Page 18 of 209 results (0.011 seconds)

CVSS: 4.7EPSS: 0%CPEs: 6EXPL: 0

Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals. Condición de carrera en el núcleo de Sun Solaris 8 hasta 10 permite a usuarios locales provocar una denegación de servicio (panic) a través de vectores no especificados, posiblemente relacionados con la función exitlwps y las señales SIGKILL y /proc PCAGENT. • http://secunia.com/advisories/23187 http://securitytracker.com/id?1017321 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102574-1 http://www.securityfocus.com/bid/21372 http://www.vupen.com/english/advisories/2006/4792 https://exchange.xforce.ibmcloud.com/vulnerabilities/30637 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1626 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 2.6EPSS: 0%CPEs: 54EXPL: 0

The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a symlink attack on a /tmp/xses-$USER file. La secuencia de comandos Xsession, tambien usado por X Display Manager (xdm) en NetBSD anterior a 12/02/2006, X.Org anterior a 17/03/2006, y Solaris 8 hasta la 10 anterior a 06/10/2006, permiten a un usuario local sobre escribir archivos de su elección, o leer otros ficheros de errores de usuarios de Xsession, a través de un ataque de enlaces simbólicos sobre un archivo/tmp/xses-$USER. • http://secunia.com/advisories/22992 http://securitytracker.com/id?1017015 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102652-1 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.netbsd.org/cgi-bin/query-pr-single.pl?number=32805 https://bugs.freedesktop.org/show_bug.cgi?id=5898 https://exchange.xforce.ibmcloud.com/vulnerabilities/29427 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2205 •

CVSS: 4.0EPSS: 1%CPEs: 95EXPL: 0

Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. Múltiples paquetes sobre Sun Solaris, incluyendo (1) NSS; (2) Java JDK and JRE 5.0 Update 8 y anteriores, SDK y JRE 1.4.x hasta 1.4.2_12, y SDK y JRE 1.3.x hasta 1.3.1_19; (3) JSSE 1.0.3_03 y anteriores; (4) IPSec/IKE; (5) Secure Global Desktop; y (6) StarOffice, cuando se usa una llave RSA con un exponente 3, elimina el relleno PKCS-1 antes de generar un hash, lo cual permite a un atacante remoto falsificar una firma PKCS #1 v1.5 que esta firmada por una llave RSA y evita que estos productos verifiquen correctamente X.509 y otros certificados que utilicen PKCS #1. • http://secunia.com/advisories/22204 http://secunia.com/advisories/22226 http://secunia.com/advisories/22325 http://secunia.com/advisories/22992 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.kb.cert.org/vuls/id/845620 http://www.vupen.com/english/advisories/2006/3898 http://www.vupen.com/english/advisories/2006&# •

CVSS: 6.6EPSS: 0%CPEs: 14EXPL: 0

Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors. Vulnerabilidad no especificada en Sun Solaris 8, 9, y 10 anteiror a 25/09/2006, permite a un usuario local provocar una denegación de servicio (deshabilitar el registro del sistema) y evitar que los mensajes de la seguridad sean registrados a trvavés de vectores sin especificar. • http://secunia.com/advisories/22083 http://secunia.com/advisories/22587 http://securitytracker.com/id?1016929 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102510-1 http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm http://www.securityfocus.com/bid/20211 http://www.vupen.com/english/advisories/2006/3768 https://exchange.xforce.ibmcloud.com/vulnerabilities/29149 •

CVSS: 4.6EPSS: 0%CPEs: 7EXPL: 4

Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value. Desbordamiento de búfer en función Strcmp en la extensión XKEYBOARD en Window System X11R6.4 y anteriores, según lo utilizado en SCO UnixWare 7.1.3 y Sun Solaris 8 hasta la 10, permite a un usuario local subir privilegios a través del valor de la larga variable de entorno _XKB_CHARSET. • https://www.exploit-db.com/exploits/2332 https://www.exploit-db.com/exploits/2331 https://www.exploit-db.com/exploits/2330 https://www.exploit-db.com/exploits/2360 http://secunia.com/advisories/21815 http://secunia.com/advisories/21845 http://secunia.com/advisories/21856 http://secunia.com/advisories/21993 http://securityreason.com/securityalert/1545 http://securitytracker.com/id?1016806 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102570-1 http://support. •