Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-23 | CVE-2006-4959 | Input Validation vulnerability in SUN Secure Global Desktop 3.42/4.0 Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows remote attackers to obtain sensitive information, including hostnames, versions, and settings details, via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. | 5.0 |
| 2006-09-23 | CVE-2006-4958 | Input Validation vulnerability in SUN Secure Global Desktop 3.42/4.0 Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.20.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving (1) taarchives.cgi, (2) ttaAuthentication.jsp, (3) ttalicense.cgi, (4) ttawlogin.cgi, (5) ttawebtop.cgi, (6) ttaabout.cgi, or (7) test-cgi. network sun | 6.8 |
| 2006-09-14 | CVE-2006-4773 | Denial-Of-Service vulnerability in SUN Storedge 6130 Arrays 06.12.10.11 Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN. | 5.0 |
| 2006-09-09 | CVE-2006-4655 | Local Buffer Overflow vulnerability in X.Org X Window Server LibX11 XKEYBOARD Extension Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value. | 4.6 |
| 2006-08-29 | CVE-2006-4439 | Unspecified vulnerability in SUN Solaris 10.0 pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871. | 3.6 |
| 2006-08-25 | CVE-2006-4353 | Information Disclosure vulnerability in SUN Java System Content Delivery Server 4.0/4.1/5.0 Unspecified vulnerability in Sun Java System Content Delivery Server 4.0, 4.1, and 5.0 allows local and remote attackers to read data from arbitrary files via unspecified vectors. | 5.0 |
| 2006-08-24 | CVE-2006-4319 | Buffer Overflow vulnerability in SUN Solaris and Sunos Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307. | 7.2 |
| 2006-08-23 | CVE-2006-4307 | Local Privilege Escalation vulnerability in Sun Solaris Format(1M) Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319. | 7.2 |
| 2006-08-23 | CVE-2006-4306 | Unspecified vulnerability in SUN Solaris and Sunos Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile. | 7.2 |
| 2006-08-23 | CVE-2006-4303 | Denial-Of-Service vulnerability in SUN Solaris 10.0 Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion). | 2.6 |