Vulnerabilities > SUN
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-02-06 | CVE-2008-0628 | Permissions, Privileges, and Access Controls vulnerability in SUN JDK and JRE The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 Update 3 and earlier processes external entity references even when the "external general entities" property is false, which allows remote attackers to conduct XML external entity (XXE) attacks and cause a denial of service or access restricted resources. | 7.8 |
2008-02-06 | CVE-2008-0212 | Resource Management Errors vulnerability in HP Openview Network Node Manager 6.41/7.01/7.51 ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access. | 7.8 |
2008-01-18 | CVE-2008-0006 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table. | 7.5 |
2008-01-15 | CVE-2008-0269 | Local Denial of Service vulnerability in SUN Sunos 5.10 Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 allows local users to cause a denial of service (panic) via unspecified vectors. | 4.9 |
2008-01-12 | CVE-2008-0242 | Unspecified vulnerability in SUN Solaris 10.0 Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors, related to login device permissions. | 7.2 |
2008-01-11 | CVE-2008-0241 | Improper Input Validation vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Open redirect vulnerability in /idm/user/login.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the nextPage parameter. | 5.8 |
2008-01-11 | CVE-2008-0240 | Cross-Site Scripting vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 /idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allows remote attackers to inject frames from arbitrary web sites and conduct phishing attacks via the helpUrl parameter, aka "frame injection." | 4.3 |
2008-01-11 | CVE-2008-0239 | Cross-Site Scripting vulnerability in SUN Java System Identity Manager 6.0/7.0/7.1 Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp. | 4.3 |
2008-01-09 | CVE-2007-0012 | Improper Input Validation vulnerability in SUN JRE Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM. | 4.3 |
2007-12-28 | CVE-2007-6572 | Cross-Site Scripting vulnerability in SUN products Cross-site scripting (XSS) vulnerability in Sun Java System Web Server 6.1 before SP8 and 7.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka BugID 6566204. | 4.3 |