Vulnerabilities > SUN
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-09-18 | CVE-2007-2834 | Integer Overflow or Wraparound vulnerability in multiple products Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow. | 9.3 |
| 2007-09-18 | CVE-2007-4938 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value. | 7.6 |
| 2007-09-06 | CVE-2007-4732 | Improper Input Validation vulnerability in SUN Solaris 10.0/8.0/9.0 Unspecified vulnerability in the strfreectty function in the Special File System (SPECFS) in Sun Solaris 8 through 10 allows local users to cause a denial of service (system panic), related to passing a NULL pointer to the pgsignal function. | 4.9 |
| 2007-08-23 | CVE-2007-4511 | Unspecified vulnerability in SUN Java System Application Server 9.00.1 The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply certain configuration changes persistently, which causes the (1) SSL and (2) SSL_MutualAuth ORB listener services to enable all protocols and ciphers after the services are restarted, possibly allowing remote attackers to bypass intended policy. | 5.0 |
| 2007-08-23 | CVE-2007-4495 | Denial-Of-Service vulnerability in SUN Solaris 10.0/8.0/9.0 Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on the x86 platform before 20070821 allows local users to cause a denial of service (system panic) via an unspecified ioctl function, aka Bug 6433124. | 4.9 |
| 2007-08-23 | CVE-2007-4492 | Local Denial Of Service vulnerability in SUN Solaris 10.0/8.0/9.0 Multiple unspecified vulnerabilities in the ata disk driver in Sun Solaris 8, 9, and 10 on the x86 platform before 20070821 allow local users to cause a denial of service (system panic) via unspecified ioctl functions, aka Bug 6433123. | 4.9 |
| 2007-08-17 | CVE-2007-4395 | Remote Privilege Escalation vulnerability in SUN Sunos 5.8 Multiple unspecified vulnerabilities in the Role Based Access Control (RBAC) functionality in Sun Solaris 8 allow remote attackers who know the password for a role to gain privileges via that role. | 7.6 |
| 2007-08-17 | CVE-2007-4381 | Remote Privilege Escalation vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the font parsing implementation in Sun JDK and JRE 5.0 Update 9 and earlier, and SDK and JRE 1.4.2_14 and earlier, allows remote attackers to perform unauthorized actions via an applet that grants certain privileges to itself. | 9.3 |
| 2007-08-13 | CVE-2007-4310 | Remote Security vulnerability in SUN Sunos 5.7/5.8/5.9 The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows remote attackers to list all accounts that have certain nonstandard GECOS fields via a request composed of a single digit, as demonstrated by a "finger 9@host" command, a different vulnerability than CVE-2001-1503. network sun | 4.3 |
| 2007-08-09 | CVE-2007-4289 | Remote Security vulnerability in SUN Java System Portal Server 7.0 Sun Java System Portal Server 7.0 does not properly process XSLT stylesheets in XSLT transforms in XML signatures, which allows context-dependent attackers to execute an arbitrary Java method via a crafted stylesheet, a related issue to CVE-2007-3715. network sun | 6.8 |