CVSS: 4.0EPSS: 1%CPEs: 95EXPL: 0CVE-2006-5201
https://notcve.org/view.php?id=CVE-2006-5201
Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1. Múltiples paquetes sobre Sun Solaris, incluyendo (1) NSS; (2) Java JDK and JRE 5.0 Update 8 y anteriores, SDK y JRE 1.4.x hasta 1.4.2_12, y SDK y JRE 1.3.x hasta 1.3.1_19; (3) JSSE 1.0.3_03 y anteriores; (4) IPSec/IKE; (5) Secure Global Desktop; y (6) StarOffice, cuando se usa una llave RSA con un exponente 3, elimina el relleno PKCS-1 antes de generar un hash, lo cual permite a un atacante remoto falsificar una firma PKCS #1 v1.5 que esta firmada por una llave RSA y evita que estos productos verifiquen correctamente X.509 y otros certificados que utilicen PKCS #1. • http://secunia.com/advisories/22204 http://secunia.com/advisories/22226 http://secunia.com/advisories/22325 http://secunia.com/advisories/22992 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1 http://support.avaya.com/elmodocs2/security/ASA-2006-250.htm http://www.kb.cert.org/vuls/id/845620 http://www.vupen.com/english/advisories/2006/3898 http://www.vupen.com/english/advisories/2006&# •
CVSS: 7.8EPSS: 8%CPEs: 3EXPL: 0CVE-2006-5073
https://notcve.org/view.php?id=CVE-2006-5073
Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013. Vulnerabilidad no especificada en Sun Solaris 8, 9 y 10 permite a atacantes remotos provocar una denegación de servicio (panic) mediante paquetes IPv6 construidos artesanalmente, una vulnerabilidad distinta de CV6-2006-5013. • http://secunia.com/advisories/22132 http://secunia.com/advisories/22581 http://securitytracker.com/id?1016968 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102144-1 http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm http://www.securityfocus.com/bid/20252 http://www.vupen.com/english/advisories/2006/3847 https://exchange.xforce.ibmcloud.com/vulnerabilities/29246 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2099 •
CVSS: 6.6EPSS: 0%CPEs: 14EXPL: 0CVE-2006-5012
https://notcve.org/view.php?id=CVE-2006-5012
Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors. Vulnerabilidad no especificada en Sun Solaris 8, 9, y 10 anteiror a 25/09/2006, permite a un usuario local provocar una denegación de servicio (deshabilitar el registro del sistema) y evitar que los mensajes de la seguridad sean registrados a trvavés de vectores sin especificar. • http://secunia.com/advisories/22083 http://secunia.com/advisories/22587 http://securitytracker.com/id?1016929 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102510-1 http://support.avaya.com/elmodocs2/security/ASA-2006-235.htm http://www.securityfocus.com/bid/20211 http://www.vupen.com/english/advisories/2006/3768 https://exchange.xforce.ibmcloud.com/vulnerabilities/29149 •
CVSS: 7.2EPSS: 0%CPEs: 13EXPL: 0CVE-2006-4319
https://notcve.org/view.php?id=CVE-2006-4319
Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307. Desbordamiento de búfer en el comando format en Solaris 8, 9, y 10 permite a usuarios locales con acceso a format (tales y como el perfil RBAC "File System Management") ejecutar código de su elección a través de vectores desconocidos, una vulnerabilidad distinta de CVE-2006-4307. • http://secunia.com/advisories/21581 http://secunia.com/advisories/22295 http://securitytracker.com/id?1016727 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102519-1 http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.securityfocus.com/bid/19657 http://www.vupen.com/english/advisories/2006/3355 https://exchange.xforce.ibmcloud.com/vulnerabilities/28519 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2164 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2006-4306
https://notcve.org/view.php?id=CVE-2006-4306
Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile. Vulnerabilidad no especificada en Sun Solaris 8 y 9 versiones anteriores a 20060821 permite a atacantes remotos ejecutar sentencias de su elección mediante vectores sin especificar, involucrando la configuración del Control de Acceso por defecto basado en rol (RBAC) en el perfil "File System Management". • http://secunia.com/advisories/21581 http://secunia.com/advisories/22295 http://securitytracker.com/id?1016726 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102514-1 http://support.avaya.com/elmodocs2/security/ASA-2006-205.htm http://www.securityfocus.com/bid/19643 http://www.vupen.com/english/advisories/2006/3355 https://exchange.xforce.ibmcloud.com/vulnerabilities/28551 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1527 •