Vulnerabilities > Oracle > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-01-20 CVE-2015-5295 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.
network
low complexity
openstack redhat oracle fedoraproject CWE-119
5.4
2016-01-14 CVE-2016-0777 Information Exposure vulnerability in multiple products
The resend_bytes function in roaming_common.c in the client in OpenSSH 5.x, 6.x, and 7.x before 7.1p2 allows remote servers to obtain sensitive information from process memory by requesting transmission of an entire buffer, as demonstrated by reading a private key.
network
low complexity
sophos oracle openbsd hp apple CWE-200
6.5
2015-12-06 CVE-2015-3195 Information Exposure vulnerability in multiple products
The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
5.3
2015-08-24 CVE-2015-3238 Information Exposure vulnerability in multiple products
The _unix_run_helper_binary function in the pam_unix module in Linux-PAM (aka pam) before 1.2.1, when unable to directly access passwords, allows local users to enumerate usernames or cause a denial of service (hang) via a large password.
network
low complexity
linux-pam oracle CWE-200
6.5
2015-07-09 CVE-2015-1793 7PK - Security Features vulnerability in multiple products
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
network
low complexity
oracle openssl CWE-254
6.5
2014-11-10 CVE-2014-8559 Resource Exhaustion vulnerability in multiple products
The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.
5.5
2014-11-10 CVE-2014-3647 arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application. 5.5
2014-06-23 CVE-2014-0203 Use After Free vulnerability in multiple products
The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call.
local
low complexity
linux oracle CWE-416
5.5
2014-03-18 CVE-2014-2532 Permissions, Privileges, and Access Controls vulnerability in multiple products
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
network
high complexity
oracle openbsd CWE-264
4.9
2013-03-15 CVE-2013-2566 Inadequate Encryption Strength vulnerability in multiple products
The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.
network
high complexity
oracle fujitsu canonical mozilla CWE-326
5.9