| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter. |
| ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. |
| patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack. |
| Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option. |
| A Unix account has a default, null, blank, or missing password. |
| In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution. |
| Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. |
| Buffer overflow in the format command in Solaris 8, 9, and 10 allows local users with access to format (such as the "File System Management" RBAC profile) to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2006-4307. |
| Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319. |
| Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname. |
| rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd. |
| Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 allows local users to execute arbitrary commands via unspecified vectors, involving the default Role-Based Access Control (RBAC) settings in the "File System Management" profile. |
| The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm. |
| Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option. |
| Unspecified vulnerability in the kernel in Solaris 10 with patch 118822-29 (118844-29 on x86) and without patch 118833-11 (118855-08) allows remote authenticated users to cause a denial of service via unspecified vectors that lead to "kernel data structure corruption" that can trigger a system panic, application failure, or "data corruption." |
| Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 allows local and remote attackers to cause a denial of service (ypserv hang) via unknown vectors. |
| Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter. |
| Solaris ff.core allows local users to modify files. |
| In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. |
| Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands. |
