Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-17 | CVE-2008-5098 | Cross-Site Scripting vulnerability in SUN Java System Messaging Server 6.2/6.3 Cross-site scripting (XSS) vulnerability in Sun Java System Messaging Server 6.2 and 6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2007-2904. | 4.3 |
| 2008-11-10 | CVE-2008-5010 | Remote Code Execution vulnerability in SUN Opensolaris and Solaris in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805. | 10.0 |
| 2008-11-10 | CVE-2008-5009 | Race Condition vulnerability in SUN Solstice X.25 9.2 Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file. | 4.0 |
| 2008-11-07 | CVE-2008-4992 | Permissions, Privileges, and Access Controls vulnerability in SUN products The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and 7.1.3 through 7.1.3.e on UltraSPARC T1, T2, and T2+ processors allows logical domain users to access memory in other logical domains via unknown vectors. | 4.6 |
| 2008-11-04 | CVE-2008-4910 | Improper Input Validation vulnerability in SUN Java web Start The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. | 10.0 |
| 2008-10-27 | CVE-2008-4747 | Information Exposure vulnerability in SUN Java Access Manager 6/7/7.1 Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library. | 2.1 |
| 2008-10-23 | CVE-2008-4722 | Improper Authentication vulnerability in SUN products Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) 2.0.1.5 through 2.0.4.26 allows remote authenticated users to (1) access the service processor (SP) and cause a denial of service (shutdown or reboot), or (2) access the host operating system and have an unspecified impact, via unknown vectors. | 9.0 |
| 2008-10-21 | CVE-2008-4619 | Unspecified vulnerability in SUN Sunos 5.9 The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. | 10.0 |
| 2008-10-14 | CVE-2008-4556 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Solaris 8/9 Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request. | 10.0 |
| 2008-10-13 | CVE-2008-4541 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Java System web Proxy Server Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request. | 10.0 |