Vulnerabilities > Oracle
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-02-08 | CVE-2014-9660 | NULL Pointer Dereference vulnerability in multiple products The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font. | 7.5 |
2015-02-08 | CVE-2014-9659 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. | 7.5 |
2015-02-08 | CVE-2014-9658 | Out-of-bounds Read vulnerability in multiple products The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. | 7.5 |
2015-02-08 | CVE-2014-9657 | Out-of-bounds Read vulnerability in multiple products The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font. | 7.5 |
2015-02-03 | CVE-2015-1380 | Improper Input Validation vulnerability in multiple products jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. | 5.0 |
2015-01-21 | CVE-2015-0437 | Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | 9.3 |
2015-01-21 | CVE-2015-0436 | Remote Security vulnerability in Oracle Ilearning 6.0/6.1 Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Login. network oracle | 4.3 |
2015-01-21 | CVE-2015-0435 | Remote vulnerability in Oracle Transportation Management Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 6.8 |
2015-01-21 | CVE-2015-0434 | Remote Security vulnerability in Oracle Access Manager Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect confidentiality via vectors related to Integration with OAM. network oracle | 4.3 |
2015-01-21 | CVE-2015-0432 | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. | 4.0 |