CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2007-2529
https://notcve.org/view.php?id=CVE-2007-2529
Integer signedness error in the acl (facl) system call in Solaris 10 before 20070507 allows local users to cause a denial of service (kernel panic) and possibly gain privileges via a certain argument, related to ACE_SETACL. Error de entero sin signo en la llamada al sistema acl (facl) en Solaris 10 anterior al 07/05/2007 permite a atacantes remotos provocar una denegación de servicio (error irrecuperable en el núcleo del sistema, kernel panic) y posiblemente obtener privilegios mediante un cierto argumento, relacionado con ACE_SETACL. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=524 http://osvdb.org/34906 http://secunia.com/advisories/25162 http://securitytracker.com/id?1018009 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102869-1 http://www.securityfocus.com/bid/23863 http://www.vupen.com/english/advisories/2007/1683 https://exchange.xforce.ibmcloud.com/vulnerabilities/34147 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1669 •
CVSS: 7.5EPSS: 8%CPEs: 10EXPL: 0CVE-2007-1681
https://notcve.org/view.php?id=CVE-2007-1681
Format string vulnerability in libwebconsole_services.so in Sun Java Web Console 2.2.2 through 2.2.5 allows remote attackers to cause a denial of service (application crash), obtain sensitive information, and possibly execute arbitrary code via unspecified vectors during a failed login attempt, related to syslog. Vulnerabilidad de formato de cadena en libwebconsole_services.so de Sun Java Web Console 2.2.2 hasta 2.2.5 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación), obtener información confidencial, y posiblemente ejecutar código de su elección mediante vectores no especificados durante un intento fallido de autenticación en el sistema, referido a syslog. • http://osvdb.org/34902 http://secunia.com/advisories/24927 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102854-1 http://www.nruns.com/security_advisory_sun_java_format_string.php http://www.securityfocus.com/archive/1/466048/100/0/threaded http://www.securityfocus.com/bid/23539 http://www.securitytracker.com/id?1017930 http://www.vupen.com/english/advisories/2007/1443 https://exchange.xforce.ibmcloud.com/vulnerabilities/33731 https://oval.cisecurity.org/repository/ •
CVSS: 10.0EPSS: 1%CPEs: 4EXPL: 0CVE-2007-1794
https://notcve.org/view.php?id=CVE-2007-1794
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805. El motor de Javascript en Mozilla 1.7 y anteriores en Sun Solaris 8, 9, y 10 podría permitir a atacantes remotos ejecutar código de su elección a través de vectores que afectan al colector de basura que provoca el borrado de un objeto temporal que todavía se está utilizando. NOTA: este asunto podría estar relacionado con CVE-2006-3805. • http://secunia.com/advisories/24624 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102865-1 http://www.vupen.com/english/advisories/2007/1178 •
CVSS: 5.8EPSS: 1%CPEs: 2EXPL: 0CVE-2006-7140
https://notcve.org/view.php?id=CVE-2006-7140
The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339. La biblioteca libike, tal y como se usa en in.iked, elfsign, y kcfd en Sun Solaris 9 y 10, cuando usan una clave RSA con exponente 3, borra caracterés de relleno PKCS-1 antes de genear la función resumen (hash), lo cual permite a atacantes remotos falsificar una firma PKCS #1 v1.5 que se ha firmado con esa clave RSA y evita a libike que verifique correctamente certificados X.509 y otros, que usen PKCS #1, vulnerabilidad similar a CVE-2006-4339. • http://secunia.com/advisories/23104 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1 http://www.vupen.com/english/advisories/2006/4744 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1648 •
CVSS: 7.1EPSS: 4%CPEs: 1EXPL: 0CVE-2007-0914
https://notcve.org/view.php?id=CVE-2007-0914
Race condition in the TCP subsystem for Solaris 10 allows remote attackers to cause a denial of service (system panic) via unknown vectors. Condición de carrera en el subsistema TCP de Solaris 10 permite a atacantes remotos provocar una denegación de servicio (error irrecuperable del sistema) mediante vectores desconocidos. • http://osvdb.org/33194 http://secunia.com/advisories/24166 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102796-1 http://www.securityfocus.com/bid/22550 http://www.securitytracker.com/id?1017649 http://www.vupen.com/english/advisories/2007/0588 https://exchange.xforce.ibmcloud.com/vulnerabilities/32484 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2120 •