Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
There are 309 matching records.
Displaying matches 161 through 180.
Vuln ID Summary CVSS Severity
CVE-2015-4487

The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, related to an "overflow."

Published: August 15, 2015; 9:59:15 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-4486

The decrease_ref_count function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds read) via malformed WebM video data.

Published: August 15, 2015; 9:59:14 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-4485

Heap-based buffer overflow in the resize_context_buffers function in libvpx in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via malformed WebM video data.

Published: August 15, 2015; 9:59:13 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2015-4484

The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to cause a denial of service (application crash) by leveraging the use of shared memory and accessing (1) an Atomics object or (2) a SharedArrayBuffer object.

Published: August 15, 2015; 9:59:12 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-4483

Mozilla Firefox before 40.0 allows man-in-the-middle attackers to bypass a mixed-content protection mechanism via a feed: URL in a POST request.

Published: August 15, 2015; 9:59:11 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-4482

mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows local users to gain privileges or cause a denial of service (out-of-bounds write) via a crafted name of a Mozilla Archive (aka MAR) file.

Published: August 15, 2015; 9:59:09 PM -0400
V3.x:(not available)
V2.0: 4.6 MEDIUM
CVE-2015-4481

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.

Published: August 15, 2015; 9:59:08 PM -0400
V3.x:(not available)
V2.0: 3.3 LOW
CVE-2015-1819

The xmlreader in libxml allows remote attackers to cause a denial of service (memory consumption) via crafted XML data, related to an XML Entity Expansion (XEE) attack.

Published: August 14, 2015; 2:59:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the wild in August 2015.

Published: August 07, 2015; 8:59:04 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-1270

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.

Published: July 22, 2015; 8:59:00 PM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2015-4651

The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.

Published: July 21, 2015; 9:59:03 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-0253

The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI.

Published: July 20, 2015; 7:59:00 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-4752

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to Server : I_S.

Published: July 16, 2015; 7:00:46 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2015-4737

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Pluggable Auth.

Published: July 16, 2015; 7:00:32 AM -0400
V3.x:(not available)
V2.0: 3.5 LOW
CVE-2015-2648

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to DML.

Published: July 16, 2015; 7:00:08 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2015-2643

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Optimizer.

Published: July 16, 2015; 7:00:03 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2015-2620

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.23 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges.

Published: July 16, 2015; 6:59:43 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-2582

Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier and 5.6.24 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

Published: July 16, 2015; 6:59:09 AM -0400
V3.x:(not available)
V2.0: 4.0 MEDIUM
CVE-2015-5144

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a (2) URL to the URLValidator, or unspecified vectors to the (3) validate_ipv4_address or (4) validate_slug validator.

Published: July 14, 2015; 1:59:07 PM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2015-5143

The session backends in Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (session store consumption) via multiple requests with unique session keys.

Published: July 14, 2015; 1:59:06 PM -0400
V3.x:(not available)
V2.0: 7.8 HIGH