Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-09-28 | CVE-2005-3099 | Local Security vulnerability in Solaris Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code. | 4.6 |
| 2005-09-27 | CVE-2005-3071 | Denial-Of-Service vulnerability in Solaris Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS. | 2.1 |
| 2005-09-20 | CVE-2005-3001 | Denial-Of-Service vulnerability in SUN Solaris 10.0 Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors. | 2.1 |
| 2005-09-08 | CVE-2005-2870 | Remote Security vulnerability in SUN Solaris 10.0 Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via certain DHCP responses. | 7.5 |
| 2005-08-23 | CVE-2005-0359 | Multiple vulnerability in EMC Legato Networker The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service. | 6.4 |
| 2005-08-23 | CVE-2005-0358 | Multiple vulnerability in EMC Legato Networker EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token. | 7.5 |
| 2005-08-23 | CVE-2005-0357 | Multiple vulnerability in EMC Legato Networker EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID. | 7.5 |
| 2005-07-05 | CVE-2005-2094 | Cross-Site Scripting vulnerability in SUN ONE web Server 6.1 Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." network sun | 4.3 |
| 2005-06-29 | CVE-2005-2072 | Permissions, Privileges, and Access Controls vulnerability in SUN Solaris and Sunos The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT. | 7.2 |
| 2005-06-29 | CVE-2005-2071 | Permissions, Privileges, and Access Controls vulnerability in SUN Solaris 10.0 traceroute in Sun Solaris 10 on x86 systems allows local users to execute arbitrary code with PRIV_NET_RAWACCESS privileges via (1) a large number of -g arguments or (2) a malformed -s argument with a trailing . | 4.6 |