Vulnerabilities > SUN
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-01-08 | CVE-2010-0272 | Buffer Errors vulnerability in SUN Java System web Server 7.0 Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. | 7.5 |
2010-01-08 | CVE-2010-0271 | Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_audit privilege during unspecified attempts to write to the auditing log, which makes it easier for physically proximate attackers to avoid detection of changes to the set of connected hardware devices supporting the Hardware Abstraction Layer (HAL) specification. | 4.6 |
2009-12-31 | CVE-2009-4502 | Permissions, Privileges, and Access Controls vulnerability in Zabbix The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. | 9.3 |
2009-12-28 | CVE-2009-4443 | Denial-Of-Service vulnerability in Java System Directory Server Unspecified vulnerability in the psearch (aka persistent search) functionality in Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 allows remote attackers to cause a denial of service (psearch outage) by using a crafted psearch client to send requests that trigger a psearch thread loop, aka Bug Id 6855978. network sun | 4.3 |
2009-12-28 | CVE-2009-4442 | Configuration vulnerability in SUN Java System Directory Server Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly implement the max-client-connections configuration setting, which allows remote attackers to cause a denial of service (connection slot exhaustion) by making multiple connections and performing no operations on these connections, aka Bug Id 6648665. | 5.0 |
2009-12-28 | CVE-2009-4441 | Denial-Of-Service vulnerability in Java System Directory Server Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659. | 5.0 |
2009-12-28 | CVE-2009-4440 | Race Condition vulnerability in SUN Java System Directory Server Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not properly handle multiple client connections within a short time window, which allows remote attackers to hijack the backend connection of an authenticated user, and obtain the privileges of this user, by making a client connection in opportunistic circumstances, related to "long binds," aka Bug Ids 6828462 and 6823593. | 6.8 |
2009-12-14 | CVE-2009-4314 | Permissions, Privileges, and Access Controls vulnerability in SUN RAY Server Software 4.1 Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group Hotdesking (AMGH) is enabled, responds to a logout action by immediately logging the user in again, which makes it easier for physically proximate attackers to obtain access to a session by going to an unattended DTU device. | 4.4 |
2009-12-11 | CVE-2009-4295 | Cryptographic Issues vulnerability in SUN RAY Server Software 4.0/4.1 Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA private key for the firmware on each Sun Ray 1, 1g, 100, and 150 DTU device, which makes it easier for remote attackers to obtain sensitive information by predicting a key and then using it to decrypt sniffed network traffic. | 7.8 |
2009-12-11 | CVE-2009-4294 | Remote Code Execution vulnerability in Sun Ray Server Authentication Manager Unspecified vulnerability in the Authentication Manager (aka utauthd) in Sun Ray Server Software 4.0 and 4.1 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors. | 10.0 |