Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-07-20 | CVE-2011-0822 | Unspecified vulnerability in Oracle Database Server and Enterprise Manager Grid Control Unspecified vulnerability in the Streams, AQ & Replication Mgmt component in Oracle Database Server 10.1.0.5 and 10.2.0.3, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. network oracle | 6.8 |
| 2011-07-20 | CVE-2011-0816 | CMDB Metadata & Instance APIs vulnerability in Oracle Enterprise Manager Grid Control Unspecified vulnerability in the CMDB Metadata & Instance APIs component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2011-07-20 | CVE-2011-0811 | Local Enterprise Config Management vulnerability in Oracle Database Server Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5, allows local users to affect confidentiality via unknown vectors. | 4.9 |
| 2011-07-19 | CVE-2011-0227 | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. | 7.2 |
| 2011-07-19 | CVE-2011-0226 | Numeric Errors vulnerability in multiple products Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. | 9.3 |
| 2011-07-19 | CVE-2011-2780 | Path Traversal vulnerability in Chyrp 2.0 Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2011-07-19 | CVE-2011-2779 | Permissions, Privileges, and Access Controls vulnerability in HP products Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770. | 3.6 |
| 2011-07-19 | CVE-2011-2743 | Cross-Site Scripting vulnerability in Chyrp 2.0/2.1 Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php. | 4.3 |
| 2011-07-19 | CVE-2011-2744 | Path Traversal vulnerability in Chyrp 2.0/2.1 Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI. | 6.8 |
| 2011-07-19 | CVE-2011-2528 | Remote Security vulnerability in Zope Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720. | 7.5 |