CVSS: 10.0EPSS: 89%CPEs: 2EXPL: 11CVE-2020-14871 – Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability
https://notcve.org/view.php?id=CVE-2020-14871
21 Oct 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • https://packetstorm.news/files/id/160609 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 4%CPEs: 67EXPL: 1CVE-2020-12243 – openldap: denial of service via nested boolean expressions in LDAP search filters
https://notcve.org/view.php?id=CVE-2020-12243
28 Apr 2020 — In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). En el archivo filter.c en slapd en OpenLDAP versiones anteriores a 2.4.50, los filtros de búsqueda de LDAP con expresiones booleanas anidadas pueden resultar en una denegación de servicio (bloqueo del demonio). Red Hat OpenShift Do is a simple CLI tool for developers to create, build, and deploy applications on OpenShift. The odo tool is completely client-based ... • http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00016.html • CWE-400: Uncontrolled Resource Consumption CWE-674: Uncontrolled Recursion •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 4CVE-2020-2944 – Oracle Solaris Common Desktop Environment 1.6 - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-2944
15 Apr 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • https://packetstorm.news/files/id/157280 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2927
https://notcve.org/view.php?id=CVE-2020-2927
15 Apr 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • https://www.oracle.com/security-alerts/cpuapr2020.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2020-2851 – Common Desktop Environment 2.3.1 / 1.6 libDtSvc Buffer Overflow
https://notcve.org/view.php?id=CVE-2020-2851
15 Apr 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • https://packetstorm.news/files/id/157281 •
CVSS: 2.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-2771 – Oracle Solaris 11.x / 10 whodo / w Buffer Overflow
https://notcve.org/view.php?id=CVE-2020-2771
15 Apr 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Whodo). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulne... • https://packetstorm.news/files/id/157282 •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 1CVE-2020-10108 – python-twisted: HTTP request smuggling when presented with two Content-Length headers
https://notcve.org/view.php?id=CVE-2020-10108
12 Mar 2020 — In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. En Twisted Web versiones hasta 19.10.0, se presentó una vulnerabilidad de división de petición HTTP. Cuando se le presentan dos encabezados content-length, ignora el primer encabezado. • https://know.bishopfox.com/advisories • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2647
https://notcve.org/view.php?id=CVE-2020-2647
15 Jan 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 4CVE-2020-2656 – Solaris xlock Information Disclosure
https://notcve.org/view.php?id=CVE-2020-2656
15 Jan 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris acc... • https://packetstorm.news/files/id/155990 •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 6CVE-2020-2696 – SunOS 5.10 Generic_147148-26 Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2020-2696
15 Jan 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • https://packetstorm.news/files/id/155963 •