Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-12 | CVE-2009-0874 | Resource Management Errors vulnerability in SUN Opensolaris and Solaris Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door server and (2) watchpoint problems in the door_call function. | 4.9 |
| 2009-03-11 | CVE-2009-0873 | Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris, Solaris and Sunos The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other." | 6.8 |
| 2009-03-11 | CVE-2009-0872 | Permissions, Privileges, and Access Controls vulnerability in SUN Opensolaris and Solaris The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does not properly implement the AUTH_NONE (aka sec=none) security mode in combination with other security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the AUTH_NONE and AUTH_SYS security modes. | 6.8 |
| 2009-03-10 | CVE-2009-0870 | Resource Management Errors vulnerability in SUN Opensolaris and Solaris The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv_111, allow local users to cause a denial of service (infinite loop and system hang) by accessing an hsfs filesystem that is shared through NFSv4, related to the rfs4_op_readdir function. | 4.7 |
| 2009-03-10 | CVE-2009-0868 | Improper Input Validation vulnerability in Fujitsu Jasmine2000 CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 6.8 |
| 2009-03-09 | CVE-2009-0857 | Cross-Site Scripting vulnerability in SUN Management Center 3.6.1/4.0 Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. | 4.3 |
| 2009-03-06 | CVE-2009-0838 | Resource Management Errors vulnerability in SUN Opensolaris and Sunos The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function. | 4.9 |
| 2009-02-19 | CVE-2008-6192 | Cross-Site Scripting vulnerability in SUN Java System Portal Server 7.0/7.1 Multiple cross-site scripting (XSS) vulnerabilities in unspecified Portlets in Sun Java System Portal Server 7.0 and 7.1 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
| 2009-02-17 | CVE-2009-0609 | Improper Input Validation vulnerability in SUN Java System Directory Server Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests. | 7.8 |
| 2009-02-13 | CVE-2009-0576 | Denial Of Service vulnerability in Sun Java System Directory Server LDAP Request Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 and earlier, and Enterprise Edition 5, allows remote attackers to cause a denial of service (daemon crash) via crafted LDAP requests. | 7.8 |