CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2011-0800
https://notcve.org/view.php?id=CVE-2011-0800
20 Apr 2011 — Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities. Vulnerabilidad no especificada en el componente Solaris de Oracle Solaris v8, v9, v10, v11 y Express permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la Administración de Utilidades. • http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2011-0412
https://notcve.org/view.php?id=CVE-2011-0412
19 Apr 2011 — Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks. Oracle Solaris 10 almacena archivos de "vuelta atrás" de parches (undo.Z) sin encriptar con permiso de lectura para todos los usuarios en /var/sadm/pkg/, lo que permite a usuarios locales obtener hashes de contraseñas y realizar ataques de obtención de contraseñas por fuerza bru... • http://osvdb.org/71646 • CWE-255: Credentials Management Errors •
CVSS: 7.8EPSS: 7%CPEs: 2EXPL: 3CVE-2011-0902 – Sun Microsystems SunScreen Firewall - Privilege Escalation
https://notcve.org/view.php?id=CVE-2011-0902
07 Feb 2011 — Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LIBRARY_PATH environment variable. Múltiples vulnerabilidades de búsqueda en ruta no confiable en el Java service en Sun Microsystems SunScreen Firewall sobre SunOS v5.9 permite a usuarios locales ejecutar código de su elección a través de una (1) PATH modificada o (2) la variable de entorno LD_LIBRARY_PATH • https://www.exploit-db.com/exploits/16041 •
CVSS: 10.0EPSS: 46%CPEs: 3EXPL: 2CVE-2010-4435 – Multiple Vendor Calendar Manager RPC Service Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2010-4435
19 Jan 2011 — Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call... • https://www.exploit-db.com/exploits/16137 •
CVSS: 3.6EPSS: 0%CPEs: 1EXPL: 0CVE-2010-3586
https://notcve.org/view.php?id=CVE-2010-3586
19 Jan 2011 — Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver. Vulnerabilidad no especificada en Oracle Solaris v9 permite a usuarios locales afectar a la confidencialidad y la integridad a través de vectores desconocidos relacionados con XScreenSaver. • http://secunia.com/advisories/42984 •
CVSS: 7.8EPSS: 19%CPEs: 4EXPL: 1CVE-2010-2632 – libc/glob - Resource Exhaustion / Remote ftpd-anonymous (Denial of Service)
https://notcve.org/view.php?id=CVE-2010-2632
19 Jan 2011 — Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from a reliable researcher that this is an issue in the glob implementation in libc that allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames. Vulnerabilidad no especifica... • https://www.exploit-db.com/exploits/15215 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2010-4415
https://notcve.org/view.php?id=CVE-2010-4415
19 Jan 2011 — Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc. Vulnerabilidad no especificada en Oracle Solaris v8, v9 y v10 permite a usuarios locales afectar la una confidencialidad, integridad y disponibilidad a traves de vectores desconocidos relacionados con libc. • http://secunia.com/advisories/42984 •
CVSS: 5.5EPSS: 0%CPEs: 78EXPL: 0CVE-2009-4080
https://notcve.org/view.php?id=CVE-2009-4080
27 Nov 2009 — Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors. Múltiples vulnerabilidades no especificadas en ldap_cachemgr (también conocido como demonio de la caché del configuración del cliente LDAP= en Sun Sola... • http://osvdb.org/60514 •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2008-5009
https://notcve.org/view.php?id=CVE-2008-5009
10 Nov 2008 — Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file. Condición de carrera en el módulo del kernel s_xout en Sun Solstice X.25 9.2, cuando se ejecuta en una máquina con múltiples CPUs, permite a usuarios locales provocar una denegación de servicio (pánico) mediante vectores que involucran la lectura del archivo /dev/xty. • http://secunia.com/advisories/32667 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 10.0EPSS: 11%CPEs: 1EXPL: 1CVE-2008-4619 – Solaris 9 PortBind - XDR-DECODE 'taddr2uaddr()' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2008-4619
20 Oct 2008 — The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165. El subsistema RPC en Sun Solaris 9 permite a atacantes remotos provocar una denegación de servicio (caída del demonio) mediante una petición al procedimiento 8 especialmente construida, relacionada con la operación XDR_DECODE y... • https://www.exploit-db.com/exploits/6775 •