| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd). |
| The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication. |
| Buffer overflow in NIS+, in Sun's rpc.nisd program. |
| Buffer overflow of rlogin program using TERM environmental variable. |
| Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX. |
| Sun's ftpd daemon can be subjected to a denial of service. |
| Buffer overflows in Sun libnsl allow root access. |
| Buffer overflow in ffbconfig in Solaris 2.5.1. |
| Buffer overflow in SGI IRIX mailx program. |
| Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access. |
| admintool in Solaris allows a local user to write to arbitrary files and gain root access. |
| Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access. |
| NFS cache poisoning. |
| In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution. |
| In Solaris, an SNMP subagent has a default community string that allows remote attackers to execute arbitrary commands as root, or modify system parameters. |
| The passwd command in Solaris can be subjected to a denial of service. |
| Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111. |
| A hidden SNMP community string in HP OpenView allows remote attackers to modify MIB tables and obtain sensitive information. |
| Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges. |
| Solaris volrmmount program allows attackers to read any file. |
