Weekly Vulnerabilities Reports > July 18 to 24, 2011
Overview
128 new vulnerabilities reported during this period, including 32 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 89 products from 22 vendors including Oracle, Apple, Microsoft, SUN, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Input Validation", and "Information Exposure".
- 103 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 94 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 63 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 24 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
32 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-07-21 | CVE-2011-2288 | Oracle | Remote vulnerability in Oracle Sun SPARC T3/Netra T3 Series Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM) in SysFW 8.1.0.a and earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows remote attackers to affect confidentiality, integrity, and availability, related to ILOM. | 10.0 |
2011-07-20 | CVE-2011-2261 | Oracle | Unspecified vulnerability in Oracle Secure Backup 10.3.0.3 Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2252. | 10.0 |
2011-07-19 | CVE-2011-1741 | EMC | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Documentum Eroom 7.4.1/7.4.2/7.4.3 Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP. | 10.0 |
2011-07-21 | CVE-2011-2883 | Citrix | Improper Input Validation vulnerability in Citrix Access Gateway 8.1/9.0/9.1 The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate. | 9.3 |
2011-07-21 | CVE-2011-2882 | Citrix | Buffer Errors vulnerability in Citrix Access Gateway 8.1/9.0/9.1 Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data. | 9.3 |
2011-07-21 | CVE-2011-2685 | Libreoffice | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libreoffice Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file. | 9.3 |
2011-07-21 | CVE-2011-1462 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-1457 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-1453 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-1288 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0255 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0254 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0253 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0241 | Apple Microsoft | Buffer Errors vulnerability in Apple Imageio and Safari Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding. | 9.3 |
2011-07-21 | CVE-2011-0240 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0238 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0237 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0235 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0234 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0233 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0232 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0225 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0223 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0222 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0221 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0218 | Apple Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1. | 9.3 |
2011-07-21 | CVE-2011-0216 | Apple Microsoft | Numeric Errors vulnerability in Apple Safari Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site. | 9.3 |
2011-07-21 | CVE-2011-0215 | Apple Microsoft | Improper Input Validation vulnerability in Apple Imageio and Safari ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file. | 9.3 |
2011-07-21 | CVE-2010-1383 | Apple Microsoft | Credentials Management vulnerability in Apple Cfnetwork and Safari CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue. | 9.3 |
2011-07-19 | CVE-2011-0226 | Freetype Apple | Numeric Errors vulnerability in multiple products Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011. | 9.3 |
2011-07-18 | CVE-2011-1331 | Justsystems | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Justsystems products JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document, as exploited in the wild in early 2011. | 9.3 |
2011-07-18 | CVE-2011-0548 | Symantec | Buffer Errors vulnerability in Symantec products Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file. | 9.3 |
12 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-07-21 | CVE-2011-1774 | Apple Microsoft | Improper Input Validation vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. | 8.8 |
2011-07-21 | CVE-2011-2520 | Redhat Fedoraproject | Deserialization of Untrusted Data vulnerability in multiple products fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object. | 7.8 |
2011-07-21 | CVE-2011-2287 | SUN | Remote vulnerability in Oracle Sun Solaris Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd. | 7.8 |
2011-07-18 | CVE-2010-4656 | Linux Canonical | Out-of-bounds Write vulnerability in multiple products The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report. | 7.8 |
2011-07-21 | CVE-2011-2307 | Oracle | Remote vulnerability in Oracle Sun SPARC T3/Netra T3/Fire/Blade Server Series Unspecified vulnerability in Oracle SysFW 8.1.0.a in various Oracle SPARC T3, Netra SPARC T3, Sun Fire, and Sun Blade servers allows remote attackers to affect confidentiality, integrity, and availability, related to Sun Integrated Lights Out Manager (ILOM). | 7.5 |
2011-07-21 | CVE-2011-2299 | Oracle | Remote vulnerability in Oracle Sun SPARC Enterprise M Series Unspecified vulnerability in Oracle SPARC Enterprise M3000, M4000, M5000, M8000, and M9000 XCP 1101 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to XSCF Control Package (XCP). | 7.5 |
2011-07-20 | CVE-2011-2245 | Oracle | Remote vulnerability in Oracle SUN products Suite 10/9 Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 9 and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to SSH. | 7.5 |
2011-07-19 | CVE-2011-2528 | Plone Zope | Remote Security vulnerability in Zope Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720. | 7.5 |
2011-07-21 | CVE-2011-2285 | SUN | Local vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Installer. | 7.2 |
2011-07-19 | CVE-2011-0227 | Apple | Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application. | 7.2 |
2011-07-20 | CVE-2011-2253 | Oracle | Remote Core RDBMS vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYSDBA. | 7.1 |
2011-07-20 | CVE-2011-2239 | Oracle | Remote Core RDBMS vulnerability in Oracle Database Server RDBMS Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability, related to XMLSEQ_IMP_T. | 7.1 |
72 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-07-20 | CVE-2011-2257 | Oracle | Remote Security vulnerability in Oracle Database Target Type Menus Unspecified vulnerability in the Database Target Type Menus component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 6.8 |
2011-07-20 | CVE-2011-2252 | Oracle | Remote vulnerability in Oracle Secure Backup 10.3.0.3 Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2261. | 6.8 |
2011-07-20 | CVE-2011-2248 | Oracle | SQL Performance Advisories/UIs vulnerability in Oracle Enterprise Manger Grid Control Unspecified vulnerability in the SQL Performance Advisories/UIs component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1; allows remote attackers to affect confidentiality, integrity, and availability, related to SQL Details UI & Explain Plan. | 6.8 |
2011-07-20 | CVE-2011-0882 | Oracle | Content Management vulnerability in Oracle Database Server and Enterprise Grid Manager Unspecified vulnerability in the Content Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7; and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scheduler. | 6.8 |
2011-07-20 | CVE-2011-0870 | Oracle | Unspecified vulnerability in Oracle Database Server and Enterprise Manager Grid Control Unspecified vulnerability in the Schema Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 6.8 |
2011-07-20 | CVE-2011-0852 | Oracle | Remote Security Management vulnerability in Oracle Database Server Unspecified vulnerability in the Security Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4; and Oracle Enterprise Manager Grid Control 10.1.0.6; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Audit Administration. | 6.8 |
2011-07-20 | CVE-2011-0848 | Oracle | Unspecified vulnerability in Oracle Database Server and Enterprise Manager Grid Control Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to User Model. | 6.8 |
2011-07-20 | CVE-2011-0845 | Oracle | Remote Database Control vulnerability in Oracle Enterprise Manager Grid Control 10.1.0.6 Unspecified vulnerability in the Database Control component in Oracle Enterprise Manager Grid Control 10.1.0.6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 6.8 |
2011-07-20 | CVE-2011-0822 | Oracle | Unspecified vulnerability in Oracle Database Server and Enterprise Manager Grid Control Unspecified vulnerability in the Streams, AQ & Replication Mgmt component in Oracle Database Server 10.1.0.5 and 10.2.0.3, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 6.8 |
2011-07-19 | CVE-2011-2744 | Chyrp | Path Traversal vulnerability in Chyrp 2.0/2.1 Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI. | 6.8 |
2011-07-18 | CVE-2010-3271 | IBM | Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do. | 6.8 |
2011-07-20 | CVE-2011-0880 | Oracle | Remote Core RDBMS vulnerability in Oracle Database Server 11.1.0.7/11.2.0.1/11.2.0.2 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-0832 and CVE-2011-0835. | 6.5 |
2011-07-20 | CVE-2011-0838 | Oracle | Remote Core RDBMS vulnerability in Oracle Database Server 11.1.0.7/11.2.0.1/11.2.0.2 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to create procedure privileges. | 6.5 |
2011-07-20 | CVE-2011-0835 | Oracle | Remote Core RDBMS vulnerability in Oracle Database Server 11.1.0.7/11.2.0.1/11.2.0.2 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-0832 and CVE-2011-0880. | 6.5 |
2011-07-19 | CVE-2011-2385 | Otrs | Permissions, Privileges, and Access Controls vulnerability in Otrs Iphonehandle and Otrs The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors. | 6.5 |
2011-07-20 | CVE-2011-2244 | Oracle | Security Framework vulnerability in Oracle Database Server and Enterprise Manager Grid Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1; allows remote attackers to affect confidentiality and integrity via unknown vectors related to Authentication. | 6.4 |
2011-07-20 | CVE-2011-1511 | Oracle | Unspecified vulnerability in Oracle SUN products Suite 2.1.1/3.0.1 Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration. | 6.4 |
2011-07-21 | CVE-2011-2305 | Oracle | Local vulnerability in Oracle VM VirtualBox Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | 6.2 |
2011-07-21 | CVE-2011-2297 | Oracle | Local Oracle Solaris Cluster vulnerability in Oracle Solaris Cluster 3.3 Unspecified vulnerability in Oracle Solaris Cluster 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Data Service for WebLogic Server. | 6.1 |
2011-07-20 | CVE-2011-2232 | Oracle | Remote Security vulnerability in Oracle Application Server XML Developer Kit Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 11.1.0.7, and 11.2.0.1, and Oracle Fusion Middleware 10.1.3.5, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 6.0 |
2011-07-20 | CVE-2011-0832 | Oracle | Remote Core RDBMS vulnerability in Oracle Database Server 11.1.0.7/11.2.0.1/11.2.0.2 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-0835 and CVE-2011-0880. | 6.0 |
2011-07-21 | CVE-2011-0219 | Apple Microsoft | Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts. | 5.8 |
2011-07-20 | CVE-2011-2260 | Oracle | Unspecified vulnerability in Oracle SUN products Suite 2.1.1 Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration. | 5.8 |
2011-07-19 | CVE-2011-1355 | IBM | Improper Input Validation vulnerability in IBM Websphere Application Server Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter. | 5.8 |
2011-07-21 | CVE-2011-2283 | Oracle | Remote PeopleSoft Enterprise FMS vulnerability in Oracle Peoplesoft Enterprise FMS and Peoplesoft products Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Payables. | 5.5 |
2011-07-21 | CVE-2011-2281 | Oracle | Remote PeopleSoft Enterprise HRMS vulnerability in Oracle Peoplesoft Enterprise Hrms and Peoplesoft products Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 Update 2011-D allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll Core. | 5.5 |
2011-07-21 | CVE-2011-2279 | Oracle | Remote PeopleSoft Enterprise HRMS vulnerability in Oracle Peoplesoft Enterprise Hrms and Peoplesoft products Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1, Bundle, and #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager. | 5.5 |
2011-07-21 | CVE-2011-2277 | Oracle | Remote PeopleSoft Enterprise SCM vulnerability in Oracle PeopleSoft Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Purchasing. | 5.5 |
2011-07-21 | CVE-2011-2272 | Oracle | Remote PeopleSoft Enterprise FSCM vulnerability in Oracle PeopleSoft Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.0, Bundle, #36, 9.1, Bundle, and #13 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to eProcurement. | 5.5 |
2011-07-20 | CVE-2011-2250 | Oracle | Remote PeopleSoft Enterprise FIN vulnerability in Oracle PeopleSoft Enterprise FIN Unspecified vulnerability in the PeopleSoft Enterprise FIN component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Receivables. | 5.5 |
2011-07-20 | CVE-2011-0875 | Oracle | Remote EMCTL vulnerability in Oracle Oracle Enterprise Manager Grid Control Unspecified vulnerability in the EMCTL component in Oracle Database Server 11.1.0.7 and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
2011-07-20 | CVE-2011-0831 | Oracle | Remote Enterprise Config Management vulnerability in Oracle Database Server Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
2011-07-20 | CVE-2011-0816 | Oracle | CMDB Metadata & Instance APIs vulnerability in Oracle Enterprise Manager Grid Control Unspecified vulnerability in the CMDB Metadata & Instance APIs component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 5.5 |
2011-07-18 | CVE-2010-4655 | Linux Vmware Canonical | Improper Initialization vulnerability in multiple products net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call. | 5.5 |
2011-07-20 | CVE-2011-2249 | SUN | Remote Security vulnerability in SUN Sunos 5.10/5.8/5.9 Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote authenticated users to affect availability, related to TCP/IP. | 5.2 |
2011-07-21 | CVE-2011-0214 | Apple Microsoft | Cryptographic Issues vulnerability in Apple Cfnetwork and Safari CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority. | 5.0 |
2011-07-21 | CVE-2011-2298 | SUN | Remote Security vulnerability in Oracle Sun Solaris Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to KSSL. | 5.0 |
2011-07-21 | CVE-2011-2294 | SUN | Remote Solaris vulnerability in Oracle Sun Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to SSH. | 5.0 |
2011-07-20 | CVE-2011-2241 | Oracle | Oracle Business Intelligence Enterprise Edition vulnerability in Oracle Fusion Middleware 10.1.3.4.1/11.1.1.3 Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.1 and 11.1.1.3 allows remote attackers to affect availability via unknown vectors related to Analytics Server. | 5.0 |
2011-07-20 | CVE-2011-2230 | Oracle | Remote Core RDBMS vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect availability via unknown vectors. | 5.0 |
2011-07-19 | CVE-2011-2780 | Chyrp | Path Traversal vulnerability in Chyrp 2.0 Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
2011-07-21 | CVE-2011-2296 | SUN | Local Solaris vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to Kernel/SCTP. | 4.9 |
2011-07-21 | CVE-2011-2293 | SUN | Local Solaris vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Zones. | 4.9 |
2011-07-21 | CVE-2011-2290 | SUN | Local Solaris vulnerability in Oracle Sun Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs. | 4.9 |
2011-07-20 | CVE-2011-2259 | SUN | Local Solaris vulnerability in Oracle Sun Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to UFS. | 4.9 |
2011-07-20 | CVE-2011-0811 | Oracle | Local Enterprise Config Management vulnerability in Oracle Database Server Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5, allows local users to affect confidentiality via unknown vectors. | 4.9 |
2011-07-21 | CVE-2011-2295 | SUN | Unspecified vulnerability in SUN Sunos Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to Driver/USB. | 4.7 |
2011-07-20 | CVE-2011-2258 | SUN | Local Security vulnerability in Oracle Sun Solaris Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rksh. | 4.6 |
2011-07-21 | CVE-2011-2264 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware 8.3.2.0/8.3.5.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect confidentiality, integrity, and availability via unknown vectors related to Outside In Filters. | 4.4 |
2011-07-21 | CVE-2011-0244 | Apple Microsoft | Information Exposure vulnerability in Apple Safari and Webkit WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds. | 4.3 |
2011-07-21 | CVE-2011-0242 | Apple Microsoft | Cross-Site Scripting vulnerability in Apple Safari and Webkit Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username. | 4.3 |
2011-07-21 | CVE-2011-0217 | Apple Microsoft | Information Exposure vulnerability in Apple Safari Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields. | 4.3 |
2011-07-21 | CVE-2010-1420 | Apple Microsoft | Cross-Site Scripting vulnerability in Apple Cfnetwork and Safari Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file. | 4.3 |
2011-07-21 | CVE-2011-2275 | Oracle | Remote Security vulnerability in Oracle products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
2011-07-20 | CVE-2011-2251 | Oracle | Remote vulnerability in Oracle Secure Backup 10.3.0.3 Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
2011-07-20 | CVE-2011-2246 | Oracle | Remote Business Intelligence vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Financials. | 4.3 |
2011-07-20 | CVE-2011-2231 | Oracle | Remote XML Developer Kit vulnerability in Oracle Database Server Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, Oracle Fusion Middleware 10.1.3.5, allows remote attackers to affect availability via unknown vectors. | 4.3 |
2011-07-20 | CVE-2011-0881 | Oracle | Remote Security vulnerability in Oracle Database Server EMCTL Unspecified vulnerability in the EMCTL component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors. | 4.3 |
2011-07-20 | CVE-2011-0879 | Oracle | Remote Instance Management vulnerability in Oracle Database Server Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect integrity via unknown vectors. | 4.3 |
2011-07-20 | CVE-2011-0877 | Oracle | Remote Instance Management vulnerability in Oracle Database Server Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors. | 4.3 |
2011-07-20 | CVE-2011-0876 | Oracle | Remote Security vulnerability in Oracle Database Server Enterprise Manager Console Unspecified vulnerability in the Enterprise Manager Console component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect integrity via unknown vectors related to Security. | 4.3 |
2011-07-20 | CVE-2011-0830 | Oracle | Remote Event Management vulnerability in Oracle Database Server Unspecified vulnerability in the Event Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors related to Rules Management UI. | 4.3 |
2011-07-19 | CVE-2011-2743 | Chyrp | Cross-Site Scripting vulnerability in Chyrp 2.0/2.1 Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php. | 4.3 |
2011-07-19 | CVE-2011-0770 | HP | Cross-Site Scripting vulnerability in HP products Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file. | 4.3 |
2011-07-18 | CVE-2011-2761 | Resource Management Errors vulnerability in Google Chrome 14.0.794.0 Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods. | 4.3 | |
2011-07-21 | CVE-2011-2284 | Oracle | Remote PeopleSoft Enterprise HRMS vulnerability in Oracle Peoplesoft Enterprise Hrms and Peoplesoft products Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance. | 4.0 |
2011-07-21 | CVE-2011-2280 | Oracle | Remote PeopleSoft Enterprise PeopleTools vulnerability in Oracle products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2011-2274. | 4.0 |
2011-07-21 | CVE-2011-2278 | Oracle | Remote PeopleSoft Enterprise HRMS vulnerability in Oracle Peoplesoft Enterprise Hrms and Peoplesoft products Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9, Bundle, #24, 9.0, Bundle, #17, 9.1, Bundle, and #6 allows remote authenticated users to affect confidentiality via unknown vectors related to Talent Acquisition Manager. | 4.0 |
2011-07-21 | CVE-2011-2273 | Oracle | Remote Agile Core Technology vulnerability in Oracle Supply Chain Unspecified vulnerability in the Agile Core Technology component in Oracle Supply Chain Products Suite 9.3.0.3 and 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Search. | 4.0 |
2011-07-20 | CVE-2011-2238 | Oracle | Remote Database Vault vulnerability in Oracle Database Server Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL. | 4.0 |
2011-07-20 | CVE-2011-0884 | Oracle | Remote Oracle BPEL Process Manager vulnerability in Oracle Fusion Middleware 11.1.1.3.0/11.1.1.4.0/11.1.1.5.0 Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Fusion Middleware 11.1.1.3.0, 11.1.1.4.0, and 11.1.1.5.0 allows remote authenticated users to affect availability, related to BPEL Console. | 4.0 |
2011-07-20 | CVE-2011-0883 | Oracle | Remote Oracle Containers for J2EE vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.2.3, 10.1.3.5, 10.1.4.0.1, and 10.1.4.3 allows remote authenticated users to affect integrity, related to Servlet Runtime in OC4J. | 4.0 |
12 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2011-07-21 | CVE-2011-2300 | Oracle | Local vulnerability in Oracle VM Virtualbox 4.0 Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows. | 3.7 |
2011-07-21 | CVE-2011-2289 | SUN | Local vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade. | 3.6 |
2011-07-19 | CVE-2011-2779 | HP | Permissions, Privileges, and Access Controls vulnerability in HP products Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770. | 3.6 |
2011-07-21 | CVE-2011-2282 | Oracle | Remote PeopleSoft Enterprise PeopleTools vulnerability in Oracle products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50.20 and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors. | 3.5 |
2011-07-21 | CVE-2011-2274 | Oracle | Remote PeopleSoft Enterprise PeopleTools vulnerability in Oracle products Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2011-2280. | 3.5 |
2011-07-20 | CVE-2011-2243 | Oracle | Remote Core RDBMS vulnerability in Oracle Database Server 11.1.0.7.3/11.2.0.1/11.2.0.2 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7.3, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect integrity, related to SYSDBA. | 3.5 |
2011-07-20 | CVE-2011-2263 | Oracle | Local Security vulnerability in Oracle Sun Products Unspecified vulnerability in Sun Integrated Lights Out Manager in Oracle SysFW 8.0.3.b or earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows local users to affect confidentiality via unknown vectors. | 2.1 |
2011-07-19 | CVE-2011-1356 | IBM | Information Exposure vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request. | 2.1 |
2011-07-21 | CVE-2011-2267 | Oracle | Local Security vulnerability in Oracle Outside In Technology Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | 1.9 |
2011-07-21 | CVE-2011-2291 | SUN | Local Solaris vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions. | 1.7 |
2011-07-20 | CVE-2011-2240 | Oracle | Local Security vulnerability in Oracle Database Server 10.1.0.5 Unspecified vulnerability in the Oracle Universal Installer component in Oracle Database Server 10.1.0.5 allows local users to affect confidentiality via unknown vectors. | 1.7 |
2011-07-20 | CVE-2011-2242 | Oracle | Local Security vulnerability in Oracle Database Server 11.2.0.1/11.2.0.2 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.1 and 11.2.0.2 allows local users to affect confidentiality, related to XML DB FTP. | 1.3 |