CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-0800
https://notcve.org/view.php?id=CVE-2011-0800
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities. Vulnerabilidad no especificada en el componente Solaris de Oracle Solaris v8, v9, v10, v11 y Express permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la Administración de Utilidades. • http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2011-0412
https://notcve.org/view.php?id=CVE-2011-0412
Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks. Oracle Solaris 10 almacena archivos de "vuelta atrás" de parches (undo.Z) sin encriptar con permiso de lectura para todos los usuarios en /var/sadm/pkg/, lo que permite a usuarios locales obtener hashes de contraseñas y realizar ataques de obtención de contraseñas por fuerza bruta. • http://osvdb.org/71646 http://secunia.com/advisories/44047 http://www.kb.cert.org/vuls/id/648244 http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html http://www.securityfocus.com/bid/47171 http://www.vupen.com/english/advisories/2011/0882 https://exchange.xforce.ibmcloud.com/vulnerabilities/66579 • CWE-255: Credentials Management Errors •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 3CVE-2011-0902 – Sun Microsystems SunScreen Firewall - Privilege Escalation
https://notcve.org/view.php?id=CVE-2011-0902
Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LIBRARY_PATH environment variable. Múltiples vulnerabilidades de búsqueda en ruta no confiable en el Java service en Sun Microsystems SunScreen Firewall sobre SunOS v5.9 permite a usuarios locales ejecutar código de su elección a través de una (1) PATH modificada o (2) la variable de entorno LD_LIBRARY_PATH • https://www.exploit-db.com/exploits/16041 http://www.exploit-db.com/exploits/16041 http://www.securityfocus.com/bid/45963 https://exchange.xforce.ibmcloud.com/vulnerabilities/64887 •
CVSS: 10.0EPSS: 95%CPEs: 3EXPL: 2CVE-2010-4435 – Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4435
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10. Una vulnerabilidad no especificada en Solaris de Oracle versiones 8, 9 y 10, permite a los atacantes remotos afectar la confidencialidad, integridad y disponibilidad, relacionadas con CDE Calendar Manager Service Daemon and RPC. NOTA: la información anterior fue obtenida de la CPU de enero de 2011. • https://www.exploit-db.com/exploits/16137 http://aix.software.ibm.com/aix/efixes/security/cmsd_advisory.asc http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02702395 http://osvdb.org/70569 http://secunia.com/advisories/42984 http://secunia.com/advisories/43258 http://securityreason.com/securityalert/8069 http://www.exploit-db.com/exploits/16137 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/archive/1/516284&#x •
CVSS: 4.1EPSS: 0%CPEs: 3EXPL: 0CVE-2010-4415
https://notcve.org/view.php?id=CVE-2010-4415
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc. Vulnerabilidad no especificada en Oracle Solaris v8, v9 y v10 permite a usuarios locales afectar la una confidencialidad, integridad y disponibilidad a traves de vectores desconocidos relacionados con libc. • http://secunia.com/advisories/42984 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securityfocus.com/bid/45904 http://www.securitytracker.com/id?1024975 http://www.vupen.com/english/advisories/2011/0151 https://exchange.xforce.ibmcloud.com/vulnerabilities/64803 •