CVSS: 7.9EPSS: 88%CPEs: 20EXPL: 4CVE-2012-0217 – FreeBSD - Intel SYSRET Privilege Escalation
https://notcve.org/view.php?id=CVE-2012-0217
12 Jun 2012 — The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a c... • https://packetstorm.news/files/id/152001 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 55%CPEs: 1EXPL: 5CVE-2001-1583 – Solaris 10 LPD - Arbitrary File Delete
https://notcve.org/view.php?id=CVE-2001-1583
31 Dec 2001 — lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220. • https://www.exploit-db.com/exploits/1167 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2001-0652 – Solaris 2.6/7/8 (SPARC) - xlock Heap Overflow
https://notcve.org/view.php?id=CVE-2001-0652
30 Oct 2001 — Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable. • https://www.exploit-db.com/exploits/21058 •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 3CVE-2001-0565 – Solaris 2.5/2.6/7.0/8 - 'mailx -F' Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0565
14 Aug 2001 — Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option. • https://www.exploit-db.com/exploits/20772 •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2001-0401 – Solaris 2.5/2.6/7.0/8 tip - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2001-0401
24 May 2001 — Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable. • https://www.exploit-db.com/exploits/20684 •
CVSS: 6.4EPSS: 2%CPEs: 2EXPL: 2CVE-2001-0421 – Solaris 2.6 - FTP Core Dump Shadow Password Recovery
https://notcve.org/view.php?id=CVE-2001-0421
24 May 2001 — FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition. • https://www.exploit-db.com/exploits/20764 •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2001-0190
https://notcve.org/view.php?id=CVE-2001-0190
26 Mar 2001 — Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0). • http://marc.info/?l=bugtraq&m=97983943716311&w=2 •
CVSS: 10.0EPSS: 0%CPEs: 74EXPL: 13CVE-2000-0844 – Immunix OS 6.2 - LC glibc format string
https://notcve.org/view.php?id=CVE-2000-0844
14 Nov 2000 — Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. • https://www.exploit-db.com/exploits/20187 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-1999-1584
https://notcve.org/view.php?id=CVE-1999-1584
31 Dec 1999 — Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables, a different vulnerability than CVE-1999-1586. • http://sunsolve.sun.com/search/document.do?assetkey=1-22-00124-1 •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-1999-1586
https://notcve.org/view.php?id=CVE-1999-1586
31 Dec 1999 — loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584. • http://www.cert.org/advisories/CA-1995-12.html •