Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
There are 309 matching records.
Displaying matches 201 through 220.
Vuln ID Summary CVSS Severity
CVE-2015-3900

RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before 2.4.7 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record, aka a "DNS hijack attack."

Published: June 24, 2015; 10:59:01 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-3200

mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.

Published: June 09, 2015; 10:59:01 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-2922

The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message.

Published: May 27, 2015; 6:59:06 AM -0400
V3.x:(not available)
V2.0: 3.3 LOW
CVE-2015-2716

Buffer overflow in the XML parser in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 allows remote attackers to execute arbitrary code by providing a large amount of compressed XML data, a related issue to CVE-2015-1283.

Published: May 14, 2015; 6:59:09 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-3145

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Published: April 24, 2015; 10:59:10 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-2573

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

Published: April 16, 2015; 1:00:05 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2015-2571

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

Published: April 16, 2015; 1:00:04 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2015-2568

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote attackers to affect availability via unknown vectors related to Server : Security : Privileges.

Published: April 16, 2015; 1:00:02 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0505

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

Published: April 16, 2015; 12:59:54 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2015-0499

Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.

Published: April 16, 2015; 12:59:48 PM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2015-0433

Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to InnoDB : DML.

Published: April 16, 2015; 12:59:02 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2015-0251

The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.

Published: April 08, 2015; 2:59:02 PM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2015-0248

The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

Published: April 08, 2015; 2:59:01 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0798

The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.

Published: April 08, 2015; 6:59:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0829

Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.

Published: February 25, 2015; 6:59:10 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-0828

Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data.

Published: February 25, 2015; 6:59:08 AM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2014-6195

The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and 5.5.x on Windows and z/OS; 6.1 before 6.1.5.7 on z/OS; 6.1 and 6.2 before 6.2.5.2 on Windows, before 6.2.5.3 on AIX and Linux x86, and before 6.2.5.4 on Linux Z and Solaris; 6.3 before 6.3.2.1 on AIX, before 6.3.2.2 on Windows, and before 6.3.2.3 on Linux; 6.4 before 6.4.2.1; and 7.1 before 7.1.1 in IBM TSM for Mail, when the Data Protection for Lotus Domino component is used, allow local users to bypass authentication and restore a Domino database or transaction-log backup via unspecified vectors.

Published: February 13, 2015; 9:59:01 PM -0500
V3.x:(not available)
V2.0: 1.9 LOW
CVE-2014-9512

rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

Published: February 12, 2015; 11:59:01 AM -0500
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2015-0432

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.

Published: January 21, 2015; 2:59:17 PM -0500
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2015-0411

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.

Published: January 21, 2015; 2:59:00 PM -0500
V3.x:(not available)
V2.0: 7.5 HIGH