| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. |
| Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root. |
| Buffer overflow in SGI IRIX mailx program. |
| vold in Solaris 2.x allows local users to gain root access. |
| admintool in Solaris allows a local user to write to arbitrary files and gain root access. |
| Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access. |
| Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys. |
| Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi. |
| service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument. |
| A race condition in the Solaris ps command allows an attacker to overwrite critical files. |
| The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization. |
| NFS cache poisoning. |
| NFS allows users to use a "cd .." command to access other directories besides the exported file system. |
| NFS allows attackers to read and write any file on the system by specifying a false UID. |
| Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. |
| Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option. |
| HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window. |
| Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code. |
| The SunView (SunTools) selection_svc facility allows remote users to read files. |
| Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services. |
