Filtered by vendor Sun
Subscribe
Total
1711 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-6276 | 1 Sun | 4 Java System Application Server, Java System Web Proxy Server, Java System Web Server and 1 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors. | |||||
| CVE-2009-0171 | 1 Sun | 1 Sparc Enterprise Server | 2025-04-09 | 10.0 HIGH | N/A |
| The Sun SPARC Enterprise M4000 and M5000 Server, within a certain range of serial numbers, allows remote attackers to use the manufacturing root password, perform a root login to the eXtended System Control Facility Unit (aka XSCFU or Service Processor), and have unspecified other impact. | |||||
| CVE-2008-5699 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 4.6 MEDIUM | N/A |
| The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris snv_50 through snv_104 does not properly check permissions, which allows local users to gain privileges and obtain sensitive information via unspecified vectors. | |||||
| CVE-2009-2671 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 5.0 MEDIUM | N/A |
| The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, allows remote attackers to discover the username of the account that invoked an untrusted (1) applet or (2) Java Web Start application via unspecified vectors. | |||||
| CVE-2009-2674 | 1 Sun | 2 Jdk, Jre | 2025-04-09 | 7.5 HIGH | N/A |
| Integer overflow in javaws.exe in Sun Java Web Start in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15 allows context-dependent attackers to execute arbitrary code via a crafted JPEG image that is not properly handled during display to a splash screen, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-3870 | 1 Sun | 1 Solaris | 2025-04-09 | 10.0 HIGH | N/A |
| Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted RPC request that triggers a heap-based buffer overflow, related to improper memory allocation. | |||||
| CVE-2008-4910 | 1 Sun | 1 Java Web Start | 2025-04-09 | 10.0 HIGH | N/A |
| The BasicService in Sun Java Web Start allows remote attackers to execute arbitrary programs on a client machine via a file:// URL argument to the showDocument method. | |||||
| CVE-2007-5118 | 1 Sun | 1 Solaris | 2025-04-09 | 4.7 MEDIUM | N/A |
| Unspecified vulnerability in the HID (Human Interface Device) class driver in Sun Solaris 8, 9, and 10 before 20070925 allows local users to cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2008-1205 | 1 Sun | 1 Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
| Unspecified vulnerability in the ipsecah kernel module in Sun Solaris 10, when a key management daemon for IPsec security associations is running, allows local users to cause a denial of service (panic) via unspecified vectors. | |||||
| CVE-2009-2297 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 7.1 HIGH | N/A |
| Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel function, related to a "TX panic." NOTE: this issue exists because of a regression in earlier kernel patches. | |||||
| CVE-2009-0609 | 1 Sun | 1 Java System Directory Server | 2025-04-09 | 7.8 HIGH | N/A |
| Sun Java System Directory Proxy Server in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3, when a JDBC data source is used, does not properly handle (1) a long value in an ADD or (2) long string attributes, which allows remote attackers to cause a denial of service (JDBC backend outage) via crafted LDAP requests. | |||||
| CVE-2009-1107 | 1 Sun | 1 Java | 2025-04-09 | 4.3 MEDIUM | N/A |
| The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871. | |||||
| CVE-2008-0212 | 4 Hp, Linux, Microsoft and 1 more | 5 Hp-ux, Openview Network Node Manager, Linux Kernel and 2 more | 2025-04-09 | 7.8 HIGH | N/A |
| ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allows remote attackers to cause a denial of service (crash) via a crafted TCP request that triggers an out-of-bounds memory access. | |||||
| CVE-2009-0268 | 1 Sun | 2 Opensolaris, Solaris | 2025-04-09 | 4.9 MEDIUM | N/A |
| Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl. | |||||
| CVE-2006-5214 | 2 Netbsd, Sun | 3 Netbsd, Solaris, Sunos | 2025-04-09 | 1.2 LOW | N/A |
| Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is performed, which allows local users to read Xsession errors files of other users. | |||||
| CVE-2007-1526 | 1 Sun | 1 Java System Web Server | 2025-04-09 | 6.0 MEDIUM | N/A |
| Sun Java System Web Server 6.1 before 20070314 allows remote authenticated users with revoked client certificates to bypass the Certificate Revocation List (CRL) authorization control and access secure web server instances running under an account different from that used for the admin server via unspecified vectors. | |||||
| CVE-2008-2749 | 1 Sun | 2 Java System Calendar Server, One Calendar Server | 2025-04-09 | 7.1 HIGH | N/A |
| Unspecified vulnerability in cshttpd in Sun Java System Calendar Server 6 and 6.3, and Sun ONE Calendar Server 6.0, when access logging (aka service.http.commandlog.all) is enabled, allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors. | |||||
| CVE-2007-6216 | 1 Sun | 2 Solaris, Sunos | 2025-04-09 | 4.7 MEDIUM | N/A |
| Race condition in the Fibre Channel protocol (fcp) driver and Devices filesystem (devfs) in Sun Solaris 10 allows local users to cause a denial of service (system hang) via some programs that access hardware resources, as demonstrated by the (1) cfgadm and (2) format programs. | |||||
| CVE-2009-3940 | 1 Sun | 2 Virtualbox, Xvm Virtualbox | 2025-04-09 | 2.1 LOW | N/A |
| Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox 1.6.x and 2.0.x before 2.0.12, 2.1.x, and 2.2.x, and Sun VirtualBox before 3.0.10, allows guest OS users to cause a denial of service (memory consumption) on the guest OS via unknown vectors. | |||||
| CVE-2008-1190 | 1 Sun | 3 Jdk, Jre, Sdk | 2025-04-09 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue. | |||||