Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
There are 103 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2014-9666

The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap.

Published: February 08, 2015; 6:59:28 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-9664

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.

Published: February 08, 2015; 6:59:26 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-9663

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap SFNT table.

Published: February 08, 2015; 6:59:25 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9660

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.

Published: February 08, 2015; 6:59:22 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9659

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

Published: February 08, 2015; 6:59:21 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9658

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

Published: February 08, 2015; 6:59:20 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9657

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

Published: February 08, 2015; 6:59:19 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1380

jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body.

Published: February 03, 2015; 11:59:11 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1196

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

Published: January 21, 2015; 1:59:57 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-1038

p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.

Published: January 21, 2015; 1:59:51 PM -0500
V3.x:(not available)
V2.0: 5.8 MEDIUM
CVE-2015-0973

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

Published: January 18, 2015; 1:59:03 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9601

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.

Published: January 16, 2015; 11:59:17 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-9496

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

Published: January 16, 2015; 11:59:16 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2015-0564

Buffer underflow in the ssl_decrypt_record function in epan/dissectors/packet-ssl-utils.c in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 allows remote attackers to cause a denial of service (application crash) via a crafted packet that is improperly handled during decryption of an SSL session.

Published: January 09, 2015; 9:59:42 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0561

asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not validate a certain index value, which allows remote attackers to cause a denial of service (out-of-bounds memory access and application crash) via a crafted packet.

Published: January 09, 2015; 9:59:39 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-8145

Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock function.

Published: December 31, 2014; 5:59:03 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-5353

The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (daemon crash) via a successful LDAP query with no results, as demonstrated by using an incorrect object type for a password policy.

Published: December 16, 2014; 6:59:00 PM -0500
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2014-8094

Integer overflow in the ProcDRI2GetBuffers function in the DRI2 extension in X.Org Server (aka xserver and xorg-server) 1.7.0 through 1.16.x before 1.16.3 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted request, which triggers an out-of-bounds read or write.

Published: December 10, 2014; 10:59:06 AM -0500
V3.x:(not available)
V2.0: 6.5 MEDIUM
CVE-2014-7142

The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size.

Published: November 26, 2014; 10:59:04 AM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2014-8991

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

Published: November 24, 2014; 10:59:15 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW