Sun

Solaris

451 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.33%
  • Veröffentlicht 24.01.2007 01:28:00
  • Zuletzt bearbeitet 16.06.2026 22:35:38

Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.

  • EPSS 0.34%
  • Veröffentlicht 19.01.2007 23:28:00
  • Zuletzt bearbeitet 16.06.2026 22:35:29

Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.

  • EPSS 9.36%
  • Veröffentlicht 10.01.2007 00:28:00
  • Zuletzt bearbeitet 16.06.2026 22:35:02

Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.

  • EPSS 0.43%
  • Veröffentlicht 13.12.2006 01:28:00
  • Zuletzt bearbeitet 16.06.2026 22:33:14

Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format stri...

  • EPSS 0.42%
  • Veröffentlicht 13.12.2006 01:28:00
  • Zuletzt bearbeitet 16.06.2026 22:33:14

Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally ...

  • EPSS 0.26%
  • Veröffentlicht 04.12.2006 11:28:00
  • Zuletzt bearbeitet 16.06.2026 22:32:49

Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.

Exploit
  • EPSS 0.77%
  • Veröffentlicht 06.11.2006 17:07:00
  • Zuletzt bearbeitet 16.06.2026 22:31:43

alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures.

  • EPSS 0.37%
  • Veröffentlicht 18.10.2006 19:07:00
  • Zuletzt bearbeitet 16.06.2026 22:31:07

The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service (system crash) via a TCP loopback connection with both endpoints on the same system.

  • EPSS 7.6%
  • Veröffentlicht 12.10.2006 00:07:00
  • Zuletzt bearbeitet 16.06.2026 22:29:53

The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrar...

  • EPSS 3.16%
  • Veröffentlicht 10.10.2006 04:06:00
  • Zuletzt bearbeitet 16.06.2026 22:30:43

Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (...