Vulnerabilities > SUN
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-10-16 | CVE-2007-5482 | Denial of Service vulnerability in SUN Storagetek 3510 and Storedge Unspecified vulnerability in the FTP service in Sun StorEdge/StorageTek 3510 FC Array with firmware before 4.21 allows remote attackers, with access to the Ethernet management interface, to cause a denial of service (I/O request timeout and device hang) via unspecified vectors. | 6.4 |
2007-10-15 | CVE-2007-5462 | Improper Input Validation vulnerability in SUN Solaris 10.0/8.0/9.0 Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems. | 7.8 |
2007-10-12 | CVE-2007-5422 | Configuration vulnerability in SUN Sunos 5.10 Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors. | 4.9 |
2007-10-11 | CVE-2007-5375 | Improper Input Validation vulnerability in SUN Java Virtual Machine Interpretation conflict in the Sun Java Virtual Machine (JVM) allows user-assisted remote attackers to conduct a multi-pin DNS rebinding attack and execute arbitrary JavaScript in an intranet context, when an intranet web server has an HTML document that references a "mayscript=true" Java applet through a local relative URI, which may be associated with different IP addresses by the browser and the JVM. | 2.6 |
2007-10-11 | CVE-2007-5368 | Local Denial of Service vulnerability in SUN Solaris 10.0 Multiple unspecified vulnerabilities in labeld in Trusted Extensions in Sun Solaris 10 allow local users to cause a denial of service (multiple application hang) via unspecified vectors. | 4.9 |
2007-10-11 | CVE-2007-5367 | Resource Management Errors vulnerability in SUN Solaris 10.0 Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors. | 4.9 |
2007-10-11 | CVE-2007-5365 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU. | 7.2 |
2007-10-09 | CVE-2007-5319 | Local Denial of Service vulnerability in SUN Solaris 10.0/8.0/9.0 Unspecified vulnerability in the vuidmice STREAMS modules in Sun Solaris 8, 9, and 10 allows local users with console (/dev/console) access to cause a denial of service ("unusable" system console) via unspecified vectors. network sun | 3.5 |
2007-10-08 | CVE-2007-5274 | Unspecified vulnerability in SUN Jdk, JRE and SDK Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when Firefox or Opera is used, allows remote attackers to violate the security model for JavaScript outbound connections via a multi-pin DNS rebinding attack dependent on the LiveConnect API, in which JavaScript download relies on DNS resolution by the browser, but JavaScript socket operations rely on separate DNS resolution by a Java Virtual Machine (JVM), a different issue than CVE-2007-5273. | 2.6 |
2007-10-08 | CVE-2007-5273 | Unspecified vulnerability in SUN Jdk, JRE and SDK Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and earlier, JDK and JRE 5.0 Update 12 and earlier, SDK and JRE 1.4.2_15 and earlier, and SDK and JRE 1.3.1_20 and earlier, when an HTTP proxy server is used, allows remote attackers to violate the security model for an applet's outbound connections via a multi-pin DNS rebinding attack in which the applet download relies on DNS resolution on the proxy server, but the applet's socket operations rely on DNS resolution on the local machine, a different issue than CVE-2007-5274. | 2.6 |