Weekly Vulnerabilities Reports > October 11 to 17, 2010
Overview
125 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 9 high severity vulnerabilities. This weekly summary report vulnerabilities in 44 products from 15 vendors including Oracle, Microsoft, Infradead, Cisco, and Redhat. Vulnerabilities are notably categorized as "Improper Input Validation", "Code Injection", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Resource Management Errors".
- 102 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 82 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 78 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 25 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
31 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-10-14 | CVE-2010-3509 | Oracle | Remote Buffer Overflow vulnerability in Oracle Solaris 10/8/9 Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scheduler. | 10.0 |
| 2010-10-12 | CVE-2010-3085 | David Shadoff | Code Injection vulnerability in David Shadoff Mednafen The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues. | 10.0 |
| 2010-10-13 | CVE-2010-3326 | Microsoft | Code Injection vulnerability in Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3242 | Microsoft | Improper Input Validation vulnerability in Microsoft Excel, Office and Open XML File Format Converter Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3241 | Microsoft | Improper Input Validation vulnerability in Microsoft Excel, Office and Open XML File Format Converter Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3240 | Microsoft | Improper Input Validation vulnerability in Microsoft Excel, Excel Viewer and Office Compatibility Pack Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Real Time Data Array Record Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3239 | Microsoft | Improper Input Validation vulnerability in Microsoft Excel 2002 Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3238 | Microsoft | Improper Input Validation vulnerability in Microsoft Excel and Office Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3237 | Microsoft | Improper Input Validation vulnerability in Microsoft Excel and Office Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3236 | Microsoft | Improper Input Validation vulnerability in Microsoft Excel, Office and Open XML File Format Converter Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3235 | Microsoft | Improper Input Validation vulnerability in Microsoft Excel 2002 Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3234 | Microsoft | Improper Input Validation vulnerability in Microsoft Excel 2002 Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3233 | Microsoft | Improper Input Validation vulnerability in Microsoft Excel 2002/2003 Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3232 | Microsoft | Improper Input Validation vulnerability in Microsoft products Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Excel Viewer SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2 do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel File Format Parsing Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3231 | Microsoft | Improper Input Validation vulnerability in Microsoft Excel, Office and Open XML File Format Converter Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3230 | Microsoft | Numeric Errors vulnerability in Microsoft Excel 2002 Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3221 | Microsoft | Code Injection vulnerability in Microsoft Office, Word and Word Viewer Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3220 | Microsoft | Code Injection vulnerability in Microsoft Office and Word Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3219 | Microsoft | Code Injection vulnerability in Microsoft Word 2002 Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3218 | Microsoft | Code Injection vulnerability in Microsoft Word 2002 Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3217 | Microsoft | Resource Management Errors vulnerability in Microsoft Word 2002 Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3216 | Microsoft | Code Injection vulnerability in Microsoft Office and Word Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3215 | Microsoft | Code Injection vulnerability in Microsoft Office and Word Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-3214 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; Word Viewer; Office Web Apps; and Word Web App allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Stack Overflow Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-2750 | Microsoft | Code Injection vulnerability in Microsoft Office and Word Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-2748 | Microsoft | Code Injection vulnerability in Microsoft Office and Word Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability." | 9.3 |
| 2010-10-13 | CVE-2010-2747 | Microsoft | Code Injection vulnerability in Microsoft Office and Word Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability." | 9.3 |
| 2010-10-14 | CVE-2010-3585 | Oracle | Remote Code Execution vulnerability in Oracle VM 2.2.1 Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. | 9.0 |
| 2010-10-14 | CVE-2010-3583 | Oracle | Remote Command Execution vulnerability in Oracle VM 2.2.1 Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. | 9.0 |
| 2010-10-14 | CVE-2010-3582 | Oracle | Remote OracleVM vulnerability in Oracle VM 2.2.1 Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. | 9.0 |
| 2010-10-14 | CVE-2010-3578 | Oracle | Depot Server Remote vulnerability in Oracle OpenSolaris Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Depot Server. | 9.0 |
9 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-10-13 | CVE-2010-3328 | Microsoft | Use After Free vulnerability in Microsoft Internet Explorer 6/7/8 Use-after-free vulnerability in the CAttrArray::PrivateFind function in mshtml.dll in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code by setting an unspecified property of a stylesheet object, aka "Uninitialized Memory Corruption Vulnerability." | 8.8 |
| 2010-10-14 | CVE-2010-2601 | RIM | Buffer Errors vulnerability in RIM products Multiple buffer overflows in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.7 and earlier and 5.0.0 through 5.0.2, and BlackBerry Professional Software 4.1.4 and earlier, allow user-assisted remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted PDF document. | 7.6 |
| 2010-10-14 | CVE-2010-3076 | Blentz | SQL Injection vulnerability in Blentz Smbind The filter function in php/src/include.php in Simple Management for BIND (aka smbind) before 0.4.8 does not anchor a certain regular expression, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via the username parameter to the admin login page. | 7.5 |
| 2010-10-14 | CVE-2010-2390 | Oracle | Remote EM Console vulnerability in Oracle products Unspecified vulnerability in the Database Control component in EM Console in Oracle Database Server 10.1.0.5 and 10.2.0.3, Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3, and Enterprise Manager Grid Control allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 7.5 |
| 2010-10-13 | CVE-2010-3223 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows Server 2008 R2 The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability." | 7.5 |
| 2010-10-13 | CVE-2010-3222 | Microsoft | Buffer Errors vulnerability in Microsoft Windows Server 2003 and Windows XP Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability." | 7.2 |
| 2010-10-13 | CVE-2010-2741 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability." | 7.2 |
| 2010-10-13 | CVE-2010-2740 | Microsoft | Permissions, Privileges, and Access Controls vulnerability in Microsoft products The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability." | 7.2 |
| 2010-10-12 | CVE-2010-3110 | Novell Opensuse | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in the Novell Client novfs module for the Linux kernel in SUSE Linux Enterprise 11 SP1 and openSUSE 11.3 allow local users to gain privileges via unspecified vectors. | 7.2 |
71 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-10-14 | CVE-2010-3934 | RIM | Permissions, Privileges, and Access Controls vulnerability in RIM Blackberry Device Software 5.0.0.593 The browser in Research In Motion (RIM) BlackBerry Device Software 5.0.0.593 Platform 5.1.0.147 on the BlackBerry 9700 does not properly restrict cross-domain execution of JavaScript, which allows remote attackers to bypass the Same Origin Policy via vectors related to a window.open call and an IFRAME element. | 6.8 |
| 2010-10-14 | CVE-2010-3507 | Oracle | Local vulnerability in Oracle Solaris 10/8/9 Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Live Upgrade. | 6.6 |
| 2010-10-14 | CVE-2010-2419 | Oracle | Java SecurityManager vulnerability in Oracle Database Server Unspecified vulnerability in the Java Virtual Machine component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 6.5 |
| 2010-10-14 | CVE-2010-3579 | Oracle | Webmail Remote Security vulnerability in Oracle Sun Convergence Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. | 6.4 |
| 2010-10-14 | CVE-2010-3577 | Oracle | Kernel/CIFS Remote vulnerability in Oracle Open Solaris Unspecified vulnerability in Oracle OpenSolaris allows remote attackers to affect confidentiality and integrity, related to Kernel/CIFS. | 6.4 |
| 2010-10-14 | CVE-2010-3575 | Oracle | Remote vulnerability in Oracle Oracle Communications Messaging Server Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 6.0, 6.2, 6.3, and 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Mail. | 6.4 |
| 2010-10-14 | CVE-2010-3564 | Oracle | Webmail Remote vulnerability in Oracle SUN products Suite 7.0 Unspecified vulnerability in the Oracle Communications Messaging Server (Sun Java System Messaging Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Webmail. | 6.4 |
| 2010-10-14 | CVE-2010-3901 | Infradead | Improper Input Validation vulnerability in Infradead Openconnect OpenConnect before 2.25 does not properly validate X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary AnyConnect SSL VPN servers via a crafted server certificate that (1) does not correspond to the server hostname or (2) is presented in circumstances involving a missing --cafile configuration option. | 6.4 |
| 2010-10-14 | CVE-2010-3503 | Oracle | Local NULL Pointer vulnerability in Oracle Opensolaris and Solaris Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect confidentiality and integrity via unknown vectors related to su. | 6.3 |
| 2010-10-14 | CVE-2010-3500 | Oracle | Remote Siebel Core - Highly Interactive Client vulnerability in Oracle Siebel Suite Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-2405. | 6.0 |
| 2010-10-14 | CVE-2010-2405 | Oracle | Remote Siebel Core - Highly Interactive Client vulnerability in Oracle Siebel Suite Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-3500. | 6.0 |
| 2010-10-14 | CVE-2010-3546 | Oracle | Remote vulnerability in Oracle SUN products Suite 8.1 Unspecified vulnerability in the Sun Java System Identity Manager component in Oracle Sun Products Suite 8.1 allows remote attackers to affect confidentiality and integrity via unknown vectors. | 5.8 |
| 2010-10-14 | CVE-2010-3545 | Oracle | Administration Remote vulnerability in Oracle SUN products Suite 7.0 Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration. | 5.8 |
| 2010-10-14 | CVE-2010-3544 | Oracle | Administration Remote vulnerability in Oracle SUN products Suite 7.0 Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0 allows remote attackers to affect integrity and availability via unknown vectors related to Administration. | 5.8 |
| 2010-10-14 | CVE-2010-3312 | Gnome | Remote Security vulnerability in Epiphany 2.28/2.29 Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, unconditionally displays a closed-lock icon for any URL beginning with the https: substring, without any warning to the user, which allows man-in-the-middle attackers to spoof arbitrary https web sites via a crafted X.509 server certificate. | 5.8 |
| 2010-10-14 | CVE-2010-2388 | Oracle | Remote Oracle Applications Manager vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. | 5.8 |
| 2010-10-14 | CVE-2010-3547 | Oracle | Remote PeopleSoft ESA - EX vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1 Unspecified vulnerability in the PeopleSoft FMS ESA - EX component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3539 | Oracle | Remote vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2010-3538. | 5.5 |
| 2010-10-14 | CVE-2010-3538 | Oracle | Remote FMS - GL vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2010-3539. | 5.5 |
| 2010-10-14 | CVE-2010-3537 | Oracle | Remote FMS - AM vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3536 | Oracle | Remote PeopleSoft Enterprise SCM vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3533 | Oracle | Remote vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise SCM OM and CRM Order Capture component in Oracle PeopleSoft and JDEdwards Suite 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3532 | Oracle | Remote Order Capture vulnerability in Oracle PeopleSoft Enterprise CRM Unspecified vulnerability in the PeopleSoft Enterprise CRM - Order Capture component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #28 and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3531 | Oracle | Remote PeopleSoft Enterprise FMS ESA - RM vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise FMS ESA - RM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3530 | Oracle | Remote PeopleSoft Enterprise HCM - HR vulnerability in Oracle PeopleSoft Unspecified vulnerability in the PeopleSoft Enterprise HCM - HR component in Oracle PeopleSoft and JDEdwards Suite 9.0 Bundle #13 and 9.1 Bundle #3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3529 | Oracle | Remote FMS - Cash Management vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise FMS - Cash Management component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3527 | Oracle | Remote FMS - AM vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect integrity and availability via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3526 | Oracle | Remote PeopleSoft Enterprise SCM - PO vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise SCM - PO component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3525 | Oracle | Remote vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1 Unspecified vulnerability in the (1) PeopleSoft Enterprise FMS, (2) SCM, (3) EPM, (4) CRM, and (5) Campus Solutions components in Oracle PeopleSoft and JDEdwards Suite 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3524 | Oracle | Remote vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise SCM - Strategic Sourcing component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #38, 9.0 Bundle #31, and 9.1 Bundle #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3521 | Oracle | Remote PeopleSoft Enterprise HCM ePay vulnerability in Oracle PeopleSoft Unspecified vulnerability in the PeopleSoft Enterprise HCM ePay component in Oracle PeopleSoft and JDEdwards Suite 9.0 to Payroll Update 10-C and 9.1 to Payroll Update 10-C allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3520 | Oracle | Remote PeopleSoft Enterprise HCM - GP France vulnerability in Oracle PeopleSoft Unspecified vulnerability in the PeopleSoft Enterprise HCM - GP France component in Oracle PeopleSoft and JDEdwards Suite 8.81 SP1 Bundle #12, 8.9 GP Update 2010-E, 9.0 GP Update 2010-E, and 9.1 GP Update 2010-E allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3518 | Oracle | Remote PeopleSoft Enterprise HCM GP - Japan vulnerability in Oracle PeopleSoft Unspecified vulnerability in the PeopleSoft Enterprise HCM GP - Japan component in Oracle PeopleSoft and JDEdwards Suite 8.81 SP1 Bundle #13, 8.9 GP Update 2010-E, 9.0 GP Update 2010-E, and 9.1 GP Update 2010-E allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-2412 | Oracle | Remote OLAP vulnerability in Oracle Database Server 11.1.0.7 Unspecified vulnerability in the OLAP component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
| 2010-10-14 | CVE-2010-3523 | Oracle | Remote vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.49.28/8.50.12 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote attackers to affect integrity via unknown vectors. | 5.0 |
| 2010-10-14 | CVE-2010-3903 | Infradead | Denial-Of-Service vulnerability in Openconnect Unspecified vulnerability in OpenConnect before 2.23 allows remote AnyConnect SSL VPN servers to cause a denial of service (application crash) via a 404 HTTP status code. | 5.0 |
| 2010-10-14 | CVE-2010-3902 | Infradead | Information Exposure vulnerability in Infradead Openconnect OpenConnect before 2.26 places the webvpn cookie value in the debugging output, which might allow remote attackers to obtain sensitive information by reading this output, as demonstrated by output posted to the public openconnect-devel mailing list. | 5.0 |
| 2010-10-14 | CVE-2010-3192 | GNU | Information Exposure vulnerability in GNU Glibc Certain run-time memory protection mechanisms in the GNU C Library (aka glibc or libc6) print argv[0] and backtrace information, which might allow context-dependent attackers to obtain sensitive information from process memory by executing an incorrect program, as demonstrated by a setuid program that contains a stack-based buffer overflow error, related to the __fortify_fail function in debug/fortify_fail.c, and the __stack_chk_fail (aka stack protection) and __chk_fail (aka FORTIFY_SOURCE) implementations. | 5.0 |
| 2010-10-14 | CVE-2010-3071 | Duckcorp | Remote Denial Of Service vulnerability in Bip `bip_on_event()` NULL Pointer Dereference bip before 0.8.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an empty USER command. | 5.0 |
| 2010-10-14 | CVE-2009-5009 | Infradead | Resource Management Errors vulnerability in Infradead Openconnect Double free vulnerability in OpenConnect before 1.40 might allow remote AnyConnect SSL VPN servers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted DTLS Cipher option during a reconnect operation. | 5.0 |
| 2010-10-14 | CVE-2010-3501 | Oracle | Remote OID vulnerability in Oracle Fusion Middleware 10.1.2.3/10.1.4.3/11.1.1.2.0 Unspecified vulnerability in the OID component in Oracle Fusion Middleware 10.1.2.3, 10.1.4.3, and 11.1.1.2.0 allows remote attackers to affect availability via unknown vectors. | 5.0 |
| 2010-10-12 | CVE-2010-2951 | Squid Cache | Unspecified vulnerability in Squid-Cache Squid 3.1.6 dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not enabled, accesses an invalid socket during an IPv4 TCP DNS query, which allows remote attackers to cause a denial of service (assertion failure and daemon exit) via vectors that trigger an IPv4 DNS response with the TC bit set. | 5.0 |
| 2010-10-14 | CVE-2010-3517 | Oracle | Local vulnerability in Oracle Opensolaris and Solaris Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to Kernel/X86. | 4.9 |
| 2010-10-14 | CVE-2010-2415 | Oracle | Unspecified vulnerability in Oracle Database Server Unspecified vulnerability in the Change Data Capture component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality and integrity, related to DBMS_CDC_PUBLISH. | 4.9 |
| 2010-10-14 | CVE-2010-3580 | Oracle | Local Solaris vulnerability in Oracle Solaris Unspecified vulnerability in Oracle OpenSolaris allows local users to affect availability via unknown vectors related to Kernel/File System. | 4.6 |
| 2010-10-14 | CVE-2010-3534 | Oracle | Local Primavera P6 Enterprise Project Portfolio Management in Oracle Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 6.21.3.0 and 7.0.1.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Project Management Module. | 4.6 |
| 2010-10-14 | CVE-2010-2411 | Oracle | Remote Job Queue vulnerability in Oracle Database Unspecified vulnerability in the Job Queue component in Oracle Database Server 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYS.DBMS_IJOB. | 4.6 |
| 2010-10-14 | CVE-2010-3535 | Oracle | Local vulnerability in Oracle Directory Server Enterprise Edition Unspecified vulnerability in the Directory Server Enterprise Edition component in Oracle Sun Products Suite 6.0, 6.1, 6.2, and 6.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Identity Synchronization for Windows. | 4.4 |
| 2010-10-14 | CVE-2010-3584 | Oracle | Local Privilege Escalation vulnerability in Oracle VM 2.2.1 Unspecified vulnerability in the Oracle VM component in Oracle VM 2.2.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to ovs-agent. | 4.3 |
| 2010-10-14 | CVE-2010-3514 | Oracle | Remote Security vulnerability in Oracle iPlanet Web Server Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 6.1 and 7.0 allows remote attackers to affect integrity via unknown vectors related to Web Container. | 4.3 |
| 2010-10-14 | CVE-2010-3504 | Oracle | Remote Oracle Applications Technology Stack vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.2 Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-10-14 | CVE-2010-2418 | Oracle | Remote Oracle Territory Management vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Territory Management component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-10-14 | CVE-2010-2416 | Oracle | Remote Oracle E-Business Intelligence vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-10-14 | CVE-2010-2413 | Oracle | BI Publisher HTTP Response Splitting vulnerability in Oracle Fusion Middleware 10.1.3.3.2/10.1.3.4.1 Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 10.1.3.3.2 and 10.1.3.4.1 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-10-14 | CVE-2010-2410 | Oracle | Remote Cabo/UIX vulnerability in Oracle Fusion Middleware 10.1.2.3/10.1.3.5 Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2395 and CVE-2010-2409. | 4.3 |
| 2010-10-14 | CVE-2010-2409 | Oracle | Remote Cabo/UIX vulnerability in Oracle Fusion Middleware 10.1.2.3/10.1.3.5 Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2395 and CVE-2010-2410. | 4.3 |
| 2010-10-14 | CVE-2010-2408 | Oracle | Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-10-14 | CVE-2010-2407 | Oracle | Remote XDK vulnerability in Oracle Database Server 10.1.0.5/10.2.0.4/11.1.0.7 Unspecified vulnerability in the XDK component in Oracle Database Server 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-10-14 | CVE-2010-2396 | Oracle | Remote Forms vulnerability in Oracle Fusion Middleware 10.1.2.3 Unspecified vulnerability in the Forms component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2010-10-14 | CVE-2010-2395 | Oracle | Remote Cabo/UIX vulnerability in Oracle Fusion Middleware 10.1.2.3/10.1.3.5 Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion Middleware 10.1.2.3 and 10.1.3.5 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2010-2409 and CVE-2010-2410. | 4.3 |
| 2010-10-12 | CVE-2010-3083 | Apache Redhat | sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat Enterprise MRG before 1.2.2 and other products, when SSL is enabled, allows remote attackers to cause a denial of service (daemon outage) by connecting to the SSL port but not participating in an SSL handshake. | 4.3 |
| 2010-10-14 | CVE-2010-3540 | Oracle | Local ZFS vulnerability in Oracle Opensolaris and Solaris Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability, related to ZFS. | 4.0 |
| 2010-10-14 | CVE-2010-3528 | Oracle | Remote PeopleSoft Enterprise CRM - Common Components vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.9/9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise CRM - Common Components component in Oracle PeopleSoft and JDEdwards Suite 8.9 Bundle #41, 9.0 Bundle #28, and 9.1 Bundle #4 allows remote authenticated users to affect confidentiality via unknown vectors. | 4.0 |
| 2010-10-14 | CVE-2010-3522 | Oracle | Remote PeopleSoft Enterprise PeopleTools vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.49.28/8.50.12 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote authenticated users to affect confidentiality via unknown vectors. | 4.0 |
| 2010-10-14 | CVE-2010-3519 | Oracle | Remote PeopleSoft Enterprise PeopleTools vulnerability in Oracle Peoplesoft and Jdedwards Product Suite 8.49.28/8.50.12 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote authenticated users to affect integrity via unknown vectors. | 4.0 |
| 2010-10-14 | CVE-2010-3516 | Oracle | Local InfiniBand vulnerability in Oracle Opensolaris and Solaris Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows local users to affect availability via unknown vectors related to InfiniBand. | 4.0 |
| 2010-10-14 | CVE-2010-3515 | Oracle | Local vulnerability in Oracle Opensolaris and Solaris Unspecified vulnerability in the Solaris component in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect availability via unknown vectors related to Kernel/Disk Driver. | 4.0 |
| 2010-10-14 | CVE-2010-3502 | Oracle | Remote Siebel Core vulnerability in Oracle Siebel Suite Unspecified vulnerability in the Siebel Core component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality via unknown vectors. | 4.0 |
| 2010-10-14 | CVE-2010-2417 | Oracle | Remote Agile PLM vulnerability in Oracle Supply Chain products Suite 9.3.0.0 Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.0.0 allows remote authenticated users to affect integrity via unknown vectors. | 4.0 |
| 2010-10-14 | CVE-2010-2406 | Oracle | Remote Siebel Core - Highly Interactive Client vulnerability in Oracle Siebel Core Unspecified vulnerability in the Siebel Core - Highly Interactive Client component in Oracle Siebel Suite 7.7.2.12, 7.8.2.14, 8.0.0.10, and 8.1.1.3 allows remote authenticated users to affect confidentiality via unknown vectors. | 4.0 |
| 2010-10-12 | CVE-2010-3701 | Redhat | Resource Management Errors vulnerability in Redhat Enterprise MRG lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows remote authenticated users to cause a denial of service (stack memory exhaustion and broker crash) via a large persistent message. | 4.0 |
14 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2010-10-14 | CVE-2010-3576 | Oracle | Local vulnerability in Oracle Opensolaris and Solaris Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect integrity and availability, related to the SCSI enclosure services device driver. | 3.6 |
| 2010-10-14 | CVE-2010-2391 | Oracle | Remote Core RDBMS vulnerability in Oracle Database Server 10.1.0.5/10.2.0.3 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5 and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 3.6 |
| 2010-10-14 | CVE-2010-3581 | Oracle | BPEL Console Cross Site Scripting vulnerability in Oracle Fusion Middleware 11.1.1.1.0/11.1.1.2.0 Unspecified vulnerability in the BPEL Console component in Oracle Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0 allows remote authenticated users to affect integrity via unknown vectors. | 3.5 |
| 2010-10-14 | CVE-2010-3512 | Oracle | Remote vulnerability in Oracle SUN products Suite 7.0U8 Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java System Web Server) component in Oracle Sun Products Suite 7.0u8 allows remote authenticated users to affect confidentiality, related to DAV (WebDAV). | 3.5 |
| 2010-10-14 | CVE-2010-2404 | Oracle | Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.2 Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.2 allows remote authenticated users to affect integrity via unknown vectors related to Account. | 3.5 |
| 2010-10-14 | CVE-2009-5007 | Cisco | Link Following vulnerability in Cisco Anyconnect SSL VPN The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows local users to overwrite arbitrary files via a symlink attack on unspecified temporary files. | 3.3 |
| 2010-10-14 | CVE-2010-3508 | Oracle | Local vulnerability in Oracle Solaris 10 Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Zones. | 3.2 |
| 2010-10-14 | CVE-2010-3506 | Oracle | Local vulnerability in Oracle SUN products Suite 6.4 Unspecified vulnerability in the Oracle Explorer (Sun Explorer) component in Oracle Sun Products Suite 6.4 allows local users to affect confidentiality and integrity via unknown vectors. | 3.0 |
| 2010-10-14 | CVE-2010-3511 | Oracle | Local vulnerability in Oracle Solaris Unspecified vulnerability in Oracle OpenSolaris allows local users to affect integrity and availability via unknown vectors related to Tooltalk. | 2.6 |
| 2010-10-14 | CVE-2010-2414 | Oracle | Remote Security vulnerability in Oracle Sun Convergence Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun Java Communications Suite 7 components in Oracle Sun Products Suite 1.0 and 7.0 allows remote attackers to affect confidentiality via unknown vectors. | 2.6 |
| 2010-10-14 | CVE-2010-3513 | Oracle | Device Drivers Local vulnerability in Oracle Opensolaris and Solaris Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, allows local users to affect integrity and availability via unknown vectors related to Device Drivers. | 2.4 |
| 2010-10-14 | CVE-2009-5008 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Secure Desktop Cisco Secure Desktop (CSD), when used in conjunction with an AnyConnect SSL VPN server, does not properly perform verification, which allows local users to bypass intended policy restrictions via a modified executable file. | 2.1 |
| 2010-10-14 | CVE-2010-3542 | Oracle | Local USB vulnerability in Oracle Opensolaris and Solaris Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality, related to USB. | 1.9 |
| 2010-10-14 | CVE-2010-2389 | Oracle | Local Perl vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Perl component in Oracle Database Server 11.2.0.1, 11.1.0.7, 10.2.0.3, 10.2.0.4, and 10.1.0.5; and Fusion Middleware 11.1.1.1.0 and 11.1.1.2.0; allows local users to affect integrity via unknown vectors related to Local Logon. | 1.0 |