Vulnerabilities > SUN > Solaris > 10.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-09-09 | CVE-2006-4655 | Local Buffer Overflow vulnerability in X.Org X Window Server LibX11 XKEYBOARD Extension Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value. | 4.6 |
| 2006-08-29 | CVE-2006-4439 | Unspecified vulnerability in SUN Solaris 10.0 pkgadd in Sun Solaris 10 before 20060825 installs files with insecure file and directory permissions (755 or 777) if the pkgmap file contains a "?" (question mark) in the mode field, which allows local users to modify arbitrary files or directories, a different vulnerability than CVE-2002-1871. | 3.6 |
| 2006-08-24 | CVE-2006-4319 | Buffer Overflow vulnerability in SUN Solaris and Sunos Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307. | 7.2 |
| 2006-08-23 | CVE-2006-4303 | Denial-Of-Service vulnerability in SUN Solaris 10.0 Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun Solaris 10 allows remote attackers to cause a denial of service ("tight loop" and CPU consumption for listener applications) via unknown vectors related to TCP fusion (do_tcp_fusion). | 2.6 |
| 2006-08-14 | CVE-2006-4139 | Local Denial of Service vulnerability in SUN Solaris 10.0 Race condition in Sun Solaris 10 allows attackers to cause a denial of service (system panic) via unspecified vectors related to ifconfig and either netstat or SNMP queries. | 5.4 |
| 2006-08-14 | CVE-2006-4117 | Denial-Of-Service vulnerability in SUN Solaris 10.0 The squeue_drain function in Sun Solaris 10, possibly only when run on CMT processors, allows remote attackers to cause a denial of service ("bad trap" and system panic) by opening and closing a large number of TCP connections ("heavy TCP/IP loads"). | 5.4 |
| 2006-08-01 | CVE-2006-3968 | Unspecified vulnerability in SUN Solaris 10.0 The crypto provider in Sun Solaris 10 3/05 HW2 without patch 121236-01, when running on Sun Fire T2000 platforms, incorrectly verifies a DSA signature, which might prevent applications from detecting that the data has been modified. | 5.0 |
| 2006-07-28 | CVE-2006-3920 | Denial-Of-Service vulnerability in Solaris The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm. | 5.0 |
| 2006-07-25 | CVE-2006-3825 | Unspecified vulnerability in SUN Solaris 10.0 The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication. | 2.1 |
| 2006-07-25 | CVE-2006-3824 | Local Information Disclosure vulnerability in SUN Solaris 10.0 systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function. | 4.9 |