| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access. |
| Buffer overflow in xlock program allows local users to execute commands as root. |
| Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access. |
| Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm. |
| nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers. |
| Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. |
| The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access. |
| ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service. |
| rpc.admind in Solaris is not running in a secure mode. |
| The NIS+ rpc.nisd server allows remote attackers to execute certain RPC calls without authentication to obtain system information, disable logging, or modify caches. |
| Buffer overflow in BIND 8.2 via NXT records. |
| Buffer overflow in uum program for Canna input system allows local users to gain root privileges. |
| Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program. |
| Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument. |
| rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not. |
| /usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option. |
| Buffer overflow of rlogin program using TERM environmental variable. |
| Buffer overflow in Solaris 7 lpset allows local users to gain root privileges via a long -r option. |
| The administration interface for the dwhttpd web server in Solaris AnswerBook2 does not properly authenticate requests to its supporting CGI scripts, which allows remote attackers to add user accounts to the interface by directly calling the admin CGI script. |
