Vulnerabilities > Oracle
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-14 | CVE-2015-0797 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird before 31.7 on Linux, allows remote attackers to cause a denial of service (buffer over-read and application crash) or possibly execute arbitrary code via crafted H.264 video data in an m4v file. | 6.8 |
| 2015-05-12 | CVE-2015-3646 | Information Exposure vulnerability in multiple products OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backend_argument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs. | 4.0 |
| 2015-05-01 | CVE-2015-3153 | Information Exposure vulnerability in multiple products The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. | 5.0 |
| 2015-04-24 | CVE-2015-3145 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. | 7.5 |
| 2015-04-24 | CVE-2015-3144 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by "http://:80" and ":80." The previous CVSS assessment 7.5 (AV:N/AC:L/AU:N/C:P/I:P/A:P) was provided at the time of initial analysis based on the best available published information at that time. | 9.0 |
| 2015-04-16 | CVE-2015-2579 | Local Security vulnerability in Oracle Health Sciences Applications 8.0 Unspecified vulnerability in the Oracle Health Sciences Argus Safety component in Oracle Health Sciences Applications 8.0 allows local users to affect confidentiality via vectors related to BIP Installer. | 2.1 |
| 2015-04-16 | CVE-2015-2578 | Remote Security vulnerability in Oracle Solaris 11.2 Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote attackers to affect availability via vectors related to Kernel IDMap. network oracle | 7.1 |
| 2015-04-16 | CVE-2015-2577 | Local Security vulnerability in Oracle Solaris 10 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Accounting commands. | 7.2 |
| 2015-04-16 | CVE-2015-2576 | Local Security vulnerability in Oracle MySQL Utilities Unspecified vulnerability in the MySQL Utilities component in Oracle MySQL 1.5.1 and earlier, when running on Windows, allows local users to affect integrity via unknown vectors related to Installation. | 2.1 |
| 2015-04-16 | CVE-2015-2574 | Local Security vulnerability in Oracle Solaris 10 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Text Utilities. | 2.1 |