CVSS: 4.4EPSS: 0%CPEs: 2EXPL: 4CVE-2020-2656 – Solaris xlock Information Disclosure
https://notcve.org/view.php?id=CVE-2020-2656
15 Jan 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: X Window System). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Solaris accessible data as well as unauthorized read access to a subset of Oracle Solaris acc... • https://packetstorm.news/files/id/155990 •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2605
https://notcve.org/view.php?id=CVE-2020-2605
15 Jan 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently re... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 5.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-2578
https://notcve.org/view.php?id=CVE-2020-2578
15 Jan 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-2565
https://notcve.org/view.php?id=CVE-2020-2565
15 Jan 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful atta... • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 5.8EPSS: 1%CPEs: 1EXPL: 0CVE-2020-2558
https://notcve.org/view.php?id=CVE-2020-2558
15 Jan 2020 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via SMB to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Solaris. • https://www.oracle.com/security-alerts/cpujan2020.html •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-19553
https://notcve.org/view.php?id=CVE-2019-19553
04 Dec 2019 — In Wireshark 3.0.0 to 3.0.6 and 2.6.0 to 2.6.12, the CMS dissector could crash. This was addressed in epan/dissectors/asn1/cms/packet-cms-template.c by ensuring that an object identifier is set to NULL after a ContentInfo dissection. En Wireshark versiones 3.0.0 hasta 3.0.6 y versiones 2.6.0 hasta 2.6.12, el disector de CMS se podría bloquear. Esto fue abordado en el archivo epan/dissectors/asn1/cms/packet-cms-template.c asegurándose de que un identificador de objeto sea establecido en NULL después de una d... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html • CWE-909: Missing Initialization of Resource •
CVSS: 6.5EPSS: 0%CPEs: 1589EXPL: 0CVE-2018-12207 – hw: Machine Check Error on Page Size Change (IFU)
https://notcve.org/view.php?id=CVE-2018-12207
12 Nov 2019 — Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. Una invalidación inapropiada de las actualizaciones de la tabla de páginas por parte de un sistema operativo invitado virtual para múltiples procesadores Intel® puede habilitar a un usuario autenticado para permitir potencialmente una denegación de servicio del sistema host por medio de u... • http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00042.html • CWE-20: Improper Input Validation CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 6.5EPSS: 1%CPEs: 429EXPL: 0CVE-2019-10219 – hibernate-validator: safeHTML validator allows XSS
https://notcve.org/view.php?id=CVE-2019-10219
08 Nov 2019 — A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotación del validador SafeHtml no puede sanear apropiadamente las cargas útiles que consisten en código potencialmente malicioso en los comentarios e instrucciones HTML. • https://access.redhat.com/errata/RHSA-2020:0159 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 1.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3008
https://notcve.org/view.php?id=CVE-2019-3008
16 Oct 2019 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: LDAP Library). The supported version that is affected is 11. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Ora... • http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html •
CVSS: 8.8EPSS: 37%CPEs: 1EXPL: 4CVE-2019-3010 – Oracle Solaris Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2019-3010
16 Oct 2019 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. • https://packetstorm.news/files/id/154960 •