Solaris

solaris

Vendor: Sun • 450 CVEs

CVEs (450)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2005-0248 1Sun 2Solaris Sunos Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to brea...Show more The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.Show less
CVE-2004-0791 1Sun 2Solaris Sunos Apr 16, 2026 Apr 12, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets,...Show more Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Show less
CVE-2004-0790 2Microsoft Sun 8Solaris SunosWindows 2000+5 more Apr 16, 2026 Apr 12, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-200...Show more Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.Show less
CVE-2005-0109 5Freebsd RedhatSco+2 more 8Enterprise Linux Enterprise Linux DesktopFedora Core+5 more Apr 16, 2026 Mar 5, 2005 N/A· v4 5.6 MEDIUM· v3 4.7 MEDIUM· v2 Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution...Show more Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.Show less
CVE-2004-0481 1Sun 2Solaris Sunos Apr 16, 2026 Feb 23, 2005 N/A· v4 N/A· v3 2.1 LOW· v2 The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.
CVE-2005-0447 1Sun 2Solaris Sunos Apr 16, 2026 Feb 15, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (hang) via a flood of certain ARP packets.
CVE-2004-2686 1Sun 2Solaris Sunos Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.2 HIGH· v2 Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the sam...Show more Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.Show less
CVE-2004-2306 1Sun 2Solaris Sunos Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attacke...Show more Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.Show less
CVE-2004-1767 1Sun 2Solaris Sunos Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.2 HIGH· v2 The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.
CVE-2004-1394 1Sun 2Solaris Sunos Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile c...Show more The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.Show less
CVE-2004-1393 1Sun 2Solaris Sunos Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang).
CVE-2004-0780 1Sun 2Solaris Sunos Apr 16, 2026 Dec 31, 2004 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument.
CVE-2004-1307 10Apple AvayaConectiva+7 more 19Call Management System Server CvlanIcontrol Service Manager+16 more Apr 16, 2026 Dec 21, 2004 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which cau...Show more Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.Show less
CVE-2004-1351 1Sun 2Solaris Sunos Apr 16, 2026 Dec 7, 2004 N/A· v4 N/A· v3 10.0 HIGH· v2 Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.
CVE-2004-0496 5Gentoo LinuxMandrakesoft+2 more 13Linux Linux KernelMandrake Linux+10 more Apr 16, 2026 Dec 6, 2004 N/A· v4 N/A· v3 7.2 HIGH· v2 Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source...Show more Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.Show less
CVE-2004-1352 1Sun 2Solaris Sunos Apr 16, 2026 Dec 1, 2004 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.
CVE-2004-0360 1Sun 2Solaris Sunos Apr 16, 2026 Nov 23, 2004 N/A· v4 N/A· v3 7.2 HIGH· v2 Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors.
CVE-2004-1353 1Sun 2Solaris Sunos Apr 16, 2026 Oct 19, 2004 N/A· v4 N/A· v3 7.2 HIGH· v2 Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.
CVE-2004-1348 1Sun 2Solaris Sunos Apr 16, 2026 Sep 6, 2004 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).
CVE-2004-0800 2Avaya Sun 4Call Management System Server DtmailSolaris+1 more Apr 16, 2026 Aug 24, 2004 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.

Previous 1...111213...23 Next