Vulnerability Database

328,409

Total vulnerabilities in the database

CVE-2009-3839

Unspecified vulnerability in the Solaris Trusted Extensions Policy configuration in Sun Solaris 10, and OpenSolaris snv_37 through snv_125, might allow remote attackers to execute arbitrary code by leveraging access to the X server.

  • Published: Nov 2, 2009
  • Updated: Nov 9, 2025
  • CVE: CVE-2009-3839
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
sun / opensolaris snv_70 snv_70.x
sun / opensolaris snv_114 snv_114.x
sun / opensolaris snv_90 snv_90.x
sun / opensolaris snv_93 snv_93.x
sun / opensolaris snv_110 snv_110.x
sun / opensolaris snv_85 snv_85.x
sun / opensolaris snv_50 snv_50.x
sun / opensolaris snv_116 snv_116.x
sun / opensolaris snv_120 snv_120.x
sun / opensolaris snv_72 snv_72.x
sun / opensolaris snv_67 snv_67.x
sun / opensolaris snv_117 snv_117.x
sun / opensolaris snv_87 snv_87.x
sun / opensolaris snv_123 snv_123.x
sun / opensolaris snv_92 snv_92.x
sun / opensolaris snv_77 snv_77.x
sun / opensolaris snv_53 snv_53.x
sun / opensolaris snv_41 snv_41.x
sun / opensolaris snv_39 snv_39.x
sun / opensolaris snv_80 snv_80.x
sun / opensolaris snv_119 snv_119.x
sun / opensolaris snv_55 snv_55.x
sun / opensolaris snv_58 snv_58.x
sun / opensolaris snv_103 snv_103.x
sun / opensolaris snv_84 snv_84.x
sun / opensolaris snv_121 snv_121.x
sun / opensolaris snv_106 snv_106.x
sun / opensolaris snv_65 snv_65.x
sun / opensolaris snv_86 snv_86.x
sun / opensolaris snv_62 snv_62.x
sun / opensolaris snv_100 snv_100.x
sun / opensolaris snv_112 snv_112.x
sun / opensolaris snv_66 snv_66.x
sun / opensolaris snv_44 snv_44.x
sun / opensolaris snv_89 snv_89.x
sun / opensolaris snv_59 snv_59.x
sun / solaris 10 10.x
sun / opensolaris snv_124 snv_124.x
sun / opensolaris snv_78 snv_78.x
sun / opensolaris snv_96 snv_96.x
sun / opensolaris snv_43 snv_43.x
sun / opensolaris snv_48 snv_48.x
sun / opensolaris snv_99 snv_99.x
sun / opensolaris snv_107 snv_107.x
sun / opensolaris snv_79 snv_79.x
sun / opensolaris snv_63 snv_63.x
sun / opensolaris snv_37 snv_37.x
sun / opensolaris snv_122 snv_122.x
sun / opensolaris snv_115 snv_115.x
sun / opensolaris snv_40 snv_40.x
sun / opensolaris snv_45 snv_45.x
sun / opensolaris snv_52 snv_52.x
sun / opensolaris snv_69 snv_69.x
sun / opensolaris snv_98 snv_98.x
sun / opensolaris snv_109 snv_109.x
sun / opensolaris snv_113 snv_113.x
sun / opensolaris snv_46 snv_46.x
sun / opensolaris snv_71 snv_71.x
sun / opensolaris snv_64 snv_64.x
sun / opensolaris snv_82 snv_82.x
sun / opensolaris snv_102 snv_102.x
sun / opensolaris snv_105 snv_105.x
sun / opensolaris snv_108 snv_108.x
sun / opensolaris snv_57 snv_57.x
sun / opensolaris snv_60 snv_60.x
sun / opensolaris snv_75 snv_75.x
sun / opensolaris snv_81 snv_81.x
sun / opensolaris snv_95 snv_95.x
sun / opensolaris snv_47 snv_47.x
sun / opensolaris snv_49 snv_49.x
sun / opensolaris snv_88 snv_88.x
sun / opensolaris snv_73 snv_73.x
sun / opensolaris snv_104 snv_104.x
sun / opensolaris snv_61 snv_61.x
sun / opensolaris snv_94 snv_94.x
sun / opensolaris snv_101 snv_101.x
sun / opensolaris snv_83 snv_83.x
sun / opensolaris snv_68 snv_68.x
sun / opensolaris snv_97 snv_97.x
sun / opensolaris snv_56 snv_56.x
sun / opensolaris snv_42 snv_42.x
sun / opensolaris snv_125 snv_125.x
sun / opensolaris snv_74 snv_74.x
sun / opensolaris snv_111 snv_111.x
sun / opensolaris snv_91 snv_91.x
sun / opensolaris snv_76 snv_76.x
sun / opensolaris snv_54 snv_54.x
sun / opensolaris snv_118 snv_118.x
sun / opensolaris snv_38 snv_38.x
sun / opensolaris snv_51 snv_51.x
sun / solaris 10.0 10.0.x
sun / opensolaris snv_12 snv_12.x

Frequently Asked Questions

A security vulnerability is a weakness in software, hardware, or configuration that can be exploited to compromise confidentiality, integrity, or availability. Many vulnerabilities are tracked as CVEs (Common Vulnerabilities and Exposures), which provide a standardized identifier so teams can coordinate patching, mitigation, and risk assessment across tools and vendors.

CVSS (Common Vulnerability Scoring System) estimates technical severity, but it doesn't automatically equal business risk. Prioritize using context like internet exposure, affected asset criticality, known exploitation (proof-of-concept or in-the-wild), and whether compensating controls exist. A "Medium" CVSS on an exposed, production system can be more urgent than a "Critical" on an isolated, non-production host.

A vulnerability is the underlying weakness. An exploit is the method or code used to take advantage of it. A zero-day is a vulnerability that is unknown to the vendor or has no publicly available fix when attackers begin using it. In practice, risk increases sharply when exploitation becomes reliable or widespread.

Recurring findings usually come from incomplete Asset Discovery, inconsistent patch management, inherited images, and configuration drift. In modern environments, you also need to watch the software supply chain: dependencies, containers, build pipelines, and third-party services can reintroduce the same weakness even after you patch a single host. Unknown or unmanaged assets (often called Shadow IT) are a common reason the same issues resurface.

Use a simple, repeatable triage model: focus first on externally exposed assets, high-value systems (identity, VPN, email, production), vulnerabilities with known exploits, and issues that enable remote code execution or privilege escalation. Then enforce patch SLAs and track progress using consistent metrics so remediation is steady, not reactive.

SynScan combines attack surface monitoring and continuous security auditing to keep your inventory current, flag high-impact vulnerabilities early, and help you turn raw findings into a practical remediation plan.