Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
There are 309 matching records.
Displaying matches 141 through 160.
Vuln ID Summary CVSS Severity
CVE-2015-4792

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition, a different vulnerability than CVE-2015-4802.

Published: October 21, 2015; 5:59:09 PM -0400
V3.x:(not available)
V2.0: 1.7 LOW
CVE-2015-4020

RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 does not validate the hostname when fetching gems or making API requests, which allows remote attackers to redirect requests to arbitrary domains via a crafted DNS SRV record with a domain that is suffixed with the original domain name, aka a "DNS hijack attack." NOTE: this vulnerability exists because to an incomplete fix for CVE-2015-3900.

Published: August 25, 2015; 1:59:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-6249

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.7 does not prevent the conflicting use of a table for both IPv4 and IPv6 addresses, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: August 24, 2015; 7:59:09 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-6248

The ptvcursor_add function in the ptvcursor implementation in epan/proto.c in Wireshark 1.12.x before 1.12.7 does not check whether the expected amount of data is available, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: August 24, 2015; 7:59:08 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-6247

The dissect_openflow_tablemod_v5 function in epan/dissectors/packet-openflow_v5.c in the OpenFlow dissector in Wireshark 1.12.x before 1.12.7 does not validate a certain offset value, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Published: August 24, 2015; 7:59:07 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-6246

The dissect_wa_payload function in epan/dissectors/packet-waveagent.c in the WaveAgent dissector in Wireshark 1.12.x before 1.12.7 mishandles large tag values, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: August 24, 2015; 7:59:06 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-6245

epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet.

Published: August 24, 2015; 7:59:05 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-6244

The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: August 24, 2015; 7:59:04 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-6243

The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions.

Published: August 24, 2015; 7:59:03 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-6242

The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet.

Published: August 24, 2015; 7:59:01 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-6241

The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: August 24, 2015; 7:59:00 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-5964

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session store consumption) via unspecified vectors.

Published: August 24, 2015; 10:59:09 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-5963

contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before 1.8.4, 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions allows remote attackers to cause a denial of service (session store consumption or session record removal) via a large number of requests to contrib.auth.views.logout, which triggers the creation of an empty session record.

Published: August 24, 2015; 10:59:08 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-4496

Multiple integer overflows in libstagefright in Mozilla Firefox before 38.0 allow remote attackers to execute arbitrary code via crafted sample metadata in an MPEG-4 video file, a related issue to CVE-2015-1538.

Published: August 15, 2015; 9:59:22 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2015-4493

Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE-2015-1539.

Published: August 15, 2015; 9:59:21 PM -0400
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2015-4492

Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object.

Published: August 15, 2015; 9:59:20 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-4491

Integer overflow in the make_filter_table function in pixops/pixops.c in gdk-pixbuf before 2.31.5, as used in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Linux, Google Chrome on Linux, and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via crafted bitmap dimensions that are mishandled during scaling.

Published: August 15, 2015; 9:59:19 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-4490

The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in Mozilla Firefox before 40.0 does not implement the Content Security Policy Level 2 exceptions for the blob, data, and filesystem URL schemes during wildcard source-expression matching, which might make it easier for remote attackers to conduct cross-site scripting (XSS) attacks by leveraging unexpected policy-enforcement behavior.

Published: August 15, 2015; 9:59:18 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-4489

The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.

Published: August 15, 2015; 9:59:17 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-4488

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.

Published: August 15, 2015; 9:59:16 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH