CVSS: 7.8EPSS: 32%CPEs: 4EXPL: 1CVE-2010-2632 – libc/glob - Resource Exhaustion / Remote ftpd-anonymous (Denial of Service)
https://notcve.org/view.php?id=CVE-2010-2632
Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames. Vulnerabilidad no especificada en FTP Server para Oracle Solaris v8, v9, v10, v11 y Express permite a atacantes remotos afectar a la disponibilidad, relacionado con FTP. FreeBSD version 9.1 suffers from a remote ftpd denial of service vulnerability. • https://www.exploit-db.com/exploits/15215 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10598 http://secunia.com/advisories/42984 http://secunia.com/advisories/43433 http://secunia.com/advisories/55212 http://securityreason.com/achievement_securityalert/89 http://securityreason.com/achievement_securityalert/97 http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html http://www.securitytracker.com/id?1024975 http://www.vupen.com/english/advisories/2011/0151 https:/ •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2009-4191
https://notcve.org/view.php?id=CVE-2009-4191
Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 platform allows local users to gain privileges via unknown vectors, as demonstrated by the vd_sol_local module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. Vulnerabilidad inespecífica en el kernel en Sun Solaris v10 y OpenSolaris v2009.06 en plataformas x86-64 permite a usuarios locales ganar privilegios a traves de vectores desconocidos, como se demuestra en el modulo vd_sol_local en VulnDisco Pack Professional v8.12. NOTA: Como en 20091203, esta divulgacion no tiene informacion determinante. • http://www.intevydis.com/blog/?p=79 http://www.intevydis.com/vd-list.shtml •
CVSS: 2.1EPSS: 0%CPEs: 78EXPL: 0CVE-2009-4080
https://notcve.org/view.php?id=CVE-2009-4080
Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors. Múltiples vulnerabilidades no especificadas en ldap_cachemgr (también conocido como demonio de la caché del configuración del cliente LDAP= en Sun Solaris V9 y V10 y OpenSolaris anteriores a snv_79, permite a a usuarios locales provocar una denegación de servicio (caída del demonio) a través de vectores que implican múltiples atributos serviceSearchDescriptor y una llamada a la función getldap_lookup y otros vectores no específicos. • http://osvdb.org/60514 http://secunia.com/advisories/37505 http://secunia.com/advisories/37506 http://sunsolve.sun.com/search/document.do?assetkey=1-21-112960-69-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-231402-1 http://www.securityfocus.com/bid/37129 http://www.securitytracker.com/id?1023239 http://www.vupen.com/english/advisories/2009/3336 •
CVSS: 6.8EPSS: 1%CPEs: 182EXPL: 2CVE-2009-0873
https://notcve.org/view.php?id=CVE-2009-0873
The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "override each other." El demonio NFS (también conocido como nfsd) en Sun Solaris 10 y OpenSolaris snv_106, cuando NFSv3 es usado, no implementa adecuadamente las combinaciones de nodos de seguridad, lo que permite a atacantes remotos evitar las restricciones de acceso intencionadas y leer o modificar archivos, como se ha demostrado a través de una combinación de los nodos de seguridad sec=sys y sec=krb5, relacionado con nodos que "sobreescriben el otro". • http://osvdb.org/52560 http://secunia.com/advisories/34225 http://secunia.com/advisories/34435 http://securitytracker.com/id?1021832 http://sunsolve.sun.com/search/document.do?assetkey=1-21-139462-02-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-250306-1 http://support.avaya.com/elmodocs2/security/ASA-2009-096.htm http://www.securityfocus.com/bid/34062 http://www.vupen.com/english/advisories/2009/0657 http://www.vupen.com/english/advisories/2009/0814 https • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.9EPSS: 0%CPEs: 40EXPL: 0CVE-2009-0838
https://notcve.org/view.php?id=CVE-2009-0838
The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function. El controlador crypto pseudo en Sun Solaris v10, y OpenSolaris snv_88 hasta snv_102, no libera memoria adecuadamente, lo cual permite a usuarios locales provocar una denegación de servicio (pánico) a través de vectores no especificados, relacionado con la función vmem_hash_delete. • http://secunia.com/advisories/34149 http://secunia.com/advisories/34455 http://securitytracker.com/id?1021810 http://sunsolve.sun.com/search/document.do?assetkey=1-21-139498-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-254088-1 http://support.avaya.com/elmodocs2/security/ASA-2009-097.htm http://www.securityfocus.com/bid/34000 http://www.vupen.com/english/advisories/2009/0606 http://www.vupen.com/english/advisories/2009/0815 https://exchange.xforce.ibmcloud& • CWE-399: Resource Management Errors •