Oracle Solaris vulnerabilities

CVE-2020-2927 [HIGH] CVE-2020-2927: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, att

CVE-2020-2944 [HIGH] CWE-120 CVE-2020-2944: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solari

CVE-2020-2851 [HIGH] CVE-2020-2851: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, att

CVE-2020-2749 [LOW] CVE-2020-2749: Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF command svcbundle). Th Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF command svcbundle). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person ot

CVE-2020-2771 [LOW] CVE-2020-2771: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Whodo). Supported versions Vulnerability in the Oracle Solaris product of Oracle Systems (component: Whodo). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than t

CVE-2020-10108 [CRITICAL] CWE-444 CVE-2020-10108: In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented wi In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request.

CVE-2020-7044 [HIGH] CWE-125 CVE-2020-7044: In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissect In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissectors/packet-wassp.c by using >= and <= to resolve off-by-one errors.

CVE-2020-2605 [HIGH] CVE-2020-2605: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creat

CVE-2020-2565 [HIGH] CVE-2020-2565: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructu Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a p

CVE-2020-2696 [HIGH] CVE-2020-2696: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may

CVE-2020-2558 [MEDIUM] CVE-2020-2558: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported ver Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successfu

CVE-2020-2578 [MEDIUM] CVE-2020-2578: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported ver Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successfu

CVE-2020-2647 [MEDIUM] CVE-2020-2647: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported version Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than

CVE-2020-2656 [MEDIUM] CVE-2020-2656: Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supporte Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unaut

CVE-2020-2680 [MEDIUM] CVE-2020-2680: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantl

CVE-2020-2664 [MEDIUM] CVE-2020-2664: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than t

CVE-2019-19553 [HIGH] CWE-909 CVE-2019-19553: In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed i In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection.

CVE-2018-12207 [MEDIUM] CWE-20 CVE-2018-12207: Improper invalidation for page table updates by a virtual guest operating system for multiple Intel( Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.

CVE-2019-10219 [MEDIUM] CWE-79 CVE-2019-10219: A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properl A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

CVE-2019-3010 [HIGH] CVE-2019-3010: Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The support Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly