| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NFS allows users to use a "cd .." command to access other directories besides the exported file system. |
| Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate. |
| A race condition in the Solaris ps command allows an attacker to overwrite critical files. |
| The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches. |
| Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. |
| The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. |
| Teardrop IP denial of service. |
| Delete or create a file via rpc.statd, due to invalid information. |
| Local user gains root privileges via buffer overflow in rdist, via lookup() function. |
| Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. |
| Buffer overflow in xlock program allows local users to execute commands as root. |
| Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. |
| Sun's ftpd daemon can be subjected to a denial of service. |
| Vacation program allows command execution by remote users through a sendmail command. |
| pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, or execute arbitrary commands through arguments in the RPC call. |
| Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0. |
| Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files. |
| Buffer overflow in syslog utility allows local or remote attackers to gain root privileges. |
| A later variation on the Teardrop IP denial of service attack, a.k.a. Teardrop-2. |
| Buffer overflow in ffbconfig in Solaris 2.5.1. |
