| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file. |
| sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack. |
| The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve. |
| Buffer overflow in Solaris kcms_configure command allows local users to gain root access. |
| Buffer overflow in SunOS/Solaris ps command. |
| Stack-based buffer overflow in help.cgi in the HTTP administrative interface for (1) Sun Java System Directory Server 5.2 2003Q4, 2004Q2, and 2005Q1, (2) Red Hat Directory Server and (3) Certificate Server before 7.1 SP1, (4) Sun ONE Directory Server 5.1 SP4 and earlier, and (5) Sun ONE Administration Server 5.2 allows remote attackers to cause a denial of service (admin server crash), or local users to gain root privileges. |
| Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges. |
| Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command. |
| Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool. |
| FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce. |
| Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option. |
| Delete or create a file via rpc.statd, due to invalid information. |
| Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages. |
| Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access. |
| Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server. |
| rpc.admind in Solaris is not running in a secure mode. |
| Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors. |
| Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (reset TCP connections) via spoofed ICMP error messages, aka the "blind connection-reset attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. |
| Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands. |
| Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. |
