The Third Party Vulnerability Resolution Blog covers CVEs and patches in Systems product suite.

Multiple vulnerabilities in Pidgin

CVE Description CVSSv2 Base Score Component Product and Resolution CVE-2012-6152Input...

Recent Posts

Alerts

Multiple Vulnerabilities in Adobe Flash Player

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2010-0209 Code Injection vulnerability 9.3 Adobe Flash Player Solaris 10 SPARC: 125332-13 X86: 125333-12 Solaris 11 Express snv_151a CVE-2010-2188 Buffer Overflow vulnerability 9.3 CVE-2010-2213 Code Injection vulnerability 9.3 CVE-2010-2214 Code Injection vulnerability 9.3 CVE-2010-2215 "click-jacking" vulnerability 4.3 CVE-2010-2216 Code Injection vulnerability 9.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2013-2116 Input Validation vulnerability in GnuTLS

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-2116 Input Validation vulnerability 5.0 GnuTLS Solaris 10 SPARC: 123938-05 X86: 123939-05 Solaris 11.1 11.1.11.4.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2013-1619 Cryptographic Issues vulnerability in GnuTLS

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-1619 Cryptographic Issues vulnerability 4.0 GnuTLS Solaris 10 SPARC: 123938-05 X86: 123939-05 Solaris 11.1 11.1.11.4.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2013-4243 Buffer Errors vulnerability in LibTIFF

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-4243 Buffer Errors vulnerability 6.8 LibTIFF Solaris 11.2 11.2 Solaris 10 SPARC: 119900-18 X86: 119901-17 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2013-4244 Buffer Errors vulnerability in LibTIFF

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-4244 Buffer Errors vulnerability 6.8 LibTIFF Solaris 11.2 11.2 Solaris 10 SPARC: 119900-18 X86: 119901-17 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2013-4232 Resource Management Errors vulnerability in LibTIFF

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-4232 Resource Management Errors vulnerability 6.8 LibTIFF Solaris 11.1 11.1.15.4.0 Solaris 10 SPARC: 119900-18 X86: 119901-17 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2013-4231 Buffer overflow vulnerability in LibTIFF

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-4231 Buffer overflow vulnerability 4.3 LibTIFF Solaris 11.1 11.1.15.4.0 Solaris 10 SPARC: 119900-18 X86: 119901-17 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple Buffer Errors vulnerability in LibTIFF

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-1960 Buffer Errors vulnerability 9.3 LibTIFF Solaris 11.1 11.1.14.5.0 Solaris 10 SPARC: 119900-18 X86: 119901-17 CVE-2013-1961 Buffer Errors vulnerability 9.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2012-4564 Design Error vulnerability in LibTIFF

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-4564 Design Error vulnerability 6.8 LibTIFF Solaris 11.1 11.1.14.5.0 Solaris 10 SPARC: 119900-18 X86: 119901-17 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-7185 Integer overflow vulnerability in Python

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-7185 Integer overflow vulnerability 6.4 Python Solaris 11.2 11.2.4.6.0 Solaris 10 SPARC: 143506-11 X86: 143507-11 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-0119 Permissions, Privileges, and Access Control vulnerability in Apache Tomcat

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0119 Permissions, Privileges, and Access Control vulnerability 4.3 Apache Tomcat Solaris 11.1 11.1.21.4.1 Solaris 10 SPARC: 122911-34 X86: 122912-34 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-0099 Numeric Errors vulnerability in Apache Tomcat

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0099 Numeric Errors vulnerability 4.3 Apache Tomcat Solaris 11.1 11.1.21.4.1 Solaris 10 SPARC: 122911-34 X86: 122912-34 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-0096 Permissions, Privileges, and Access Control vulnerability in Apache Tomcat

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0096 Permissions, Privileges, and Access Control vulnerability 4.3 Apache Tomcat Solaris 11.1 11.1.21.4.1 Solaris 10 SPARC: 122911-34 X86: 122912-34 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-0075 Numeric Errors vulnerability in Apache Tomcat

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0075 Numeric Errors vulnerability 5.0 Apache Tomcat Solaris 10 SPARC: 122911-34 X86: 122912-34 Solaris 11.1 11.1.21.4.1 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in Apache Tomcat

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-3544 Input Validation vulnerability 5.0 Apache Tomcat Solaris 10 SPARC: 122911-34 X86: 122912-34 Solaris 11.1 11.1.19.6.0 CVE-2013-1571 Insufficient Information vulnerability 4.3 CVE-2013-4286 Input Validation vulnerability 5.8 CVE-2013-4322 Input Validation vulnerability 4.3 CVE-2013-4590 Information Disclosure vulnerability 4.3 CVE-2014-0033 Input Validation vulnerability 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in X.Org

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0209 Numeric Errors vulnerability 4.6 X.Org Solaris 10 SPARC: 119059-70 125719-55 X86: 125720-66 119060-69 Solaris 11.1 11.1.21.4.1 CVE-2014-0210 Buffer Errors vulnerability 7.5 CVE-2014-0211 Numeric Errors vulnerability 7.5 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Important announcement about Third Party Bulletin

Dear reader, Beginning January 20, 2015, bulletins announcing patches in third party software that are included in Solaris will be published on the Oracle Technology Network. For more information, please see the Third Party Bulletin. All bulletins published prior to January 20, 2015 will remain on this blog and bulletins will also be updated if new Solaris patch or SRU information becomes available. Thanks, -Ritwik Ghoshal Oracle Security Alerts

Dear reader, Beginning January 20, 2015, bulletins announcing patches in third party software that are included in Solaris will be published on the Oracle Technology Network.For more information,...

Alerts

Multiple vulnerabilities in NTP

CVE Description CVSSv2 Base Score Component Product Resolution CVE-2014-9295 Buffer Error vulnerability CVE-2014-9296 Coding Error vulnerability 7.5 NTP V4 Solaris 11.2 11.2.6.4.0 Solaris 11.1 IDR1583.2 Solaris 10 SPARC: 143725-05 X86: 143726-05 NTP V3 Solaris 10 SPARC: 148881-03 X86: 148882-03 Please log a support request via My Oracle Support to get access to the IDRs. Latest version of NTP shipped with Solaris 10 and Solaris 11.2 is not impacted by CVE-2014-9293 and CVE-2014-9294. Please upgrade to Solaris 11.1 SRU 13.6 to install the Solaris 11.1 IDR. NTP service on Solaris 10 needs to be restarted for the patches to take effect. You can restart the daemon by using # svcadm restart ntp (for NTPv3) or # svcadm restart ntp4 (for NTPv4) NTPv3 is not vulnerable to CVE-2014-9296. Please see http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities for workaround instructions. This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities fixed in Firefox 24.7.0 ESR

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution Multiple CVEs Multiple vulnerabilities 10.0 Firefox Solaris 11.2 11.2.5.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE Description CVSSv2 Base Score Component Product and Resolution Multiple CVEs Multiple vulnerabilities 10.0 Firefox Solaris 11.2 11.2.5.5.0 This notification describes vulnerabilities fixed in...

Alerts

CVE-2014-3707 Information Disclosure vulnerability in Libcurl

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3707 Information Disclosure vulnerability 4.3 Libcurl Solaris 11.2 11.2.5.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in Puppet

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3248 Untrusted search path vulnerability 6.2 Puppet Solaris 11.2 11.2.5.5.0 CVE-2014-3250 Information Leakage vulnerability 3.1 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple Buffer Errors vulnerabilities in Kerberos

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-4341 Buffer Errors vulnerability 5.0 Kerberos Solaris 10 SPARC: 147793-15 X86: 147794-15 Solaris 11.2 11.2.5.5.0 CVE-2014-4342 Buffer Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-2285 Input Validation vulnerability in Net-SNMP

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-2285 Input Validation vulnerability 4.3 Net-SNMP Solaris 11.2 11.2.5.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2012-2141 Denial Of Service(DoS) vulnerability in Net-SNMP

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-2141 Denial Of Service(DoS) vulnerability 3.5 Net-SNMP Solaris 11.2 11.2.5.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3565 Resource Management Errors vulnerability in Net-SNMP

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3565 Resource Management Errors vulnerability 5.0 Net-SNMP Solaris 11.2 11.2.5.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in Jinja2

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0012 Permissions, Privileges, and Access Control vulnerability 4.4 Jinja2 Solaris 11.2 11.2.5.5.0 CVE-2014-1402 Permissions, Privileges, and Access Control vulnerability 4.4 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2012-2142 Arbitrary Code Execution vulnerability in XPDF

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-2142 Arbitrary Code Execution vulnerability 2.6 XPDF Solaris 11.2 11.2.4.6.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in GNU patch utility

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2010-1679 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 6.8 GNU patch utility Solaris 11.2 11.2.4.6.0 CVE-2010-4651 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.8 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3956 Information Disclosure vulnerability in Sendmail

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3956 Information Disclosure vulnerability 1.9 Sendmail Solaris 11.2 11.2.4.6.0 Solaris 10 SPARC: 151074-02 X86: 151075-02 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-4330 Buffer Errors vulnerability in Perl

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-4330 Buffer Errors vulnerability 2.1 Perl Solaris 11.2 11.2.4.6.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE Description CVSSv2 Base Score Component Product and Resolution CVE-2014-4330 Buffer Errors vulnerability 2.1 Perl Solaris 11.2 11.2.4.6.0 This notification describes vulnerabilities fixed in...

Alerts

CVE-2014-3248 Untrusted search path vulnerability in Facter

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3248 Untrusted search path vulnerability 6.2 Facter Solaris 11.2 11.2.4.6.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-6414 Unauthenticated Access vulnerability in OpenStack Neutron

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-6414 Unauthenticated Access vulnerability 4.0 OpenStack Neutron Solaris 11.2 11.2.4.6.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-7144 Cryptographic Issues vulnerability in OpenStack keystonemiddleware

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-7144 Cryptographic Issues vulnerability 4.3 OpenStack keystonemiddleware Solaris 11.2 11.2.4.6.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-2856 Cross-site scripting (XSS) vulnerability in CUPS

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-2856 Cross-site scripting (XSS) vulnerability 4.3 Common Unix Printing System (CUPS) Solaris 11.2 11.2.4.6.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in Nova

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-2573 Permissions, Privileges, and Access Control vulnerability 2.3 OpenStack Compute (Nova) Solaris 11.2 11.2.4.6.0 CVE-2014-3608 Resource Management Errors vulnerability 2.7 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in Wireshark

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-6421 Use-after-free vulnerability 5.0 Wireshark Solaris 11.2 11.2.4.6.0 CVE-2014-6422 Buffer Errors vulnerability 5.0 CVE-2014-6423 Resource Management Errors vulnerability 5.0 CVE-2014-6424 Buffer Errors vulnerability 5.0 CVE-2014-6425 Buffer Errors vulnerability 5.0 CVE-2014-6426 Resource Management Errors vulnerability 5.0 CVE-2014-6427 Buffer Errors vulnerability 5.0 CVE-2014-6428 Buffer Errors vulnerability 5.0 CVE-2014-6429 Input Validation vulnerability 5.0 CVE-2014-6430 Input Validation vulnerability 5.0 CVE-2014-6431 Buffer Errors vulnerability 5.0 CVE-2014-6432 Resource Management Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-4345 Numeric Errors vulnerability in Kerberos

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-4345 Numeric Errors vulnerability 8.5 Kerberos Solaris 10 SPARC: 147793-14 X86: 147794-14 Solaris 11.2 11.2.4.6.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities fixed in NSS 3.16

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-1620 Cryptographic Issues vulnerability 4.3 NSS Solaris 10 SPARC: 119213-30 125358-19 X86: 119214-30 125359-19 Solaris 8 SPARC: 119209-30 125358-19 X86: 125359-19 Solaris 9 SPARC: 119211-30 125358-19 X86: 119212-30 125359-19 CVE-2013-1739 Denial of Service(DOS) vulnerability 5.0 CVE-2013-1740 Cryptographic Issues vulnerability 5.8 CVE-2013-1741 Numeric Errors vulnerability 7.5 CVE-2013-5605 Input Validation vulnerability 7.5 CVE-2013-5606 Permissions, Privileges, and Access Control vulnerability 5.8 CVE-2014-1490 Resource Management Errors vulnerability 5.0 CVE-2014-1491 Cryptographic Issues vulnerability 5.0 CVE-2014-1492 Input Validation vulnerability 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in GnuTLS

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3465 Denial of Service(DoS) vulnerability 5.0 GnuTLS Solaris 11.1 11.1.21.4.1 Solaris 10 SPARC: 123938-04 X86: 123939-04 CVE-2014-3466 Buffer Errors vulnerability 6.8 CVE-2014-3467 Denial of Service(DoS) vulnerability 4.3 CVE-2014-3468 Numeric Errors vulnerability 6.8 CVE-2014-3469 Denial of Service(DoS) vulnerability 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2011-2728 Denial of Service (DoS) vulnerability in Perl

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2728 Denial of Service (DoS) vulnerability 4.3 Perl 5.6 Solaris 10 SPARC: 146032-03 X86: 146033-03 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in Samba

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2522 Cross-Site Request Forgery (CSRF) vulnerability 6.8 Samba Solaris 10 SPARC: 119757-21 X86: 119758-21 CVE-2011-2694 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 2.6 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2011-0465 Improper Input Validation vulnerability in X.Org

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-0465 Improper Input Validation vulnerability 9.3 X.Org Solaris 10 SPARC: 147227-01 X86: 147228-01 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in libpng

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-2690 Buffer Overflow vulnerability 6.8 PNG reference library (libpng) Solaris 10 SPARC: 137080-06 X86: 137081-06 CVE-2011-2691 Denial of Service (Dos) vulnerability 5.0 CVE-2011-2692 Denial of Service (Dos) vulnerability 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2012-3401 Denial of Service vulnerability in libtiff

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-3401 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 6.8 libtiff Solaris 10 SPARC: 119900-16 X86: 119901-15 Solaris 11 11/11 SRU 12.4 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple Denial of Service (DoS) vulnerabilities in FreeType

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-1128 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 FreeType Font Engine Solaris 10 SPARC: 119812-16 X86: 119813-18 Solaris 11 11/11 SRU 8.5 CVE-2012-1126 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0 CVE-2012-1127 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1129 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1130 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1131 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1132 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1133 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1134 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1135 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1136 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1137 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1138 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1139 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1140 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1141 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1142 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 CVE-2012-1143 Numeric Errors vulnerability 4.3 CVE-2012-1144 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2004-1010 Buffer Overflow vulnerability in Zip utility

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2004-1010 Buffer Overflow vulnerability 10.0 Zip Solaris 10 SPARC: 147378-01 X86: 147379-01 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2009-2624 Denial of Service (DoS) vulnerability in Gzip

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2009-2624 Denial of Service (DoS) vulnerability 6.8 Gzip Solaris 10 SPARC: 120719-03 X86: 120720-03 Solaris 11.1 11.1 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in X.org

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-1981 Numeric Errors vulnerability 6.8 X.Org Solaris 10 SPARC: 120201-06 119059-65 125725-03 X86: 119060-64 125720-59 125726-03 120202-07 Solaris 11.1 11.1.8.4.0 CVE-2013-1982 Numeric Errors vulnerability 6.8 CVE-2013-1984 Numeric Errors vulnerability 6.8 CVE-2013-1985 Input Validation vulnerability 6.8 CVE-2013-1995 Buffer Errors vulnerability 6.8 CVE-2013-1996 Buffer Errors vulnerability 6.8 CVE-2013-1997 Buffer Errors vulnerability 6.8 CVE-2013-1998 Buffer Errors vulnerability 6.8 CVE-2013-2002 Numeric Errors vulnerability 6.8 CVE-2013-2004 Buffer Errors vulnerability 6.8 CVE-2013-2005 Buffer Errors vulnerability 6.8 CVE-2013-2062 Numeric Errors vulnerability 6.8 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2012-3410 stack-based buffer overflow vulnerability in Bash

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-3410 Buffer overflow vulnerability 4.6 Bash Solaris 10 SPARC: 126546-04 X86: 126547-04 Solaris 11.1 11.1 Solaris 9 SPARC: 149079-04 X86: 149080-03 Solaris 8 SPARC: 150512-01 X86: 150513-01 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2011-3439 Denial of Service (DoS) vulnerability in FreeType

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-3439 Denial of Service (DoS) vulnerability 9.3 FreeType Font Engine Solaris 10 SPARC: 119812-14 X86: 119813-16 Solaris 11.1 11.1 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2011-3256 Denial of Service (DoS) vulnerability in FreeType 2

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2011-3256 Denial of Service (DoS) vulnerability 4.3 FreeType 2 Library Solaris 10 SPARC: 119812-13 X86: 119813-15 Solaris 11.1 11.1 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3513 Denial Of Service(DoS) vulnerability 5.0 OpenSSL Solaris 11.2 11.2.3.5.0 Solaris 10 SPARC: 148071-15 , 150383-06 X86: 148072-15 CVE-2014-3566 Cryptographic Issues vulnerability 4.3 CVE-2014-3567 Denial Of Service(DoS) vulnerability 4.3 CVE-2014-3568 Cryptographic Issues vulnerability 2.6 Note: This patch/SRU adds TLS_FALLBACK_SCSV support in OpenSSL. Note: Solaris 10 is not affected by CVE-2014-3513. Note: To address CVE-2014-3566, applications using OpenSSL in Solaris for secure communications must disable SSLv3. Note: SPARC: 150383-06 delivers the fix for WAN Boot. This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in Bash

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-6271 OS Command Injections vulnerability 10.0 Bash Solaris 10 SPARC: 126546-07 X86: 126547-07 Solaris 11.2 11.2.2.8.0 Solaris 8 SPARC: 150512-01 X86: 150513-01 Solaris 9 SPARC: 149079-03 X86: 149080-02 CVE-2014-6278 OS Command Injections vulnerability 10.0 CVE-2014-7169 OS Command Injections vulnerability 10.0 CVE-2014-7186 Buffer Errors vulnerability 10.0 CVE-2014-7187 Buffer Errors vulnerability 10.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in Bash

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-6271 OS Command Injections vulnerability 10.0 Bash Solaris 10 SPARC: 126546-08 X86: 126547-08 Solaris 11.2 11.2.5.5.0 CVE-2014-6277 OS Command Injections vulnerability 10.0 CVE-2014-6278 OS Command Injections vulnerability 10.0 CVE-2014-7169 OS Command Injections vulnerability 10.0 CVE-2014-7186 Buffer Errors vulnerability 10.0 CVE-2014-7187 Buffer Errors vulnerability 10.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3618 Buffer Errors vulnerability in Procmail

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3618 Buffer Errors vulnerability 7.5 Procmail Solaris 11.2 11.2.3.4.1 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3621 Information Disclosure vulnerability in OpenStack Identity (Keystone)

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3621 Information Disclosure vulnerability 4.0 OpenStack Identity (Keystone) Solaris 11.2 11.2.3.4.1 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2012-6151 Resource Management Errors vulnerability in Net-SNMP

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-6151 Resource Management Errors vulnerability 4.3 Net-SNMP Solaris 11.2 11.2.3.4.1 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3613 Cookie leak vulnerability in Libcurl

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3613 Cookie leak vulnerability 4.3 Libcurl Solaris 11.2 11.2.3.4.1 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE Description CVSSv2 Base Score Component Product and Resolution CVE-2014-3613 Cookie leak vulnerability 4.3 Libcurl Solaris 11.2 11.2.3.4.1 This notification describes vulnerabilities fixed in...

Alerts

CVE-2014-5461 Buffer Errors vulnerability in Lua

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-5461 Buffer Errors vulnerability 5.0 Lua Solaris 11.2 11.2.3.4.1 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE Description CVSSv2 Base Score Component Product and Resolution CVE-2014-5461 Buffer Errors vulnerability 5.0 Lua Solaris 11.2 11.2.3.4.1 This notification describes vulnerabilities fixed in...

Alerts

CVE-2014-3517 Information Disclosure vulnerability in OpenStack Compute (Nova)

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3517 Information Disclosure vulnerability 4.3 OpenStack Compute (Nova) Solaris 11.2 11.2.3.4.1 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in WAN Boot

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3508 Information Disclosure vulnerability 4.3 WAN Boot Solaris 10 SPARC: 150383-05 CVE-2014-3511 Cryptographic Issues vulnerability 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2003-1294 Symlink attack vulnerability in Xscreensaver

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2003-1294 Symlink attack vulnerability 2.1 Xscreensaver Solaris 10 SPARC: 120094-36 X86: 120095-36 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2009-2409 Cryptographic Issues in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2009-2409 Cryptographic Issues vulnerability 5.1 OpenSSL Solaris 10 SPARC: 147707-02 X86: 146672-03 Solaris 9 SPARC: 117123-12 Please note: SPARC: 147707-02 X86: 148072-13 deliver the fix for OpenSSL (SUNWcry and SUNWopenssl-packages). SPARC: 117123-12 deliver the fix for WAN Boot (SUNWwbsup and SUNWcakr-packages). This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3511 Cryptographic vulnerability in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3511 Cryptographic vulnerability 4.3 OpenSSL Solaris 11.2 11.2.2.5.0 Solaris 10 SPARC: 148071-14 X86: 148072-14 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple Denial Of Service(DoS) vulnerabilities in Apache HTTP Server

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-4352 Denial Of Service(DoS) vulnerability 4.3 Apache HTTP Server Solaris 11.2 11.2.2.5.0 Solaris 10 SPARC: 120543-35 X86: 120544-35 CVE-2014-0117 Denial Of Service(DoS) vulnerability 4.3 CVE-2014-0118 Denial Of Service(DoS) vulnerability 4.3 CVE-2014-0226 Denial Of Service(DoS) vulnerability 6.8 CVE-2014-0231 Denial Of Service(DoS) vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3508 Information Disclosure vulnerability in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3508 Information Disclosure vulnerability 4.3 OpenSSL Solaris 10 SPARC: 148071-14 X86: 148072-14 Solaris 11.2 11.2.2.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-0224 Cryptographic Issues vulnerability in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0224 Cryptographic Issues vulnerability 6.8 OpenSSL Solaris 11.1 11.1.20.5.0 Solaris 10 SPARC: 150383-03 148071-13 X86: 148072-13 Solaris 9 SPARC: 117123-12 Please note: SPARC: 148071-13 X86: 148072-13 deliver the fix for OpenSSL (SUNWcry and SUNWopenssl-packages). SPARC: 150383-03 and 117123-12 deliver the fix for WAN Boot (SUNWwbsup and SUNWcakr-packages). This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-0224 Cryptographic Issues vulnerability in WAN Boot

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0224 Cryptographic Issues vulnerability 6.8 WAN Boot Solaris 10 SPARC: 150383-03 Solaris 11.1 11.1.20.5.0 Solaris 9 SPARC: 117123-12 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2013-4396 Use-after-free vulnerability in X.Org

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-4396 Use-after-free vulnerability 6.5 X.Org Solaris 10 SPARC: 125719-54 X86: 125720-65 Solaris 11.1 11.1.17.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities fixed in Firefox 24.2.0 ESR

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution Multiple CVEs Multiple vulnerabilities 10 Firefox Solaris 10 SPARC: 145080-14 X86: 145081-13 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-5356 Permissions, Privileges, and Access Control vulnerability in OpenStack Glance

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-5356 Permissions, Privileges, and Access Control vulnerability 4.0 OpenStack Glance Solaris 11.2 11.2.2.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3594 Cross-site scripting (XSS) vulnerability vulnerability in OpenStack Horizon

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3594 Cross-site scripting (XSS) vulnerability vulnerability 3.5 OpenStack Horizon Solaris 11.2 11.2.2.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3589 Input Validation vulnerability in Python Imaging Library (PIL)

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3589 Input Validation vulnerability 5.0 Python Imaging Library (PIL) Solaris 11.2 11.2.2.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE Description CVSSv2 Base Score Component Product and Resolution CVE-2014-3589 Input Validation vulnerability 5.0 Python Imaging Library (PIL) Solaris 11.2 11.2.2.5.0 This notification describes...

Alerts

Multiple Buffer Errors vulnerabilities in Wireshark

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-5161 Buffer Errors vulnerability 5.0 Wireshark Solaris 11.2 11.2.2.5.0 CVE-2014-5162 Buffer Errors vulnerability 5.0 CVE-2014-5163 Buffer Errors vulnerability 5.0 CVE-2014-5164 Buffer Errors vulnerability 5.0 CVE-2014-5165 Buffer Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in Net-SNMP

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2012-6151 Resource Management Errors vulnerability 4.3 Net-SNMP Solaris 11.2 11.2.2.5.0 CVE-2014-2310 Input Validation vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-5139 Denial Of Service(DoS) vulnerability in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-5139 Denial Of Service(DoS) vulnerability 4.3 OpenSSL Solaris 11.2 11.2.2.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3509 Race Conditions vulnerability in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3509 Race Conditions vulnerability 6.8 OpenSSL Solaris 11.2 11.2.2.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3505 Denial Of Service(DoS) vulnerability in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3505 Denial Of Service(DoS) vulnerability 5.0 OpenSSL Solaris 11.2 11.2.2.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3506 Resource Management Errors vulnerability in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3506 Resource Management Errors vulnerability 5.0 OpenSSL Solaris 11.2 11.2.2.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3507 Resource Management Errors vulnerability in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3507 Resource Management Errors vulnerability 5.0 OpenSSL Solaris 11.2 11.2.2.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3510 Denial Of Service(DoS) vulnerability in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3510 Denial Of Service(DoS) vulnerability 4.3 OpenSSL Solaris 11.2 11.2.2.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3512 Buffer Errors vulnerability in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3512 Buffer Errors vulnerability 7.5 OpenSSL Solaris 11.2 11.2.2.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-0178 Information Disclosure vulnerability in Samba

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0178 Information Disclosure vulnerability 3.5 Samba Solaris 11.2 11.2.2.5.0 Solaris 10 SPARC: 119757-33 X86: 119758-33 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-0092 Cryptographic Issues vulnerability in GnuTLS

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0092 Cryptographic Issues vulnerability 5.8 GnuTLS Solaris 10 SPARC: 123938-03 X86: 123939-03 Solaris 11.1 11.1.18.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple Input Validation vulnerabilities in Apache HTTP Server

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-6438 Input Validation vulnerability 5.0 Apache HTTP Server Solaris 10 SPARC: 120543-34 X86: 120544-34 Solaris 11.1 11.1.19.6.0 CVE-2014-0098 Input Validation vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in Samba

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0244 Input Validation vulnerability 3.3 Samba Solaris 11.2 11.2.1.5.0 Solaris 10 SPARC: 119757-33 X86: 119758-33 CVE-2014-3493 Buffer Errors vulnerability 2.7 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2013-0900 Race Conditions vulnerability in ICU

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-0900 Race Conditions vulnerability 6.8 International Components for Unicode (ICU) Solaris 10 SPARC: 119810-08 X86: 119811-08 Solaris 11.1 11.1.16.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple cross-site scripting (XSS) vulnerabilities in OpenStack Horizon

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3473 cross-site scripting (XSS) vulnerability 4.3 OpenStack Horizon Solaris 11.2 11.2.1.5.0 CVE-2014-3474 cross-site scripting (XSS) vulnerability 4.3 CVE-2014-3475 cross-site scripting (XSS) vulnerability 4.3 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-4020 Numeric Errors vulnerability in Wireshark

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-4020 Numeric Errors vulnerability 4.3 Wireshark Solaris 11.2 11.2.1.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-3520 Privilege Escalation vulnerability in OpenStack Keystone

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-3520 Privilege Escalation vulnerability 3.5 OpenStack Identity (Keystone) Solaris 11.2 11.2.1.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2014-0191 Denial of Service(DOS) vulnerability in Libxml2

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0191 Denial of Service(DOS) vulnerability null Libxml2 Solaris 11.2 11.2.1.5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2013-1620 Lucky Thirteen vulnerability in NSS

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-1620 Cryptographic Issues vulnerability 4.3 NSS Solaris 10 SPARC: 119213-29 125358-18 X86: 119214-29 125359-18 Solaris 11.1 11.1.20.5.0 Solaris 8 SPARC: 119209-29 125358-18 X86: 125359-18 Solaris 9 SPARC: 119211-29 125358-18 X86: 119212-29 125359-18 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2013-1969 Resource Management Errors vulnerability in Libxml2

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-1969 Resource Management Errors vulnerability 7.5 Libxml2 Solaris 11.2 11.2 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

CVE-2013-4276 Buffer Errors vulnerability in LittleCMS

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-4276 Buffer Errors vulnerability 4.3 LittleCMS Solaris 11.2 11.2 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE Description CVSSv2 Base Score Component Product and Resolution CVE-2013-4276 Buffer Errors vulnerability 4.3 LittleCMS Solaris 11.2 11.2 This notification describes vulnerabilities fixed in...

Alerts

Multiple Buffer Errors vulnerabilities in ImageMagick

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-1947 Buffer Errors vulnerability 6.8 ImageMagick Solaris 11.2 11.2 CVE-2014-1958 Buffer Errors vulnerability 6.8 CVE-2014-2030 Buffer Errors vulnerability 6.8 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in Puppet

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-4761 Arbitrary Code Execution vulnerability 5.1 Puppet Solaris 11.2 11.2 CVE-2013-4956 Permissions, Privileges, and Access Control vulnerability 3.6 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in Django

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0472 Code Injection vulnerability 5.1 Django Solaris 11.2 11.2 CVE-2014-0473 Permissions, Privileges, and Access Control vulnerability 5.0 CVE-2014-0474 Resource Management Errors vulnerability 10.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE Description CVSSv2 Base Score Component Product and Resolution CVE-2014-0472 Code Injection vulnerability 5.1 Django Solaris 11.2 11.2 CVE-2014-0473Permissions, Privileges, and Access Control...

Alerts

CVE-2013-0913 Numeric Errors vulnerability in Direct Rendering Manager (DRM) i915 driver

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2013-0913 Numeric Errors vulnerability 7.2 Direct Rendering Manager (DRM) i915 driver Solaris 11.2 11.2 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Alerts

Multiple vulnerabilities in OpenSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution CVE-2014-0076 Cryptographic Issues vulnerability 4.3 OpenSSL Solaris 11.2 11.2 CVE-2014-0160 Buffer Errors vulnerability 5.0 This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Oracle