Filtered by vendor Sun
Subscriptions
Total
1712 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2002-1337 | 8 Gentoo, Hp, Netbsd and 5 more | 11 Linux, Alphaserver Sc, Hp-ux and 8 more | 2025-04-03 | N/A |
| Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c. | ||||
| CVE-2003-0161 | 5 Compaq, Hp, Redhat and 2 more | 11 Tru64, Hp-ux, Hp-ux Series 700 and 8 more | 2025-04-03 | N/A |
| The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337. | ||||
| CVE-2003-0722 | 1 Sun | 1 Solaris | 2025-04-03 | N/A |
| The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets. | ||||
| CVE-2004-0081 | 23 4d, Apple, Avaya and 20 more | 67 Webstar, Mac Os X, Mac Os X Server and 64 more | 2025-04-03 | N/A |
| OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. | ||||
| CVE-2004-0112 | 24 4d, Apple, Avaya and 21 more | 65 Webstar, Mac Os X, Mac Os X Server and 62 more | 2025-04-03 | N/A |
| The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. | ||||
| CVE-2004-1082 | 8 Apache, Apple, Avaya and 5 more | 14 Http Server, Apache Mod Digest Apple, Communication Manager and 11 more | 2025-04-03 | N/A |
| mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. | ||||
| CVE-2021-43360 | 1 Sun | 1 Ehrd | 2024-11-21 | 8.8 High |
| Sunnet eHRD e-mail delivery task schedule’s serialization function has inadequate input object validation and restriction, which allows a post-authenticated remote attacker with database access privilege, to execute arbitrary code and control the system or interrupt services. | ||||
| CVE-2021-43359 | 1 Sun | 1 Ehrd | 2024-11-21 | 8.8 High |
| Sunnet eHRD has broken access control vulnerability, which allows a remote attacker to access account management page after being authenticated as a general user, then perform privilege escalation to execute arbitrary code and control the system or interrupt services. | ||||
| CVE-2021-43358 | 1 Sun | 1 Ehrd | 2024-11-21 | 7.5 High |
| Sunnet eHRD has inadequate filtering for special characters in URLs, which allows a remote attacker to perform path traversal attacks without authentication, access restricted paths and download system files. | ||||
| CVE-2020-10510 | 1 Sun | 1 Ehrd | 2024-11-21 | 8.1 High |
| Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data. | ||||
| CVE-2020-10509 | 1 Sun | 1 Ehrd | 2024-11-21 | 6.1 Medium |
| Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. | ||||
| CVE-2020-10508 | 1 Sun | 1 Ehrd | 2024-11-21 | 7.5 High |
| Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information. | ||||