Thursday Nov 20, 2014

Multiple vulnerabilities in Wireshark

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-6421 Use-after-free vulnerability 5.0 Wireshark
Solaris 11.2 11.2.4.6.0
CVE-2014-6422 Buffer Errors vulnerability 5.0
CVE-2014-6423 Resource Management Errors vulnerability 5.0
CVE-2014-6424 Buffer Errors vulnerability 5.0
CVE-2014-6425 Buffer Errors vulnerability 5.0
CVE-2014-6426 Resource Management Errors vulnerability 5.0
CVE-2014-6427 Buffer Errors vulnerability 5.0
CVE-2014-6428 Buffer Errors vulnerability 5.0
CVE-2014-6429 Input Validation vulnerability 5.0
CVE-2014-6430 Input Validation vulnerability 5.0
CVE-2014-6431 Buffer Errors vulnerability 5.0
CVE-2014-6432 Resource Management Errors vulnerability 5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-4345 Numeric Errors vulnerability in Kerberos

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-4345 Numeric Errors vulnerability 8.5 Kerberos
Solaris 10 SPARC: 147793-14 X86: 147794-14
Solaris 11.2 11.2.4.6.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities fixed in NSS 3.16

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1620 Cryptographic Issues vulnerability 4.3 NSS
Solaris 10 SPARC: 119213-30 125358-19 X86: 119214-30 125359-19
Solaris 8 SPARC: 119209-30 125358-19 X86: 125359-19
Solaris 9 SPARC: 119211-30 125358-19 X86: 119212-30 125359-19
CVE-2013-1739 Denial of Service(DOS) vulnerability 5.0
CVE-2013-1740 Cryptographic Issues vulnerability 5.8
CVE-2013-1741 Numeric Errors vulnerability 7.5
CVE-2013-5605 Input Validation vulnerability 7.5
CVE-2013-5606 Permissions, Privileges, and Access Control vulnerability 5.8
CVE-2014-1490 Resource Management Errors vulnerability 5.0
CVE-2014-1491 Cryptographic Issues vulnerability 5.0
CVE-2014-1492 Input Validation vulnerability 4.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in GnuTLS

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-3465 Denial of Service(DoS) vulnerability 5.0 GnuTLS
Solaris 11.1 11.1.21.4.1
Solaris 10 SPARC: 123938-04 X86: 123939-04
CVE-2014-3466 Buffer Errors vulnerability 6.8
CVE-2014-3467 Denial of Service(DoS) vulnerability 4.3
CVE-2014-3468 Numeric Errors vulnerability 6.8
CVE-2014-3469 Denial of Service(DoS) vulnerability 4.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Friday Nov 07, 2014

CVE-2011-2728 Denial of Service (DoS) vulnerability in Perl

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-2728 Denial of Service (DoS) vulnerability 4.3 Perl 5.6
Solaris 10 SPARC: 146032-03 X86: 146033-03

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Samba

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-2522 Cross-Site Request Forgery (CSRF) vulnerability 6.8 Samba
Solaris 10 SPARC: 119757-21 X86: 119758-21
CVE-2011-2694 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 2.6

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2011-0465 Improper Input Validation vulnerability in X.Org

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-0465 Improper Input Validation vulnerability 9.3 X.Org
Solaris 10 SPARC: 147227-01 X86: 147228-01

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in libpng

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-2690 Buffer Overflow vulnerability 6.8 PNG reference library (libpng)
Solaris 10 SPARC: 137080-06 X86: 137081-06
CVE-2011-2691 Denial of Service (Dos) vulnerability 5.0
CVE-2011-2692 Denial of Service (Dos) vulnerability 4.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-3401 Denial of Service vulnerability in libtiff

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-3401 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 6.8 libtiff
Solaris 10 SPARC: 119900-16 X86: 119901-15
Solaris 11 11/11 SRU 12.4

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple Denial of Service (DoS) vulnerabilities in FreeType

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-1128 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3 FreeType Font Engine
Solaris 10 SPARC: 119812-16 X86: 119813-18
Solaris 11 11/11 SRU 8.5
CVE-2012-1126 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0
CVE-2012-1127 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1129 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1130 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1131 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1132 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1133 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1134 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1135 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1136 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1137 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1138 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1139 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1140 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1141 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1142 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1143 Numeric Errors vulnerability 4.3
CVE-2012-1144 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Categories
Archives
« April 2015
SunMonTueWedThuFriSat
   
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
  
       
Today