| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code. |
| The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. |
| Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection. |
| nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. |
| SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server. |
| Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. |
| Buffer overflow in Solaris fdformat command gives root access to local users. |
| The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers. |
| SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. |
| Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access. |
| A race condition in the Solaris ps command allows an attacker to overwrite critical files. |
| sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. |
| Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. |
| Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command. |
| The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches. |
| mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. |
| Buffer overflow in BIND 8.2 via NXT records. |
| Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type. |
| Denial of service in BIND named via consuming more than "fdmax" file descriptors. |
| The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges. |
