This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Sun First view 2006-07-21
Product Sunos Last view 2015-01-21
Version 5.10 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:sun:sunos

Activity : Overall

Related : CVE

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
  Date Alert Description
1.9 2015-01-21 CVE-2015-0430

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility.

3.3 2015-01-21 CVE-2015-0429

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility.

4.9 2015-01-21 CVE-2015-0428

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control.

5 2015-01-21 CVE-2015-0375

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network.

5 2015-01-21 CVE-2014-6575

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230.

7.2 2015-01-21 CVE-2014-6524

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.

7.2 2015-01-21 CVE-2014-6521

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility.

6.6 2015-01-21 CVE-2014-6518

Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).

4.9 2015-01-21 CVE-2014-6509

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.

4.3 2015-01-21 CVE-2014-6481

Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL.

7.8 2014-10-15 CVE-2014-6508

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM).

7.2 2014-10-15 CVE-2014-6473

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework.

4 2014-07-17 CVE-2014-4239

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Common Agent Container (Cacao).

6.9 2014-07-17 CVE-2014-4225

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Patch installation scripts.

4.9 2014-07-17 CVE-2014-4224

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 allows local users to affect availability via unknown vectors related to sockfs.

4.9 2014-07-17 CVE-2014-4215

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2013-5862.

4.9 2014-04-15 CVE-2014-0447

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2013-5876.

4.6 2014-04-15 CVE-2014-0442

Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Print Filter Utility.

4.3 2014-01-15 CVE-2014-0390

Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Java Web Console.

4.9 2014-01-15 CVE-2013-5876

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2014-0447.

2.1 2014-01-15 CVE-2013-5872

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to Name Service Cache Daemon (NSCD).

4.6 2014-01-15 CVE-2013-5821

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows local users to affect confidentiality, integrity, and availability via vectors related to RPC.

4.9 2013-10-16 CVE-2013-5864

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to USB hub driver.

4.9 2013-10-16 CVE-2013-5862

Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local users to affect availability via vectors related to CPU performance counters (CPC) drivers, a different vulnerability than CVE-2014-4215.

4.3 2013-10-16 CVE-2013-5839

Unspecified vulnerability in Oracle Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Oracle Java Web Console.

CWE : Common Weakness Enumeration

%idName
27% (5) CWE-264 Permissions, Privileges, and Access Controls
16% (3) CWE-16 Configuration
11% (2) CWE-399 Resource Management Errors
11% (2) CWE-189 Numeric Errors
11% (2) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
5% (1) CWE-362 Race Condition
5% (1) CWE-255 Credentials Management
5% (1) CWE-134 Uncontrolled Format String
5% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-2 Inducing Account Lockout
CAPEC-41 Using Meta-characters in E-mail Headers to Inject Malicious Payloads
CAPEC-82 Violating Implicit Assumptions Regarding XML Content (aka XML Denial of Servi...
CAPEC-88 OS Command Injection
CAPEC-133 Try All Common Application Switches and Options
CAPEC-147 XML Ping of Death
CAPEC-228 Resource Depletion through DTD Injection in a SOAP Message

SAINT Exploits

Description Link
Solaris telnetd authentication bypass More info here

Open Source Vulnerability Database (OSVDB)

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
78427 Oracle Solaris Kernel Component Unspecified Local DoS (2012-0098)
78425 Oracle Solaris sshd Component Unspecified Remote DoS
78424 Oracle Solaris TCP/IP Component Unspecified Local Issue
78422 Oracle Solaris Network Component Unspecified Remote DoS
78421 Oracle Solaris Kerberos Component Unspecified Local Privilege Escalation
78420 Oracle Solaris TCP/IP Component Unspecified Remote DoS
76474 Oracle Solaris Kernel/Performance Counter BackEnd Module (pcbe) Component Uns...
76468 Oracle Solaris Process File System (procfs) Component Unspecified Local Issue
76467 Oracle Solaris LDAP Library Component Unspecified Remote Issue
76466 Oracle Solaris ZFS Component Unspecified Local DoS (2011-2313)
73968 Oracle Solaris Trusted Extensions Unspecified Local Information Disclosure
73967 Oracle Solaris LiveUpgrade Unspecified Local Issue
73966 Oracle Solaris rksh Unspecified Local Issue
73965 Oracle Solaris Driver/USB Unspecified Local DoS
73963 Oracle Solaris UFS Unspecified Local DoS
73962 Oracle Solaris Kernel/sockfs Unspecified Local DoS
73960 Oracle Solaris KSSL Unspecified Remote DoS
73959 Oracle Solaris SSH Unspecified Remote DoS
73958 Oracle Solaris TCP/IP Unspecified Remote DoS
73957 Oracle Solaris Installer Unspecified Local Issue
73955 Oracle Solaris fingerd Unspecified Remote DoS
71943 Oracle Solaris LOFS Unspecified Local DoS
71942 Oracle Solaris Kernel/SPARC Unspecified Local DoS
71941 Oracle Solaris uucp Unspecified Local Issue
71940 Oracle Solaris Kernel Unspecified Remote DoS

ExploitDB Exploits

id Description
24450 FreeBSD 9.1 ftpd Remote Denial of Service
16137 Multiple Vendor Calendar Manager Remote Code Execution
15215 Multiple Vendors libc/glob(3) Resource Exhaustion (+0day remote ftpd-anon)
5227 Solaris 8/9/10 - fifofs I_PEEK Local Kernel Memory Leak Exploit

OpenVAS Exploits

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2012-12-18 Name : Fedora Update for xen FEDORA-2012-19828
File : nvt/gb_fedora_2012_19828_xen_fc16.nasl
2012-12-14 Name : Fedora Update for xen FEDORA-2012-19717
File : nvt/gb_fedora_2012_19717_xen_fc17.nasl
2012-12-13 Name : SuSE Update for xen openSUSE-SU-2012:0886-1 (xen)
File : nvt/gb_suse_2012_0886_1.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18249
File : nvt/gb_fedora_2012_18249_xen_fc16.nasl
2012-11-23 Name : Fedora Update for xen FEDORA-2012-18242
File : nvt/gb_fedora_2012_18242_xen_fc17.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17204
File : nvt/gb_fedora_2012_17204_xen_fc17.nasl
2012-11-15 Name : Fedora Update for xen FEDORA-2012-17408
File : nvt/gb_fedora_2012_17408_xen_fc16.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13434
File : nvt/gb_fedora_2012_13434_xen_fc17.nasl
2012-09-22 Name : Fedora Update for xen FEDORA-2012-13443
File : nvt/gb_fedora_2012_13443_xen_fc16.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-9386
File : nvt/gb_fedora_2012_9386_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-11182
File : nvt/gb_fedora_2012_11182_xen_fc17.nasl
2012-08-30 Name : Fedora Update for xen FEDORA-2012-11755
File : nvt/gb_fedora_2012_11755_xen_fc17.nasl
2012-08-24 Name : Fedora Update for xen FEDORA-2012-11785
File : nvt/gb_fedora_2012_11785_xen_fc16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2501-1 (xen)
File : nvt/deb_2501_1.nasl
2012-08-10 Name : FreeBSD Ports: FreeBSD
File : nvt/freebsd_FreeBSD16.nasl
2012-08-10 Name : Debian Security Advisory DSA 2508-1 (kfreebsd-8)
File : nvt/deb_2508_1.nasl
2012-08-06 Name : Fedora Update for xen FEDORA-2012-11190
File : nvt/gb_fedora_2012_11190_xen_fc16.nasl
2012-07-30 Name : CentOS Update for kernel CESA-2012:0721 centos5
File : nvt/gb_CESA-2012_0721_kernel_centos5.nasl
2012-06-28 Name : Fedora Update for xen FEDORA-2012-9399
File : nvt/gb_fedora_2012_9399_xen_fc16.nasl
2012-06-28 Name : Fedora Update for xen FEDORA-2012-9430
File : nvt/gb_fedora_2012_9430_xen_fc15.nasl
2012-06-15 Name : RedHat Update for kernel RHSA-2012:0721-01
File : nvt/gb_RHSA-2012_0721-01_kernel.nasl
2012-06-13 Name : Microsoft Windows Kernel Privilege Elevation Vulnerabilities (2711167)
File : nvt/secpod_ms12-042.nasl
2011-08-19 Name : Mac OS X v10.6.8 Multiple Vulnerabilities (2011-004)
File : nvt/secpod_macosx_su11-004.nasl
2011-03-24 Name : Mandriva Update for vsftpd MDVSA-2011:049 (vsftpd)
File : nvt/gb_mandriva_MDVSA_2011_049.nasl
2011-02-28 Name : HP-UX Update for CDE Calendar Manager HPSBUX02628
File : nvt/gb_hp_ux_HPSBUX02628.nasl

Information Assurance Vulnerability Management (IAVM)

id Description
2014-A-0107 Multiple Vulnerabilities in Oracle & Sun Systems Products Suite
Severity: Category I - VMSKEY: V0053187
2014-A-0058 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0049579
2014-A-0012 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0043396
2013-A-0195 Multiple Vulnerabilities in Oracle & Sun Systems Product Suite
Severity: Category I - VMSKEY: V0040781
2013-A-0194 Multiple Vulnerabilities in Juniper Networks JUNOS
Severity: Category I - VMSKEY: V0040788
2011-B-0026 HP-UX Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0026084
2008-T-0043 Multiple Sun Solaris snoop Vulnerabilities
Severity: Category II - VMSKEY: V0017141
2008-T-0029 Sun Solaris Unspecified Remote Denial of Service Vulnerability
Severity: Category II - VMSKEY: V0016060
2008-T-0022 Sun Solaris TCP Implementation SYN Flood Denial of Service
Severity: Category I - VMSKEY: V0016026
2008-T-0021 Sun Solaris Print Service Unspecified Remote Code Execution Vulnerability
Severity: Category I - VMSKEY: V0016018
2008-A-0025 Sun SPARC Enterprise T5120 and T5220 Default Configuration Root Command Execu...
Severity: Category I - VMSKEY: V0015977
2007-B-0006 Sun Solaris Telnet Remote Authentication Bypass Vulnerability
Severity: Category I - VMSKEY: V0013607

Snort® IPS/IDS

Date Description
2014-01-10 CDE Calendar Manager service memory corruption attempt
RuleID : 19173 - Type : PROTOCOL-RPC - Revision : 10
2014-01-10 Oracle Solaris login environment variable authentication bypass attempt
RuleID : 10136 - Type : OS-SOLARIS - Revision : 11

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2015-01-23 Name: The remote Solaris system is missing a security patch from CPU jan2015.
File: solaris_jan2015_SRU10_5a.nasl - Type: ACT_GATHER_INFO
2015-01-23 Name: The remote Solaris system is missing a security patch from CPU jan2015.
File: solaris_jan2015_SRU11_1_11_4_0.nasl - Type: ACT_GATHER_INFO
2015-01-23 Name: The remote Solaris system is missing a security patch from CPU jan2015.
File: solaris_jan2015_SRU11_1_15_4_0.nasl - Type: ACT_GATHER_INFO
2015-01-23 Name: The remote Solaris system is missing a security patch from CPU jan2015.
File: solaris_jan2015_SRU11_1_16_5_0.nasl - Type: ACT_GATHER_INFO
2015-01-23 Name: The remote Solaris system is missing a security patch from CPU jan2015.
File: solaris_jan2015_SRU11_2_6_4_0.nasl - Type: ACT_GATHER_INFO
2015-01-23 Name: The remote Solaris system is missing a security patch from CPU jan2015.
File: solaris_jan2015_SRU9_5.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0020.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0021.nasl - Type: ACT_GATHER_INFO
2014-11-26 Name: The remote OracleVM host is missing one or more security updates.
File: oraclevm_OVMSA-2012-0022.nasl - Type: ACT_GATHER_INFO
2014-10-15 Name: The remote Solaris system is missing a security patch from CPU oct2014.
File: solaris_oct2014_11_2SRU0.nasl - Type: ACT_GATHER_INFO
2014-10-15 Name: The remote Solaris system is missing a security patch from CPU oct2014.
File: solaris_oct2014_SRU11_1_20_5_0.nasl - Type: ACT_GATHER_INFO
2014-09-17 Name: The remote host is missing Sun Security Patch number 150312-06
File: solaris10_150312.nasl - Type: ACT_GATHER_INFO
2014-09-17 Name: The remote host is missing Sun Security Patch number 150313-06
File: solaris10_x86_150313.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU apr2012.
File: solaris_apr2012_SRU3.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU apr2012.
File: solaris_apr2012_SRU4.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU apr2013.
File: solaris_apr2013_SRU0.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU apr2013.
File: solaris_apr2013_SRU3.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU apr2013.
File: solaris_apr2013_SRU4a.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU apr2013.
File: solaris_apr2013_SRU5.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU apr2013.
File: solaris_apr2013_SRU5_5.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU apr2014.
File: solaris_apr2014_SRU11_1_17_5_0.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU jan2013.
File: solaris_jan2013_SRU12_4.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU jan2014.
File: solaris_jan2014_SRU11_1_13_6_0.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU jan2014.
File: solaris_jan2014_SRU11_1_16_5_0.nasl - Type: ACT_GATHER_INFO
2014-07-26 Name: The remote Solaris system is missing a security patch from CPU jan2014.
File: solaris_jan2014_SRU1_4.nasl - Type: ACT_GATHER_INFO