Vulnerabilities > SUN
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-03-18 | CVE-2008-1369 | Permissions, Privileges, and Access Controls vulnerability in SUN Sunos 5.10 A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and T5220 servers has /etc/default/login and /etc/ssh/sshd_config files that configure root logins in a manner unintended by the vendor, which allows remote attackers to gain privileges via unspecified vectors. | 10.0 |
2008-03-17 | CVE-2008-1356 | Improper Authentication vulnerability in SUN Solaris 10 Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java Desktop System (JDS), when using the GNOME On-Screen Keyboard (GOK), allows local users to bypass authentication via unknown vectors that cause the screen saver to crash. | 6.3 |
2008-03-13 | CVE-2008-1317 | Local Denial of Service vulnerability in SUN Solaris 10 Unspecified vulnerability in the Inter-Process Communication (IPC) message queue subsystem in Sun Solaris 10 allows local users to cause a denial of service (reboot) via blocked I/O message queues. | 4.9 |
2008-03-11 | CVE-2008-1286 | Unspecified vulnerability in SUN Java web Console 3.0.2/3.0.3/3.0.4 Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors. | 7.8 |
2008-03-11 | CVE-2008-1285 | Cross-Site Scripting vulnerability in SUN JSF Cross-site scripting (XSS) vulnerability in Sun Java Server Faces (JSF) 1.2 before 1.2_08 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 4.3 |
2008-03-08 | CVE-2008-1205 | Local Denial of Service vulnerability in SUN Solaris 10 Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service (panic) via unspecified vectors. | 4.9 |
2008-03-08 | CVE-2008-1204 | Cross-Site Scripting vulnerability in SUN Java System Access Manager 7.0/7.02005Q4/7.1 Multiple cross-site scripting (XSS) vulnerabilities in the Administration Console in Sun Java System Access Manager 7.1 and 7 2005Q4 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the (1) Help and (2) Version windows. | 4.3 |
2008-03-06 | CVE-2008-1196 | Buffer Errors vulnerability in SUN Jdk, JRE and SDK Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK and JRE 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to execute arbitrary code via a crafted JNLP file. | 6.8 |
2008-03-06 | CVE-2008-1195 | 7PK - Security Features vulnerability in multiple products Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs. | 9.3 |
2008-03-06 | CVE-2008-1194 | Unspecified vulnerability in SUN JDK and JRE Multiple unspecified vulnerabilities in the color management library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to cause a denial of service (crash) via unknown vectors. network sun | 4.3 |