CVSS: 7.2EPSS: 0%CPEs: 5EXPL: 0CVE-2007-3880
https://notcve.org/view.php?id=CVE-2007-3880
Format string vulnerability in srsexec in Sun Remote Services (SRS) Net Connect 3.2.3 and 3.2.4, as distributed in the SRS Proxy Core (SUNWsrspx) package, allows local users to gain privileges via format string specifiers in unspecified input that is logged through syslog. Vulnerabilidad de formato de cadena en Sun Remote Services (SRS) Net Connect 3.2.3 y 3.2.4, como distribución en el paquete SRS Proxy Core (SUNWsrspx),permite a usuarios locales ganar privilegios a través de especificaciones de formato de cadena en entradas no especificadas que se validan a través del syslog. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=610 http://osvdb.org/40836 http://secunia.com/advisories/27512 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103119-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200581-1 http://www.securityfocus.com/bid/26313 http://www.securitytracker.com/id?1018893 http://www.vupen.com/english/advisories/2007/3711 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2007-5422
https://notcve.org/view.php?id=CVE-2007-5422
Unspecified vulnerability in "Solaris Auditing" in the Basic Security Module (BSM) in Sun Solaris 10, when configured for auditing of networking (nt) events, allows local users to cause a denial of service (panic) via unspecified vectors. Vulnerabilidad no especificada en la "Auditoría Solaris" del Módulo de Seguridad Básico (Basic Security Module o BSM) en Sun Solaris 10, cuando se configura para auditar eventos de red (nt), permite a usuarios locales provocar una denegación de servicio (panic) a través de vectores no especificados. • http://osvdb.org/37727 http://secunia.com/advisories/27175 http://securitytracker.com/id?1018803 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103096-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201374-1 http://www.securityfocus.com/bid/26017 http://www.vupen.com/english/advisories/2007/3466 https://exchange.xforce.ibmcloud.com/vulnerabilities/37078 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2096 • CWE-16: Configuration •
CVSS: 4.9EPSS: 0%CPEs: 3EXPL: 2CVE-2007-5225 – Solaris 8/9/10 - 'fifofs I_PEEK' Local Kernel Memory Leak
https://notcve.org/view.php?id=CVE-2007-5225
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl. Un error en la propiedad signedness en los sistemas de archivo FIFO (llamados tuberías) en Sun Solaris versión 8 hasta 10 permite a los usuarios locales leer el contenido de ubicaciones de memoria no especificadas por medio de un valor de longitud máxima negativo para el ioctl I_PEEK. • https://www.exploit-db.com/exploits/5227 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=603 http://secunia.com/advisories/27024 http://secunia.com/advisories/27654 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103061-1 http://support.avaya.com/elmodocs2/security/ASA-2007-463.htm http://www.securityfocus.com/archive/1/481501/100/0/threaded http://www.securityfocus.com/bid/25905 http://www.securitytracker.com/id?1018766 http://www.vupen.com/ • CWE-189: Numeric Errors •
CVSS: 6.9EPSS: 0%CPEs: 3EXPL: 0CVE-2007-3717
https://notcve.org/view.php?id=CVE-2007-3717
rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue to CVE-2006-0225. rcp en Sun Solaris 8, 9, y 10 versiones anteriores a 20070710 no invoca apropiadamente aplicaciones de ayuda determinadas, lo cual permite a usuarios locales obtener privilegios al crear ficheros con determinados nombres, posiblemente conteniendo meta-caracteres de consola o espacios, un asunto similar a CVE-2006-0225. • http://osvdb.org/36611 http://secunia.com/advisories/26024 http://secunia.com/advisories/26210 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102978-1 http://support.avaya.com/elmodocs2/security/ASA-2007-319.htm http://www.vupen.com/english/advisories/2007/2494 https://exchange.xforce.ibmcloud.com/vulnerabilities/35334 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1772 •
CVSS: 7.8EPSS: 8%CPEs: 2EXPL: 0CVE-2007-3223
https://notcve.org/view.php?id=CVE-2007-3223
Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing of data by the xdr_bool and xdrmblk_getint32 functions. Vulnerabilidad no especificada en el servidor NFS en Sun Solaris 10 versiones anteriores a 20070613 permite a atacantes remotos provocar una denegación de servicio (caída de sistema) mediante datos XDR determinados en peticiones NFS, probablemente relativos al procesamiento de datos por las funciones xdr_bool y xdrmblk_getint32. • http://osvdb.org/36592 http://secunia.com/advisories/25668 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102965-1 http://www.securityfocus.com/bid/24466 http://www.securitytracker.com/id?1018253 http://www.vupen.com/english/advisories/2007/2190 https://exchange.xforce.ibmcloud.com/vulnerabilities/34857 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1092 •