CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2927
https://notcve.org/view.php?id=CVE-2020-2927
15 Apr 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • https://www.oracle.com/security-alerts/cpuapr2020.html •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 3CVE-2020-2851 – Common Desktop Environment 2.3.1 / 1.6 libDtSvc Buffer Overflow
https://notcve.org/view.php?id=CVE-2020-2851
15 Apr 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • https://packetstorm.news/files/id/157281 •
CVSS: 2.5EPSS: 0%CPEs: 2EXPL: 2CVE-2020-2771 – Oracle Solaris 11.x / 10 whodo / w Buffer Overflow
https://notcve.org/view.php?id=CVE-2020-2771
15 Apr 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Whodo). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulne... • https://packetstorm.news/files/id/157282 •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 1CVE-2020-10108 – python-twisted: HTTP request smuggling when presented with two Content-Length headers
https://notcve.org/view.php?id=CVE-2020-10108
12 Mar 2020 — In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented with two content-length headers, it ignored the first header. When the second content-length value was set to zero, the request body was interpreted as a pipelined request. En Twisted Web versiones hasta 19.10.0, se presentó una vulnerabilidad de división de petición HTTP. Cuando se le presentan dos encabezados content-length, ignora el primer encabezado. • https://know.bishopfox.com/advisories • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2020-2647
https://notcve.org/view.php?id=CVE-2020-2647
15 Jan 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 4CVE-2020-2656 – Solaris xlock Information Disclosure
https://notcve.org/view.php?id=CVE-2020-2656
15 Jan 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris acc... • https://packetstorm.news/files/id/155990 •
CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2765
https://notcve.org/view.php?id=CVE-2019-2765
16 Oct 2019 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Ora... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2804
https://notcve.org/view.php?id=CVE-2019-2804
23 Jul 2019 — Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 11.4 and 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •
CVSS: 4.2EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2787
https://notcve.org/view.php?id=CVE-2019-2787
23 Jul 2019 — Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automount). Supported versions that are affected are 11.4 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible da... • http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html •