Vulnerabilities > SUN > Solaris > 8

DATE CVE VULNERABILITY TITLE RISK
2009-12-03 CVE-2009-4187 Cross-Site Scripting vulnerability in SUN Java System Portal Server 6.3.1/7.1/7.2
Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
sun CWE-79
4.3
2009-09-14 CVE-2009-3183 Buffer Errors vulnerability in SUN Opensolaris and Solaris
Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via unspecified vectors.
local
low complexity
sun CWE-119
7.2
2009-09-08 CVE-2009-3100 Denial-Of-Service vulnerability in OpenSolaris
xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches.
local
high complexity
sun x-org
4.0
2009-08-27 CVE-2009-2972 Resource Management Errors vulnerability in SUN Solaris 8/9
in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors that trigger a "fork()/exec() bomb."
network
low complexity
sun CWE-399
7.8
2009-08-21 CVE-2009-2912 Local Denial Of Service vulnerability in SUN Opensolaris and Solaris
The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.
local
low complexity
sun
4.9
2009-07-10 CVE-2009-2430 Local Privilege Escalation vulnerability in SUN Opensolaris and Solaris
Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and OpenSolaris snv_01 through snv_58, when Solaris Auditing is enabled, allows local users with an RBAC execution profile for auditconfig to gain privileges via unknown attack vectors.
local
low complexity
sun
4.6
2009-06-11 CVE-2009-2029 Remote Denial Of Service vulnerability in SUN Opensolaris and Solaris
Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.
network
low complexity
sun
5.0
2009-06-05 CVE-2009-1933 Credentials Management vulnerability in SUN Opensolaris and Solaris
Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, does not properly manage credential caches, which allows local users to access Kerberized NFS mount points and Kerberized NFS shares via unspecified vectors.
local
sun CWE-255
4.7
2009-04-09 CVE-2009-1276 Information Exposure vulnerability in SUN Opensolaris and Solaris
XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications.
local
low complexity
gnome sun CWE-200
2.1
2009-04-01 CVE-2009-1207 Race Condition vulnerability in SUN Opensolaris and Solaris
Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files.
local
sun CWE-362
4.4