CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2009-4211 – DISA STIG SRR Still Vulnerable
https://notcve.org/view.php?id=CVE-2009-4211
The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program. El script Security Readiness Review (SRR) de la U.S. Defense Information Systems Agency (DISA) para la plataforma Solaris x86 ejecuta ficheros como root en directorios elegidos para nombres de fichero iguales a (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, o (7) wireshark, permitiendo a usuarios locales ganar privilegios mediante un programa troyano. Running DISA SRR scripts against your server can get you easily rooted. • http://securitytracker.com/id?1023265 http://www.kb.cert.org/vuls/id/433821 http://www.securityfocus.com/archive/1/508188/100/0/threaded http://www.securityfocus.com/bid/37200 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 0%CPEs: 16EXPL: 0CVE-2009-4187
https://notcve.org/view.php?id=CVE-2009-4187
Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de ejecución de comandos en sitios cruzados(XSS) en el componente Gateway en Sun Java System Portal Server v6.3.1, v7.1, y v7.2 permite a atacantes remotos inyectar secuencias de comandos web o HTML de forma arbitraria. • http://securitytracker.com/id?1023260 http://sunsolve.sun.com/search/document.do?assetkey=1-21-138686-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-269368-1 http://www.securityfocus.com/bid/37186 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 1%CPEs: 52EXPL: 0CVE-2009-4075
https://notcve.org/view.php?id=CVE-2009-4075
Unspecified vulnerability in the timeout mechanism in sshd in Sun Solaris 10, and OpenSolaris snv_99 through snv_123, allows remote attackers to cause a denial of service (daemon outage) via unknown vectors that trigger a "dangling sshd authentication thread." Vulnerabilidad inespecífica en el mecanismo de tiempo limite en sshd en Sun Solaris v10, y OpenSolaris desde snv_99 hasta snv_123, permite a atacantes remotos producir una denegación de servicio (agotamiento de demonio) a través de vectores desconocidos que inician un "hilo de proceso de autenticación oscilante". • http://osvdb.org/60498 http://sunsolve.sun.com/search/document.do?assetkey=1-21-143140-01-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-272629-1 http://www.securityfocus.com/bid/37116 http://www.vupen.com/english/advisories/2009/3333 https://exchange.xforce.ibmcloud.com/vulnerabilities/54401 •
CVSS: 7.8EPSS: 2%CPEs: 78EXPL: 0CVE-2009-3899
https://notcve.org/view.php?id=CVE-2009-3899
Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris 10, and OpenSolaris snv_57 through snv_94, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Fallo de memoria en el controlador de Sockets Direct Protocol (SDP) en Sun Solaris v10, y OpenSolaris snv_57 hasta snv_94, permite a atacantes remotos provocar una denegación de servicio (consumo de memoria) mediante vectores no especificados. • http://securitytracker.com/id?1023124 http://sunsolve.sun.com/search/document.do?assetkey=1-21-141444-09-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-264730-1 http://www.securityfocus.com/bid/36904 http://www.vupen.com/english/advisories/2009/3130 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6563 • CWE-399: Resource Management Errors •
CVSS: 5.0EPSS: 13%CPEs: 212EXPL: 0CVE-2009-3877 – OpenJDK ASN.1/DER input stream parser denial of service (6864911) CVE-2009-3877
https://notcve.org/view.php?id=CVE-2009-3877
Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to cause a denial of service (memory consumption) via crafted HTTP headers, which are not properly parsed by the ASN.1 DER input stream parser, aka Bug Id 6864911. Vulnerabilidad no especificada en Sun Java SE en JDK y JRE v5.0 anteriores a Update 22, JDK y JRE v6 anteriores a Update 17, SDK y JRE v1.3.x anteriores a v1.3.1_27, y SDK y JRE v1.4.x anteriores a v1.4.2_24 permite a los atacantes remotos causar una denegación de servicio (corrupción de memoria) a través de una cabecera manipulada HTTP, que no está propiamente analizado por el analizador de entrada ASN.1 DER también conocido como Id 6864911. • http://java.sun.com/javase/6/webnotes/6u17.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00000.html http://lists.apple.com/archives/security-announce/2009/Dec/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00010.html http://marc.info/?l=bugtraq&m=126566824131534&w=2 http://marc.info/?l=bugtraq&m=131593453929393&w=2 http://secunia.com/advisories/37231 http://secunia.com/advisories/37239 http://secunia.com/advisories/37386 • CWE-399: Resource Management Errors •