CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2010-0310
https://notcve.org/view.php?id=CVE-2010-0310
Trusted Extensions in Sun Solaris 10 allows local users to gain privileges via vectors related to omission of unspecified libraries from software updates. Trusted Extensions en Sun Solaris 10, permite a usuarios locales obtener privilegios a través de vectores relacionados con la omisión de ciertas bibliotecas desde las actualizaciones de software. • http://secunia.com/advisories/38129 http://securitytracker.com/id?1023448 http://sunsolve.sun.com/search/document.do?assetkey=1-21-143502-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-275410-1 http://www.securityfocus.com/bid/37754 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8444 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2010-0311
https://notcve.org/view.php?id=CVE-2010-0311
Unspecified vulnerability in Sun Java System Identity Manager (aka IdM) 8.1.0.5 and 8.1.0.6, when Sun Java System Access Manager, OpenSSO Enterprise 8.0, or IBM Tivoli Access Manager is used, allows remote attackers to obtain administrative access via unknown vectors. Vulnerabilidad no especificada en Sun Java System Identity Manager (también conocido como IdM) v8.1.0.5 y v8.1.0.6, cuando se usa con Sun Java System Access Manager, OpenSSO Enterprise v8.0 o IBM Tivoli Access Manager, permite a atacantes remotos obtener acceso como administrador a través de vectores desconocidos. • http://osvdb.org/61658 http://secunia.com/advisories/38130 http://securitytracker.com/id?1023447 http://sunsolve.sun.com/search/document.do?assetkey=1-21-141642-08-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-275010-1 http://www.securityfocus.com/bid/37755 http://www.vupen.com/english/advisories/2010/0108 https://exchange.xforce.ibmcloud.com/vulnerabilities/55572 •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2010-0079
https://notcve.org/view.php?id=CVE-2010-0079
Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, and CVE-2009-3877. Múltiples vulnerabilidades en el componente JRockit en BEA Product Suite R27.6.5 utilizado con JRE/JDK v1.4.2, v5, y v6 permite a atacantes remotos influir en la confidencialidad, la integridad y la disponibilidad a traves de vectores desconocidos. NOTA: Este identificador de vulnerabilidad se solapa con la vulnerabilidades CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, y CVE-2009-3877. • http://www.oracle.com/technetwork/topics/security/cpujan2010-084891.html http://www.us-cert.gov/cas/techalerts/TA10-012A.html •
CVSS: 4.6EPSS: 0%CPEs: 160EXPL: 0CVE-2010-0271
https://notcve.org/view.php?id=CVE-2010-0271
hald in Sun OpenSolaris snv_51 through snv_130 does not have the proc_audit privilege during unspecified attempts to write to the auditing log, which makes it easier for physically proximate attackers to avoid detection of changes to the set of connected hardware devices supporting the Hardware Abstraction Layer (HAL) specification. hald en Sun OpenSolaris snv_51 hasta snv_130, proc_audit no tiene privilegios durante intentos sin especificar de escritura en la auditoría de log, lo que hace más fácil para los atacantes físicamente próximos evitar la detección de cambios en el conjunto de dispositivos hardware conectados que soportan la especificación de la capa de abstracción hardware (HAL). • http://sunsolve.sun.com/search/document.do?assetkey=1-66-274830-1 http://www.securityfocus.com/bid/37656 http://www.securitytracker.com/id?1023416 http://www.vupen.com/english/advisories/2010/0076 https://exchange.xforce.ibmcloud.com/vulnerabilities/55461 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2010-0272
https://notcve.org/view.php?id=CVE-2010-0272
Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 on Linux allows remote attackers to discover process memory locations via crafted data to TCP port 80, as demonstrated by the vd_sjws2 module in VulnDisco. NOTE: as of 20100106, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Desbordamiento de búfer basado en memoria dinámica en Sun Java System Web Server v7.0 Update v6 en Linux permite a atacantes remotos descubrir localizaciones del proceso de memoria a través de información manipulada en el puerto 80 TCP, como se ha desmostrado en el módulo vd_sjws2 en VulnDisco. NOTA: A fecha 06/01/2010 esta vulnerabilidad no contiene información determinante. • http://intevydis.com/sjws_demo.html http://www.intevydis.com/blog/?p=102 https://exchange.xforce.ibmcloud.com/vulnerabilities/55527 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •