132 matches found
CVE-2020-2771
CVE-2020-2771 affects Oracle Solaris 10 and 11, in the Whodo component. The issue is a heap-based buffer overflow in setuid root whodo and w binaries that can be triggered by a low-privileged user with logon access, with required human interaction, potentially allowing unauthorized read access to...
CVE-2020-2771
Vulnerability in the Oracle Solaris product of Oracle Systems component: Whodo. Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...
Oracle Solaris Critical Patch Update : jan2020_SRU11_4_17_3_0
This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Consolidation Infrastructure. The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged...
CVE-2020-2680
Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While th...
CVE-2020-2578
Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris,...
Buffer overflow
Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems component: Templates. The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise...
Code injection
Vulnerability in the Oracle Solaris product of Oracle Systems component: Consolidation Infrastructure. The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracl...
CVE-2020-2696
CVE-2020-2696 affects Oracle Solaris 10, specifically the Common Desktop Environment (CDE) dtsession component. A buffer overflow in CheckMonitor() (CDE 2.3.1 and earlier; 1.6 and earlier) allows a local user with logon to gain root privileges via a crafted palette name in a malicious .Xdefaults ...
CVE-2020-2664
CVE-2020-2664 affects Oracle Solaris 11 FFilesystem; vulnerability details indicate a locally exploitable issue where a low-privilege attacker with logon and human interaction could compromise Solaris, with potential unauthorized read/update/delete of data and partial confidentiality/integrity im...
CVE-2020-2680
CVE-2020-2680 affects Oracle Solaris 11 in the Filesystem component. The vulnerability can be exploited locally by a high-privilege attacker with logon to the Solaris host, potentially leading to a hang or frequent, complete denial of service of Oracle Solaris. The CVSS v3.0 impact is primarily A...
CVE-2020-2605
CVE-2020-2605 affects Oracle Solaris 11 in the Filesystem component. The connected documents specify that it is a local, low-privilege vulnerability with the attacker able to log on to the Solaris infrastructure and potentially cause unauthorized access to data, or a hang/frequent crash (DOS) of ...
CVE-2020-2578
CVE-2020-2578 affects Oracle Solaris (Kernel) 11. The connected documents confirm a vulnerability in the Solaris kernel with network access via SMB as the attack surface, leading to a partial denial of service. The CVSSv3 base score is 5.8 (Medium) with network access, low attack complexity, no p...
CVE-2020-2571
CVE-2020-2571 affects Oracle VM Server for SPARC (Templates), with vulnerability resting in version 3.6. The flaw can be triggered by a locally present attacker who has logon to the infrastructure and requires user interaction to exploit, potentially leading to unauthorized updates or reads in Or...
CVE-2020-2571
Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems component: Templates. The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise...
CVE-2020-2565
Vulnerability in the Oracle Solaris product of Oracle Systems component: Consolidation Infrastructure. The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracl...
CVE-2020-2571
Vulnerability in the Oracle VM Server for SPARC product of Oracle Systems component: Templates. The supported version that is affected is 3.6. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle VM Server for SPARC executes to compromise...
CVE-2020-2565
CVE-2020-2565 affects Oracle Solaris 11 in the Consolidation Infrastructure component. The vulnerability allows a low-privileged user with local logon to Oracle Solaris infrastructure to compromise the system, with user interaction required and potential impact beyond the Solaris host. The CVSS 3...
CVE-2020-2558
CVE-2020-2558 affects Oracle Solaris (kernel) on Solaris 11. An unauthenticated attacker on the network can exploit SMB to compromise the system and cause a partial Denial of Service. The connected sources confirm this kernel-vulnerability scenario and note a patch is available as part of Oracle’...
Solaris 10 (x86) : 150401-68
Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...
Oracle Ties Previous All-Time Patch High with January Updates
Oracle has patched 334 vulnerabilities across all of its product families in its January 2020 quarterly Critical Patch Update CPU. Out of these, 43 are critical/severe flaws carrying CVSS scores of 9.1 and above. The CPU ties for Oracle’s previous all-time high for number of patches issued, in Ju...