| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A Unix account has a default, null, blank, or missing password. |
| Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files. |
| Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. |
| The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character). |
| Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm. |
| Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value. |
| The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access. |
| Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters. |
| Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. |
| The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts. |
| BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. |
| Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference. |
| DNS cache poisoning via BIND, by predictable query IDs. |
| Denial of service in BIND by improperly closing TCP sessions via so_linger. |
| mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. |
| nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. |
| The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT. |
| Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. |
| SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files. |
