CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2008-2946
https://notcve.org/view.php?id=CVE-2008-2946
The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to cause a denial of service (daemon crash) via malformed packets. Subagente mapeador SNMP-DNI (aka snmpXdmid) en Solstice Enterprise Agents en Sun Solaris 8 hasta 10 permite a atacantes remotos causar la denegación e servicios (caída del demonio) a través de paquetes malformados • http://secunia.com/advisories/30863 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237985-1 http://www.securityfocus.com/bid/29965 http://www.securitytracker.com/id?1020381 http://www.vupen.com/english/advisories/2008/1965/references • CWE-399: Resource Management Errors •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 1CVE-2008-2710
https://notcve.org/view.php?id=CVE-2008-2710
Integer signedness error in the ip_set_srcfilter function in the IP Multicast Filter in uts/common/inet/ip/ip_multi.c in the kernel in Sun Solaris 10 and OpenSolaris before snv_92 allows local users to execute arbitrary code in other Solaris Zones via an SIOCSIPMSFILTER IOCTL request with a large value of the imsf->imsf_numsrc field, which triggers an out-of-bounds write of kernel memory. NOTE: this was reported as an integer overflow, but the root cause involves the bypass of a signed comparison. Error de presencia de signo entero en la función ip_set_srcfilter en el IP Multicast Filter en uts/common/inet/ip/ip_multi.c en el kernel de Sun Solaris 10 y OpenSolaris anterior a snv_92, permite a usuarios locales ejecutar código de su elección en otras "Solaris Zones" a través de una petición SIOCSIPMSFILTER IOCTL con un valor largo del campo imsf->imsf_numsrc, que dispara una escritura de memoria del kernel fuera de rango. NOTA: esto ha sido reportado como un desbordamiento de entero, pero el origen del problema implica una comparación de signo que no se realiza. • http://secunia.com/advisories/30693 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237965-1 http://www.securityfocus.com/bid/29699 http://www.securitytracker.com/id?1020283 http://www.trapkit.de/advisories/TKADV2008-003.txt http://www.vupen.com/english/advisories/2008/1832/references https://exchange.xforce.ibmcloud.com/vulnerabilities/43068 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5731 • CWE-189: Numeric Errors •
CVSS: 6.9EPSS: 0%CPEs: 6EXPL: 0CVE-2008-2538
https://notcve.org/view.php?id=CVE-2008-2538
Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors. Vulnerabilidad no especificada en crontab de Sun Solaris 8 hasta 10, y OpenSolaris versiones anteriores a snv_93, permite a usuarios locales insertar trabajos planificados en cron dentro de ficheros crontab de usuarios de su elección a través de vectores no especificados. • http://secunia.com/advisories/30482 http://secunia.com/advisories/30542 http://securitytracker.com/id?1020151 http://sunsolve.sun.com/search/document.do?assetkey=1-26-237864-1 http://support.avaya.com/elmodocs2/security/ASA-2008-222.htm http://www.vupen.com/english/advisories/2008/1714 https://exchange.xforce.ibmcloud.com/vulnerabilities/42763 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4725 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2008-1779
https://notcve.org/view.php?id=CVE-2008-1779
Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets. Sun Solaris 8, 9 y 10 permite usuarios con "privilegios remotos" provocar una denegación de servicio (pánico), mediante vectores desconocidos relacionados con los paquetes IP autoencapsulados. • http://secunia.com/advisories/29783 http://secunia.com/advisories/29817 http://sunsolve.sun.com/search/document.do?assetkey=1-26-235901-1 http://support.avaya.com/elmodocs2/security/ASA-2008-173.htm http://www.securityfocus.com/bid/28732 http://www.securitytracker.com/id?1019831 http://www.vupen.com/english/advisories/2008/1192/references http://www.vupen.com/english/advisories/2008/1325/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41762 https://oval.cisecurity.org • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0CVE-2008-1286
https://notcve.org/view.php?id=CVE-2008-1286
Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and 3.0.4 allows remote attackers to bypass intended access restrictions and determine the existence of files or directories via unknown vectors. Vulnerabilidad no especificada en Sun Java Web Console 3.0.2, 3.0.3 y 3.0.4 permite a atacantes remotos evitar las restricciones de acceso planeadas y determinar la existencia de ficheros o directorios mediante vectores desconocidos. • http://secunia.com/advisories/29290 http://sunsolve.sun.com/search/document.do?assetkey=1-26-231526-1 http://www.securityfocus.com/bid/28155 http://www.securitytracker.com/id?1019574 http://www.vupen.com/english/advisories/2008/0806/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41069 •