CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2011-0800
https://notcve.org/view.php?id=CVE-2011-0800
Unspecified vulnerability in the Solaris component in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration Utilities. Vulnerabilidad no especificada en el componente Solaris de Oracle Solaris v8, v9, v10, v11 y Express permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la Administración de Utilidades. • http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html •
CVSS: 3.6EPSS: 0%CPEs: 2EXPL: 0CVE-2011-0801
https://notcve.org/view.php?id=CVE-2011-0801
Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows local users to affect confidentiality and integrity via unknown vectors related to cp. Vulnerabilidad no especificada en Oracle Solaris v10 y Express v11 permite a usuarios locales afectar a la confidencialidad y la integridad a través de vectores desconocidos relacionados con cp. • http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2011-0412
https://notcve.org/view.php?id=CVE-2011-0412
Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) unencrypted with world-readable permissions under /var/sadm/pkg/, which allows local users to obtain password hashes and conduct brute force password guessing attacks. Oracle Solaris 10 almacena archivos de "vuelta atrás" de parches (undo.Z) sin encriptar con permiso de lectura para todos los usuarios en /var/sadm/pkg/, lo que permite a usuarios locales obtener hashes de contraseñas y realizar ataques de obtención de contraseñas por fuerza bruta. • http://osvdb.org/71646 http://secunia.com/advisories/44047 http://www.kb.cert.org/vuls/id/648244 http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html http://www.securityfocus.com/bid/47171 http://www.vupen.com/english/advisories/2011/0882 https://exchange.xforce.ibmcloud.com/vulnerabilities/66579 • CWE-255: Credentials Management Errors •
CVSS: 10.0EPSS: 95%CPEs: 4EXPL: 1CVE-2011-0807 – Oracle Application Server Authentication Bypass Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2011-0807
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System Application Server 9.1, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration. Vulnerabilidad no especificada en Oracle Sun GlassFish Enterprise Server v2.1, v2.1.1 y v3.0.1, y Sun Java System Application Server v9.1, permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la Administración. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle GlassFish Application Server and Oracle Java Application Server. Authentication is not required to exploit this vulnerability. The flaw exists within the Web Administration component which listens by default on TCP port 4848. When handling a malformed GET request to the administrative interface, the application does not properly handle an exception allowing the request to proceed without authentication. • https://www.exploit-db.com/exploits/17615 http://securityreason.com/securityalert/8327 http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html - •
CVSS: 7.5EPSS: 1%CPEs: 4EXPL: 0CVE-2011-0706
https://notcve.org/view.php?id=CVE-2011-0706
The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in OpenJDK Runtime Environment 1.6.0, allows remote attackers to gain privileges via unknown vectors related to multiple signers and the assignment of "an inappropriate security descriptor." La clase JNLPClassLoader en IcedTea-Web anterior a versión 1.0.1, tal y como es usado en OpenJDK Runtime Environment versión 1.6.0, permite a los atacantes remotos alcanzar privilegios por medio de vectores desconocidos relacionados con varios firmantes y la asignación de "an inappropriate security descriptor”. • http://dbhole.wordpress.com/2011/02/15/icedtea-web-1-0-1-released http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054115.html http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054134.html http://secunia.com/advisories/43350 http://security.gentoo.org/glsa/glsa-201406-32.xml http://www.debian.org/security/2011/dsa-2224 http://www.mandriva.com/security/advisories?name=MDVSA-2011:054 http://www.securityfocus.com/bid/46439 https://bugzilla.r • CWE-264: Permissions, Privileges, and Access Controls •