| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Buffer overflow in statd allows root privileges. |
| NFS allows attackers to read and write any file on the system by specifying a false UID. |
| rpc.admind in Solaris is not running in a secure mode. |
| The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions. |
| In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system. |
| NFS allows users to use a "cd .." command to access other directories besides the exported file system. |
| a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename. |
| NFS cache poisoning. |
| A race condition in the Solaris ps command allows an attacker to overwrite critical files. |
| Buffer overflow in canuum program for Canna input system allows local users to gain root privileges. |
| Buffer overflows in Sun libnsl allow root access. |
| lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220. |
| In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution. |
| Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access. |
| Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access. |
| Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. |
| Cross-site scripting (XSS) vulnerability in Sun ONE Application Server 7 before Update 9, Java System Application Server 7 2004Q2 before Update 5, and Java System Application Server Enterprise Edition 8.1 2005 Q1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors. |
| admintool in Solaris allows a local user to write to arbitrary files and gain root access. |
| vold in Solaris 2.x allows local users to gain root access. |
| Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names. |
