Vulnerabilities > Oracle > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-03-13 CVE-2016-1965 7PK - Security Features vulnerability in multiple products
Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle a navigation sequence that returns to the original page, which allows remote attackers to spoof the address bar via vectors involving the history.back method and the location.protocol property.
network
low complexity
mozilla opensuse oracle CWE-254
4.3
2016-03-13 CVE-2016-1958 7PK - Security Features vulnerability in multiple products
browser/base/content/browser.js in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to spoof the address bar via a javascript: URL.
network
low complexity
oracle opensuse mozilla CWE-254
4.3
2016-03-13 CVE-2016-1957 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Memory leak in libstagefright in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to cause a denial of service (memory consumption) via an MPEG-4 file that triggers a delete operation on an array.
network
low complexity
novell opensuse mozilla oracle CWE-119
4.3
2016-02-19 CVE-2016-2270 Improper Input Validation vulnerability in multiple products
Xen 4.6.x and earlier allows local guest administrators to cause a denial of service (host reboot) via vectors related to multiple mappings of MMIO pages with different cachability settings.
network
low complexity
debian fedoraproject xen oracle CWE-20
6.8
2016-02-15 CVE-2015-3197 Information Exposure vulnerability in multiple products
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions.
network
high complexity
oracle openssl CWE-200
5.9
2016-02-13 CVE-2015-8631 Missing Release of Resource after Effective Lifetime vulnerability in multiple products
Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 allow remote authenticated users to cause a denial of service (memory consumption) via a request specifying a NULL principal name.
network
low complexity
mit opensuse debian redhat oracle CWE-772
6.5
2016-02-13 CVE-2015-8629 Out-of-bounds Read vulnerability in multiple products
The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13.4 and 1.14.x before 1.14.1 does not verify whether '\0' characters exist as expected, which allows remote authenticated users to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted string.
network
high complexity
mit oracle debian opensuse redhat CWE-125
5.3
2016-02-08 CVE-2013-4312 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
local
low complexity
oracle linux CWE-119
6.2
2016-01-27 CVE-2016-2047 7PK - Security Features vulnerability in multiple products
The ssl_verify_server_cert function in sql-common/client.c in MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10; Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier; and Percona Server do not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "/CN=" string in a field in a certificate, as demonstrated by "/OU=/CN=bar.com/CN=foo.com."
5.9
2016-01-21 CVE-2016-0502 Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
network
low complexity
opensuse oracle mariadb
6.5