Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-07-12 | CVE-2007-3723 | Denial-Of-Service vulnerability in Sun Solaris The process scheduler in the Sun Solaris kernel does not make use of the process statistics kept by the kernel and performs scheduling based upon CPU billing gathered from periodic process sampling ticks, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Without Superuser Privileges." | 2.1 |
| 2007-07-12 | CVE-2007-3717 | Local Security vulnerability in SUN Sunos 5.10/5.8/5.9 rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225. local sun | 6.9 |
| 2007-07-11 | CVE-2007-3716 | Improper Input Validation vulnerability in SUN JDK and JRE The Java XML Digital Signature implementation in Sun JDK and JRE 6 before Update 2 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute arbitrary code via a crafted stylesheet, a related issue to CVE-2007-3715. | 9.3 |
| 2007-07-11 | CVE-2007-3715 | Improper Input Validation vulnerability in SUN products Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3716. | 9.3 |
| 2007-07-11 | CVE-2007-3700 | Unspecified vulnerability in SUN Java System Access Manager Sun Java System Access Manager (formerly Java System Identity Server) before 20070710, when the message debug level is configured in the com.iplanet.services.debug.level property in AMConfig.properties, logs cleartext login passwords, which allows local users to gain privileges by reading /var/opt/SUNWam/debug/amAuth. | 1.7 |
| 2007-07-11 | CVE-2007-3698 | Denial Of Service vulnerability in SUN Jdk, JRE and SDK The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests. | 7.8 |
| 2007-07-10 | CVE-2007-3655 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN JRE 1.5.0/1.6.0 Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE 5.0 Update 11 and earlier, and 6.0 Update 1 and earlier, allows remote attackers to execute arbitrary code via a long codebase attribute in a JNLP file. | 6.8 |
| 2007-07-09 | CVE-2007-3626 | Denial Of Service vulnerability in Hitachi TPBroker Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before 20070706 allows remote attackers to cause a denial of service (daemon crash) via a certain request. | 7.8 |
| 2007-06-30 | CVE-2007-3504 | Path Traversal vulnerability in SUN Jdk, JRE and SDK Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. | 9.3 |
| 2007-06-28 | CVE-2007-3471 | Local Buffer Overflow vulnerability in SUN Solaris 10.0/8.0/9.0 Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute arbitrary code via unspecified vectors. | 7.2 |