CVSS: 4.4EPSS: 0%CPEs: 227EXPL: 0CVE-2009-1207
https://notcve.org/view.php?id=CVE-2009-1207
Race condition in the dircmp script in Sun Solaris 8 through 10, and OpenSolaris snv_01 through snv_111, allows local users to overwrite arbitrary files, probably involving a symlink attack on temporary files. Condición Race en la secuencia de comandos en Sun Solaris v8 hasta v10, y OpenSolaris snv_01 hasta snv_111, permite a los usuario locales sobrescribir arbitrariamente archivos, probablemente involucra un ataque de enlace simbólico en archivos temporales. • http://secunia.com/advisories/34558 http://secunia.com/advisories/34813 http://sunsolve.sun.com/search/document.do?assetkey=1-21-138897-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-253468-1 http://support.avaya.com/elmodocs2/security/ASA-2009-140.htm http://www.securityfocus.com/bid/34316 http://www.vupen.com/english/advisories/2009/1105 https://exchange.xforce.ibmcloud.com/vulnerabilities/49526 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mit • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.9EPSS: 0%CPEs: 192EXPL: 0CVE-2009-0874
https://notcve.org/view.php?id=CVE-2009-0874
Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door server and (2) watchpoint problems in the door_call function. Vulnerabilidades múltiples no especificadas en el subsistema Doors en el kernel en Sun Solaris v8 hasta v10, y OpenSolaris anteriores a snv_94, permite a los usuarios locales causar una denegación de servicio (cuelgue del proceso), o posiblemente evitar los permisos del archivo o obtener privilegios kernel-context, a través de vectores incluyendo los relativos a (1) argumento que maneja deadlook en una puerta de servidor (2) problemas watchpoint en la función door_call. • http://secunia.com/advisories/34227 http://secunia.com/advisories/34375 http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-61-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-242486-1 http://support.avaya.com/elmodocs2/security/ASA-2009-095.htm http://www.securityfocus.com/bid/34081 http://www.securitytracker.com/id?1021840 http://www.vupen.com/english/advisories/2009/0673 http://www.vupen.com/english/advisories/2009/0766 • CWE-399: Resource Management Errors •
CVSS: 6.9EPSS: 0%CPEs: 192EXPL: 0CVE-2009-0875
https://notcve.org/view.php?id=CVE-2009-0875
Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server. Condición de carrera en el subsistema Doors en el kernel en Sun Solaris v8 hasta v10, y OpenSolaris anterior a snv_94, permite a los usuarios locales causar una denegación de servicio (cuelgue del proceso) o posiblemente evitar los permisos del archivo o ganar privilegios kernel-context, a través de vectores que implican en el tiempo en que el control transfiere desde un usuario llamador a la puerta de servidor. • http://osvdb.org/52561 http://secunia.com/advisories/34227 http://secunia.com/advisories/34375 http://sunsolve.sun.com/search/document.do?assetkey=1-21-117350-61-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-242486-1 http://support.avaya.com/elmodocs2/security/ASA-2009-095.htm http://www.securityfocus.com/bid/34081 http://www.securitytracker.com/id?1021840 http://www.vupen.com/english/advisories/2009/0673 http://www.vupen.com/english/advisories/2009/0766 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2009-0857
https://notcve.org/view.php?id=CVE-2009-0857
Cross-site scripting (XSS) vulnerability in /prm/reports in the Performance Reporting Module (PRM) for Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter. NOTE: this can be leveraged for access to the SunMC Web Console. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados(XSS) en /prm/reports en Performance Reporting Module (PRM) para Sun Management Center (SunMC) v3.6.1 y v4.0, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través del parámetro "msg". NOTA: esto puede ser aprovechados para el acceso a la Consola Web SunMC. • http://secunia.com/advisories/34146 http://securitytracker.com/id?1021809 http://sunsolve.sun.com/search/document.do?assetkey=1-21-125191-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-247046-1 http://www.securityfocus.com/bid/33999 http://www.vupen.com/english/advisories/2009/0605 https://exchange.xforce.ibmcloud.com/vulnerabilities/49076 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.9EPSS: 0%CPEs: 168EXPL: 0CVE-2009-0480
https://notcve.org/view.php?id=CVE-2009-0480
The IP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_82, uses an improper arena when allocating minor numbers for sockets, which allows local users to cause a denial of service (32-bit application failure and login outage) by opening a large number of sockets. La implementación IP en Sun Solaris v8 a la v10 y OpenSolaris anterior a snv_82, emplea una arena inadecuada cuando al asignar números secundarios para sockets, lo que permite a usuarios locales provocar una denegación de servicio (fallo en la aplicación 32-bit o parada de login) mediante la apertura de un gran número de sockets. • http://mail.opensolaris.org/pipermail/onnv-notify/2008-January/013262.html http://secunia.com/advisories/33751 http://securitytracker.com/id?1021653 http://sunsolve.sun.com/search/document.do?assetkey=1-21-116965-34-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-248026-1 http://support.avaya.com/elmodocs2/security/ASA-2009-042.htm http://www.securityfocus.com/bid/33550 http://www.vupen.com/english/advisories/2009/0364 https://oval.cisecurity.org/repository/search/def • CWE-189: Numeric Errors •