Filtered by vendor Sun
Subscriptions
Total
1712 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-1999-1419 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | N/A |
| Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges. | ||||
| CVE-1999-1426 | 1 Sun | 1 Solstice Adminsuite | 2025-04-03 | N/A |
| Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links when updating an NIS database, which allows local users to overwrite arbitrary files. | ||||
| CVE-1999-1427 | 1 Sun | 1 Solstice Adminsuite | 2025-04-03 | N/A |
| Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files insecurely, which allows local users to gain root privileges. | ||||
| CVE-1999-1432 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | N/A |
| Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges. | ||||
| CVE-1999-1449 | 1 Sun | 1 Sunos | 2025-04-03 | N/A |
| SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial of service (kernel panic) by reading from the /dev/tcx0 TCX device. | ||||
| CVE-1999-1467 | 1 Sun | 1 Sunos | 2025-04-03 | N/A |
| Vulnerability in rcp on SunOS 4.0.x allows remote attackers from trusted hosts to execute arbitrary commands as root, possibly related to the configuration of the nobody user. | ||||
| CVE-2021-43360 | 1 Sun | 1 Ehrd | 2024-11-21 | 8.8 High |
| Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services. | ||||
| CVE-2021-43359 | 1 Sun | 1 Ehrd | 2024-11-21 | 8.8 High |
| Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services. | ||||
| CVE-2021-43358 | 1 Sun | 1 Ehrd | 2024-11-21 | 7.5 High |
| Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files. | ||||
| CVE-2020-10510 | 1 Sun | 1 Ehrd | 2024-11-21 | 8.1 High |
| Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data. | ||||
| CVE-2020-10509 | 1 Sun | 1 Ehrd | 2024-11-21 | 6.1 Medium |
| Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. | ||||
| CVE-2020-10508 | 1 Sun | 1 Ehrd | 2024-11-21 | 7.5 High |
| Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information. | ||||