Search Results (1712 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2007-3794 6 Hitachi, Hp, Ibm and 3 more 16 Cosminexus Application Server, Cosminexus Client, Cosminexus Developer and 13 more 2026-04-23 N/A
Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application.
CVE-2006-5213 1 Sun 1 Solaris 2026-04-23 N/A
Sun Solaris 10 before 20061006 uses "incorrect and insufficient permission checks" that allow local users to intercept or spoof packets by creating a raw socket on a link aggregation (network device aggregation).
CVE-2009-4190 1 Sun 1 Opensolaris 2026-04-23 N/A
Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 allows remote attackers to cause a denial of service (panic) via unknown vectors, as demonstrated by the vd_solaris2 module in VulnDisco Pack Professional 8.12. NOTE: as of 20091203, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE-2006-5396 1 Sun 1 Solaris 2026-04-23 N/A
The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before 20061017, when TCP Fusion is enabled, allows local users to cause a denial of service (system crash) via a TCP loopback connection with both endpoints on the same system.
CVE-2007-4025 1 Sun 1 Java System Application Server 2026-04-23 N/A
Unspecified vulnerability in Sun Java System (SJS) Application Server 8.1 through 9.0 before 20070724 on Windows allows remote attackers to obtain JSP source code via unspecified vectors.
CVE-2007-4126 1 Sun 1 Solaris 2026-04-23 N/A
Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs.
CVE-2007-3458 1 Sun 1 Solaris 2026-04-23 N/A
The libsldap library in Sun Solaris 8, 9, and 10 allows local users to cause a denial of service (Name Service Caching Daemon (nscd) crash) via unspecified vectors.
CVE-2006-6737 2 Redhat, Sun 5 Enterprise Linux, Rhel Extras, Jdk and 2 more 2026-04-23 N/A
Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The first issue."
CVE-2006-7140 1 Sun 2 Solaris, Sunos 2026-04-23 N/A
The libike library, as used by in.iked, elfsign, and kcfd in Sun Solaris 9 and 10, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents libike from correctly verifying X.509 and other certificates that use PKCS #1, a similar issue to CVE-2006-4339.
CVE-2006-7028 1 Sun 2 Solaris, Sunos 2026-04-23 N/A
Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. NOTE: this issue has not been replicated by third parties. In addition, the cause is unknown, although it might be related to "jabber" and generation of a large amount of interrupts within the console, or a hardware error.
CVE-2007-6413 1 Sun 1 Solaris 2026-04-23 N/A
Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later 120011-* and 120012-* patches, allows remote attackers to bypass certain netgroup restrictions and obtain root access to a filesystem via NFS requests from a client root user.
CVE-2007-0014 1 Sun 1 Chainkey Java Code Protection 2026-04-23 N/A
ChainKey Java Code Protection allows attackers to decompile Java class files via a Java class loader with a modified defineClass method that saves the bytecode to a file before it is passed to the JVM.
CVE-2008-2401 1 Sun 1 Java Active Server 2026-04-23 N/A
The Admin Server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to append to arbitrary new or existing files via the first argument to a certain file that is included by multiple unspecified ASP applications.
CVE-2009-1094 2 Redhat, Sun 6 Enterprise Linux, Network Satellite, Rhel Extras and 3 more 2026-04-23 N/A
Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.
CVE-2008-2404 1 Sun 1 Java Asp Server 2026-04-23 N/A
Stack-based buffer overflow in the request handling implementation in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary code via an unspecified string field.
CVE-2007-6059 1 Sun 1 Javamail 2026-04-23 N/A
Javamail does not properly handle a series of invalid login attempts in which the same e-mail address is entered as username and password, and the domain portion of this address yields a Java UnknownHostException error, which allows remote attackers to cause a denial of service (connection pool exhaustion) via a large number of requests, resulting in a SQLNestedException. NOTE: Sun disputes this issue, stating "The report makes references to source code and files that do not exist in the mentioned products.
CVE-2008-2405 1 Sun 1 Java Active Server Pages 2026-04-23 N/A
Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in HTTP requests to unspecified ASP applications.
CVE-2007-0165 1 Sun 2 Solaris, Sunos 2026-04-23 N/A
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
CVE-2008-2406 1 Sun 1 Java Asp Server 2026-04-23 N/A
The administration application server in Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote attackers to bypass authentication via direct requests on TCP port 5102.
CVE-2008-5661 1 Sun 2 Opensolaris, Solaris 2026-04-23 N/A
The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 through snv_82, with certain patches installed, allows remote attackers to cause a denial of service (panic) via unknown vectors that trigger a NULL pointer dereference.