Vulnerabilities (CVE)

Filtered by vendor Sun Subscribe
Total 1711 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-1093 4 Hitachi, Hp, Microsoft and 1 more 12 Cm2-network Node Manager, Cm2-network Node Manager 250, Hi Ux We2 and 9 more 2025-04-09 10.0 HIGH N/A
Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.
CVE-2008-2552 1 Sun 2 Service Tag, Sunos 2025-04-09 4.9 MEDIUM N/A
Unspecified vulnerability in the Service Tag Registry on Sun Solaris 10, and Sun Service Tag before 1.1.3, allows local users to cause a denial of service (disk consumption) via unspecified vectors.
CVE-2009-4187 1 Sun 2 Java System Portal Server, Solaris 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in the Gateway component in Sun Java System Portal Server 6.3.1, 7.1, and 7.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2008-5266 2 Oracle, Sun 2 Glassfish Server, Java System Application Server 2025-04-09 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in configuration/httpListenerEdit.jsf in the GlassFish 2 UR2 b04 webadmin interface in Sun Java System Application Server 9.1_01 build b09d-fcs and 9.1_02 build b04-fcs allows remote attackers to inject arbitrary web script or HTML via the name parameter, a different vector than CVE-2008-2751.
CVE-2009-2430 1 Sun 2 Opensolaris, Solaris 2025-04-09 4.6 MEDIUM N/A
Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and OpenSolaris snv_01 through snv_58, when Solaris Auditing is enabled, allows local users with an RBAC execution profile for auditconfig to gain privileges via unknown attack vectors.
CVE-2009-2670 1 Sun 2 Jdk, Jre 2025-04-09 5.0 MEDIUM N/A
The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 15, and JDK and JRE 5.0 before Update 20, does not prevent access to java.lang.System properties by (1) untrusted applets and (2) Java Web Start applications, which allows context-dependent attackers to obtain sensitive information by reading these properties.
CVE-2007-2617 1 Sun 2 Net Connect Software, Solaris 2025-04-09 2.1 LOW N/A
srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options.
CVE-2009-0046 1 Sun 1 Grid Engine 2025-04-09 5.0 MEDIUM N/A
Sun GridEngine 5.3 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature for DSA and ECDSA keys, a similar vulnerability to CVE-2008-5077.
CVE-2008-2401 1 Sun 1 Java Active Server 2025-04-09 7.5 HIGH N/A
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications.
CVE-2007-5462 1 Sun 1 Solaris 2025-04-09 7.8 HIGH N/A
Unspecified vulnerability in the Sun Solaris RPC services library (librpcsvc) on Solaris 8 through 10 allows remote attackers to cause a denial of service (mountd crash) via unspecified packets to a server that exports many filesystems, and allows local users to cause a denial of service (automountd crash) via unspecified requests to mount filesystems from a server that exports many filesystems.
CVE-2007-3458 1 Sun 1 Solaris 2025-04-09 4.9 MEDIUM N/A
The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.
CVE-2007-5367 1 Sun 1 Solaris 2025-04-09 4.9 MEDIUM N/A
Unspecified vulnerability in the Virtual File System (VFS) in Sun Solaris 10 allows local users to cause a denial of service (kernel memory consumption) via unspecified vectors.
CVE-2008-5009 1 Sun 2 Solstice X.25, Sunos 2025-04-09 4.0 MEDIUM N/A
Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, when running on a multiple CPU machine, allows local users to cause a denial of service (panic) via vectors involving reading the /dev/xty file.
CVE-2008-3103 1 Sun 2 Jdk, Jre 2025-04-09 9.3 HIGH N/A
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.
CVE-2009-1106 1 Sun 2 Jdk, Jre 2025-04-09 6.4 MEDIUM N/A
The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
CVE-2008-2144 1 Sun 1 Sunos 2025-04-09 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.
CVE-2008-0239 1 Sun 1 Java System Identity Manager 2025-04-09 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System Identity Manager 6.0 SP1 through SP3, 7.0, and 7.1 allow remote attackers to inject arbitrary HTML or web script via the (1) cntry or lang parameters to /idm/login.jsp, (2) resultsForm parameter to /idm/account/findForSelect.jsp, or (3) activeControl parameter to /idm/user/main.jsp.
CVE-2007-6360 1 Sun 2 Extended System Control Facility Xcp 1040, Sparc Enterprise Server 2025-04-09 7.8 HIGH N/A
Unspecified vulnerability in the Sun eXtended System Control Facility (XSCF) Control Package (XCP) firmware before 1050 on SPARC Enterprise M4000, M5000, M8000, and M9000 servers allows remote attackers to cause a denial of service (reboot) via (1) telnet, (2) ssh, or (3) http network traffic that triggers memory exhaustion.
CVE-2009-4441 1 Sun 1 Java System Directory Server 2025-04-09 5.0 MEDIUM N/A
Directory Proxy Server (DPS) in Sun Java System Directory Server Enterprise Edition 6.0 through 6.3.1 does not enable the SO_KEEPALIVE socket option, which makes it easier for remote attackers to cause a denial of service (connection slot exhaustion) via multiple connections, aka Bug Id 6782659.
CVE-2007-0012 1 Sun 1 Jre 2025-04-09 4.3 MEDIUM N/A
Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM.