Oracle Solaris update for third party packages



Published: 2020-04-14 | Updated: 2022-08-21
Risk High
Patch available YES
Number of vulnerabilities 53
CVE-ID CVE-2018-16301
CVE-2018-14470
CVE-2018-10105
CVE-2018-14461
CVE-2018-14462
CVE-2018-14463
CVE-2018-14464
CVE-2018-14465
CVE-2018-14466
CVE-2018-14467
CVE-2018-14468
CVE-2018-14469
CVE-2018-14879
CVE-2020-6812
CVE-2018-14880
CVE-2018-14881
CVE-2018-14882
CVE-2018-16227
CVE-2018-16228
CVE-2018-16229
CVE-2018-16230
CVE-2018-16300
CVE-2018-16451
CVE-2018-16452
CVE-2019-15166
CVE-2019-19234
CVE-2020-6811
CVE-2019-17569
CVE-2019-15162
CVE-2019-6477
CVE-2020-6851
CVE-2020-9428
CVE-2020-7061
CVE-2020-6814
CVE-2019-19232
CVE-2020-8112
CVE-2019-15164
CVE-2019-13038
CVE-2018-10103
CVE-2019-15161
CVE-2019-15163
CVE-2020-6807
CVE-2019-15165
CVE-2020-1935
CVE-2020-1938
CVE-2020-9429
CVE-2020-9430
CVE-2020-9431
CVE-2020-7062
CVE-2020-7063
CVE-2019-20503
CVE-2020-6805
CVE-2020-6806
CWE-ID CWE-125
CWE-119
CWE-200
CWE-835
CWE-264
CWE-20
CWE-444
CWE-345
CWE-399
CWE-122
CWE-918
CWE-601
CWE-476
CWE-416
CWE-22
CWE-401
CWE-276
Exploitation vector Network
Public exploit Vulnerability #45 is being exploited in the wild.
Vulnerable software
Subscribe
Oracle Solaris
Operating systems & Components / Operating system

Vendor Oracle

Security Bulletin

This security bulletin contains information about 53 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU21949

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-16301

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in libpcap when during pcapng reading. A remote attacker can pass specially crafted data to the application that uses the affected library, trigger out-of-bounds read error and read contents of memory on the system or crash the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds read

EUVDB-ID: #VU21994

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14470

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-babel.c:babel_print_v2() within the Babel parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Out-of-bounds read

EUVDB-ID: #VU21984

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-10105

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when printing SMB data. A remote attacker can generate specially crafted SMB traffic, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Out-of-bounds read

EUVDB-ID: #VU21985

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14461

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in print-ldp.c:ldp_tlv_print() within the LDP parser. A remote attacker can generate specially crafted LDP data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Out-of-bounds read

EUVDB-ID: #VU21986

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14462

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in print-icmp.c:icmp_print() function within the ICMP parser. A remote attacker can generate specially crafted ICMP data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Out-of-bounds read

EUVDB-ID: #VU21987

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14463

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in print-vrrp.c:vrrp_print() function within the VRRP parser. A remote attacker can generate specially crafted VRRP data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

7) Out-of-bounds read

EUVDB-ID: #VU21988

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14464

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in print-lmp.c:lmp_print_data_link_subobjs() function within the LMP parser. A remote attacker can generate specially crafted LMP data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

8) Out-of-bounds read

EUVDB-ID: #VU21989

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14465

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in print-rsvp.c:rsvp_obj_print() function within the RSVP parser. A remote attacker can generate specially crafted RSVP data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

9) Out-of-bounds read

EUVDB-ID: #VU21990

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14466

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition in print-rx.c:rx_cache_find() and rx_cache_insert() functions within the Rx parser. A remote attacker can generate specially crafted RSVP data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

10) Out-of-bounds read

EUVDB-ID: #VU21991

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14467

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP) within the BGP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

11) Out-of-bounds read

EUVDB-ID: #VU21992

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14468

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-fr.c:mfr_print() within the FRF.16 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

12) Out-of-bounds read

EUVDB-ID: #VU21993

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14469

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-isakmp.c:ikev1_n_print() within the IKEv1 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

13) Buffer overflow

EUVDB-ID: #VU21995

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-14879

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the tcpdump.c:get_next_file() function in the command-line argument parser. A remote attacker can create a specially crafted file, trick the victim into opening it with the affected software, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

14) Information disclosure

EUVDB-ID: #VU25857

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-6812

CWE-ID: CWE-200 - Information Exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The first time AirPods are connected to an iPhone, they become named after the user's name by default (e.g. Jane Doe's AirPods.) Websites with camera or microphone permission are able to enumerate device names, disclosing the user's name.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

15) Out-of-bounds read

EUVDB-ID: #VU21996

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14880

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-ospf6.c:ospf6_print_lshdr() within the OSPFv3 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

16) Out-of-bounds read

EUVDB-ID: #VU21997

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14881

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART) within the BGP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

17) Out-of-bounds read

EUVDB-ID: #VU21998

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-14882

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-icmp6.c within the ICMPv6 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

18) Out-of-bounds read

EUVDB-ID: #VU22015

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-16227

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-802_11.c for the Mesh Flags subfield within the IEEE 802.11 parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

19) Out-of-bounds read

EUVDB-ID: #VU22016

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-16228

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-hncp.c:print_prefix() within the HNCP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

20) Out-of-bounds read

EUVDB-ID: #VU22017

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-16229

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-dccp.c:dccp_print_option() within the DCCP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

21) Out-of-bounds read

EUVDB-ID: #VU22018

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-16230

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-bgp.c:bgp_attr_print() (MP_REACH_NLRI) within the BGP parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

22) Infinite loop

EUVDB-ID: #VU22019

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-16300

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in print-bgp.c:bgp_attr_print() function in the BPG parser. A remote attacker can pass specially crafted data to the affected application, consume all available system resources and cause denial of service conditions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

23) Out-of-bounds read

EUVDB-ID: #VU22021

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-16451

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the print-smb.c:print_trans() for MAILSLOTBROWSE and PIPELANMAN within the SMB parser in tcpdump before 4.9.3. A remote attacker can generate specially crafted data, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

24) Infinite loop

EUVDB-ID: #VU22022

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2018-16452

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to infinite loop in the smbutil.c:smb_fdata() function within the SMB parser. A remote attacker can consume all available system resources and cause denial of service conditions.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

25) Buffer overflow

EUVDB-ID: #VU22023

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-15166

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the lmp_print_data_link_subobjs() function in print-lmp.c. A remote attacker can create a specially crafted LMP data, trigger memory corruption and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

26) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU23782

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-19234

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to impersonate other users on the system.

The vulnerability exists due to incorrect handling of the blocked users (e.g., by using the ! character in the shadow file instead of a password hash) in sudo. A local user with access to a Runas ALL sudoer account can impersonate blocked users.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

27) Input validation error

EUVDB-ID: #VU25855

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-6811

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary OS commands.

The vulnerability exists due to insufficient validation of user-supplied input copied into buffer via the 'Copy as cURL' feature of Devtools' network tab. A remote attacker can trick the victim into using the 'Copy as cURL' feature to copy malicious data into buffer and later insert them into a terminal window.

Successful exploitation of the vulnerability may result in OS command execution.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

28) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU25806

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-17569

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attack.

The vulnerability exists due to improper input validation when processing a Transfer-Encoding headers. A remote attacker can send a specially crafted HTTP request and perform HTTP request smuggling attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 10 - 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

29) Insufficient verification of data authenticity

EUVDB-ID: #VU22309

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-15162

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to enumerate users on the system.

The vulnerability exists within the rpcapd/daemon.c in libpcap on non-Windows platforms due to the application provides details about failed authenticated attempts. A remote attacker can enumerate users on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

30) Resource management error

EUVDB-ID: #VU22894

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-6477

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect implementation of TCP-pipelining feature in ISC BIND, aimed to limit the number of concurrent connections and protect the server from denial of service attacks. A remote attacker can initiate a TCP-pipelined connection with multiple queries that consume more resources than the server has been provisioned to handle and crash the server, when closing the connection.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 10


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

31) Heap-based buffer overflow

EUVDB-ID: #VU24306

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-6851

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the opj_t1_clbl_decode_processor() function in libopenjp2.so. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

32) Input validation error

EUVDB-ID: #VU25640

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9428

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in EAP dissector within "epan/dissectors/packet-eap.c" . A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

33) Heap-based buffer overflow

EUVDB-ID: #VU25593

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-7061

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the phar_extract_file() function. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

34) Buffer overflow

EUVDB-ID: #VU25859

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-6814

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing HTML content. A remote attacker can create a specially crafted website, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

35) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU23783

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-19232

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to impersonate nonexistent users.

The vulnerability exists in sudo due to incorrect processing of numeric uids that are not associated with any existing user account. A local user with access to a Runas ALL sudoer accountcan impersonate a a nonexistent user.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

36) Heap-based buffer overflow

EUVDB-ID: #VU25546

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-8112

CWE-ID: CWE-122 - Heap-based Buffer Overflow

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the the qmfbid==1 case, a different issue than CVE-2020-6851. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

37) Server-Side Request Forgery (SSRF)

EUVDB-ID: #VU22311

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-15164

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform SSRF attacks.

The vulnerability exists due to insufficient validation of user-supplied input within the rpcapd/daemon.c in libpcap when processing URL as a capture source. A remote attacker can trick the victim to use a specially crafted URL to extract information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

38) Open redirect

EUVDB-ID: #VU27295

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-13038

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data passed via the "ogin?ReturnTo=" string. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

39) Out-of-bounds read

EUVDB-ID: #VU21982

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2018-10103

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary condition when printing SMB data. A remote attacker can generate specially crafted SMB traffic, trigger out-of-bounds read error and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

40) Input validation error

EUVDB-ID: #VU22308

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-15161

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information.

The vulnerability exists due to insufficient validation of user-supplied input within the rpcapd/daemon.c in libpcap. A remote attacker can send specially crafted request to the application and gain access to sensitive information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

41) NULL pointer dereference

EUVDB-ID: #VU22310

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-15163

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dreference error within the rpcapd/daemon.c in libpcap if a crypt() call fails. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

42) Use-after-free

EUVDB-ID: #VU25851

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-6807

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error in cubeb during stream destruction. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

43) Buffer overflow

EUVDB-ID: #VU21950

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-15165

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the sf-pcapng.c in libpcap when processing the PHB header length before allocating memory. A remote attacker can pass specially crafted data to the application that uses the vulnerable library, trigger memory corruption and perform denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

44) Inconsistent interpretation of HTTP requests

EUVDB-ID: #VU25807

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-1935

CWE-ID: CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform HTTP request smuggling attack.

The vulnerability exists due to the HTTP header parsing code uses an approach to end-of-line parsing that allows some invalid HTTP headers to be parsed as valid. A remote attacker can send a specially crafted HTTP request and perform HTTP request smuggling attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

45) Path traversal

EUVDB-ID: #VU25502

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-1938

CWE-ID: CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation in Apache Tomcat AJP connector. A remote attacker can send a specially crafted AJP request, include and execute arbitrary files on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

46) Input validation error

EUVDB-ID: #VU25639

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9429

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in WireGuard dissector in "epan/dissectors/packet-wireguard.c". A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

47) Input validation error

EUVDB-ID: #VU25641

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-9430

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input in WiMax DLMAP dissector within "plugins/epan/wimax/msg_dlmap.c". A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

48) Memory leak

EUVDB-ID: #VU25642

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-9431

CWE-ID: CWE-401 - Improper Release of Memory Before Removing Last Reference ('Memory Leak')

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in LTE RRC dissector within "epan/dissectors/packet-lte-rrc.c". A remote attacker can pass specially crafted data to the application and perform denial of service attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

49) NULL pointer dereference

EUVDB-ID: #VU25594

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-7062

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in session.c when handling file uploads. A remote attacker can send a specially crafted HTTP POST request to the affected application and perform a denial of service (DoS) attack.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

50) Incorrect default permissions

EUVDB-ID: #VU25592

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2020-7063

CWE-ID: CWE-276 - Incorrect Default Permissions

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incorrect default permissions for files and folders that are set during the Phar::buildFromIterator() call when adding files into tar archive. A local user can extract files from tar archive and gain access to otherwise restricted information.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

51) Out-of-bounds read

EUVDB-ID: #VU25856

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2019-20503

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in sctp_load_addresses_from_init in usrsctp. A remote attacker can pass specially crafted data to the application, trigger out-of-bounds read error and read contents of memory on the system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

52) Use-after-free

EUVDB-ID: #VU25849

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-6805

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when removing data about origins in Quota manager in Mozilla Firefox. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

53) Out-of-bounds read

EUVDB-ID: #VU25850

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-6806

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to an out-of-bounds read error due to BodyStream::OnInputStreamReady was missing protections against state confusion. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Oracle Solaris: 11.4


CPE2.3 External links

http://www.oracle.com/security-alerts/bulletinapr2020.html

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###