
CVE-2009-1276
https://notcve.org/view.php?id=CVE-2009-1276
09 Apr 2009 — XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and Solaris 8 and 9 with GNOME 2.0 or 2.0.2, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even when the screen is locked, as demonstrated by Thunderbird new-mail notifications. XScreenSaver en Sun Solaris v10 and OpenSolaris anteriores a snv_109, y Solaris v8 y v9 con GNOME v2.0 o v2.0.2, permite a atacantes próximos físicamente conseguir información sensible, leyendo las ven... • http://securitytracker.com/id?1022009 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVE-2009-1207
https://notcve.org/view.php?id=CVE-2009-1207
01 Apr 2009 — Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files. Condición Race en la secuencia de comandos en Sun Solaris v8 hasta v10, y OpenSolaris snv_01 hasta snv_111, permite a los usuario locales sobrescribir arbitrariamente archivos, probablemente involucra un ataque de enlace simbólico en archivos temporales. • http://secunia.com/advisories/34558 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVE-2009-0874
https://notcve.org/view.php?id=CVE-2009-0874
12 Mar 2009 — Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door server and (2) watchpoint problems in the door_call function. Vulnerabilidades múltiples no especificadas en el subsistema Doors en el kernel en Sun Solaris v8 ha... • http://secunia.com/advisories/34227 • CWE-399: Resource Management Errors •

CVE-2009-0875
https://notcve.org/view.php?id=CVE-2009-0875
12 Mar 2009 — Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server. Condición de carrera en el subsistema Doors en el kernel en Sun Solaris v8 hasta v10, y OpenSolaris anterior a snv_94, permite a los usuarios locales causar una denegació... • http://osvdb.org/52561 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVE-2009-0857
https://notcve.org/view.php?id=CVE-2009-0857
09 Mar 2009 — Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en /prm/reports en Performance Reporting Module (PRM) para Sun Management Center (SunMC) v3.6.1 y v4.0, permite a atacantes remotos inye... • http://secunia.com/advisories/34146 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2009-0480
https://notcve.org/view.php?id=CVE-2009-0480
09 Feb 2009 — The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets. La implementación IP en Sun Solaris v8 a la v10 y OpenSolaris anterior a snv_82, emplea una arena inadecuada cuando al asignar números secundarios para sockets, lo que permite a usuarios locales provocar una denegación de serv... • http://mail.opensolaris.org/pipermail/onnv-notify/2008-January/013262.html • CWE-189: Numeric Errors •

CVE-2009-0319
https://notcve.org/view.php?id=CVE-2009-0319
28 Jan 2009 — Unspecified vulnerability in the autofs module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_108, allows local users to cause a denial of service (autofs mount outage) or possibly gain privileges via vectors related to "xdr processing problems." Vulnerabilidad sin especificar en el módulo autofs en el kernel en Sun Solaris 8 a la 10, y OpenSolaris anterior a snv_108, permite a usuarios locales provocar una denegación de servicio (parada del montaje autofs) o posiblemente la obtención... • http://secunia.com/advisories/33665 •

CVE-2009-0268
https://notcve.org/view.php?id=CVE-2009-0268
26 Jan 2009 — Race condition in the pseudo-terminal (aka pty) driver module in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows local users to cause a denial of service (panic) via unspecified vectors related to lack of "properly sequenced code" in ptc and ptsl. Una condición de carrera en el pseudo-terminal (alias PTY) en el módulo controlador de Sun Solaris 8 a 10, y OpenSolaris en versiones anteriores a la snv_103, permite a usuarios locales provocar una denegación de servicio (con un panic del kernel)... • http://secunia.com/advisories/33708 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVE-2009-0132
https://notcve.org/view.php?id=CVE-2009-0132
15 Jan 2009 — Integer overflow in the aio_suspend function in Sun Solaris 8 through 10 and OpenSolaris, when 32-bit mode is enabled, allows local users to cause a denial of service (panic) via a large integer value in the second argument (aka nent argument). Desbordamiento de entero en la función aio_suspend en Sun Solaris v8 hasta la v10 y OpenSolaris cuando el modo 32-bit esta activado, permitiendo a usuarios locales causar una denegación de servicio (causando un panic) a través de un valor de entero largo en el segund... • http://secunia.com/advisories/33516 • CWE-189: Numeric Errors •

CVE-2008-5746
https://notcve.org/view.php?id=CVE-2008-5746
29 Dec 2008 — Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local users to overwrite arbitrary files and gain privileges via a symlink attack on temporary files. Sun SNMP Management Agent (SUNWmasf) v1.4u2 a la v1.5.4, permite a usuarios locales sobrescribir ficheros de su elección y obtener privilegios a través de un ataque de enlace simbólico sobre ficheros temporales. • http://osvdb.org/50987 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •