CyberSec.Space Logo
Back to CVE Browser

CVE-2019-3010

Known Exploited (CISA KEV)HIGH
8.8
CVSS Severity Score
EPSS Score54.8480%
EPSS Percentile91.21th
PublishedOct 16, 2019
Last ModifiedOct 27, 2025

Vulnerability Description

Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).

Affected Platforms (CPE)

πŸ’»
Oracle

Solaris

= 11

References & Advisories

πŸ”— http://packetstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.html
πŸ”— http://seclists.org/fulldisclosure/2019/Oct/39
πŸ”— http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
πŸ”— http://packetstormsecurity.com/files/154960/Solaris-xscreensaver-Privilege-Escalation.html
πŸ”— http://seclists.org/fulldisclosure/2019/Oct/39
πŸ”— http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-3010

Related Vulnerabilities

CVE-1999-097410.0

Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

CVE-1999-097310.0

Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is runn...

CVE-2020-1487110.0

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Supported versions tha...

CVE-1999-010110.0

Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.