Every CVE whose affected-product data names Sun Solaris, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (200)
CVE-2008-3870 — CVSS 10.0 (critical): Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that…
CVE-1999-0254 — CVSS 10.0 (critical): A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information.
CVE-2001-0353 — CVSS 10.0 (critical): Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via…
CVE-2000-0032 — CVSS 10.0 (critical): Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.
CVE-2003-0201 — CVSS 10.0 (critical): Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG…
CVE-2003-0196 — CVSS 10.0 (critical): Multiple buffer overflows in Samba before 2.2.8a may allow remote attackers to execute arbitrary code or cause a denial of service, as…
CVE-2003-0161 — CVSS 10.0 (critical): The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char…
CVE-2008-3869 — CVSS 10.0 (critical): Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request…
CVE-2007-3093 — CVSS 10.0 (critical): Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows…
CVE-2001-0554 — CVSS 10.0 (critical): Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a…
CVE-2001-0236 — CVSS 10.0 (critical): Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long…
CVE-2001-0779 — CVSS 10.0 (critical): Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.
CVE-2001-0797 — CVSS 10.0 (critical): Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large…
CVE-1999-0977 — CVSS 10.0 (critical): Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
CVE-1999-0974 — CVSS 10.0 (critical): Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
CVE-2002-0033 — CVSS 10.0 (critical): Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with…
CVE-1999-0973 — CVSS 10.0 (critical): Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in…
CVE-2004-1351 — CVSS 10.0 (critical): Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.
CVE-2008-4556 — CVSS 10.0 (critical): Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers…
CVE-2002-0436 — CVSS 10.0 (critical): sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in…
CVE-2008-5010 — CVSS 10.0 (critical): in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial…
CVE-2000-0844 — CVSS 10.0 (critical): Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local…
CVE-1999-0186 — CVSS 10.0 (critical): In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify…
CVE-2002-0679 — CVSS 10.0 (critical): Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute…
CVE-2002-0796 — CVSS 10.0 (critical): Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
CVE-2002-0797 — CVSS 10.0 (critical): Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.
CVE-2003-0722 — CVSS 10.0 (critical): The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof…
CVE-2003-0694 — CVSS 10.0 (critical): The prescan function in Sendmail 8.12.9 allows remote attackers to execute arbitrary code via buffer overflow attacks, as demonstrated…
CVE-1999-0097 — CVSS 10.0 (critical): The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
CVE-2009-2296 — CVSS 10.0 (critical): The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting…
CVE-2002-1584 — CVSS 10.0 (critical): Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other…
CVE-2004-0523 — CVSS 10.0 (critical): Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute…
CVE-2003-1081 — CVSS 10.0 (critical): Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file.
CVE-1999-1588 — CVSS 9.8 (critical): Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code as root via a long…
CVE-2003-0466 — CVSS 9.8 (critical): Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary…
CVE-2002-0391 — CVSS 9.8 (critical): Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including…
CVE-2008-0964 — CVSS 9.3 (critical): Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted…
CVE-2008-0965 — CVSS 9.3 (critical): Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted…
CVE-2007-6413 — CVSS 9.3 (critical): Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain…
CVE-2007-3094 — CVSS 9.0 (critical): Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605…
CVE-2009-2137 — CVSS 7.8 (high): Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka n2cp) in Sun Solaris 10, and OpenSolaris snv_54 through snv_112…
CVE-2006-5075 — CVSS 7.8 (high): The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of…
CVE-2008-5410 — CVSS 7.8 (high): The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 does not maintain reference counts for operations with asymmetric…
CVE-2009-2136 — CVSS 7.8 (high): Unspecified vulnerability in the TCP/IP networking stack in Sun Solaris 10, and OpenSolaris snv_01 through snv_82 and snv_111 through…
CVE-2007-5716 — CVSS 7.8 (high): Unspecified vulnerability in the Internet Protocol (IP) functionality in Sun Solaris 10 allows local users to cause a denial of service…
CVE-2007-2989 — CVSS 7.8 (high): The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to…
CVE-2009-2972 — CVSS 7.8 (high): in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (memory consumption) via…
CVE-2008-2946 — CVSS 7.8 (high): The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to…
CVE-2006-5013 — CVSS 7.8 (high): Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service…
CVE-2008-2090 — CVSS 7.8 (high): Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU…
CVE-2006-7028 — CVSS 7.8 (high): Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a…
CVE-2007-5462 — CVSS 7.8 (high): Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a…
CVE-2007-3223 — CVSS 7.8 (high): Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system…
CVE-2006-5073 — CVSS 7.8 (high): Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets…
CVE-2006-3781 — CVSS 7.8 (high): Unspecified vulnerability in Sun Solaris 10 allows context-dependent attackers to cause a denial of service (panic) via unspecified vectors…
CVE-2007-3248 — CVSS 7.8 (high): Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 interfaces are present but not configured for IPsec, allows remote…
CVE-2007-0165 — CVSS 7.8 (high): Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC…
CVE-2008-2089 — CVSS 7.8 (high): Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service…
CVE-2009-3899 — CVSS 7.8 (high): Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 through snv_94, allows remote attackers…
CVE-2009-0304 — CVSS 7.8 (high): The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system…
CVE-2005-3674 — CVSS 7.8 (high): The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Sun Solaris 9 and 10 allows remote attackers to cause a…
CVE-2009-2487 — CVSS 7.8 (high): Use-after-free vulnerability in the frpr_icmp function in the ipfilter (aka IP Filter) subsystem in Sun Solaris 10, and OpenSolaris snv_45…
CVE-2009-0923 — CVSS 7.8 (high): Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers…
CVE-2007-0634 — CVSS 7.8 (high): Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain…
CVE-2009-2486 — CVSS 7.8 (high): Unspecified vulnerability in the SCTP implementation in Sun Solaris 10, and OpenSolaris before snv_120, allows remote attackers to cause a…
CVE-2007-3470 — CVSS 7.8 (high): Multiple unspecified vulnerabilities in the KSSL kernel module in Sun Solaris 10, when configured with the KSSL proxy, allow remote…
CVE-2007-6180 — CVSS 7.6 (high): Race condition in the Remote Procedure Call kernel module (rpcmod) in Sun Solaris 8 through 10 allows local users to cause a denial of…
CVE-1999-0875 — CVSS 7.5 (high): DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.
CVE-2003-1063 — CVSS 7.5 (high): The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file…
CVE-2003-0064 — CVSS 7.5 (high): The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to…
CVE-2003-0028 — CVSS 7.5 (high): Integer overflow in the xdrmem_getbytes() function, and possibly other functions, of XDR (external data representation) libraries derived…
CVE-1999-1432 — CVSS 7.5 (high): Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed…
CVE-2005-2870 — CVSS 7.5 (high): Unknown vulnerability in the net-svc script on Solaris 10 allows remote authenticated users to execute arbitrary code on a DHCP client via…
CVE-1999-0189 — CVSS 7.5 (high): Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.
CVE-1999-0795 — CVSS 7.5 (high): The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable…
CVE-2003-1078 — CVSS 7.5 (high): The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enabled displays the user password on the screen during login.
CVE-1999-0302 — CVSS 7.5 (high): SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.
CVE-1999-0065 — CVSS 7.5 (high): Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.
CVE-2004-1082 — CVSS 7.5 (high): mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows…
CVE-2002-1317 — CVSS 7.5 (high): Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of…
CVE-2004-1307 — CVSS 7.5 (high): Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code…
CVE-2002-0677 — CVSS 7.5 (high): CDE ToolTalk database server (ttdbserver) allows remote attackers to overwrite arbitrary memory locations with a zero, and possibly gain…
CVE-2002-0573 — CVSS 7.5 (high): Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code…
CVE-1999-0185 — CVSS 7.5 (high): In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server…
CVE-1999-0687 — CVSS 7.5 (high): The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
CVE-2001-1414 — CVSS 7.5 (high): The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide…
CVE-2005-0248 — CVSS 7.5 (high): The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates…
CVE-1999-0493 — CVSS 7.5 (high): rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn…
CVE-2007-1681 — CVSS 7.5 (high): Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a…
CVE-1999-0952 — CVSS 7.2 (high): Buffer overflow in Solaris lpstat via class argument allows local users to gain root access.
CVE-1999-0040 — CVSS 7.2 (high): Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
CVE-1999-0051 — CVSS 7.2 (high): Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.
CVE-2009-3851 — CVSS 7.2 (high): Trusted Extensions in Sun Solaris 10 interferes with the operation of the xscreensaver-demo command for the XScreenSaver application, which…
CVE-1999-0334 — CVSS 7.2 (high): In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.
CVE-1999-0339 — CVSS 7.2 (high): Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.
CVE-1999-0369 — CVSS 7.2 (high): The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.
CVE-1999-0674 — CVSS 7.2 (high): The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
CVE-2009-3183 — CVSS 7.2 (high): Heap-based buffer overflow in w in Sun Solaris 8 through 10, and OpenSolaris before snv_124, allows local users to gain privileges via…
CVE-1999-0689 — CVSS 7.2 (high): The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
CVE-1999-0691 — CVSS 7.2 (high): Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
CVE-1999-0767 — CVSS 7.2 (high): Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
CVE-1999-0948 — CVSS 7.2 (high): Buffer overflow in uum program for Canna input system allows local users to gain root privileges.
CVE-1999-0949 — CVSS 7.2 (high): Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.
CVE-1999-0982 — CVSS 7.2 (high): The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.
CVE-1999-1026 — CVSS 7.2 (high): aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files and gain root privileges via a symlink attack on the…
CVE-1999-1027 — CVSS 7.2 (high): Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a…
CVE-1999-1191 — CVSS 7.2 (high): Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
CVE-1999-1419 — CVSS 7.2 (high): Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges.
CVE-2000-0055 — CVSS 7.2 (high): Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.
CVE-2000-0118 — CVSS 7.2 (high): The Red Hat Linux su program does not log failed password guesses if the su process is killed before it times out, which allows local…
CVE-2000-0316 — CVSS 7.2 (high): Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.
CVE-2000-0317 — CVSS 7.2 (high): Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option.
CVE-2000-0337 — CVSS 7.2 (high): Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.
CVE-2000-0407 — CVSS 7.2 (high): Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.
CVE-2000-0471 — CVSS 7.2 (high): Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.
CVE-2001-0115 — CVSS 7.2 (high): Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.
CVE-2001-0124 — CVSS 7.2 (high): Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument.
CVE-2001-0165 — CVSS 7.2 (high): Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name)…
CVE-2001-0190 — CVSS 7.2 (high): Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by…
CVE-2001-0401 — CVSS 7.2 (high): Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
CVE-2001-0422 — CVSS 7.2 (high): Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
CVE-2001-0423 — CVSS 7.2 (high): Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a…
CVE-2001-0426 — CVSS 7.2 (high): Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG…
CVE-2001-1076 — CVSS 7.2 (high): Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME…
CVE-2001-1582 — CVSS 7.2 (high): Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long…
CVE-2002-0084 — CVSS 7.2 (high): Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long…
CVE-2002-0088 — CVSS 7.2 (high): Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long media installation path.
CVE-2002-0089 — CVSS 7.2 (high): Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command…
CVE-2002-0090 — CVSS 7.2 (high): Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command…
CVE-2002-0158 — CVSS 7.2 (high): Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line…
CVE-2002-0572 — CVSS 7.2 (high): FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by…
CVE-2002-0678 — CVSS 7.2 (high): CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file…
CVE-2002-1296 — CVSS 7.2 (high): Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences…
CVE-2008-5689 — CVSS 7.2 (high): tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly…
CVE-2002-1590 — CVSS 7.2 (high): The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) SUNWwbcou, (3) SUNWwbdev and (4) SUNWmgapp packages, when installed…
CVE-2002-1871 — CVSS 7.2 (high): pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" (question mark) in the (1) mode…
CVE-2002-1980 — CVSS 7.2 (high): Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 through 8 allows local users to execute arbitrary code via unknown…
CVE-2002-2197 — CVSS 7.2 (high): Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a denial of service (kernel panic) via a program that uses /dev/poll…
CVE-2003-0091 — CVSS 7.2 (high): Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.
CVE-2003-0092 — CVSS 7.2 (high): Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME…
CVE-2003-0609 — CVSS 7.2 (high): Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long…
CVE-2003-0999 — CVSS 7.2 (high): Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute…
CVE-2003-1055 — CVSS 7.2 (high): Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an…
CVE-2003-1056 — CVSS 7.2 (high): The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary…
CVE-2003-1057 — CVSS 7.2 (high): Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solaris 2.6 through 9 may allow local users to execute arbitrary code.
CVE-2003-1059 — CVSS 7.2 (high): Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access.
CVE-2008-4131 — CVSS 7.2 (high): Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow local users to gain privileges via vectors related to handling of…
CVE-2003-1067 — CVSS 7.2 (high): Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9…
CVE-2003-1068 — CVSS 7.2 (high): Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a…
CVE-2008-3875 — CVSS 7.2 (high): The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 allows local users to bypass chroot, zones, and the Solaris Trusted…
CVE-2003-1076 — CVSS 7.2 (high): Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly…
CVE-2008-3838 — CVSS 7.2 (high): Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88…
CVE-2003-1082 — CVSS 7.2 (high): Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4705891, a…
CVE-2004-0360 — CVSS 7.2 (high): Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors.
CVE-2004-0496 — CVSS 7.2 (high): Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of…
CVE-2008-2710 — CVSS 7.2 (high): Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun…
CVE-2004-0780 — CVSS 7.2 (high): Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument.
CVE-2004-1352 — CVSS 7.2 (high): Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.
CVE-2004-1353 — CVSS 7.2 (high): Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain…
CVE-2004-1767 — CVSS 7.2 (high): The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly…
CVE-2004-2686 — CVSS 7.2 (high): Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel…
CVE-2005-0816 — CVSS 7.2 (high): Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.
CVE-2008-0242 — CVSS 7.2 (high): Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local users to access files and gain privileges via unknown vectors…
CVE-2005-2072 — CVSS 7.2 (high): The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows…
CVE-2007-5365 — CVSS 7.2 (high): Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd…
CVE-2007-3471 — CVSS 7.2 (high): Buffer overflow in the dtsession Common Desktop Environment (CDE) Session Manager in Sun Solaris 8, 9, and 10 allows local users to execute…