SB2022020147 - Multiple vulnerabilities in Oracle Solaris
Published: February 1, 2022 Updated: August 2, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: CVE-2022-21298)
The vulnerability allows a local authenticated user to manipulate or delete data.
The vulnerability exists due to improper input validation within the Install component in Oracle Solaris. A local authenticated user can exploit this vulnerability to manipulate or delete data.
2) Improper input validation (CVE-ID: CVE-2022-21263)
The vulnerability allows a local authenticated user to read and manipulate data.
The vulnerability exists due to improper input validation within the Fault Management Architecture component in Oracle Solaris. A local authenticated user can exploit this vulnerability to read and manipulate data.
3) Improper input validation (CVE-ID: CVE-2022-21271)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
The vulnerability exists due to improper input validation within the Libraries component in Oracle GraalVM Enterprise Edition. A remote non-authenticated attacker can exploit this vulnerability to perform service disruption.
4) Improper input validation (CVE-ID: CVE-2022-21375)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation within the Kernel component in Oracle Solaris. A local authenticated user can exploit this vulnerability to perform a denial of service (DoS) attack.
5) Improper input validation (CVE-ID: CVE-2021-43395)
The vulnerability allows a local authenticated user to a crash the entire system.
The vulnerability exists due to improper input validation within the Filesystem component in Oracle Solaris. A local authenticated user can exploit this vulnerability to a crash the entire system.
Remediation
Install update from vendor's website.