Oracle Solaris vulnerabilities

CVE-2019-2765 [MEDIUM] CVE-2019-2765: Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported ver Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may signi

CVE-2019-3008 [LOW] CVE-2019-3008: Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The support Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than

CVE-2019-2961 [LOW] CVE-2019-2961: Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF services & legacy daem Vulnerability in the Oracle Solaris product of Oracle Systems (component: SMF services & legacy daemons). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result i

CVE-2019-16168 [MEDIUM] CWE-369 CVE-2019-16168: In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other applicati In SQLite through 3.29.0, whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field, aka a "severe division by zero in the query planner."

CVE-2019-16056 [HIGH] CVE-2019-16056: An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x An issue was discovered in Python through 2.7.16, 3.x through 3.5.7, 3.6.x through 3.6.9, and 3.7.x through 3.7.4. The email module wrongly parses email addresses that contain multiple @ characters. An application that uses the email module and implements some kind of checks on the From/To headers of a message could be tricked into accepting an email address t

CVE-2019-13565 [HIGH] CVE-2019-13565: An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session en An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is re

CVE-2019-13057 [MEDIUM] CVE-2019-13057: An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator deleg An issue was discovered in the server in OpenLDAP before 2.4.48. When the server administrator delegates rootDN (database admin) privileges for certain databases but wants to maintain isolation (e.g., for multi-tenant deployments), slapd does not properly stop a rootDN from requesting authorization as an identity from another database during a SASL bind or

CVE-2019-2844 [HIGH] CVE-2019-2844: Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LD Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: LDAP Client Tools). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Sol

CVE-2019-2804 [HIGH] CVE-2019-2804: Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Fi Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 11.4 and 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interact

CVE-2019-2820 [HIGH] CVE-2019-2820: Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Gn Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Gnuplot). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from

CVE-2019-2832 [HIGH] CVE-2019-2832: Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Co Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Ora

CVE-2019-2838 [HIGH] CVE-2019-2838: Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Ke Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletio

CVE-2019-2787 [MEDIUM] CVE-2019-2787: Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Au Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automount). Supported versions that are affected are 11.4 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks require human interaction from a person other than th

CVE-2019-2788 [MEDIUM] CVE-2019-2788: Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Open Fabr Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Open Fabrics Tools). The supported version that is affected is 11.4. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Solaris executes to compromise Solaris. Successful attacks require human interaction from a per

CVE-2019-2807 [LOW] CVE-2019-2807: Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zo Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Zones). The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a p

CVE-2019-12387 [MEDIUM] CWE-74 CVE-2019-12387: In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an In Twisted before 19.2.1, twisted.web did not validate or sanitize URIs or HTTP methods, allowing an attacker to inject invalid characters such as CRLF.

CVE-2019-2704 [MEDIUM] CVE-2019-2704: Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: IP Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: IPS Package Manager). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized rea

CVE-2019-2577 [LOW] CVE-2019-2577: Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Fi Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: File Locking Services). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerabilit

CVE-2019-2437 [HIGH] CVE-2019-2437: Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Ke Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a

CVE-2019-2541 [HIGH] CVE-2019-2541: Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: DH Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: DHCP Client). The supported version that is affected is 10. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Solaris executes to compromise Oracle Solaris.