Search Results (Refine Search)
- CPE Product Version: cpe:/o:oracle:solaris:11.2
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2015-2589 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to S10 Branded Zone. Published: July 16, 2015; 6:59:16 AM -0400 |
V3.x:(not available) V2.0: 4.9 MEDIUM |
CVE-2015-2580 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect availability via vectors related to NFSv4. Published: July 16, 2015; 6:59:07 AM -0400 |
V3.x:(not available) V2.0: 1.9 LOW |
CVE-2015-4024 |
Algorithmic complexity vulnerability in the multipart_buffer_headers function in main/rfc1867.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote attackers to cause a denial of service (CPU consumption) via crafted form data that triggers an improper order-of-growth outcome. Published: June 09, 2015; 2:59:06 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-3330 |
The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." Published: June 09, 2015; 2:59:03 PM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2015-3329 |
Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive. Published: June 09, 2015; 2:59:02 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-3814 |
The (1) dissect_tfs_request and (2) dissect_tfs_response functions in epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 interpret a zero value as a length rather than an error condition, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. Published: May 26, 2015; 11:59:08 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-3812 |
Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet. Published: May 26, 2015; 11:59:06 AM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2015-3811 |
epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015-2188. Published: May 26, 2015; 11:59:05 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-3988 |
Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate. Published: May 19, 2015; 2:59:08 PM -0400 |
V3.x:(not available) V2.0: 3.5 LOW |
CVE-2015-3455 |
Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate. Published: May 18, 2015; 11:59:11 AM -0400 |
V3.x:(not available) V2.0: 2.6 LOW |
CVE-2015-3646 |
OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. Published: May 12, 2015; 3:59:26 PM -0400 |
V3.x:(not available) V2.0: 4.0 MEDIUM |
CVE-2015-3294 |
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request. Published: May 08, 2015; 10:59:05 AM -0400 |
V3.x:(not available) V2.0: 6.4 MEDIUM |
CVE-2015-2578 |
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability via vectors related to Kernel IDMap. Published: April 16, 2015; 1:00:09 PM -0400 |
V3.x:(not available) V2.0: 7.1 HIGH |
CVE-2015-0471 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign. Published: April 16, 2015; 12:59:25 PM -0400 |
V3.x:(not available) V2.0: 4.4 MEDIUM |
CVE-2015-0448 |
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system. Published: April 16, 2015; 12:59:08 PM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2015-1351 |
Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Published: March 30, 2015; 6:59:07 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-2317 |
The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL. Published: March 25, 2015; 10:59:04 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2015-2316 |
The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string. Published: March 25, 2015; 10:59:02 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2015-2155 |
The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors. Published: March 24, 2015; 1:59:08 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2015-2190 |
epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector. Published: March 07, 2015; 9:59:04 PM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |