Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
CVSS Score
10.0
EPSS Score
0.009
Published
2000-11-14
Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.
CVSS Score
7.2
EPSS Score
0.003
Published
2000-06-14
Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option.
CVSS Score
7.2
EPSS Score
0.001
Published
2000-01-06
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
CVSS Score
10.0
EPSS Score
0.146
Published
1999-12-10
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
CVSS Score
10.0
EPSS Score
0.01
Published
1999-12-09
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
CVSS Score
10.0
EPSS Score
0.031
Published
1999-12-07
The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.
CVSS Score
4.6
EPSS Score
0.002
Published
1999-09-22
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
CVSS Score
7.5
EPSS Score
0.073
Published
1999-09-13
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
CVSS Score
7.2
EPSS Score
0.001
Published
1999-09-13
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
CVSS Score
7.2
EPSS Score
0.004
Published
1999-09-13