Filtered by vendor Sun
Subscribe
Total
1711 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2000-0055 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option. | |||||
| CVE-2010-0841 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-30 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an integer overflow in the Java Runtime Environment that allows remote attackers to execute arbitrary code via a JPEG image that contains subsample dimensions with large values, related to JPEGImageReader and "stepX". | |||||
| CVE-2005-3905 | 1 Sun | 2 Jdk, Jre | 2018-10-30 | 7.5 HIGH | N/A |
| Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. NOTE: this is associated with the "first issue" identified in SUNALERT:102003. | |||||
| CVE-2009-1190 | 2 Springsource, Sun | 3 Dm Server, Spring Framework, Jdk | 2018-10-30 | 5.0 MEDIUM | N/A |
| Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit (JDK) before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to cause a denial of service (CPU consumption) via serializable data with a long regex string containing multiple optional groups, a related issue to CVE-2004-2540. | |||||
| CVE-2010-3562 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-30 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a double free vulnerability in IndexColorModel that allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code. | |||||
| CVE-2001-0426 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Buffer overflow in dtsession on Solaris, and possibly other operating systems, allows local users to gain privileges via a long LANG environmental variable. | |||||
| CVE-1999-0132 | 2 Hp, Sun | 3 Hp-ux, Solaris, Sunos | 2018-10-30 | 2.1 LOW | N/A |
| Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access. | |||||
| CVE-1999-0974 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 10.0 HIGH | N/A |
| Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service. | |||||
| CVE-2004-1767 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function. | |||||
| CVE-2007-3698 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-30 | 7.8 HIGH | N/A |
| The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 and earlier, JDK and JRE 5.0 Updates 7 through 11, and SDK and JRE 1.4.2_11 through 1.4.2_14, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service (CPU consumption) via certain SSL/TLS handshake requests. | |||||
| CVE-2008-3114 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-30 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to obtain sensitive information (the cache location) via an untrusted application, aka CR 6704074. | |||||
| CVE-2002-1586 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 2.1 LOW | N/A |
| Solaris 2.5.1 through 9 allows local users to cause a denial of service (kernel panic) by setting the sd_struiowrq variable in the struioget function to null, which triggers a null dereference. | |||||
| CVE-2010-0846 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-30 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the ImageIO component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a heap-based buffer overflow that allows remote attackers to execute arbitrary code, related to an "invalid assignment" and inconsistent length values in a JPEG image encoder (JPEGImageEncoderImpl). | |||||
| CVE-2005-1124 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API. | |||||
| CVE-2010-0839 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-30 | 7.5 HIGH | N/A |
| Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2010-3568 | 1 Sun | 3 Jdk, Jre, Sdk | 2018-10-30 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, and 1.4.2_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable downstream vendor that this is a race condition related to deserialization. | |||||
| CVE-2004-0654 | 1 Sun | 2 Solaris, Sunos | 2018-10-30 | 2.1 LOW | N/A |
| Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic). | |||||
| CVE-2011-0867 | 1 Sun | 2 Jdk, Jre | 2018-10-30 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to Networking. | |||||
| CVE-1999-1371 | 1 Sun | 1 Sunos | 2018-10-30 | 7.2 HIGH | N/A |
| Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument. | |||||
| CVE-2003-1301 | 1 Sun | 1 Jre | 2018-10-30 | 5.0 MEDIUM | N/A |
| Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x before 1.5.0_06, and as used in multiple web browsers, allows remote attackers to cause a denial of service (application crash) via deeply nested object arrays, which are not properly handled by the garbage collector and trigger invalid memory accesses. | |||||