Lucene search

K
OracleSolaris

546 matches found

CVE
CVE
added 2014/09/03 10:55 a.m.99 views

CVE-2014-1563

Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG animation ...

10CVSS9.5AI score0.01154EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.99 views

CVE-2014-9669

Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table.

6.8CVSS7.8AI score0.01778EPSS
CVE
CVE
added 2015/11/09 3:59 a.m.99 views

CVE-2015-2697

The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT Kerberos 5 (aka krb5) before 1.14 allows remote authenticated users to cause a denial of service (out-of-bounds read and KDC crash) via an initial '\0' character in a long realm field within a TGS request.

4CVSS6.9AI score0.05447EPSS
CVE
CVE
added 2015/07/14 5:59 p.m.99 views

CVE-2015-5144

Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and 1.8.x before 1.8.3 uses an incorrect regular expression, which allows remote attackers to inject arbitrary headers and conduct HTTP response splitting attacks via a newline character in an (1) email message to the EmailValidator, a ...

4.3CVSS6.5AI score0.01493EPSS
CVE
CVE
added 2013/12/11 3:55 p.m.98 views

CVE-2013-5611

Mozilla Firefox before 26.0 does not properly remove the Application Installation doorhanger, which makes it easier for remote attackers to spoof a Web App installation site by controlling the timing of page navigation.

5.8CVSS9AI score0.00882EPSS
CVE
CVE
added 2014/07/17 11:17 a.m.98 views

CVE-2014-4243

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via vectors related to ENFED.

2.8CVSS5AI score0.00817EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.98 views

CVE-2015-2740

Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 might allow remote attackers to cause a denial of service or have unspecified other impact via unknown vectors.

10CVSS5AI score0.04143EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.98 views

CVE-2019-2787

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Automount). Supported versions that are affected are 11.4 and 10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful...

4.2CVSS3AI score0.00491EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.98 views

CVE-2019-2838

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via NFS to compromise Oracle Solaris. Successful attacks of...

7.5CVSS6.7AI score0.00826EPSS
CVE
CVE
added 2022/07/19 10:15 p.m.98 views

CVE-2022-21514

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Solaris. Successful...

7.5CVSS7AI score0.00974EPSS
CVE
CVE
added 2013/07/17 1:41 p.m.97 views

CVE-2013-3793

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

4CVSS4.9AI score0.00568EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.97 views

CVE-2014-9658

The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

7.5CVSS7.8AI score0.01279EPSS
CVE
CVE
added 2015/07/23 12:59 a.m.97 views

CVE-2015-1270

The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) o...

6.8CVSS9.3AI score0.01165EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.97 views

CVE-2015-2735

nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

9.3CVSS4.4AI score0.0272EPSS
CVE
CVE
added 2016/12/13 3:59 p.m.97 views

CVE-2016-5842

MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memory information via vectors involving the q variable, which triggers an out-of-bounds read.

7.5CVSS7.2AI score0.01127EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.96 views

CVE-2014-1504

The session-restore feature in Mozilla Firefox before 28.0 and SeaMonkey before 2.25 does not consider the Content Security Policy of a data: URL, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted document that is accessed after a browser restart...

2.6CVSS8.1AI score0.00606EPSS
CVE
CVE
added 2014/07/23 11:12 a.m.95 views

CVE-2014-1561

Mozilla Firefox before 31.0 does not properly restrict use of drag-and-drop events to spoof customization events, which allows remote attackers to alter the placement of UI icons via crafted JavaScript code that is encountered during (1) page, (2) panel, or (3) toolbar customization.

5.8CVSS9.1AI score0.00752EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.95 views

CVE-2014-9674

The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other...

7.5CVSS8AI score0.03297EPSS
CVE
CVE
added 2015/10/21 9:59 p.m.95 views

CVE-2015-4807

Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier and 5.6.26 and earlier, when running on Windows, allows remote authenticated users to affect availability via unknown vectors related to Server : Query Cache.

3.5CVSS5AI score0.00616EPSS
CVE
CVE
added 2017/08/08 3:29 p.m.95 views

CVE-2017-10003

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Network Services Library). The supported version that is affected is 10. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise...

4.5CVSS3.9AI score0.00063EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.94 views

CVE-2014-1485

The Content Security Policy (CSP) implementation in Mozilla Firefox before 27.0 and SeaMonkey before 2.24 operates on XSLT stylesheets according to style-src directives instead of script-src directives, which might allow remote attackers to execute arbitrary XSLT code by leveraging insufficient sty...

7.5CVSS9.4AI score0.00964EPSS
CVE
CVE
added 2014/10/15 3:55 p.m.94 views

CVE-2014-6463

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.

3.3CVSS6.1AI score0.0039EPSS
CVE
CVE
added 2015/05/26 3:59 p.m.94 views

CVE-2015-3812

Multiple memory leaks in the x11_init_protocol function in epan/dissectors/packet-x11.c in the X11 dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 allow remote attackers to cause a denial of service (memory consumption) via a crafted packet.

7.8CVSS5.3AI score0.00656EPSS
CVE
CVE
added 2023/04/18 8:15 p.m.94 views

CVE-2023-21896

Vulnerability in the Oracle Solaris product of Oracle Systems (component: NSSwitch). Supported versions that are affected are 10 and 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Suc...

7CVSS6.7AI score0.00099EPSS
CVE
CVE
added 2013/04/17 12:14 p.m.93 views

CVE-2013-1511

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

3.5CVSS4.3AI score0.00567EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.93 views

CVE-2014-9660

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.

7.5CVSS7.8AI score0.0356EPSS
CVE
CVE
added 2014/10/15 10:55 p.m.92 views

CVE-2014-6495

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.

4.3CVSS6.3AI score0.00747EPSS
CVE
CVE
added 2014/10/15 10:55 p.m.92 views

CVE-2014-6507

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.

4.3CVSS5.5AI score0.00506EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.92 views

CVE-2014-9663

The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before 2.5.4 validates a certain length field before that field's value is completely calculated, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted cmap ...

7.5CVSS7.8AI score0.01898EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.92 views

CVE-2015-2733

Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a dedicated worker.

10CVSS5.1AI score0.02691EPSS
CVE
CVE
added 2015/07/06 2:1 a.m.92 views

CVE-2015-2736

The nsZipArchive::BuildFileList function in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 accesses unintended memory locations, which allows remote attackers to have an unspecified impact via a crafted ZIP archive.

9.3CVSS4.4AI score0.0272EPSS
CVE
CVE
added 2015/05/26 3:59 p.m.92 views

CVE-2015-3811

epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.14 and 1.12.x before 1.12.5 improperly refers to previously processed bytes, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, a different vulnerability than CVE-2015...

5CVSS5.3AI score0.00344EPSS
CVE
CVE
added 2014/10/15 3:55 p.m.91 views

CVE-2014-6478

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.

4.3CVSS6.3AI score0.00491EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.91 views

CVE-2014-9657

The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

7.5CVSS7.8AI score0.01279EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.91 views

CVE-2014-9671

Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented.

4.3CVSS7AI score0.02723EPSS
CVE
CVE
added 2015/08/16 1:59 a.m.91 views

CVE-2015-4493

Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor function in libstagefright in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 allows remote attackers to execute arbitrary code via an invalid size field in an esds chunk in MPEG-4 video data, a related issue to CVE...

9.3CVSS9.7AI score0.1862EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.91 views

CVE-2019-2804

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Filesystem). Supported versions that are affected are 11.4 and 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to comp...

7.3CVSS7.4AI score0.0004EPSS
CVE
CVE
added 2015/03/24 5:59 p.m.90 views

CVE-2015-2155

The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

7.5CVSS9.5AI score0.04982EPSS
CVE
CVE
added 2014/02/06 5:44 a.m.89 views

CVE-2014-1484

Mozilla Firefox before 27.0 on Android 4.2 and earlier creates system-log entries containing profile paths, which allows attackers to obtain sensitive information via a crafted application.

5CVSS8.5AI score0.00632EPSS
CVE
CVE
added 2014/03/19 10:55 a.m.89 views

CVE-2014-1499

Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers to spoof the domain name in the WebRTC (1) camera or (2) microphone permission prompt by triggering navigation at a certain time during generation of this prompt.

4.3CVSS9AI score0.00611EPSS
CVE
CVE
added 2015/01/16 4:59 p.m.89 views

CVE-2014-9496

The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows attackers to have unspecified impact via vectors related to a (1) map offset or (2) rsrc marker, which triggers an out-of-bounds read.

2.1CVSS6.4AI score0.0012EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.89 views

CVE-2014-9664

FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c.

6.8CVSS7.9AI score0.0113EPSS
CVE
CVE
added 2015/02/08 11:59 a.m.89 views

CVE-2014-9670

Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first ...

4.3CVSS7.1AI score0.04289EPSS
CVE
CVE
added 2015/08/24 2:59 p.m.89 views

CVE-2015-5964

The (1) contrib.sessions.backends.base.SessionBase.flush and (2) cache_db.SessionStore.flush functions in Django 1.7.x before 1.7.10, 1.4.x before 1.4.22, and possibly other versions create empty sessions in certain circumstances, which allows remote attackers to cause a denial of service (session ...

5CVSS6.5AI score0.04693EPSS
CVE
CVE
added 2013/07/17 1:41 p.m.88 views

CVE-2013-3794

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

4CVSS5AI score0.00736EPSS
CVE
CVE
added 2013/07/17 1:41 p.m.88 views

CVE-2013-3809

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Audit Log.

4CVSS4.9AI score0.00424EPSS
CVE
CVE
added 2014/09/30 4:55 p.m.88 views

CVE-2014-6051

Integer overflow in the MallocFrameBuffer function in vncviewer.c in LibVNCServer 0.9.9 and earlier allows remote VNC servers to cause a denial of service (crash) and possibly execute arbitrary code via an advertisement for a large screen size, which triggers a heap-based buffer overflow.

7.5CVSS8.9AI score0.06605EPSS
CVE
CVE
added 2015/01/16 4:59 p.m.88 views

CVE-2014-9601

Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed.

5CVSS6.2AI score0.01079EPSS
CVE
CVE
added 2018/07/18 1:29 p.m.88 views

CVE-2018-2903

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel). Supported versions that are affected are 10 and 11.3. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris. S...

4.9CVSS4.3AI score0.00148EPSS
CVE
CVE
added 2019/07/23 11:15 p.m.88 views

CVE-2019-2832

Vulnerability in the Oracle Solaris component of Oracle Sun Systems Products Suite (subcomponent: Common Desktop Environment). The supported version that is affected is 10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes...

8.8CVSS8.4AI score0.00051EPSS
Total number of security vulnerabilities546