← Back

Sun

sun

1,603 CVEs • 200 products

Products (200)

Click to collapse
Toggle
Sunos
sunos
561 CVEs
Solaris
solaris
450 CVEs
Jre
jre
423 CVEs
Jdk
jdk
392 CVEs
Sdk
sdk
126 CVEs
Opensolaris
opensolaris
113 CVEs
Java System Web Server
java_system_web_server
32 CVEs
Java System Application Server
java_system_application_server
22 CVEs
Java System Identity Manager
java_system_identity_manager
19 CVEs
Java System Directory Server
java_system_directory_server
18 CVEs
Openjdk
openjdk
16 CVEs
Ray Server Software
ray_server_software
15 CVEs
Java System Access Manager
java_system_access_manager
15 CVEs
Java
java
14 CVEs
Java Se
java_se
14 CVEs
Cobalt Raq 2
cobalt_raq_2
12 CVEs
Cobalt Raq 3i
cobalt_raq_3i
12 CVEs
One Application Server
one_application_server
12 CVEs
One Web Server
one_web_server
12 CVEs
Java System Web Proxy Server
java_system_web_proxy_server
11 CVEs
Staroffice
staroffice
10 CVEs
Cluster
cluster
8 CVEs
J2se
j2se
7 CVEs
Solaris Answerbook2
solaris_answerbook2
6 CVEs
One Directory Server
one_directory_server
6 CVEs
Java System Portal Server
java_system_portal_server
6 CVEs
Ehrd
ehrd
6 CVEs
Cobalt Raq 4
cobalt_raq_4
5 CVEs
Java Web Start
java_web_start
5 CVEs
Java Desktop System
java_desktop_system
5 CVEs
Iplanet Messaging Server
iplanet_messaging_server
5 CVEs
Java System Communications Express
java_system_communications_express
5 CVEs
Openoffice.org
openoffice.org
5 CVEs
Virtualbox
virtualbox
5 CVEs
Solstice Adminsuite
solstice_adminsuite
5 CVEs
Solstice Backup
solstice_backup
4 CVEs
Chilisoft
chilisoft
4 CVEs
Iplanet Directory Server
iplanet_directory_server
4 CVEs
Iplanet Web Server
iplanet_web_server
4 CVEs
Java Plug In
java_plug-in
4 CVEs
Java System Calendar Server
java_system_calendar_server
4 CVEs
Javamail
javamail
4 CVEs
One Messaging Server
one_messaging_server
4 CVEs
Grid Engine
grid_engine
4 CVEs
N1 Grid Engine
n1_grid_engine
4 CVEs
Java Web Console
java_web_console
4 CVEs
Java Asp Server
java_asp_server
4 CVEs
Nfs
nfs
4 CVEs
Cobalt Raq
cobalt_raq
3 CVEs
Management+center
management+center
3 CVEs
Sun Fire
sun_fire
3 CVEs
Jsse
jsse
3 CVEs
Crypto Accelerator 4000
crypto_accelerator_4000
3 CVEs
Java Enterprise System
java_enterprise_system
3 CVEs
Storedge 6130 Arrays
storedge_6130_arrays
3 CVEs
Storedge Enterprise Backup Software
storedge_enterprise_backup_software
3 CVEs
Secure Global Desktop
secure_global_desktop
3 CVEs
Java System Messaging Server
java_system_messaging_server
3 CVEs
One Calendar Server
one_calendar_server
3 CVEs
J2ee
j2ee
3 CVEs
Iplanet Certificate Management System
iplanet_certificate_management_system
2 CVEs
I Runbook
i-runbook
2 CVEs
Openwindows
openwindows
2 CVEs
Solaris Pc Netlink
solaris_pc_netlink
2 CVEs
Java System Content Delivery Server
java_system_content_delivery_server
2 CVEs
Net Connect Software
net_connect_software
2 CVEs
Embedded Lights Out Manager
embedded_lights_out_manager
2 CVEs
Java System Identity Server
java_system_identity_server
2 CVEs
Netra T5220 Server
netra_t5220_server
2 CVEs
Management Center
management_center
2 CVEs
Sparc Enterprise Server T5120
sparc_enterprise_server_t5120
2 CVEs
Sparc Enterprise Server T5140
sparc_enterprise_server_t5140
2 CVEs
Sparc Enterprise Server T5220
sparc_enterprise_server_t5220
2 CVEs
Sparc Enterprise Server T5240
sparc_enterprise_server_t5240
2 CVEs
Fire X2100 M2
fire_x2100_m2
2 CVEs
Fire X2200 M2
fire_x2200_m2
2 CVEs
Xvm Virtualbox
xvm_virtualbox
2 CVEs
Virtual Desktop Infrastructure
virtual_desktop_infrastructure
2 CVEs
Solaris Isp Server
solaris_isp_server
1 CVE
Workshop
workshop
1 CVE
Hotjava Browser
hotjava_browser
1 CVE
Sun Ftp
sun_ftp
1 CVE
Javaserver Web Dev Kit
javaserver_web_dev_kit
1 CVE
Sunvts
sunvts
1 CVE
Netdynamics
netdynamics
1 CVE
Sun Pci Ii Driver
sun_pci_ii_driver
1 CVE
Linux
linux
1 CVE
Cobalt Raq Xtr
cobalt_raq_xtr
1 CVE
Patchpro
patchpro
1 CVE
Enterprise Authentication Mechanism
enterprise_authentication_mechanism
1 CVE
Sunone Starter Kit
sunone_starter_kit
1 CVE
Patch Manager
patch_manager
1 CVE
Storedge 3310 Scsi Array
storedge_3310_scsi_array
1 CVE
Storedge 3510 Fc Array
storedge_3510_fc_array
1 CVE
Enterprise Storage Manager
enterprise_storage_manager
1 CVE
Seam
seam
1 CVE
Dtmail
dtmail
1 CVE
J2me
j2me
1 CVE
Netra 1280
netra_1280
1 CVE
Sunforum
sunforum
1 CVE

CVEs (1,603)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2009-1719
1Sun
1Jre
Apr 23, 2026
Jun 16, 2009
N/A· v4
N/A· v3
7.5 HIGH· v2
The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in...Show more
The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X 10.5 allows remote attackers to execute arbitrary code via a call to the undocumented apple.laf.CColourUIResource constructor with a crafted value in the first argument, which is dereferenced as a pointer.Show less
CVE-2009-2031
1Sun
1Opensolaris
Apr 23, 2026
Jun 11, 2009
N/A· v4
N/A· v3
2.1 LOW· v2
smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount permissions are used, allows local users to read arbitrary files, and list arbitrary directories, on CIFS volumes.
CVE-2009-2030
2Ibm
Sun
2Jdk
Os/400
Apr 23, 2026
Jun 11, 2009
N/A· v4
N/A· v3
10.0 HIGH· v2
Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH."
CVE-2009-2029
1Sun
2Opensolaris
Solaris
Apr 23, 2026
Jun 11, 2009
N/A· v4
N/A· v3
5.0 MEDIUM· v2
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+...Show more
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.Show less
CVE-2009-2012
1Sun
1Opensolaris
Apr 23, 2026
Jun 9, 2009
N/A· v4
N/A· v3
1.9 LOW· v2
Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through snv_110, when a CIFS server is enabled, allows local users to cause a denial of service (idpmapd daemon crash and idmapd outage) via unknown vectors.
CVE-2009-1934
1Sun
2Java System Web Server
One Web Server
Apr 23, 2026
Jun 5, 2009
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that r...Show more
Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in in Sun Java System Web Server 6.1 before SP11 allows remote attackers to inject arbitrary web script or HTML via the query string in situations that result in a 502 Gateway error.Show less
CVE-2009-1933
1Sun
2Opensolaris
Solaris
Apr 23, 2026
Jun 5, 2009
N/A· v4
N/A· v3
4.7 MEDIUM· v2
Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified v...Show more
Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified vectors.Show less
CVE-2004-2764
1Sun
2Jre
Sdk
Apr 23, 2026
Jun 2, 2009
N/A· v4
N/A· v3
10.0 HIGH· v2
Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets...Show more
Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read data from other applets via unspecified vectors related to classes in the XSLT processor, aka "XML sniffing."Show less
CVE-2004-2763
1Sun
2Iplanet Web Server
One Web Server
Apr 23, 2026
Jun 1, 2009
N/A· v4
N/A· v3
5.8 MEDIUM· v2
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST...Show more
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.Show less
CVE-2003-1573
1Sun
1J2ee
Apr 23, 2026
Jun 1, 2009
N/A· v4
N/A· v3
10.0 HIGH· v2
The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted S...Show more
The PointBase 4.6 database component in the J2EE 1.4 reference implementation (J2EE/RI) allows remote attackers to execute arbitrary programs, conduct a denial of service, and obtain sensitive information via a crafted SQL statement, related to "inadequate security settings and library bugs in sun.* and org.apache.* packages."Show less
CVE-2003-1572
1Sun
1Jmf
Apr 23, 2026
Jun 1, 2009
N/A· v4
N/A· v3
9.3 HIGH· v2
Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading envir...Show more
Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned applets to cause a denial of service (JVM crash) and read or write unauthorized memory locations via the ReadEnv class, as demonstrated by reading environment variables using modified .data and .size fields.Show less
CVE-2009-1796
1Sun
1Java System Portal Server
Apr 23, 2026
May 26, 2009
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to an error page.
CVE-2008-3870
1Sun
1Solaris
Apr 23, 2026
May 26, 2009
N/A· v4
N/A· v3
10.0 HIGH· v2
Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation.
CVE-2008-3869
1Sun
1Solaris
Apr 23, 2026
May 26, 2009
N/A· v4
N/A· v3
10.0 HIGH· v2
Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request, related to improper decoding of request parameters.
CVE-2009-1763
1Sun
1Opensolaris
Apr 23, 2026
May 22, 2009
N/A· v4
N/A· v3
7.2 HIGH· v2
Unspecified vulnerability in the Solaris Secure Digital slot driver (aka sdhost) in Sun OpenSolaris snv_105 through snv_108 on the x86 platform allows local users to gain privileges or cause a denial of service (filesyst...Show more
Unspecified vulnerability in the Solaris Secure Digital slot driver (aka sdhost) in Sun OpenSolaris snv_105 through snv_108 on the x86 platform allows local users to gain privileges or cause a denial of service (filesystem or memory corruption) via unknown vectors.Show less
CVE-2009-1729
1Sun
1Java System Communications Express
Apr 23, 2026
May 21, 2009
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName para...Show more
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Communications Express 6 2005Q4 (aka 6.2) and 6.3 allow remote attackers to inject arbitrary web script or HTML via (1) the abperson_displayName parameter to uwc/abs/search.xml in the Add Contact implementation in the Personal Address Book component or (2) the temporaryCalendars parameter to uwc/base/UWCMain.Show less
CVE-2009-1673
1Sun
1Solaris
Apr 23, 2026
May 18, 2009
N/A· v4
N/A· v3
4.9 MEDIUM· v2
The kernel in Sun Solaris 9 allows local users to cause a denial of service (panic) by calling fstat with a first argument of AT_FDCWD.
CVE-2009-1672
1Sun
1Jre
Apr 23, 2026
May 18, 2009
N/A· v4
N/A· v3
9.3 HIGH· v2
The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launc...Show more
The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.Show less
CVE-2009-1671
1Sun
1Jre
Apr 23, 2026
May 18, 2009
N/A· v4
N/A· v3
9.3 HIGH· v2
Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string ar...Show more
Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method.Show less
CVE-2009-1554
1Sun
1Woodstock
Apr 23, 2026
May 6, 2009
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-...Show more
Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATH_INFO, which is displayed on the 404 error page, as demonstrated by the PATH_INFO to theme/META-INF.Show less