Filtered by vendor Sun Subscriptions
Total 1712 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2004-2686 1 Sun 2 Solaris, Sunos 2024-11-20 N/A
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.
CVE-2004-2641 1 Sun 2 Netra 1280, Sun Fire 2024-11-20 N/A
Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set.
CVE-2004-2627 1 Sun 1 J2me 2024-11-20 N/A
Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.
CVE-2004-2540 1 Sun 2 Jdk, Jre 2024-11-20 N/A
readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data.
CVE-2004-2393 1 Sun 1 Jsse 2024-11-20 N/A
Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS.
CVE-2004-2306 1 Sun 2 Solaris, Sunos 2024-11-20 N/A
Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.
CVE-2004-2216 1 Sun 2 Java System Application Server, Java System Web Server 2024-11-20 N/A
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.
CVE-2004-1942 1 Sun 1 Patch Manager 2024-11-20 N/A
The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname.
CVE-2004-1816 2 Macromedia, Sun 3 Coldfusion, Jrun, One Application Server 2024-11-20 N/A
Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
CVE-2004-1815 2 Macromedia, Sun 3 Coldfusion, Jrun, One Application Server 2024-11-20 N/A
Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
CVE-2004-1767 1 Sun 2 Solaris, Sunos 2024-11-20 N/A
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.
CVE-2004-1503 1 Sun 1 Jre 2024-11-20 N/A
Integer overflow in the InitialDirContext in Java Runtime Environment (JRE) 1.4.2, 1.5.0 and possibly other versions allows remote attackers to cause a denial of service (Java exception and failed DNS requests) via a large number of DNS requests, which causes the xid variable to wrap around and become negative.
CVE-2004-1394 1 Sun 2 Solaris, Sunos 2024-11-20 N/A
The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles to execute profile commands with additional privileges.
CVE-2004-1393 1 Sun 2 Solaris, Sunos 2024-11-20 N/A
Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang).
CVE-2004-1360 1 Sun 2 Solaris, Sunos 2024-11-20 N/A
Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files.
CVE-2004-1359 1 Sun 2 Solaris, Sunos 2024-11-20 N/A
Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.
CVE-2004-1358 1 Sun 1 Solaris 2024-11-20 N/A
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.
CVE-2004-1357 1 Sun 1 Solaris 2024-11-20 N/A
The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properly log IP addresses when SSHD is configured with the ListenAddress as 0.0.0.0, which makes it easier for remote attackers to hide the source of their activities.
CVE-2004-1356 1 Sun 2 Solaris, Sunos 2024-11-20 N/A
Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.
CVE-2004-1355 1 Sun 2 Solaris, Sunos 2024-11-20 N/A
Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allows local users to cause a denial of service (system panic) via unknown vectors.