Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
There are 103 matching records.
Displaying matches 41 through 60.
Vuln ID Summary CVSS Severity
CVE-2015-3988

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Dashboard (Horizon) 2015.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the metadata to a (1) Glance image, (2) Nova flavor or (3) Host Aggregate.

Published: May 19, 2015; 2:59:08 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2015-3455

Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, and 3.5.x before 3.5.4, when configured with client-first SSL-bump, do not properly validate the domain or hostname fields of X.509 certificates, which allows man-in-the-middle attackers to spoof SSL servers via a valid certificate.

Published: May 18, 2015; 11:59:11 AM -0400
V3.x:(not available)
V2.0: 2.6 LOW
CVE-2015-3646

OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs.

Published: May 12, 2015; 3:59:26 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2015-3294

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.

Published: May 08, 2015; 10:59:05 AM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2015-2578

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability via vectors related to Kernel IDMap.

Published: April 16, 2015; 1:00:09 PM -0400
V3.x:(not available)
V2.0: 7.1 HIGH
CVE-2015-0471

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to libelfsign.

Published: April 16, 2015; 12:59:25 PM -0400
V3.x:(not available)
V2.0: 4.4 MEDIUM
CVE-2015-0448

Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local users to affect confidentiality, integrity, and availability via vectors related to ZFS File system.

Published: April 16, 2015; 12:59:08 PM -0400
V3.x:(not available)
V2.0: 7.2 HIGH
CVE-2015-1351

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Published: March 30, 2015; 6:59:07 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-2317

The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.

Published: March 25, 2015; 10:59:04 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-2316

The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.

Published: March 25, 2015; 10:59:02 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-2155

The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Published: March 24, 2015; 1:59:08 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-2190

epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector.

Published: March 07, 2015; 9:59:04 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-2189

Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.

Published: March 07, 2015; 9:59:03 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-2188

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.

Published: March 07, 2015; 9:59:02 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-6195

The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors.

Published: February 13, 2015; 9:59:01 PM -0500
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2014-9674

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.

Published: February 08, 2015; 6:59:35 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9672

Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file.

Published: February 08, 2015; 6:59:33 AM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2014-9671

Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.

Published: February 08, 2015; 6:59:32 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-9670

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row.

Published: February 08, 2015; 6:59:31 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-9669

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.

Published: February 08, 2015; 6:59:30 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM