CVSS: 4.7EPSS: 0%CPEs: 202EXPL: 0CVE-2009-0870
https://notcve.org/view.php?id=CVE-2009-0870
The NFSv4 Server module in the kernel in Sun Solaris 10, and OpenSolaris before snv_111, allow local users to cause a denial of service (infinite loop and system hang) by accessing an hsfs filesystem that is shared through NFSv4, related to the rfs4_op_readdir function. El modulo del servidor NFSv4 en el kernel en Sun Solaris v10, y OpenSolaris anterior a snv_111, permite a usuarios locales producir una denegación de servicio (bucle infinito y colgado de sistema) mediante el acceso a un fichero de sistema hsfs que esta compartido en NFSv4, relacionado con la función rfs4_op_readdir. • http://secunia.com/advisories/34193 http://secunia.com/advisories/34371 http://securitytracker.com/id?1021819 http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-252469-1 http://support.avaya.com/elmodocs2/security/ASA-2009-090.htm http://www.securityfocus.com/bid/34031 http://www.vupen.com/english/advisories/2009/0635 http://www.vupen.com/english/advisories/2009/0765 https://exchange.xforce.ibmcloud& • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2009-0868
https://notcve.org/view.php?id=CVE-2009-0868
CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. Vulnerabilidad de inyección CRLF en la plantilla de WebLink en Jasmine2000 Enterprise Edition permite a atacantes remotos inyectar cabeceras HTTP de manera arbitraria y dirigir ataques de división de respuesta HTTP a través de vectores sin especificar. • http://secunia.com/advisories/33971 http://www.fujitsu.com/global/support/software/security/products-f/jasmine-200901e.html http://www.securityfocus.com/bid/33832 https://exchange.xforce.ibmcloud.com/vulnerabilities/48818 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2009-0857
https://notcve.org/view.php?id=CVE-2009-0857
Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en /prm/reports en Performance Reporting Module (PRM) para Sun Management Center (SunMC) v3.6.1 y v4.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "msg". NOTA: esto puede ser aprovechados para el acceso a la Consola Web SunMC. • http://secunia.com/advisories/34146 http://securitytracker.com/id?1021809 http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-247046-1 http://www.securityfocus.com/bid/33999 http://www.vupen.com/english/advisories/2009/0605 https://exchange.xforce.ibmcloud.com/vulnerabilities/49076 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 2.1EPSS: 0%CPEs: 12EXPL: 0CVE-2009-0601
https://notcve.org/view.php?id=CVE-2009-0601
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable. Una vulnerabilidad de formato de cadena en Wireshark 0.99.8 a 1.0.5 sobre plataformas No-Windows permite a usuarios locales provocar una denegación de servicio (con cuelgue de la aplicacion) a través de especificadores de formato de cadena en la variable de entorno HOME. • http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html http://secunia.com/advisories/34264 http://wiki.rpath.com/Advisories:rPSA-2009-0040 http://www.securityfocus.com/archive/1/501763/100/0/threaded http://www.securityfocus.com/bid/33690 http://www.securitytracker.com/id?1021697 http://www.vupen.com/english/advisories/2009/0370 http://www.wireshark.org/security/wnpa-sec-2009-01.html https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3150 https://issue • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.9EPSS: 0%CPEs: 168EXPL: 0CVE-2009-0480
https://notcve.org/view.php?id=CVE-2009-0480
The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets. La implementación IP en Sun Solaris v8 a la v10 y OpenSolaris anterior a snv_82, emplea una arena inadecuada cuando al asignar números secundarios para sockets, lo que permite a usuarios locales provocar una denegación de servicio (fallo en la aplicación 32-bit o parada de login) mediante la apertura de un gran número de sockets. • http://mail.opensolaris.org/pipermail/onnv-notify/2008-January/013262.html http://secunia.com/advisories/33751 http://securitytracker.com/id?1021653 http://sunsolve.sun.com/search/document.do?assetkey=1-21-116965-34-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-248026-1 http://support.avaya.com/elmodocs2/security/ASA-2009-042.htm http://www.securityfocus.com/bid/33550 http://www.vupen.com/english/advisories/2009/0364 https://oval.cisecurity.org/repository/search/def • CWE-189: Numeric Errors •