CVE-2020-14871 – Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2020-14871
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • https://www.exploit-db.com/exploits/49261 https://www.exploit-db.com/exploits/49896 https://www.exploit-db.com/exploits/50039 https://github.com/robidev/CVE-2020-14871-Exploit http://packetstormsecurity.com/files/159961/SunSSH-Solaris-10-x86-Remote-Root.html http://packetstormsecurity.com/files/160510/Solaris-SunSSH-11.0-x86-libpam-Remote-Root.html http://packetstormsecurity.com/files/160609/Oracle-Solaris-SunSSH-PAM-parse_user_name-Buffer-Overflow.html http://packetstormsecurity.com/files/163232 • CWE-787: Out-of-bounds Write •
CVE-2019-13163
https://notcve.org/view.php?id=CVE-2019-13163
The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. La biblioteca Fujitsu TLS permite un ataque de tipo man-in-the-middle. Esto afecta a Interstage Application Development Cycle Manager versión V10 y otras versiones, Interstage Application Server versión V12 y otras versiones, Interstage Business Application Manager versión V2 y otras versiones, Interstage Information Integrator versión V11 y otras versiones, Interstage Job Workload Server versión V8, Interstage List Works versión V10 y otras versiones , Interstage Studio versión V12 y otras versiones, Interstage Web Server Express versión V11, Linkexpress versión V5, Safeauthor versión V3, ServerView Resource Orchestrator versión V3, Systemwalker Cloud Business Service Management versión V1, Systemwalker Desktop Keeper versión V15, Systemwalker Desktop Patrol versión V15, Systemwalker IT Change Manager versión V14, Systemwalker Operation Manager versión V16 y otras versiones, Systemwalker Runbook Automation versión V15 y otras versiones, Systemwalker Security Control versión V1 y Systemwalker Software Configuration Manager versión V15. • https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html • CWE-326: Inadequate Encryption Strength •
CVE-2011-2292
https://notcve.org/view.php?id=CVE-2011-2292
Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to xscreensaver. Vulnerabilidad no especificada en Oracle Solaris v9 y Express v11 permite a usuarios locales afectar la confidencialidad y la integridad a través de vectores desconocidos relacionados con xscreensaver. • http://osvdb.org/76462 http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html http://www.securityfocus.com/bid/50268 •
CVE-2011-3534
https://notcve.org/view.php?id=CVE-2011-3534
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network Status Monitor (statd). Vulnerabilidad no especificada en Oracle Solaris 8, 9, 10, y 11 Express permite a los usuarios remotos afectar a la disponibilidad a través de vectores desconocidos relacionados con Network Status Monitor (statd). • http://osvdb.org/76469 http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html http://www.securityfocus.com/bid/50251 https://exchange.xforce.ibmcloud.com/vulnerabilities/70807 •
CVE-2011-3537
https://notcve.org/view.php?id=CVE-2011-3537
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/Filesystem. Vulnerabilidad no especificada en Oracle Solaris v8, v9, v10, y v11 Express permite a los usuarios locales a afectar a la disponibilidad a través de vectores desconocidos relacionados con el núcleo / sistema de archivos. • http://osvdb.org/76472 http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html http://www.securityfocus.com/bid/50259 https://exchange.xforce.ibmcloud.com/vulnerabilities/70810 •