Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-11-30 | CVE-2005-3905 | Privilege Escalation vulnerability in SUN JDK and JRE Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. | 7.5 |
| 2005-11-30 | CVE-2005-3904 | Privilege Escalation vulnerability in SUN JDK and JRE Unspecified vulnerability in Java Management Extensions (JMX) in Java JDK and JRE 5.0 Update 3, 1.4.2 and later, 1.3.1 and later allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors. | 7.5 |
| 2005-11-23 | CVE-2005-3781 | Remote Denial of Service vulnerability in Sun Solaris In.Named Unspecified vulnerability in in.named in Solaris 9 allows attackers to cause a denial of service via unknown manipulations that cause in.named to "make unnecessary queries." | 5.0 |
| 2005-11-18 | CVE-2005-3674 | Denial Of Service vulnerability in SUN Solaris 10.0/9.0 The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked crash) via certain crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 7.8 |
| 2005-11-16 | CVE-2005-3583 | Remote Denial of Service vulnerability in Sun Java Development Kit Font Serialization (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.2_08, 1.4.2_09, and 1.5.0_05 and possibly other versions allow remote attackers to cause a denial of service (JVM unresponsive) via a crafted serialized object, such as a font object as demonstrated on JBoss. | 7.8 |
| 2005-11-03 | CVE-2005-3472 | Information Disclosure vulnerability in SUN Java System Communications Express 2004Q2/2005Q1 Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files. | 5.0 |
| 2005-11-01 | CVE-2005-3398 | Information Exposure vulnerability in SUN Solaris and Sunos The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers. | 4.3 |
| 2005-10-20 | CVE-2005-3269 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN products Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges. | 7.5 |
| 2005-10-17 | CVE-2005-3250 | Local Denial Of Service vulnerability in SUN Solaris 10.0 Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference. | 2.1 |
| 2005-10-14 | CVE-2005-3238 | Denial-Of-Service vulnerability in Sun Solaris Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors. | 2.1 |