Weekly Vulnerabilities Reports > July 18 to 24, 2011

Overview

131 new vulnerabilities reported during this period, including 33 critical vulnerabilities and 12 high severity vulnerabilities. This weekly summary report vulnerabilities in 94 products from 22 vendors including Oracle, Apple, Microsoft, SUN, and Linux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Improper Input Validation", "Cross-site Scripting", and "Information Exposure".

  • 105 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 6 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 99 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 63 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 25 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

33 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-07-21 CVE-2011-2288 Oracle Remote vulnerability in Oracle Sun SPARC T3/Netra T3 Series

Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM) in SysFW 8.1.0.a and earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows remote attackers to affect confidentiality, integrity, and availability, related to ILOM.

10.0
2011-07-20 CVE-2011-2261 Oracle Unspecified vulnerability in Oracle Secure Backup 10.3.0.3

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2252.

10.0
2011-07-19 CVE-2011-1741 EMC Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Documentum Eroom 7.4.1/7.4.2/7.4.3

Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP.

10.0
2011-07-21 CVE-2011-2883 Citrix Improper Input Validation vulnerability in Citrix Access Gateway 8.1/9.0/9.1

The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 attempts to validate signed DLLs by checking the certificate subject, not the signature, which allows man-in-the-middle attackers to execute arbitrary code via HTTP header data referencing a DLL that was signed with a crafted certificate.

9.3
2011-07-21 CVE-2011-2882 Citrix Buffer Errors vulnerability in Citrix Access Gateway 8.1/9.0/9.1

Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access Gateway Enterprise Edition 8.1 before 8.1-67.7, 9.0 before 9.0-70.5, and 9.1 before 9.1-96.4 allows remote attackers to execute arbitrary code via crafted HTTP header data.

9.3
2011-07-21 CVE-2011-2685 Libreoffice Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libreoffice

Stack-based buffer overflow in the Lotus Word Pro import filter in LibreOffice before 3.3.3 allows remote attackers to execute arbitrary code via a crafted .lwp file.

9.3
2011-07-21 CVE-2011-1797 Chromium Project
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-1462 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-1457 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-1453 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-1288 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0255 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0254 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0253 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0241 Apple
Microsoft
Buffer Errors vulnerability in Apple Imageio and Safari

Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with CCITT Group 4 encoding.

9.3
2011-07-21 CVE-2011-0240 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0238 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0237 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0235 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0234 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0233 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0232 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0225 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0223 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0222 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0221 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0218 Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Safari and Webkit

WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.

9.3
2011-07-21 CVE-2011-0216 Apple
Microsoft
Numeric Errors vulnerability in Apple Safari

Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted web site.

9.3
2011-07-21 CVE-2011-0215 Apple
Microsoft
Improper Input Validation vulnerability in Apple Imageio and Safari

ImageIO in Apple Safari before 5.0.6 on Windows does not properly address re-entrancy issues, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF file.

9.3
2011-07-21 CVE-2010-1383 Apple
Microsoft
Credentials Management vulnerability in Apple Cfnetwork and Safari

CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.

9.3
2011-07-19 CVE-2011-0226 Freetype
Apple
Numeric Errors vulnerability in multiple products

Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.

9.3
2011-07-18 CVE-2011-1331 Justsystems Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Justsystems products

JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, Ichitaro Government 2006 through 2010, Ichitaro Portable, Ichitaro Pro, and Ichitaro Viewer allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted document, as exploited in the wild in early 2011.

9.3
2011-07-18 CVE-2011-0548 Symantec Buffer Errors vulnerability in Symantec products

Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in Autonomy KeyView, as used in Symantec Mail Security (SMS) 6.x through 8.x, Symantec Brightmail and Messaging Gateway before 9.5.1, and Symantec Data Loss Prevention (DLP) before 10.5.3 and 11.x before 11.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .prz file.

9.3

12 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-07-21 CVE-2011-1774 Apple
Microsoft
Improper Input Validation vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site.

8.8
2011-07-21 CVE-2011-2287 SUN Remote vulnerability in Oracle Sun Solaris

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd.

7.8
2011-07-18 CVE-2011-1093 Linux
Redhat
Null Pointer Dereference vulnerability in Linux Kernel

The dccp_rcv_state_process function in net/dccp/input.c in the Datagram Congestion Control Protocol (DCCP) implementation in the Linux kernel before 2.6.38 does not properly handle packets for a CLOSED endpoint, which allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by sending a DCCP-Close packet followed by a DCCP-Reset packet.

7.8
2011-07-21 CVE-2011-2307 Oracle Remote vulnerability in Oracle Sun SPARC T3/Netra T3/Fire/Blade Server Series

Unspecified vulnerability in Oracle SysFW 8.1.0.a in various Oracle SPARC T3, Netra SPARC T3, Sun Fire, and Sun Blade servers allows remote attackers to affect confidentiality, integrity, and availability, related to Sun Integrated Lights Out Manager (ILOM).

7.5
2011-07-21 CVE-2011-2299 Oracle Remote vulnerability in Oracle Sun SPARC Enterprise M Series

Unspecified vulnerability in Oracle SPARC Enterprise M3000, M4000, M5000, M8000, and M9000 XCP 1101 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to XSCF Control Package (XCP).

7.5
2011-07-20 CVE-2011-2245 Oracle Remote vulnerability in Oracle SUN products Suite 10/9

Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 9 and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to SSH.

7.5
2011-07-19 CVE-2011-2528 Plone
Zope
Remote Security vulnerability in Zope

Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and (2) PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-0720.

7.5
2011-07-21 CVE-2011-2285 SUN Local vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Installer.

7.2
2011-07-19 CVE-2011-0227 Apple Permissions, Privileges, and Access Controls vulnerability in Apple Iphone OS

The queueing primitives in IOMobileFrameBuffer in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 do not properly perform type conversion, which allows local users to gain privileges via a crafted application.

7.2
2011-07-18 CVE-2010-4656 Linux
Canonical
Out-Of-Bounds Write vulnerability in Linux Kernel

The iowarrior_write function in drivers/usb/misc/iowarrior.c in the Linux kernel before 2.6.37 does not properly allocate memory, which might allow local users to trigger a heap-based buffer overflow, and consequently cause a denial of service or gain privileges, via a long report.

7.2
2011-07-20 CVE-2011-2253 Oracle Remote Core RDBMS vulnerability in Oracle Database Server

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYSDBA.

7.1
2011-07-20 CVE-2011-2239 Oracle Remote Core RDBMS vulnerability in Oracle Database Server RDBMS

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability, related to XMLSEQ_IMP_T.

7.1

72 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-07-20 CVE-2011-2257 Oracle Remote Security vulnerability in Oracle Database Target Type Menus

Unspecified vulnerability in the Database Target Type Menus component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

6.8
2011-07-20 CVE-2011-2252 Oracle Remote vulnerability in Oracle Secure Backup 10.3.0.3

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-2261.

6.8
2011-07-20 CVE-2011-2248 Oracle SQL Performance Advisories/UIs vulnerability in Oracle Enterprise Manger Grid Control

Unspecified vulnerability in the SQL Performance Advisories/UIs component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1; allows remote attackers to affect confidentiality, integrity, and availability, related to SQL Details UI & Explain Plan.

6.8
2011-07-20 CVE-2011-0882 Oracle Content Management vulnerability in Oracle Database Server and Enterprise Grid Manager

Unspecified vulnerability in the Content Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, and 11.1.0.7; and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Scheduler.

6.8
2011-07-20 CVE-2011-0870 Oracle Unspecified vulnerability in Oracle Database Server and Enterprise Manager Grid Control

Unspecified vulnerability in the Schema Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

6.8
2011-07-20 CVE-2011-0852 Oracle Remote Security Management vulnerability in Oracle Database Server

Unspecified vulnerability in the Security Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4; and Oracle Enterprise Manager Grid Control 10.1.0.6; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Audit Administration.

6.8
2011-07-20 CVE-2011-0848 Oracle Unspecified vulnerability in Oracle Database Server and Enterprise Manager Grid Control

Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to User Model.

6.8
2011-07-20 CVE-2011-0845 Oracle Remote Database Control vulnerability in Oracle Enterprise Manager Grid Control 10.1.0.6

Unspecified vulnerability in the Database Control component in Oracle Enterprise Manager Grid Control 10.1.0.6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

6.8
2011-07-20 CVE-2011-0822 Oracle Unspecified vulnerability in Oracle Database Server and Enterprise Manager Grid Control

Unspecified vulnerability in the Streams, AQ & Replication Mgmt component in Oracle Database Server 10.1.0.5 and 10.2.0.3, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

6.8
2011-07-19 CVE-2011-2744 Chyrp Path Traversal vulnerability in Chyrp 2.0/2.1

Directory traversal vulnerability in Chyrp 2.1 and earlier allows remote attackers to include and execute arbitrary local files via a ..%2F (encoded dot dot slash) in the action parameter to the default URI.

6.8
2011-07-18 CVE-2010-3271 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Websphere Application Server

Multiple cross-site request forgery (CSRF) vulnerabilities in the Integrated Solutions Console (aka administrative console) in IBM WebSphere Application Server (WAS) 7.0.0.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that disable certain security options via an Edit action to console/adminSecurityDetail.do followed by a save action to console/syncworkspace.do.

6.8
2011-07-20 CVE-2011-0880 Oracle Remote Core RDBMS vulnerability in Oracle Database Server 11.1.0.7/11.2.0.1/11.2.0.2

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-0832 and CVE-2011-0835.

6.5
2011-07-20 CVE-2011-0838 Oracle Remote Core RDBMS vulnerability in Oracle Database Server 11.1.0.7/11.2.0.1/11.2.0.2

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to create procedure privileges.

6.5
2011-07-20 CVE-2011-0835 Oracle Remote Core RDBMS vulnerability in Oracle Database Server 11.1.0.7/11.2.0.1/11.2.0.2

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-0832 and CVE-2011-0880.

6.5
2011-07-19 CVE-2011-2385 Otrs Permissions, Privileges, and Access Controls vulnerability in Otrs Iphonehandle and Otrs

The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in Open Ticket Request System (OTRS) does not properly restrict use of the iPhoneHandle interface, which allows remote authenticated users to gain privileges, and consequently read or modify OTRS core objects, via unspecified vectors.

6.5
2011-07-20 CVE-2011-2244 Oracle Security Framework vulnerability in Oracle Database Server and Enterprise Manager Grid

Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1; allows remote attackers to affect confidentiality and integrity via unknown vectors related to Authentication.

6.4
2011-07-20 CVE-2011-1511 Oracle Unspecified vulnerability in Oracle SUN products Suite 2.1.1/3.0.1

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Administration.

6.4
2011-07-21 CVE-2011-2305 Oracle Local vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

6.2
2011-07-21 CVE-2011-2297 Oracle Local Oracle Solaris Cluster vulnerability in Oracle Solaris Cluster 3.3

Unspecified vulnerability in Oracle Solaris Cluster 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Data Service for WebLogic Server.

6.1
2011-07-21 CVE-2011-2520 Redhat Permissions, Privileges, and Access Controls vulnerability in Redhat System-Config-Firewall

fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the pickle Python module unsafely during D-Bus communication between the GUI and the backend, which might allow local users to gain privileges via a crafted serialized object.

6.0
2011-07-20 CVE-2011-2232 Oracle Remote Security vulnerability in Oracle Application Server XML Developer Kit

Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 11.1.0.7, and 11.2.0.1, and Oracle Fusion Middleware 10.1.3.5, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.0
2011-07-20 CVE-2011-0832 Oracle Remote Core RDBMS vulnerability in Oracle Database Server 11.1.0.7/11.2.0.1/11.2.0.2

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2011-0835 and CVE-2011-0880.

6.0
2011-07-21 CVE-2011-0219 Apple
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Apple Safari and Webkit

Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.

5.8
2011-07-20 CVE-2011-2260 Oracle Unspecified vulnerability in Oracle SUN products Suite 2.1.1

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Administration.

5.8
2011-07-19 CVE-2011-1355 IBM Improper Input Validation vulnerability in IBM Websphere Application Server

Open redirect vulnerability in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the logoutExitPage parameter.

5.8
2011-07-21 CVE-2011-2283 Oracle Remote PeopleSoft Enterprise FMS vulnerability in Oracle Peoplesoft Enterprise FMS and Peoplesoft products

Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Payables.

5.5
2011-07-21 CVE-2011-2281 Oracle Remote PeopleSoft Enterprise HRMS vulnerability in Oracle Peoplesoft Enterprise Hrms and Peoplesoft products

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 Update 2011-D allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Global Payroll Core.

5.5
2011-07-21 CVE-2011-2279 Oracle Remote PeopleSoft Enterprise HRMS vulnerability in Oracle Peoplesoft Enterprise Hrms and Peoplesoft products

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1, Bundle, and #6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Manager.

5.5
2011-07-21 CVE-2011-2277 Oracle Remote PeopleSoft Enterprise SCM vulnerability in Oracle PeopleSoft

Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Purchasing.

5.5
2011-07-21 CVE-2011-2272 Oracle Remote PeopleSoft Enterprise FSCM vulnerability in Oracle PeopleSoft

Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.0, Bundle, #36, 9.1, Bundle, and #13 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to eProcurement.

5.5
2011-07-20 CVE-2011-2250 Oracle Remote PeopleSoft Enterprise FIN vulnerability in Oracle PeopleSoft Enterprise FIN

Unspecified vulnerability in the PeopleSoft Enterprise FIN component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Receivables.

5.5
2011-07-20 CVE-2011-0875 Oracle Remote EMCTL vulnerability in Oracle Oracle Enterprise Manager Grid Control

Unspecified vulnerability in the EMCTL component in Oracle Database Server 11.1.0.7 and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, and 11.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2011-07-20 CVE-2011-0831 Oracle Remote Enterprise Config Management vulnerability in Oracle Database Server

Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2011-07-20 CVE-2011-0816 Oracle CMDB Metadata & Instance APIs vulnerability in Oracle Enterprise Manager Grid Control

Unspecified vulnerability in the CMDB Metadata & Instance APIs component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2011-07-20 CVE-2011-2249 SUN Remote Security vulnerability in SUN Sunos 5.10/5.8/5.9

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote authenticated users to affect availability, related to TCP/IP.

5.2
2011-07-21 CVE-2011-0214 Apple
Microsoft
Cryptographic Issues vulnerability in Apple Cfnetwork and Safari

CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification authority.

5.0
2011-07-21 CVE-2011-2298 SUN Remote Security vulnerability in Oracle Sun Solaris

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to KSSL.

5.0
2011-07-21 CVE-2011-2294 SUN Remote Solaris vulnerability in Oracle Sun

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to SSH.

5.0
2011-07-20 CVE-2011-2241 Oracle Oracle Business Intelligence Enterprise Edition vulnerability in Oracle Fusion Middleware 10.1.3.4.1/11.1.1.3

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.1 and 11.1.1.3 allows remote attackers to affect availability via unknown vectors related to Analytics Server.

5.0
2011-07-20 CVE-2011-2230 Oracle Remote Core RDBMS vulnerability in Oracle Database Server

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect availability via unknown vectors.

5.0
2011-07-19 CVE-2011-2780 Chyrp Path Traversal vulnerability in Chyrp 2.0

Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2011-07-21 CVE-2011-2296 SUN Local Solaris vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to Kernel/SCTP.

4.9
2011-07-21 CVE-2011-2293 SUN Local Solaris vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Zones.

4.9
2011-07-21 CVE-2011-2290 SUN Local Solaris vulnerability in Oracle Sun

Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs.

4.9
2011-07-20 CVE-2011-2259 SUN Local Solaris vulnerability in Oracle Sun

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to UFS.

4.9
2011-07-20 CVE-2011-0811 Oracle Local Enterprise Config Management vulnerability in Oracle Database Server

Unspecified vulnerability in the Enterprise Config Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5, allows local users to affect confidentiality via unknown vectors.

4.9
2011-07-21 CVE-2011-2295 SUN Unspecified vulnerability in SUN Sunos

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to Driver/USB.

4.7
2011-07-20 CVE-2011-2258 SUN Local Security vulnerability in Oracle Sun Solaris

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rksh.

4.6
2011-07-21 CVE-2011-2264 Oracle Unspecified vulnerability in Oracle Fusion Middleware 8.3.2.0/8.3.5.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect confidentiality, integrity, and availability via unknown vectors related to Outside In Filters.

4.4
2011-07-21 CVE-2011-0244 Apple
Microsoft
Information Exposure vulnerability in Apple Safari and Webkit

WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds.

4.3
2011-07-21 CVE-2011-0242 Apple
Microsoft
Cross-Site Scripting vulnerability in Apple Safari and Webkit

Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving a URL that contains a username.

4.3
2011-07-21 CVE-2011-0217 Apple
Microsoft
Information Exposure vulnerability in Apple Safari

Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible fields.

4.3
2011-07-21 CVE-2010-1420 Apple
Microsoft
Cross-Site Scripting vulnerability in Apple Cfnetwork and Safari

Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain file.

4.3
2011-07-21 CVE-2011-2275 Oracle Remote Security vulnerability in Oracle products

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote attackers to affect integrity via unknown vectors.

4.3
2011-07-20 CVE-2011-2251 Oracle Remote vulnerability in Oracle Secure Backup 10.3.0.3

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect integrity via unknown vectors.

4.3
2011-07-20 CVE-2011-2246 Oracle Remote Business Intelligence vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Financials.

4.3
2011-07-20 CVE-2011-2231 Oracle Remote XML Developer Kit vulnerability in Oracle Database Server

Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, Oracle Fusion Middleware 10.1.3.5, allows remote attackers to affect availability via unknown vectors.

4.3
2011-07-20 CVE-2011-0881 Oracle Remote Security vulnerability in Oracle Database Server EMCTL

Unspecified vulnerability in the EMCTL component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors.

4.3
2011-07-20 CVE-2011-0879 Oracle Remote Instance Management vulnerability in Oracle Database Server

Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect integrity via unknown vectors.

4.3
2011-07-20 CVE-2011-0877 Oracle Remote Instance Management vulnerability in Oracle Database Server

Unspecified vulnerability in the Instance Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors.

4.3
2011-07-20 CVE-2011-0876 Oracle Remote Security vulnerability in Oracle Database Server Enterprise Manager Console

Unspecified vulnerability in the Enterprise Manager Console component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6 and 10.2.0.5; allows remote attackers to affect integrity via unknown vectors related to Security.

4.3
2011-07-20 CVE-2011-0830 Oracle Remote Event Management vulnerability in Oracle Database Server

Unspecified vulnerability in the Event Management component in Oracle Database Server 10.1.0.5, 10.2.0.3, and 10.2.0.4, and Oracle Enterprise Manager Grid Control 10.1.0.6, allows remote attackers to affect integrity via unknown vectors related to Rules Management UI.

4.3
2011-07-19 CVE-2011-2743 Chyrp Cross-Site Scripting vulnerability in Chyrp 2.0/2.1

Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the action parameter to (1) the default URI or (2) includes/javascript.php, or the (3) title or (4) body parameter to admin/help.php.

4.3
2011-07-19 CVE-2011-0770 HP Cross-Site Scripting vulnerability in HP products

Cross-site scripting (XSS) vulnerability in Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 allows remote attackers to inject arbitrary web script or HTML via the Windows XP variable in a file.

4.3
2011-07-18 CVE-2011-2761 Google Resource Management Errors vulnerability in Google Chrome 14.0.794.0

Google Chrome 14.0.794.0 does not properly handle a reload of a page generated in response to a POST, which allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web site, related to GetWidget methods.

4.3
2011-07-21 CVE-2011-2284 Oracle Remote PeopleSoft Enterprise HRMS vulnerability in Oracle Peoplesoft Enterprise Hrms and Peoplesoft products

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance.

4.0
2011-07-21 CVE-2011-2280 Oracle Remote PeopleSoft Enterprise PeopleTools vulnerability in Oracle products

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2011-2274.

4.0
2011-07-21 CVE-2011-2278 Oracle Remote PeopleSoft Enterprise HRMS vulnerability in Oracle Peoplesoft Enterprise Hrms and Peoplesoft products

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9, Bundle, #24, 9.0, Bundle, #17, 9.1, Bundle, and #6 allows remote authenticated users to affect confidentiality via unknown vectors related to Talent Acquisition Manager.

4.0
2011-07-21 CVE-2011-2273 Oracle Remote Agile Core Technology vulnerability in Oracle Supply Chain

Unspecified vulnerability in the Agile Core Technology component in Oracle Supply Chain Products Suite 9.3.0.3 and 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Search.

4.0
2011-07-20 CVE-2011-2238 Oracle Remote Database Vault vulnerability in Oracle Database Server

Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity, related to DBMS_SYS_SQL.

4.0
2011-07-20 CVE-2011-0884 Oracle Remote Oracle BPEL Process Manager vulnerability in Oracle Fusion Middleware 11.1.1.3.0/11.1.1.4.0/11.1.1.5.0

Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Fusion Middleware 11.1.1.3.0, 11.1.1.4.0, and 11.1.1.5.0 allows remote authenticated users to affect availability, related to BPEL Console.

4.0
2011-07-20 CVE-2011-0883 Oracle Remote Oracle Containers for J2EE vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.2.3, 10.1.3.5, 10.1.4.0.1, and 10.1.4.3 allows remote authenticated users to affect integrity, related to Servlet Runtime in OC4J.

4.0

14 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2011-07-21 CVE-2011-2300 Oracle Local vulnerability in Oracle VM Virtualbox 4.0

Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.

3.7
2011-07-21 CVE-2011-2289 SUN Local vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade.

3.6
2011-07-19 CVE-2011-2779 HP Permissions, Privileges, and Access Controls vulnerability in HP products

Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770.

3.6
2011-07-21 CVE-2011-2282 Oracle Remote PeopleSoft Enterprise PeopleTools vulnerability in Oracle products

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50.20 and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors.

3.5
2011-07-21 CVE-2011-2274 Oracle Remote PeopleSoft Enterprise PeopleTools vulnerability in Oracle products

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2011-2280.

3.5
2011-07-20 CVE-2011-2243 Oracle Remote Core RDBMS vulnerability in Oracle Database Server 11.1.0.7.3/11.2.0.1/11.2.0.2

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7.3, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect integrity, related to SYSDBA.

3.5
2011-07-20 CVE-2011-2263 Oracle Local Security vulnerability in Oracle Sun Products

Unspecified vulnerability in Sun Integrated Lights Out Manager in Oracle SysFW 8.0.3.b or earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows local users to affect confidentiality via unknown vectors.

2.1
2011-07-19 CVE-2011-1356 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.19 allows local users to obtain sensitive stack-trace information via a crafted Administration Console request.

2.1
2011-07-18 CVE-2011-0726 Linux Improper Input Validation vulnerability in Linux Kernel

The do_task_stat function in fs/proc/array.c in the Linux kernel before 2.6.39-rc1 does not perform an expected uid check, which makes it easier for local users to defeat the ASLR protection mechanism by reading the start_code and end_code fields in the /proc/#####/stat file for a process executing a PIE binary.

2.1
2011-07-18 CVE-2010-4655 Linux
Vmware
Canonical
Improper Initialization vulnerability in multiple products

net/core/ethtool.c in the Linux kernel before 2.6.36 does not initialize certain data structures, which allows local users to obtain potentially sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability for an ethtool ioctl call.

2.1
2011-07-21 CVE-2011-2267 Oracle Local Security vulnerability in Oracle Outside In Technology

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.

1.9
2011-07-21 CVE-2011-2291 SUN Local Solaris vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions.

1.7
2011-07-20 CVE-2011-2240 Oracle Local Security vulnerability in Oracle Database Server 10.1.0.5

Unspecified vulnerability in the Oracle Universal Installer component in Oracle Database Server 10.1.0.5 allows local users to affect confidentiality via unknown vectors.

1.7
2011-07-20 CVE-2011-2242 Oracle Local Security vulnerability in Oracle Database Server 11.2.0.1/11.2.0.2

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.1 and 11.2.0.2 allows local users to affect confidentiality, related to XML DB FTP.

1.3