Vulnerabilities > SUN
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-01-25 | CVE-2007-0482 | Unspecified vulnerability in SUN RAY Server Software 2.0/3.0 cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack. | 4.6 |
2007-01-24 | CVE-2007-0470 | Local Privilege Escalation vulnerability in Sun Solaris Tip Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and 10 allow local users to gain uucp account privileges via unspecified vectors. | 7.2 |
2007-01-19 | CVE-2007-0393 | Local Security vulnerability in SUN Solaris 9.0 Sun Solaris 9 does not properly verify the status of file descriptors before setuid execution, which allows local users to gain privileges by closing file descriptor 0, 1, or 2 and then invoking a setuid program, a variant of CVE-2002-0572. | 4.6 |
2007-01-17 | CVE-2007-0243 | Buffer Errors vulnerability in SUN Jdk, JRE and SDK Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption. | 6.8 |
2007-01-17 | CVE-2007-0014 | Cryptographic Issues vulnerability in SUN Chainkey Java Code Protection ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM. | 4.4 |
2007-01-12 | CVE-2007-0183 | Cross-Site Scripting vulnerability in SUN Iplanet web Server 4.1 Cross-site scripting (XSS) vulnerability in /search in iPlanet Web Server 4.x allows remote attackers to inject arbitrary web script or HTML via the NS-max-records parameter. network sun | 6.8 |
2007-01-10 | CVE-2007-0165 | Denial of Service vulnerability in Sun Solaris RPC Request Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind. | 7.8 |
2007-01-09 | CVE-2007-0114 | Information Disclosure vulnerability in SUN Java System Content Delivery Server 5.0 Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote attackers to obtain sensitive information regarding "content details" via unspecified vectors. | 5.0 |
2006-12-31 | CVE-2006-5870 | Numeric Errors vulnerability in multiple products Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records. | 9.3 |
2006-12-26 | CVE-2006-6745 | Remote Privilege Escalation vulnerability in Sun Java Runtime Environment Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE. | 9.3 |