Filtered by vendor Oracle
Subscriptions
Filtered by product Solaris
Subscriptions
Total
730 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2007-0882 | 2 Oracle, Sun | 2 Solaris, Sunos | 2024-11-21 | N/A |
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account. | ||||
CVE-2004-1349 | 2 Gnu, Oracle | 2 Gzip, Solaris | 2024-11-21 | N/A |
gzip before 1.3 in Solaris 8, when called with the -f or -force flags, will change the permissions of files that are hard linked to the target files, which allows local users to view or modify these files. | ||||
CVE-2004-0230 | 6 Juniper, Mcafee, Netbsd and 3 more | 7 Junos, Network Data Loss Prevention, Netbsd and 4 more | 2024-11-21 | N/A |
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP. | ||||
CVE-2002-1844 | 2 Microsoft, Oracle | 2 Windows Media Player, Solaris | 2024-11-21 | 7.8 High |
Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, installs executables with world-writable permissions, which allows local users to delete or modify the executables to gain privileges. | ||||
CVE-2002-1337 | 8 Gentoo, Hp, Netbsd and 5 more | 11 Linux, Alphaserver Sc, Hp-ux and 8 more | 2024-11-21 | N/A |
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. | ||||
CVE-2001-0249 | 3 Hp, Oracle, Sgi | 3 Hp-ux, Solaris, Irix | 2024-11-21 | 9.8 Critical |
Heap overflow in FTP daemon in Solaris 8 allows remote attackers to execute arbitrary commands by creating a long pathname and calling the LIST command, which uses glob to generate long strings. | ||||
CVE-1999-0524 | 11 Apple, Cisco, Hp and 8 more | 14 Mac Os X, Macos, Ios and 11 more | 2024-11-21 | N/A |
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts. | ||||
CVE-1999-0046 | 10 Bsdi, Debian, Digital and 7 more | 10 Bsd Os, Debian Linux, Ultrix and 7 more | 2024-11-21 | N/A |
Buffer overflow of rlogin program using TERM environmental variable. | ||||
CVE-2024-45071 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-10-21 | 5.5 Medium |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to stored cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
CVE-2024-45072 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-10-21 | 5.5 Medium |
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources. |