CVE-2020-2656 - Low impact information disclosure via Solaris xlock

Dear Bugtraq, Please find attached an advisory for the following vulnerability, fixed in Oracle's Critical Patch Update (CPU) of January 2020: "A low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial

CVE-2020-2696 - Local privilege escalation via CDE dtsession

Dear Bugtraq, Please find attached an advisory for the following vulnerability, fixed in Oracle's Critical Patch Update (CPU) of January 2020: "A buffer overflow in the CheckMonitor() function in the Common Desktop Environment 2.3.1 and earlier and 1.6 and earlier, as distributed with Oracle