132 matches found
CVE-2024-21059
Summary for CVE-2024-21059 (Oracle Solaris) : A vulnerability in Oracle Solaris (11.x) affecting the Solaris Utility component. The advisory states the vulnerability allows a low-privileged, local attacker with logon to the host to compromise Oracle Solaris, and that successful exploitation can l...
The vulnerability of LOV components in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Systems allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of LOV components in Oracle Complex Maintenance, Repair, and Overhaul systems arises due to insufficient validation of input data. Exploitation of this vulnerability can allow an attacker, operating remotely, to gain access to read, modify, add, or delete data using the HTTP...
CVE-2024-20920
Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the...
CVE-2024-20914
Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Core. The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to...
CVE-2024-20906
Vulnerability in the Integrated Lights Out Manager ILOM product of Oracle Systems component: System Management. Supported versions that are affected are 3, 4 and 5. Easily exploitable vulnerability allows high privileged attacker with network access via ICMP to compromise Integrated Lights Out...
CVE-2024-20906
Vulnerability in the Integrated Lights Out Manager ILOM product of Oracle Systems component: System Management. Supported versions that are affected are 3, 4 and 5. Easily exploitable vulnerability allows high privileged attacker with network access via ICMP to compromise Integrated Lights Out...
Code injection
Vulnerability in the Integrated Lights Out Manager ILOM product of Oracle Systems component: System Management. Supported versions that are affected are 3, 4 and 5. Easily exploitable vulnerability allows high privileged attacker with network access via ICMP to compromise Integrated Lights Out...
CVE-2024-20946
CVE-2024-20946 affects Oracle Solaris kernel (version 11). The advisory and multiple feeds confirm an input-validation flaw in the Solaris kernel that can be exploited locally by a low-privilege user with logon to cause a hang or a frequent crash (denial of service). CVSS 3.1 base score is 5.5 (A...
CVE-2024-20920
Oracle Solaris has a CVE-2024-20920 vulnerability in the Filesystem component affecting version 11. The issue is described as a low-privilege, local-access flaw that can lead to unauthorized read access to a subset of Solaris data. The primary sources consistently cite the Solaris Filesystem as a...
CVE-2024-20906
CVE-2024-20906 affects Oracle’s Integrated Lights Out Manager (ILOM) in the System Management component for versions 3–5. The flaw enables a highly privileged attacker with network access over ICMP to compromise ILOM, with attack success requiring user interaction and potentially affecting other ...
CVE-2023-22129
Vulnerability in the Oracle Solaris product of Oracle Systems component: Kernel. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful...
Oracle Solaris Critical Patch Update : jul2023_SRU11_4_57_144_3
This Solaris system is missing necessary patches to address critical security updates : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Device Driver Interface. The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker...
CVE-2023-22023
CVE-2023-22023 affects Oracle Solaris 11, in the Device Driver Interface. The issue allows a local, low-privilege attacker with logon to the host to compromise Solaris, potentially taking over the system (CVSS v3.1 base 7.8; C/H/I/A). The CVE is noted as equivalent to CVE-2023-31284. Oracle’s Jul...
Oracle Patch Tuesday April 2023 Security Update Review
Oracle has released the second quarterly edition of Critical Patch Update, which contains a group of patches for 433 security vulnerabilities. Some of the vulnerabilities addressed this month impact various products. These patches address vulnerabilities in Oracle code and third-party components...
Oracle Solaris Critical Patch Update : apr2023_SRU11_4_56_138_2
This Solaris system is missing necessary patches to address a critical security update : - Vulnerability in the Oracle Solaris product of Oracle Systems component: Utility. Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows high privileged attacker with...
CVE-2023-22003
CVE-2023-22003 affects Oracle Solaris (Utilities component) on Solaris 10 and 11. The vulnerability details indicate an unauthenticated attacker with access to the environment where Oracle Solaris runs can compromise Solaris, with exploitation requiring user interaction. CVSS v3.1 base score 3.3 ...
CVE-2023-21984
CVE-2023-21984 affects Oracle Solaris 11 (Libraries component). The vulnerability allows a low-privilege, network-access attacker (via HTTP) to cause a hang or repeatable crash (DoS) on affected systems. Root cause and affected details are documented in CVE records and Oracle CPU APR2023: CVSS v3...
CVE-2023-21985
CVE-2023-21985 affects Oracle Solaris (Utility) on Solaris 10 and 11. The vulnerability is exploitable to achieve total compromise with a high-privilege attacker who already has logon, requiring user interaction. The CVSS 3.1 base score is 7.7 (High) with impacts to confidentiality, integrity, an...
CVE-2023-21928
CVE-2023-21928 affects Oracle Solaris 11, in the IPS repository daemon. The issue is due to insufficient input validation, enabling a high-privilege attacker with local access to compromise Solaris; exploitation requires user interaction. The impact is unauthorized updates/inserts/deletes to Sola...
CVE-2023-21896
CVE-2023-21896 affects Oracle Solaris NSSwitch on Solaris 10 and 11. The vulnerability, described as difficult to exploit, allows a low-privileged attacker with logon to compromise Solaris and can lead to a full takeover. The CVSS v3.1 base score is 7.0 (Impact: Confidentiality, Integrity, Availa...