Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-02-03 | CVE-2004-1082 | mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | 7.5 |
| 2004-01-20 | CVE-2003-1024 | Privilege Escalation vulnerability in SUN Sunos 5.8 Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges. | 7.2 |
| 2004-01-05 | CVE-2003-0999 | Local Security vulnerability in Solaris Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files. | 7.2 |
| 2003-12-31 | CVE-2003-1563 | Denial Of Service vulnerability in Sun Cluster TCP Port Conflict Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by the Distributed Lock Manager (DLM), possibly involving this daemon responding in a manner that spoofs a cluster reconfiguration. | 4.0 |
| 2003-12-31 | CVE-2003-1521 | Unspecified vulnerability in SUN Java Plug-In Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model. | 6.4 |
| 2003-12-31 | CVE-2003-1516 | Cross-Site Applet Sandbox Security Model Violation vulnerability in SUN Java Plug-In 1.4.201 The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet. network sun | 6.8 |
| 2003-12-31 | CVE-2003-1437 | Unspecified vulnerability in BEA Weblogic Server 7.0/7.0.0.1 BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. | 2.1 |
| 2003-12-31 | CVE-2003-1301 | Denial Of Service vulnerability in Sun Java Runtime Environment Nested Array Objects Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses. | 5.0 |
| 2003-12-31 | CVE-2003-1156 | File Corruption vulnerability in SUN JDK and JRE Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4.2 through 1.4.2_02 allows local users to overwrite arbitrary files via a symlink attack on (1) unpack.log, as created by the unpack program, or (2) .mailcap1 and .mime.types1, as created by the RPM program. | 4.6 |
| 2003-12-31 | CVE-2003-1134 | Denial Of Service vulnerability in SUN Java 1.3.1/1.4.1/1.4.2 Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception. | 2.1 |