Oracle Solaris vulnerabilities

CVE-2015-2573 [MEDIUM] CVE-2015-2573: Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, and 5.6.22 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

CVE-2015-2574 [LOW] CVE-2015-2574: Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality via unknown vectors related to Text Utilities.

CVE-2015-0499 [LOW] CVE-2015-0499: Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server : Federated.

CVE-2015-0505 [LOW] CVE-2015-0505: Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, and 5.6.23 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

CVE-2015-0251 [MEDIUM] CWE-345 CVE-2015-0251: The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote aut The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 through 1.8.11 allows remote authenticated users to spoof the svn:author property via a crafted v1 HTTP protocol request sequences.

CVE-2015-0248 [MEDIUM] CWE-399 CVE-2015-0248: The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1. The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0 through 1.8.11 allow remote attackers to cause a denial of service (assertion failure and abort) via crafted parameter combinations related to dynamically evaluated revision numbers.

CVE-2015-0798 [MEDIUM] CWE-264 CVE-2015-0798: The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, and Desktop Firefox pre-release, does not properly handle privileged URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy.

CVE-2015-1351 [HIGH] CWE-416 CVE-2015-1351: Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcac Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2015-2317 [MEDIUM] CWE-79 CVE-2015-2317: The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x befor The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1 does not properly validate URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a control character in a URL, as demonstrated by a \x08javascript: URL.

CVE-2015-2316 [MEDIUM] CWE-399 CVE-2015-2316: The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x befo The utils.html.strip_tags function in Django 1.6.x before 1.6.11, 1.7.x before 1.7.7, and 1.8.x before 1.8c1, when using certain versions of Python, allows remote attackers to cause a denial of service (infinite loop) by increasing the length of the input string.

CVE-2015-2155 [HIGH] CVE-2015-2155: The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (cras The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

CVE-2015-2190 [MEDIUM] CWE-19 CVE-2015-2190: epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater t epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly handle integer data types greater than 32 bits in size, which allows remote attackers to cause a denial of service (assertion failure and application exit) via a crafted packet that is improperly handled by the LLDP dissector.

CVE-2015-2188 [MEDIUM] CWE-19 CVE-2015-2188: epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x befo epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 does not properly initialize a data structure, which allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted packet that is improperly handled during decompression.

CVE-2015-2189 [MEDIUM] CWE-189 CVE-2015-2189: Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wiresh Off-by-one error in the pcapng_read function in wiretap/pcapng.c in the pcapng file parser in Wireshark 1.10.x before 1.10.13 and 1.12.x before 1.12.4 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via an invalid Interface Statistics Block (ISB) interface ID in a crafted packet.

CVE-2015-0829 [MEDIUM] CWE-119 CVE-2015-0829: Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute Buffer overflow in libstagefright in Mozilla Firefox before 36.0 allows remote attackers to execute arbitrary code via a crafted MP4 video that is improperly handled during playback.

CVE-2015-0828 [MEDIUM] CVE-2015-0828: Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36 Double free vulnerability in the nsXMLHttpRequest::GetResponse function in Mozilla Firefox before 36.0, when a nonstandard memory allocator is used, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via crafted JavaScript code that makes an XMLHttpRequest call with zero bytes of data.

CVE-2014-9512 [MEDIUM] CWE-59 CVE-2014-9512: rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in th rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.

CVE-2014-9658 [HIGH] CWE-125 CVE-2014-9658: The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minim The tt_face_load_kern function in sfnt/ttkern.c in FreeType before 2.5.4 enforces an incorrect minimum table length, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

CVE-2014-9657 [HIGH] CWE-125 CVE-2014-9657: The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a m The tt_face_load_hdmx function in truetype/ttpload.c in FreeType before 2.5.4 does not establish a minimum record size, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted TrueType font.

CVE-2014-9674 [HIGH] CVE-2014-9674: The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding t The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType before 2.5.4 proceeds with adding to length values without validating the original values, which allows remote attackers to cause a denial of service (integer overflow and heap-based buffer overflow) or possibly have unspecified other impact via a crafted Mac font.