exploit the possibilities
Showing 1 - 6 of 6 RSS Feed

CVE-2020-2944

Status Candidate

Overview

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Common Desktop Environment). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Related Files

Ubuntu Security Notice USN-5010-1
Posted Jul 15, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5010-1 - Lei Sun discovered that QEMU incorrectly handled certain MMIO operations. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. Wenxiang Qian discovered that QEMU incorrectly handled certain ATAPI commands. An attacker inside the guest could possibly use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 21.04. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-15469, CVE-2020-29443, CVE-2020-35505, CVE-2020-35517, CVE-2021-20221, CVE-2021-20257, CVE-2021-3392, CVE-2021-3409, CVE-2021-3416, CVE-2021-3527, CVE-2021-3544, CVE-2021-3545, CVE-2021-3546, CVE-2021-3593, CVE-2021-3594, CVE-2021-3595, CVE-2021-3608
MD5 | a10983baf94ee34b42cbfe9a189e7575
Red Hat Security Advisory 2021-2529-01
Posted Jun 23, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2529-01 - KVM is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm-rhev packages provide the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include an out of bounds access vulnerability.

tags | advisory
systems | linux, redhat
advisories | CVE-2020-29443
MD5 | 3404a1ef0fa663fb6473de541d4f2b08
Red Hat Security Advisory 2021-2322-01
Posted Jun 9, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-2322-01 - Kernel-based Virtual Machine is a full virtualization solution for Linux on a variety of architectures. The qemu-kvm packages provide the user-space component for running virtual machines that use KVM. Issues addressed include an out of bounds access vulnerability.

tags | advisory, kernel
systems | linux, redhat
advisories | CVE-2020-29443
MD5 | dd2b7671683b518a1e1f28462c1bc840
Red Hat Security Advisory 2021-1762-01
Posted May 19, 2021
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2021-1762-01 - Kernel-based Virtual Machine offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the virtualized systems. Issues addressed include buffer overflow, double free, information leakage, and out of bounds access vulnerabilities.

tags | advisory, overflow, kernel, vulnerability
systems | linux, redhat
advisories | CVE-2020-11947, CVE-2020-16092, CVE-2020-25637, CVE-2020-25707, CVE-2020-25723, CVE-2020-27821, CVE-2020-28916, CVE-2020-29129, CVE-2020-29130, CVE-2020-29443
MD5 | fd8276d38ffd1d12356ab7f34aa38c04
Ubuntu Security Notice USN-4725-1
Posted Feb 8, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4725-1 - It was discovered that QEMU incorrectly handled memory in iSCSI emulation. An attacker inside the guest could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Alexander Bulekov discovered that QEMU incorrectly handled Intel e1000e emulation. An attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. Various other issues were also addressed.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2020-11947, CVE-2020-15859, CVE-2020-27821, CVE-2020-28916, CVE-2020-29443, CVE-2021-20181
MD5 | 8e74f2be441015a0d3cb5784143bdec5
Common Desktop Environment 1.6 Local Privilege Escalation
Posted Apr 17, 2020
Authored by Marco Ivaldi

A buffer overflow in the _SanityCheck() function in the Common Desktop Environment version distributed with Oracle Solaris 10 1/13 (Update 11) and earlier allows local users to gain root privileges via a long calendar name or calendar owner passed to sdtcm_convert in a malicious calendar file. The open source version of CDE (based on the CDE 2.x codebase) is not affected, because it does not ship the vulnerable program. Versions 1.6 and below are affected.

tags | exploit, overflow, local, root
systems | solaris
advisories | CVE-2020-2944
MD5 | a52155188d9d9476faa2c94dc62f2069
Page 1 of 1
Back1Next

File Archive:

December 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    18 Files
  • 2
    Dec 2nd
    11 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close