Summary
Detail | |||
---|---|---|---|
Vendor | Sun | First view | 2006-07-21 |
Product | Sunos | Last view | 2015-01-21 |
Version | 5.10 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:sun:sunos |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
1.9 | 2015-01-21 | CVE-2015-0430 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility. |
3.3 | 2015-01-21 | CVE-2015-0429 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility. |
4.9 | 2015-01-21 | CVE-2015-0428 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control. |
5 | 2015-01-21 | CVE-2015-0375 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network. |
5 | 2015-01-21 | CVE-2014-6575 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230. |
7.2 | 2015-01-21 | CVE-2014-6524 | Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. |
7.2 | 2015-01-21 | CVE-2014-6521 | Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility. |
6.6 | 2015-01-21 | CVE-2014-6518 | Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS). |
4.9 | 2015-01-21 | CVE-2014-6509 | Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. |
4.3 | 2015-01-21 | CVE-2014-6481 | Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL. |
7.8 | 2014-10-15 | CVE-2014-6508 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM). |
7.2 | 2014-10-15 | CVE-2014-6473 | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework. |
4 | 2014-07-17 | CVE-2014-4239 | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Common Agent Container (Cacao). |
6.9 | 2014-07-17 | CVE-2014-4225 | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Patch installation scripts. |
4.9 | 2014-07-17 | CVE-2014-4224 | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs. |
4.9 | 2014-07-17 | CVE-2014-4215 | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2013-5862. |
4.9 | 2014-04-15 | CVE-2014-0447 | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2013-5876. |
4.6 | 2014-04-15 | CVE-2014-0442 | Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility. |
4.3 | 2014-01-15 | CVE-2014-0390 | Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console. |
4.9 | 2014-01-15 | CVE-2013-5876 | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2014-0447. |
2.1 | 2014-01-15 | CVE-2013-5872 | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD). |
4.6 | 2014-01-15 | CVE-2013-5821 | Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC. |
4.9 | 2013-10-16 | CVE-2013-5864 | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver. |
4.9 | 2013-10-16 | CVE-2013-5862 | Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2014-4215. |
4.3 | 2013-10-16 | CVE-2013-5839 | Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Oracle Java Web Console. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
27% (5) | CWE-264 | Permissions, Privileges, and Access Controls |
16% (3) | CWE-16 | Configuration |
11% (2) | CWE-399 | Resource Management Errors |
11% (2) | CWE-189 | Numeric Errors |
11% (2) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
5% (1) | CWE-362 | Race Condition |
5% (1) | CWE-255 | Credentials Management |
5% (1) | CWE-134 | Uncontrolled Format String |
5% (1) | CWE-88 | Argument Injection or Modification |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-2 | Inducing Account Lockout |
CAPEC-41 | Using Meta-characters in E-mail Headers to Inject Malicious Payloads |
CAPEC-82 | Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi... |
CAPEC-88 | OS Command Injection |
CAPEC-133 | Try All Common Application Switches and Options |
CAPEC-147 | XML Ping of Death |
CAPEC-228 | Resource Depletion through DTD Injection in a SOAP Message |
SAINT Exploits
Description | Link |
---|---|
Solaris telnetd authentication bypass | More info here |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
78427 | Oracle Solaris Kernel Component Unspecified Local DoS (2012-0098) |
78425 | Oracle Solaris sshd Component Unspecified Remote DoS |
78424 | Oracle Solaris TCP/IP Component Unspecified Local Issue |
78422 | Oracle Solaris Network Component Unspecified Remote DoS |
78421 | Oracle Solaris Kerberos Component Unspecified Local Privilege Escalation |
78420 | Oracle Solaris TCP/IP Component Unspecified Remote DoS |
76474 | Oracle Solaris Kernel/Performance Counter BackEnd Module (pcbe) Component Uns... |
76468 | Oracle Solaris Process File System (procfs) Component Unspecified Local Issue |
76467 | Oracle Solaris LDAP Library Component Unspecified Remote Issue |
76466 | Oracle Solaris ZFS Component Unspecified Local DoS (2011-2313) |
73968 | Oracle Solaris Trusted Extensions Unspecified Local Information Disclosure |
73967 | Oracle Solaris LiveUpgrade Unspecified Local Issue |
73966 | Oracle Solaris rksh Unspecified Local Issue |
73965 | Oracle Solaris Driver/USB Unspecified Local DoS |
73963 | Oracle Solaris UFS Unspecified Local DoS |
73962 | Oracle Solaris Kernel/sockfs Unspecified Local DoS |
73960 | Oracle Solaris KSSL Unspecified Remote DoS |
73959 | Oracle Solaris SSH Unspecified Remote DoS |
73958 | Oracle Solaris TCP/IP Unspecified Remote DoS |
73957 | Oracle Solaris Installer Unspecified Local Issue |
73955 | Oracle Solaris fingerd Unspecified Remote DoS |
71943 | Oracle Solaris LOFS Unspecified Local DoS |
71942 | Oracle Solaris Kernel/SPARC Unspecified Local DoS |
71941 | Oracle Solaris uucp Unspecified Local Issue |
71940 | Oracle Solaris Kernel Unspecified Remote DoS |
ExploitDB Exploits
id | Description |
---|---|
24450 | FreeBSD 9.1 ftpd Remote Denial of Service |
16137 | Multiple Vendor Calendar Manager Remote Code Execution |
15215 | Multiple Vendors libc/glob(3) Resource Exhaustion (+0day remote ftpd-anon) |
5227 | Solaris 8/9/10 - fifofs I_PEEK Local Kernel Memory Leak Exploit |
OpenVAS Exploits
id | Description |
---|---|
2012-12-18 | Name : Fedora Update for xen FEDORA-2012-19828 File : nvt/gb_fedora_2012_19828_xen_fc16.nasl |
2012-12-14 | Name : Fedora Update for xen FEDORA-2012-19717 File : nvt/gb_fedora_2012_19717_xen_fc17.nasl |
2012-12-13 | Name : SuSE Update for xen openSUSE-SU-2012:0886-1 (xen) File : nvt/gb_suse_2012_0886_1.nasl |
2012-11-23 | Name : Fedora Update for xen FEDORA-2012-18249 File : nvt/gb_fedora_2012_18249_xen_fc16.nasl |
2012-11-23 | Name : Fedora Update for xen FEDORA-2012-18242 File : nvt/gb_fedora_2012_18242_xen_fc17.nasl |
2012-11-15 | Name : Fedora Update for xen FEDORA-2012-17204 File : nvt/gb_fedora_2012_17204_xen_fc17.nasl |
2012-11-15 | Name : Fedora Update for xen FEDORA-2012-17408 File : nvt/gb_fedora_2012_17408_xen_fc16.nasl |
2012-09-22 | Name : Fedora Update for xen FEDORA-2012-13434 File : nvt/gb_fedora_2012_13434_xen_fc17.nasl |
2012-09-22 | Name : Fedora Update for xen FEDORA-2012-13443 File : nvt/gb_fedora_2012_13443_xen_fc16.nasl |
2012-08-30 | Name : Fedora Update for xen FEDORA-2012-9386 File : nvt/gb_fedora_2012_9386_xen_fc17.nasl |
2012-08-30 | Name : Fedora Update for xen FEDORA-2012-11182 File : nvt/gb_fedora_2012_11182_xen_fc17.nasl |
2012-08-30 | Name : Fedora Update for xen FEDORA-2012-11755 File : nvt/gb_fedora_2012_11755_xen_fc17.nasl |
2012-08-24 | Name : Fedora Update for xen FEDORA-2012-11785 File : nvt/gb_fedora_2012_11785_xen_fc16.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2501-1 (xen) File : nvt/deb_2501_1.nasl |
2012-08-10 | Name : FreeBSD Ports: FreeBSD File : nvt/freebsd_FreeBSD16.nasl |
2012-08-10 | Name : Debian Security Advisory DSA 2508-1 (kfreebsd-8) File : nvt/deb_2508_1.nasl |
2012-08-06 | Name : Fedora Update for xen FEDORA-2012-11190 File : nvt/gb_fedora_2012_11190_xen_fc16.nasl |
2012-07-30 | Name : CentOS Update for kernel CESA-2012:0721 centos5 File : nvt/gb_CESA-2012_0721_kernel_centos5.nasl |
2012-06-28 | Name : Fedora Update for xen FEDORA-2012-9399 File : nvt/gb_fedora_2012_9399_xen_fc16.nasl |
2012-06-28 | Name : Fedora Update for xen FEDORA-2012-9430 File : nvt/gb_fedora_2012_9430_xen_fc15.nasl |
2012-06-15 | Name : RedHat Update for kernel RHSA-2012:0721-01 File : nvt/gb_RHSA-2012_0721-01_kernel.nasl |
2012-06-13 | Name : Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167) File : nvt/secpod_ms12-042.nasl |
2011-08-19 | Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004) File : nvt/secpod_macosx_su11-004.nasl |
2011-03-24 | Name : Mandriva Update for vsftpd MDVSA-2011:049 (vsftpd) File : nvt/gb_mandriva_MDVSA_2011_049.nasl |
2011-02-28 | Name : HP-UX Update for CDE Calendar Manager HPSBUX02628 File : nvt/gb_hp_ux_HPSBUX02628.nasl |
Information Assurance Vulnerability Management (IAVM)
id | Description |
---|---|
2014-A-0107 | Multiple Vulnerabilities in Oracle & Sun Systems Products Suite Severity: Category I - VMSKEY: V0053187 |
2014-A-0058 | Multiple Vulnerabilities in Oracle & Sun Systems Product Suite Severity: Category I - VMSKEY: V0049579 |
2014-A-0012 | Multiple Vulnerabilities in Oracle & Sun Systems Product Suite Severity: Category I - VMSKEY: V0043396 |
2013-A-0195 | Multiple Vulnerabilities in Oracle & Sun Systems Product Suite Severity: Category I - VMSKEY: V0040781 |
2013-A-0194 | Multiple Vulnerabilities in Juniper Networks JUNOS Severity: Category I - VMSKEY: V0040788 |
2011-B-0026 | HP-UX Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0026084 |
2008-T-0043 | Multiple Sun Solaris snoop Vulnerabilities Severity: Category II - VMSKEY: V0017141 |
2008-T-0029 | Sun Solaris Unspecified Remote Denial of Service Vulnerability Severity: Category II - VMSKEY: V0016060 |
2008-T-0022 | Sun Solaris TCP Implementation SYN Flood Denial of Service Severity: Category I - VMSKEY: V0016026 |
2008-T-0021 | Sun Solaris Print Service Unspecified Remote Code Execution Vulnerability Severity: Category I - VMSKEY: V0016018 |
2008-A-0025 | Sun SPARC Enterprise T5120 and T5220 Default Configuration Root Command Execu... Severity: Category I - VMSKEY: V0015977 |
2007-B-0006 | Sun Solaris Telnet Remote Authentication Bypass Vulnerability Severity: Category I - VMSKEY: V0013607 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | CDE Calendar Manager service memory corruption attempt RuleID : 19173 - Type : PROTOCOL-RPC - Revision : 10 |
2014-01-10 | Oracle Solaris login environment variable authentication bypass attempt RuleID : 10136 - Type : OS-SOLARIS - Revision : 11 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2015-01-23 | Name: The remote Solaris system is missing a security patch from CPU jan2015. File: solaris_jan2015_SRU10_5a.nasl - Type: ACT_GATHER_INFO |
2015-01-23 | Name: The remote Solaris system is missing a security patch from CPU jan2015. File: solaris_jan2015_SRU11_1_11_4_0.nasl - Type: ACT_GATHER_INFO |
2015-01-23 | Name: The remote Solaris system is missing a security patch from CPU jan2015. File: solaris_jan2015_SRU11_1_15_4_0.nasl - Type: ACT_GATHER_INFO |
2015-01-23 | Name: The remote Solaris system is missing a security patch from CPU jan2015. File: solaris_jan2015_SRU11_1_16_5_0.nasl - Type: ACT_GATHER_INFO |
2015-01-23 | Name: The remote Solaris system is missing a security patch from CPU jan2015. File: solaris_jan2015_SRU11_2_6_4_0.nasl - Type: ACT_GATHER_INFO |
2015-01-23 | Name: The remote Solaris system is missing a security patch from CPU jan2015. File: solaris_jan2015_SRU9_5.nasl - Type: ACT_GATHER_INFO |
2014-11-26 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2012-0020.nasl - Type: ACT_GATHER_INFO |
2014-11-26 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2012-0021.nasl - Type: ACT_GATHER_INFO |
2014-11-26 | Name: The remote OracleVM host is missing one or more security updates. File: oraclevm_OVMSA-2012-0022.nasl - Type: ACT_GATHER_INFO |
2014-10-15 | Name: The remote Solaris system is missing a security patch from CPU oct2014. File: solaris_oct2014_11_2SRU0.nasl - Type: ACT_GATHER_INFO |
2014-10-15 | Name: The remote Solaris system is missing a security patch from CPU oct2014. File: solaris_oct2014_SRU11_1_20_5_0.nasl - Type: ACT_GATHER_INFO |
2014-09-17 | Name: The remote host is missing Sun Security Patch number 150312-06 File: solaris10_150312.nasl - Type: ACT_GATHER_INFO |
2014-09-17 | Name: The remote host is missing Sun Security Patch number 150313-06 File: solaris10_x86_150313.nasl - Type: ACT_GATHER_INFO |
2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2012. File: solaris_apr2012_SRU3.nasl - Type: ACT_GATHER_INFO |
2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2012. File: solaris_apr2012_SRU4.nasl - Type: ACT_GATHER_INFO |
2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2013. File: solaris_apr2013_SRU0.nasl - Type: ACT_GATHER_INFO |
2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2013. File: solaris_apr2013_SRU3.nasl - Type: ACT_GATHER_INFO |
2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2013. File: solaris_apr2013_SRU4a.nasl - Type: ACT_GATHER_INFO |
2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2013. File: solaris_apr2013_SRU5.nasl - Type: ACT_GATHER_INFO |
2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2013. File: solaris_apr2013_SRU5_5.nasl - Type: ACT_GATHER_INFO |
2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU apr2014. File: solaris_apr2014_SRU11_1_17_5_0.nasl - Type: ACT_GATHER_INFO |
2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU jan2013. File: solaris_jan2013_SRU12_4.nasl - Type: ACT_GATHER_INFO |
2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU jan2014. File: solaris_jan2014_SRU11_1_13_6_0.nasl - Type: ACT_GATHER_INFO |
2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU jan2014. File: solaris_jan2014_SRU11_1_16_5_0.nasl - Type: ACT_GATHER_INFO |
2014-07-26 | Name: The remote Solaris system is missing a security patch from CPU jan2014. File: solaris_jan2014_SRU1_4.nasl - Type: ACT_GATHER_INFO |