Sun

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-0882 2Oracle Sun 2Solaris Sunos Apr 23, 2026 Feb 12, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, wh...Show more Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.Show less
CVE-2007-0668 1Sun 1Solaris Apr 23, 2026 Feb 2, 2007 N/A· v4 N/A· v3 6.2 MEDIUM· v2 The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in a non-global zone to move and rename files in a read-only filesystem, which could lead to a denial of service.
CVE-2007-0634 1Sun 1Solaris Apr 23, 2026 Jan 31, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
CVE-2007-0628 1Sun 1Java System Access Manager Apr 23, 2026 Jan 31, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1)...Show more Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Access Manager 6.1, 6.2, 6 2005Q1 (6.3), and 7 2005Q4 (7.0) before 20070129 allow remote attackers to inject arbitrary web script or HTML via the (1) goto or (2) gx-charset parameter. NOTE: some of these details are obtained from third party information.Show less
CVE-2007-0503 1Sun 2Solaris Sunos Apr 23, 2026 Jan 25, 2007 N/A· v4 N/A· v3 6.9 MEDIUM· v2 Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 before 20071122 allows local users to execute arbitrary commands via unknown vectors.
CVE-2007-0482 1Sun 1Ray Server Software Apr 23, 2026 Jan 25, 2007 N/A· v4 N/A· v3 4.6 MEDIUM· v2 cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack.
CVE-2007-0470 1Sun 2Solaris Sunos Apr 23, 2026 Jan 24, 2007 N/A· v4 N/A· v3 7.2 HIGH· v2 Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors.
CVE-2007-0393 1Sun 1Solaris Apr 23, 2026 Jan 19, 2007 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a varia...Show more Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572.Show less
CVE-2007-0243 1Sun 3Jdk JreSdk Apr 23, 2026 Jan 17, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a bloc...Show more Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.Show less
CVE-2007-0014 1Sun 1Chainkey Java Code Protection Apr 23, 2026 Jan 17, 2007 N/A· v4 N/A· v3 4.4 MEDIUM· v2 ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM.
CVE-2007-0183 1Sun 1Iplanet Web Server Apr 23, 2026 Jan 12, 2007 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is...Show more Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2007-0165 1Sun 2Solaris Sunos Apr 23, 2026 Jan 10, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
CVE-2007-0114 1Sun 1Java System Content Delivery Server Apr 23, 2026 Jan 9, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors.
CVE-2006-5870 2Openoffice Sun 2Openoffice Staroffice Apr 23, 2026 Dec 31, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a)...Show more Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.Show less
CVE-2006-6745 1Sun 2J2se Jre Apr 23, 2026 Dec 26, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow...Show more Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.Show less
CVE-2006-6737 1Sun 3Jdk JreSdk Apr 23, 2026 Dec 26, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3....Show more Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The first issue."Show less
CVE-2006-6736 1Sun 3Jdk JreSdk Apr 23, 2026 Dec 26, 2006 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3....Show more Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue."Show less
CVE-2006-6731 1Sun 3Jdk JreSdk Apr 23, 2026 Dec 26, 2006 N/A· v4 N/A· v3 9.3 HIGH· v2 Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3....Show more Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.Show less
CVE-2006-6495 1Sun 2Solaris Sunos Apr 23, 2026 Dec 13, 2006 N/A· v4 N/A· v3 6.6 MEDIUM· v2 Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf functio...Show more Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via large precision padding values in a format string specifier in the format parameter of the doprf function. NOTE: this issue normally does not cross privilege boundaries, except in cases of external introduction of malicious message files, or if it is leveraged with other vulnerabilities such as CVE-2006-6494.Show less
CVE-2006-6494 1Sun 2Solaris Sunos Apr 23, 2026 Dec 13, 2006 N/A· v4 N/A· v3 6.6 MEDIUM· v2 Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing a...Show more Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via a .. (dot dot) sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers.Show less

Previous 1...505152...81 Next