Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Solaris
(Oracle)| Repositories |
• https://github.com/ImageMagick/ImageMagick
• https://github.com/krb5/krb5 • https://github.com/torvalds/linux • https://github.com/newsoft/libvncserver • https://github.com/wireshark/wireshark |
| #Vulnerabilities | 544 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-06-09 | CVE-2015-3330 | The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8, when the Apache HTTP Server 2.4.x is used, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via pipelined HTTP requests that result in a "deconfigured interpreter." | Mac_os_x, Linux, Solaris, Php, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_hpc_node, Enterprise_linux_hpc_node_eus, Enterprise_linux_server, Enterprise_linux_server_eus, Enterprise_linux_workstation | N/A | ||
| 2015-07-20 | CVE-2015-0253 | The read_request_line function in server/protocol.c in the Apache HTTP Server 2.4.12 does not initialize the protocol structure member, which allows remote attackers to cause a denial of service (NULL pointer dereference and process crash) by sending a request that lacks a method to an installation that enables the INCLUDES filter and has an ErrorDocument 400 directive specifying a local URI. | Http_server, Mac_os_x, Mac_os_x_server, Linux, Solaris | N/A | ||
| 2015-07-22 | CVE-2015-4651 | The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.12.x before 1.12.6 does not properly determine whether enough memory is available for storing IP address strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | Debian_linux, Solaris, Wireshark | N/A | ||
| 2015-07-23 | CVE-2015-1270 | The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file. | Debian_linux, Chrome, Opensuse, Solaris, Enterprise_linux_desktop_supplementary, Enterprise_linux_server_supplementary, Enterprise_linux_server_supplementary_eus, Enterprise_linux_workstation_supplementary | N/A | ||
| 2015-07-23 | CVE-2015-1283 | Multiple integer overflows in the XML_GetBuffer function in Expat through 2.1.0, as used in Google Chrome before 44.0.2403.89 and other products, allow remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via crafted XML data, a related issue to CVE-2015-2716. | Ubuntu_linux, Debian_linux, Chrome, Libexpat, Leap, Opensuse, Solaris, Python, Linux_enterprise_debuginfo, Linux_enterprise_desktop, Linux_enterprise_server, Linux_enterprise_software_development_kit, Studio_onsite | N/A | ||
| 2015-08-24 | CVE-2015-6241 | The proto_tree_add_bytes_item function in epan/proto.c in the protocol-tree implementation in Wireshark 1.12.x before 1.12.7 does not properly terminate a data structure after a failure to locate a number within a string, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | Solaris, Wireshark | N/A | ||
| 2015-08-24 | CVE-2015-6242 | The wmem_block_split_free_chunk function in epan/wmem/wmem_allocator_block.c in the wmem block allocator in the memory manager in Wireshark 1.12.x before 1.12.7 does not properly consider a certain case of multiple realloc operations that restore a memory chunk to its original size, which allows remote attackers to cause a denial of service (incorrect free operation and application crash) via a crafted packet. | Solaris, Wireshark | N/A | ||
| 2015-08-24 | CVE-2015-6243 | The dissector-table implementation in epan/packet.c in Wireshark 1.12.x before 1.12.7 mishandles table searches for empty strings, which allows remote attackers to cause a denial of service (application crash) via a crafted packet, related to the (1) dissector_get_string_handle and (2) dissector_get_default_string_handle functions. | Linux, Solaris, Wireshark | N/A | ||
| 2015-08-24 | CVE-2015-6244 | The dissect_zbee_secure function in epan/dissectors/packet-zbee-security.c in the ZigBee dissector in Wireshark 1.12.x before 1.12.7 improperly relies on length fields contained in packet data, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | Linux, Solaris, Wireshark | N/A | ||
| 2015-08-24 | CVE-2015-6245 | epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in Wireshark 1.12.x before 1.12.7 uses incorrect integer data types, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet. | Linux, Solaris, Wireshark | N/A |