CVE-2020-14542
https://notcve.org/view.php?id=CVE-2020-14542
Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpujul2020.html •
CVE-2020-14537
https://notcve.org/view.php?id=CVE-2020-14537
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Packaging Scripts). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. • https://www.oracle.com/security-alerts/cpujul2020.html • CWE-404: Improper Resource Shutdown or Release •
CVE-2020-14724 – Oracle Solaris 11 Device Driver Utility 1.3.1 Race Condition
https://notcve.org/view.php?id=CVE-2020-14724
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • https://www.oracle.com/security-alerts/cpujul2020.html •
CVE-2020-12243 – openldap: denial of service via nested boolean expressions in LDAP search filters
https://notcve.org/view.php?id=CVE-2020-12243
In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). En el archivo filter.c en slapd en OpenLDAP versiones anteriores a 2.4.50, los filtros de búsqueda de LDAP con expresiones booleanas anidadas pueden resultar en una denegación de servicio (bloqueo del demonio). • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html https://bugs.openldap.org/show_bug.cgi?id=9202 https://git.openldap.org/openldap/openldap/-/blob/OPENLDAP_REL_ENG_2_4/CHANGES https://git.openldap.org/openldap/openldap/-/commit/98464c11df8247d6a11b52e294ba5dd4f0380440 https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html https://security.netapp.com/advisory/ntap-20200511-0003 https://support.apple.com/kb/HT211289 https://usn.ubuntu.com/4352-1 https • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVE-2020-2944 – Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-2944
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • https://www.exploit-db.com/exploits/48359 http://packetstormsecurity.com/files/157280/Common-Desktop-Environment-1.6-Local-Privilege-Escalation.html http://seclists.org/fulldisclosure/2020/Apr/25 http://www.openwall.com/lists/oss-security/2020/04/15/3 https://www.oracle.com/security-alerts/cpuapr2020.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •