Vulnerabilities > SUN > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-01-29 | CVE-2009-0345 | Permissions, Privileges, and Access Controls vulnerability in SUN Fire X2100 M2 and Fire X2200 M2 Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717. | 10.0 |
| 2009-01-29 | CVE-2009-0344 | Permissions, Privileges, and Access Controls vulnerability in SUN Fire X2100 M2 and Fire X2200 M2 Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717. | 10.0 |
| 2009-01-16 | CVE-2009-0171 | Permissions, Privileges, and Access Controls vulnerability in SUN Sparc Enterprise Server M4000/M5000 The Sun SPARC Enterprise M4000 and M5000 Server, within a certain range of serial numbers, allows remote attackers to use the manufacturing root password, perform a root login to the eXtended System Control Facility Unit (aka XSCFU or Service Processor), and have unspecified other impact. | 10.0 |
| 2009-01-16 | CVE-2009-0169 | Permissions, Privileges, and Access Controls vulnerability in SUN Java System Access Manager 7.1 Sun Java System Access Manager 7.1 allows remote authenticated sub-realm administrators to gain privileges, as demonstrated by creating the amadmin account in the sub-realm, and then logging in as amadmin in the root realm. | 9.0 |
| 2008-12-19 | CVE-2008-5685 | Unspecified vulnerability in SUN Scapp Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause a denial of service (shutdown or reboot), via spoofed IP packets. | 10.0 |
| 2008-12-17 | CVE-2008-5662 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Java Wireless Toolkit FOR Cldc Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC 2.5.2 and earlier allow downloaded programs to execute arbitrary code via unknown vectors. | 9.3 |
| 2008-12-05 | CVE-2008-5359 | Buffer Errors vulnerability in SUN Jdk, JRE and SDK Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code, related to a ConvolveOp operation in the Java AWT library. | 9.3 |
| 2008-12-05 | CVE-2008-5358 | Buffer Errors vulnerability in SUN JDK and JRE Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier might allow remote attackers to execute arbitrary code via a crafted GIF file that triggers memory corruption during display of the splash screen, possibly related to splashscreen.dll. | 9.3 |
| 2008-12-05 | CVE-2008-5357 | Numeric Errors vulnerability in SUN Jdk, JRE and SDK Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; SDK and JRE 1.4.2_18 and earlier; and SDK and JRE 1.3.1_23 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file, which triggers a heap-based buffer overflow. | 9.3 |
| 2008-12-05 | CVE-2008-5356 | Buffer Errors vulnerability in SUN Jdk, JRE and SDK Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier might allow remote attackers to execute arbitrary code via a crafted TrueType font file. | 9.3 |