Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-02-08 | CVE-2014-9672 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Array index error in the parse_fond function in base/ftmac.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (out-of-bounds read) or obtain sensitive information from process memory via a crafted FOND resource in a Mac font file. | 5.8 |
| 2015-02-08 | CVE-2014-9671 | Remote vulnerability in FreeType Versions Prior to 2.5.4 Off-by-one error in the pcf_get_properties function in pcf/pcfread.c in FreeType before 2.5.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted PCF file with a 0xffffffff size value that is improperly incremented. | 4.3 |
| 2015-02-08 | CVE-2014-9670 | Numeric Errors vulnerability in multiple products Multiple integer signedness errors in the pcf_get_encodings function in pcf/pcfread.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (integer overflow, NULL pointer dereference, and application crash) via a crafted PCF file that specifies negative values for the first column and first row. | 4.3 |
| 2015-02-08 | CVE-2014-9669 | Out-of-bounds Read vulnerability in multiple products Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 allow remote attackers to cause a denial of service (out-of-bounds read or memory corruption) or possibly have unspecified other impact via a crafted cmap SFNT table. | 6.8 |
| 2015-02-08 | CVE-2014-9666 | Numeric Errors vulnerability in multiple products The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before 2.5.4 proceeds with a count-to-size association without restricting the count value, which allows remote attackers to cause a denial of service (integer overflow and out-of-bounds read) or possibly have unspecified other impact via a crafted embedded bitmap. | 6.8 |
| 2015-02-08 | CVE-2014-9664 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products FreeType before 2.5.4 does not check for the end of the data during certain parsing actions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted Type42 font, related to type42/t42parse.c and type1/t1load.c. | 6.8 |
| 2015-02-03 | CVE-2015-1380 | Improper Input Validation vulnerability in multiple products jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a denial of service (abort) via a crafted chunk-encoded body. | 5.0 |
| 2015-01-21 | CVE-2015-0436 | Remote Security vulnerability in Oracle Ilearning 6.0/6.1 Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Login. network oracle | 4.3 |
| 2015-01-21 | CVE-2015-0435 | Remote vulnerability in Oracle Transportation Management Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 6.8 |
| 2015-01-21 | CVE-2015-0434 | Remote Security vulnerability in Oracle Access Manager Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect confidentiality via vectors related to Integration with OAM. network oracle | 4.3 |