%
  • Published 28.07.2006 22:04:00
  • Last modified 03.04.2025 01:03:51

The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.

4.9

CVE-2006-3824

Exploit
  • EPSS 0.27%
  • Published 25.07.2006 13:22:00
  • Last modified 03.04.2025 01:03:51

systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. NOTE: this issue has been referred to as an integer over...

2.1

CVE-2006-3825

  • EPSS 0.07%
  • Published 25.07.2006 13:22:00
  • Last modified 03.04.2025 01:03:51

The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.

7.8

CVE-2006-3781

  • EPSS 0.99%
  • Published 24.07.2006 12:19:00
  • Last modified 03.04.2025 01:03:51

Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors involving the event port API.