Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2002-1584

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-08 Feb, 2005 | 05:00
Updated At-08 Aug, 2024 | 03:26
Rejected At-
Credits

Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:08 Feb, 2005 | 05:00
Updated At:08 Aug, 2024 | 03:26
Rejected At:
â–¼CVE Numbering Authority (CNA)

Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://sunsolve.sun.com/search/document.do?assetkey=1-26-46944-1
vendor-advisory
x_refsource_SUNALERT
http://www.securityfocus.com/bid/6484
vdb-entry
x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/10935
vdb-entry
x_refsource_XF
ftp://patches.sgi.com/support/free/security/advisories/20030402-01-P
vendor-advisory
x_refsource_SGI
http://www.kb.cert.org/vuls/id/518057
third-party-advisory
x_refsource_CERT-VN
http://secunia.com/advisories/7899/
third-party-advisory
x_refsource_SECUNIA
http://www.securitytracker.com/id?1005934
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-46944-1
Resource:
vendor-advisory
x_refsource_SUNALERT
Hyperlink: http://www.securityfocus.com/bid/6484
Resource:
vdb-entry
x_refsource_BID
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/10935
Resource:
vdb-entry
x_refsource_XF
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20030402-01-P
Resource:
vendor-advisory
x_refsource_SGI
Hyperlink: http://www.kb.cert.org/vuls/id/518057
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: http://secunia.com/advisories/7899/
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securitytracker.com/id?1005934
Resource:
vdb-entry
x_refsource_SECTRACK
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://sunsolve.sun.com/search/document.do?assetkey=1-26-46944-1
vendor-advisory
x_refsource_SUNALERT
x_transferred
http://www.securityfocus.com/bid/6484
vdb-entry
x_refsource_BID
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/10935
vdb-entry
x_refsource_XF
x_transferred
ftp://patches.sgi.com/support/free/security/advisories/20030402-01-P
vendor-advisory
x_refsource_SGI
x_transferred
http://www.kb.cert.org/vuls/id/518057
third-party-advisory
x_refsource_CERT-VN
x_transferred
http://secunia.com/advisories/7899/
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securitytracker.com/id?1005934
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-46944-1
Resource:
vendor-advisory
x_refsource_SUNALERT
x_transferred
Hyperlink: http://www.securityfocus.com/bid/6484
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/10935
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20030402-01-P
Resource:
vendor-advisory
x_refsource_SGI
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/518057
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: http://secunia.com/advisories/7899/
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securitytracker.com/id?1005934
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:27 Dec, 2002 | 05:00
Updated At:16 Apr, 2026 | 00:27

Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Silicon Graphics, Inc.
sgi
>>irix>>6.5.1
cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.2
cpe:2.3:o:sgi:irix:6.5.2:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.2f
cpe:2.3:o:sgi:irix:6.5.2f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.2m
cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.3
cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.3f
cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.3m
cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.4
cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.4f
cpe:2.3:o:sgi:irix:6.5.4f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.4m
cpe:2.3:o:sgi:irix:6.5.4m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.5
cpe:2.3:o:sgi:irix:6.5.5:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.5f
cpe:2.3:o:sgi:irix:6.5.5f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.5m
cpe:2.3:o:sgi:irix:6.5.5m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.6
cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.6f
cpe:2.3:o:sgi:irix:6.5.6f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.6m
cpe:2.3:o:sgi:irix:6.5.6m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.7
cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.7f
cpe:2.3:o:sgi:irix:6.5.7f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.7m
cpe:2.3:o:sgi:irix:6.5.7m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.8
cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.8f
cpe:2.3:o:sgi:irix:6.5.8f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.8m
cpe:2.3:o:sgi:irix:6.5.8m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.9
cpe:2.3:o:sgi:irix:6.5.9:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.9f
cpe:2.3:o:sgi:irix:6.5.9f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.9m
cpe:2.3:o:sgi:irix:6.5.9m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.10
cpe:2.3:o:sgi:irix:6.5.10:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.10f
cpe:2.3:o:sgi:irix:6.5.10f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.10m
cpe:2.3:o:sgi:irix:6.5.10m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.11
cpe:2.3:o:sgi:irix:6.5.11:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.11f
cpe:2.3:o:sgi:irix:6.5.11f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.11m
cpe:2.3:o:sgi:irix:6.5.11m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.12
cpe:2.3:o:sgi:irix:6.5.12:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.12f
cpe:2.3:o:sgi:irix:6.5.12f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.12m
cpe:2.3:o:sgi:irix:6.5.12m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.13
cpe:2.3:o:sgi:irix:6.5.13:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.13f
cpe:2.3:o:sgi:irix:6.5.13f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.13m
cpe:2.3:o:sgi:irix:6.5.13m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.14
cpe:2.3:o:sgi:irix:6.5.14:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.14f
cpe:2.3:o:sgi:irix:6.5.14f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.14m
cpe:2.3:o:sgi:irix:6.5.14m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.15
cpe:2.3:o:sgi:irix:6.5.15:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.15f
cpe:2.3:o:sgi:irix:6.5.15f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.15m
cpe:2.3:o:sgi:irix:6.5.15m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.16
cpe:2.3:o:sgi:irix:6.5.16:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.16f
cpe:2.3:o:sgi:irix:6.5.16f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.16m
cpe:2.3:o:sgi:irix:6.5.16m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.17
cpe:2.3:o:sgi:irix:6.5.17:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.17f
cpe:2.3:o:sgi:irix:6.5.17f:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.17m
cpe:2.3:o:sgi:irix:6.5.17m:*:*:*:*:*:*:*
Silicon Graphics, Inc.
sgi
>>irix>>6.5.18
cpe:2.3:o:sgi:irix:6.5.18:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
ftp://patches.sgi.com/support/free/security/advisories/20030402-01-Pcve@mitre.org
Patch
http://secunia.com/advisories/7899/cve@mitre.org
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-46944-1cve@mitre.org
N/A
http://www.kb.cert.org/vuls/id/518057cve@mitre.org
US Government Resource
http://www.securityfocus.com/bid/6484cve@mitre.org
N/A
http://www.securitytracker.com/id?1005934cve@mitre.org
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/10935cve@mitre.org
N/A
ftp://patches.sgi.com/support/free/security/advisories/20030402-01-Paf854a3a-2127-422b-91ae-364da2661108
Patch
http://secunia.com/advisories/7899/af854a3a-2127-422b-91ae-364da2661108
N/A
http://sunsolve.sun.com/search/document.do?assetkey=1-26-46944-1af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.kb.cert.org/vuls/id/518057af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.securityfocus.com/bid/6484af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1005934af854a3a-2127-422b-91ae-364da2661108
N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/10935af854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20030402-01-P
Source: cve@mitre.org
Resource:
Patch
Hyperlink: http://secunia.com/advisories/7899/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-46944-1
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/518057
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/6484
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1005934
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/10935
Source: cve@mitre.org
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20030402-01-P
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://secunia.com/advisories/7899/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://sunsolve.sun.com/search/document.do?assetkey=1-26-46944-1
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.kb.cert.org/vuls/id/518057
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
US Government Resource
Hyperlink: http://www.securityfocus.com/bid/6484
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1005934
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/10935
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

295Records found
CVE-2007-1093
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-10.05% / 93.16%
||
7 Day CHG~0.00%
Published-26 Feb, 2007 | 17:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager (NNM) before 07-10-05, and before 08-00-02 in the 08-x series, allow remote attackers to execute arbitrary code, cause a denial of service, or trigger invalid Web utility behavior.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)Hitachi, Ltd.HP Inc.Microsoft Corporation
Product-hp-uxall_windowsjp1-cm2-network_node_manager_starter_250solariscm2-network_node_managerpa-riscjp1-cm2-network_node_manager_250jp1-cm2-network_node_manager_starteripfiltercm2-network_node_manager_250hi_ux_we2jp1-cm2-network_node_managern/a
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2007-0882
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-90.96% / 99.65%
||
7 Day CHG~0.00%
Published-12 Feb, 2007 | 20:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-solarissunosn/a
CWE ID-CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
CVE-2012-0768
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-6.08% / 90.85%
||
7 Day CHG~0.00%
Published-05 Mar, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Matrix3D component in Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on Windows, Mac OS X, Linux, and Solaris; before 11.1.111.7 on Android 2.x and 3.x; and before 11.1.115.7 on Android 4.x allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-mac_os_xsunoswindowsflash_playerflash_player_for_androidandroidlinux_kerneln/a
CVE-2012-0497
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-4.84% / 89.64%
||
7 Day CHG~0.00%
Published-15 Feb, 2012 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, and 6 Update 30 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jren/a
CVE-2011-3521
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-8.57% / 92.48%
||
7 Day CHG~0.00%
Published-19 Oct, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjren/a
CVE-2011-0815
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-6.89% / 91.48%
||
7 Day CHG~0.00%
Published-14 Jun, 2011 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 25 and earlier, 5.0 Update 29 and earlier, and 1.4.2_31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to AWT.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjren/a
CVE-2011-2416
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-3.64% / 87.98%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2136 and CVE-2011-2138.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xsunoswindowsflash_playerandroidlinux_kerneln/a
CVE-2011-2137
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-10||HIGH
EPSS-6.82% / 91.43%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2130, CVE-2011-2134, CVE-2011-2414, and CVE-2011-2415.

Action-Not Available
Vendor-n/aApple Inc.Sun Microsystems (Oracle Corporation)Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-adobe_airmac_os_xsunoswindowsflash_playerandroidlinux_kerneln/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2010-4435
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-30.86% / 96.78%
||
7 Day CHG~0.00%
Published-19 Jan, 2011 | 16:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to CDE Calendar Manager Service Daemon and RPC. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from other software vendors that this affects other operating systems, such as HP-UX, or claims from a reliable third party that this is a buffer overflow in rpc.cmsd via long XDR-encoded ASCII strings in RPC call 10.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-sunosn/a
CVE-2010-4454
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-7.41% / 91.81%
||
7 Day CHG~0.00%
Published-17 Feb, 2011 | 18:31
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound and unspecified APIs, a different vulnerability than CVE-2010-4462 and CVE-2010-4473.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CVE-2010-3563
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-88.76% / 99.53%
||
7 Day CHG~0.00%
Published-19 Oct, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Deployment component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to "how Web Start retrieves security policies," BasicServiceImpl, and forged policies that bypass sandbox restrictions.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jrejdkn/a
CVE-2010-3558
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-5.16% / 89.98%
||
7 Day CHG~0.00%
Published-19 Oct, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Web Start component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jrejdkn/a
CVE-2010-0079
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-1.28% / 79.76%
||
7 Day CHG~0.00%
Published-13 Jan, 2010 | 01:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, and CVE-2009-3877.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-bea_product_suitejdkjren/a
CVE-2010-3556
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-11.45% / 93.68%
||
7 Day CHG~0.00%
Published-19 Oct, 2010 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-jdkjresdkn/a
CVE-2010-1039
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-10||HIGH
EPSS-22.31% / 95.88%
||
7 Day CHG~0.00%
Published-20 May, 2010 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.

Action-Not Available
Vendor-n/aHP Inc.IBM CorporationSilicon Graphics, Inc.
Product-hp-uxviosaixirixnfs\/oncplusn/a
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2010-0360
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.80% / 74.25%
||
7 Day CHG~0.00%
Published-20 Jan, 2010 | 16:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap CVE-2010-0272 and CVE-2010-0273.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-java_system_web_servern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-0886
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-80.97% / 99.17%
||
7 Day CHG~0.00%
Published-20 Apr, 2010 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Deployment Toolkit component in Oracle Java SE and Java for Business JDK and JRE 6 Update 10 through 19 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aMicrosoft CorporationSun Microsystems (Oracle Corporation)
Product-windowsjrejdkn/a
CVE-2005-3625
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-10||HIGH
EPSS-11.29% / 93.61%
||
7 Day CHG~0.00%
Published-06 Jan, 2006 | 22:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

Action-Not Available
Vendor-conectivascopopplertrustixtetexxpdflibextractoreasy_software_productsturbolinuxn/aDebian GNU/LinuxMandriva (Mandrakesoft)SlackwareSilicon Graphics, Inc.Gentoo Foundation, Inc.UbuntuRed Hat, Inc.KDESUSE
Product-linuxturbolinux_workstationcupspropackturbolinuxkwordfedora_coresecure_linuxkpdflibextractorslackware_linuxpopplerturbolinux_homeenterprise_linuxkdegraphicsdebian_linuxopenserverxpdfubuntu_linuxlinux_advanced_workstationmandrake_linuxsuse_linuxturbolinux_personalenterprise_linux_desktopkofficetetexturbolinux_desktopturbolinux_multimediaturbolinux_serverturbolinux_appliance_servermandrake_linux_corporate_servern/a
CVE-2005-2530
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.81% / 74.44%
||
7 Day CHG~0.00%
Published-05 Aug, 2006 | 01:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-javan/a
CVE-2005-0836
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-2.37% / 85.13%
||
7 Day CHG~0.00%
Published-22 Mar, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-j2sen/a
CVE-2004-2627
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-11.14% / 93.56%
||
7 Day CHG~0.00%
Published-04 Dec, 2005 | 22:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-j2men/a
CVE-2004-1351
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.68% / 94.55%
||
7 Day CHG~0.00%
Published-19 Jan, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-sunossolarisn/a
CVE-2004-1170
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-15.59% / 94.77%
||
7 Day CHG~0.00%
Published-10 Dec, 2004 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.

Action-Not Available
Vendor-n/aGNUSun Microsystems (Oracle Corporation)SUSE
Product-java_desktop_systemsuse_linuxa2psn/a
CVE-2004-0523
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-25.93% / 96.33%
||
7 Day CHG~0.00%
Published-03 Jun, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

Action-Not Available
Vendor-tinysofan/aSun Microsystems (Oracle Corporation)Silicon Graphics, Inc.MIT (Massachusetts Institute of Technology)
Product-sunossolarisseampropackkerberoskerberos_5tinysofa_enterprise_servern/a
CVE-2004-0492
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-23.71% / 96.06%
||
7 Day CHG~0.00%
Published-23 Jun, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

Action-Not Available
Vendor-n/aOpenBSDThe Apache Software FoundationHP Inc.IBM CorporationSilicon Graphics, Inc.
Product-vvoswebproxyvirtualvaultpropackhttp_serveropenbsdn/a
CVE-2004-0521
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.48% / 87.70%
||
7 Day CHG~0.00%
Published-03 Jun, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.

Action-Not Available
Vendor-n/aSilicon Graphics, Inc.SquirrelMail
Product-squirrelmailpropackn/a
CVE-2003-1576
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.67% / 89.44%
||
7 Day CHG~0.00%
Published-28 Jan, 2010 | 20:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Management Center (SunMC) 3.0 on Solaris 8 and 9 on the sparc platform allows remote attackers to execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarischange_managermanagement_centern/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2004-0234
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.48% / 92.44%
||
7 Day CHG~0.00%
Published-05 May, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

Action-Not Available
Vendor-stalkertsugio_okamotoclearswiftn/aRARLAB (WinRAR)WinZipSilicon Graphics, Inc.F-Secure CorporationRed Hat, Inc.
Product-f-secure_internet_securityinternet_gatekeepermailsweeperpropackf-secure_anti-viruscgpmcafeewinzipf-secure_for_firewallsfedora_coref-secure_personal_expresslhawinrarn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2004-0226
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.18% / 78.93%
||
7 Day CHG~0.00%
Published-05 May, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

Action-Not Available
Vendor-n/aMidnight CommanderSlackwareGentoo Foundation, Inc.Silicon Graphics, Inc.
Product-midnight_commanderlinuxpropackslackware_linuxn/a
CVE-2004-0418
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-14.28% / 94.47%
||
7 Day CHG~0.00%
Published-11 Jun, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

Action-Not Available
Vendor-openpkgcvsn/aOpenBSDSilicon Graphics, Inc.Gentoo Foundation, Inc.
Product-openpkglinuxcvspropackopenbsdn/a
CVE-2004-0414
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-5.25% / 90.08%
||
7 Day CHG~0.00%
Published-11 Jun, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

Action-Not Available
Vendor-openpkgcvsn/aOpenBSDSilicon Graphics, Inc.Gentoo Foundation, Inc.
Product-openpkglinuxcvspropackopenbsdn/a
CVE-2003-1081
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-1.48% / 81.20%
||
7 Day CHG~0.00%
Published-08 Feb, 2005 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-sunossolarisn/a
CVE-2003-0722
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-87.09% / 99.46%
||
7 Day CHG~0.00%
Published-17 Sep, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solarisn/a
CVE-2003-0466
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-90.83% / 99.64%
||
7 Day CHG~0.00%
Published-01 Aug, 2003 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO.

Action-Not Available
Vendor-wuftpdn/aOpenBSDApple Inc.NetBSDFreeBSD FoundationSun Microsystems (Oracle Corporation)Red Hat, Inc.
Product-mac_os_xsolariswu-ftpdfreebsdwu_ftpdnetbsdmac_os_x_serveropenbsdn/a
CWE ID-CWE-193
Off-by-one Error
CVE-2002-2425
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-4.54% / 89.28%
||
7 Day CHG~0.00%
Published-01 Nov, 2007 | 17:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute administrative scripts such as (1) AdminViewError and (2) AdminAddadmin via a direct request.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-solaris_answerbook2n/a
CVE-2002-2374
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-0.15% / 35.20%
||
7 Day CHG~0.00%
Published-31 Oct, 2007 | 16:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown impact and attack vectors related to "unsafe use of temporary files."

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-patchpron/a
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE ID-CWE-59
Improper Link Resolution Before File Access ('Link Following')
CVE-2013-2470
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-10||HIGH
EPSS-54.41% / 98.06%
||
7 Day CHG~0.00%
Published-18 Jun, 2013 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jrejdkn/a
CVE-2002-0796
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.45% / 87.65%
||
7 Day CHG~0.00%
Published-26 Jul, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-sunossolarisn/a
CVE-2002-1034
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.71% / 92.57%
||
7 Day CHG~0.00%
Published-31 Aug, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbitrary files via an absolute pathname in the argument.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-i-runbookn/a
CVE-2002-1361
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-22.86% / 95.95%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-cobalt_raq_4n/a
CVE-2002-1337
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-44.31% / 97.60%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Action-Not Available
Vendor-sendmailwindrivern/aOracle CorporationHP Inc.NetBSDGentoo Foundation, Inc.Sun Microsystems (Oracle Corporation)
Product-sunosbsdoslinuxsolarisplatform_sasendmailhp-uxalphaserver_scnetbsdn/a
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2002-1318
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-76.57% / 98.96%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.

Action-Not Available
Vendor-n/aHP Inc.Silicon Graphics, Inc.Samba
Product-cifs-9000_serveririxsamban/a
CVE-2002-0436
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-3.93% / 88.45%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-sunossolarisn/a
CVE-2002-0391
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-8.26% / 92.31%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

Action-Not Available
Vendor-n/aOpenBSDMicrosoft CorporationFreeBSD FoundationSun Microsystems (Oracle Corporation)
Product-sunoswindows_ntsolarisfreebsdwindows_2000windows_xpopenbsdn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2002-0033
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-55.47% / 98.10%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-sunossolarisn/a
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found