Tuesday Dec 16, 2014

Multiple vulnerabilities in Puppet

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-3248 Untrusted search path vulnerability 6.2 Puppet
Solaris 11.2 11.2.5.5.0
CVE-2014-3250 Information Leakage vulnerability 3.1

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple Buffer Errors vulnerabilities in Kerberos

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-4341 Buffer Errors vulnerability 5.0 Kerberos
Solaris 10 SPARC: 147793-15 X86: 147794-15
Solaris 11.2 11.2.5.5.0
CVE-2014-4342 Buffer Errors vulnerability 5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-2285 Input Validation vulnerability in Net-SNMP

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-2285 Input Validation vulnerability 4.3 Net-SNMP
Solaris 11.2 11.2.5.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-2141 Denial Of Service(DoS) vulnerability in Net-SNMP

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2141 Denial Of Service(DoS) vulnerability 3.5 Net-SNMP
Solaris 11.2 11.2.5.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-3565 Resource Management Errors vulnerability in Net-SNMP

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-3565 Resource Management Errors vulnerability 5.0 Net-SNMP
Solaris 11.2 11.2.5.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Jinja2

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-0012 Permissions, Privileges, and Access Control vulnerability 4.4 Jinja2
Solaris 11.2 11.2.5.5.0
CVE-2014-1402 Permissions, Privileges, and Access Control vulnerability 4.4

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Thursday Nov 20, 2014

CVE-2012-2142 Arbitrary Code Execution vulnerability in XPDF

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2142 Arbitrary Code Execution vulnerability 2.6 XPDF
Solaris 11.2 11.2.4.6.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in GNU patch utility

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2010-1679 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 6.8 GNU patch utility
Solaris 11.2 11.2.4.6.0
CVE-2010-4651 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.8

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-3956 Information Disclosure vulnerability in Sendmail

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-3956 Information Disclosure vulnerability 1.9 Sendmail
Solaris 11.2 11.2.4.6.0
Solaris 10 SPARC: 151074-02 X86: 151075-02

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-4330 Buffer Errors vulnerability in Perl

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-4330 Buffer Errors vulnerability 2.1 Perl
Solaris 11.2 11.2.4.6.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Categories
Archives
« July 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
       
Today