Sun Sunos vulnerabilities

CVE-2010-4442 [MEDIUM] CVE-2010-4442: Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availabil Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel.

CVE-2010-4459 [MEDIUM] CVE-2010-4459: Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to SCTP and Kernel/sockfs.

CVE-2010-4415 [MEDIUM] CVE-2010-4415: Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentialit Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libc.

CVE-2010-4446 [MEDIUM] CVE-2010-4446: Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to RDS and Kernel/InfiniBand.

CVE-2010-4433 [MEDIUM] CVE-2010-4433: Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality via Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect confidentiality via unknown vectors related to Ethernet and the Driver sub-component.

CVE-2010-4440 [MEDIUM] CVE-2010-4440: Unspecified vulnerability in Oracle 10 and 11 Express allows local users to affect availability via Unspecified vulnerability in Oracle 10 and 11 Express allows local users to affect availability via unknown vectors related to the Kernel.

CVE-2010-4460 [LOW] CVE-2010-4460: Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and inte Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Fault Manager Daemon.

CVE-2010-3586 [LOW] CVE-2010-3586: Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integ Unspecified vulnerability in Oracle Solaris 9 allows local users to affect confidentiality and integrity via unknown vectors related to XScreenSaver.

CVE-2009-4191 [HIGH] CVE-2009-4191: Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 plat Unspecified vulnerability in the kernel in Sun Solaris 10 and OpenSolaris 2009.06 on the x86-64 platform allows local users to gain privileges via unknown vectors, as demonstrated by the vd_sol_local module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information. However, because the VulnDisco Pack author is a re

CVE-2009-4080 [LOW] CVE-2009-4080: Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemo Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP client configuration cache daemon) in Sun Solaris 9 and 10, and OpenSolaris before snv_78, allow local users to cause a denial of service (daemon crash) via vectors involving multiple serviceSearchDescriptor attributes and a call to the getldap_lookup function, and unspecified other vectors.

CVE-2009-0873 [MEDIUM] CWE-264 CVE-2009-0873: The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before snv_106, when NFSv3 is used, does not properly implement combinations of security modes, which allows remote attackers to bypass intended access restrictions and read or modify files, as demonstrated by a combination of the sec=sys and sec=krb5 security modes, related to modes that "ov

CVE-2009-0838 [MEDIUM] CWE-399 CVE-2009-0838: The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related to the vmem_hash_delete function.

CVE-2008-5550 [MEDIUM] CVE-2008-5550: Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp in Sun Java Web Console 3.0.2 through 3.0.5 and Solaris 10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the redirect_url parameter.

CVE-2008-4619 [CRITICAL] CVE-2008-4619: The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon cras The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165.

CVE-2008-3666 [HIGH] CVE-2008-3666: Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-depende Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before snv_96 allows (1) context-dependent attackers to cause a denial of service (panic) via vectors involving creation of a crafted file and use of the sendfilev system call, as demonstrated by a file served by an Apache 2.2.x web server with EnableSendFile configured; and (2) local users to cause a

CVE-2008-0964 [CRITICAL] CWE-119 CVE-2008-0964: Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before sn Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.

CVE-2008-0965 [CRITICAL] CWE-134 CVE-2008-0965: Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before s Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.

CVE-2008-3450 [HIGH] CWE-264 CVE-2008-3450: Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 through 10 allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors.

CVE-2008-3426 [LOW] CVE-2008-3426: Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Unspecified vulnerability in the Solaris Platform Information and Control Library daemon (picld) in Sun Solaris 8 through 10, and OpenSolaris builds snv_01 through snv_95, allows local users to cause a denial of service via unknown vectors that prevent operation of utilities such as prtdiag, prtpicl, and prtfru.

CVE-2008-2946 [HIGH] CWE-399 CVE-2008-2946: The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 t The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice Enterprise Agents in Sun Solaris 8 through 10 allows remote attackers to cause a denial of service (daemon crash) via malformed packets.