Weekly Vulnerabilities Reports > January 16 to 22, 2012

Overview

109 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 54 products from 32 vendors including Oracle, Mysql, SUN, IBM, and Wordpress. Vulnerabilities are notably categorized as "Cross-site Scripting", "Path Traversal", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Information Exposure".

  • 90 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 61 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 66 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-01-19 CVE-2011-4135 Flexerasoftware Path Traversal vulnerability in Flexerasoftware Flexnet Publisher 11.10

Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files.

10.0
2012-01-19 CVE-2011-4134 Flexerasoftware Buffer Errors vulnerability in Flexerasoftware Flexnet Publisher 11.10

Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet.

10.0
2012-01-19 CVE-2011-1389 IBM Path Traversal vulnerability in IBM products

Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files.

10.0
2012-01-19 CVE-2011-4659 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IP Video Phone E20 and Telepresence E20 Software

Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555.

10.0
2012-01-19 CVE-2011-4374 Adobe Integer Overflow or Wraparound vulnerability in Adobe Acrobat and Reader

Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.

9.3
2012-01-19 CVE-2012-0035 Eric M Ludlam
GNU
Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file.
9.3
2012-01-19 CVE-2011-4053 7T Unspecified vulnerability in 7T Igss

Untrusted search path vulnerability in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) before 9.0.0.11291 allows local users to gain privileges via a Trojan horse DLL in the current working directory.

9.3
2012-01-18 CVE-2012-0190 IBM Unspecified vulnerability in IBM Spss Data Collection and Spss Dimensions

Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.

9.3
2012-01-18 CVE-2012-0189 IBM Unspecified vulnerability in IBM Spss Samplepower 3.0

Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document.

9.3
2012-01-18 CVE-2012-0188 IBM Unspecified vulnerability in IBM Spss Data Collection and Spss Dimensions

Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document.

9.3
2012-01-17 CVE-2010-5082 Microsoft Unspecified vulnerability in Microsoft Windows Server 2008

Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability." Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

9.3
2012-01-19 CVE-2012-0329 Cisco Code Injection vulnerability in Cisco Digital Media Manager

Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878.

9.0

3 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-01-18 CVE-2012-0094 SUN Remote Security vulnerability in SUN Sunos 5.10/5.11/5.9

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP.

7.8
2012-01-20 CVE-2012-0906 Mystarmedia
DEV L Z
SQL Injection vulnerability in Mystarmedia Moviebase Addon

SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php.

7.5
2012-01-20 CVE-2012-0905 DEV L S SQL Injection vulnerability in Dev!L'S Dev!L'Z Clanportal Gamebase Addon

SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php.

7.5

69 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-01-20 CVE-2012-0897 Irfanview Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Irfanview

Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.

6.8
2012-01-18 CVE-2012-0100 SUN Local Security vulnerability in SUN Sunos 5.10/5.11/5.9

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos.

6.8
2012-01-18 CVE-2012-0083 Oracle Remote Oracle WebCenter Content vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Search.

6.4
2012-01-20 CVE-2012-0907 Neoaxis Path Traversal vulnerability in Neoaxis web Player 1.1/1.2/1.3

Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a ..

5.8
2012-01-18 CVE-2012-0113 Mysql
Oracle
Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.

5.5
2012-01-18 CVE-2012-0082 Oracle Core RDBMS Remote vulnerability in Oracle Database Server

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity and availability via unknown vectors.

5.5
2012-01-18 CVE-2012-0080 Oracle PeopleSoft Enterprise HCM Remote vulnerability in Oracle Peoplesoft products 9.1

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Management.

5.5
2012-01-18 CVE-2011-3568 Oracle Remote Oracle Web Services Manager vulnerability in Oracle Web Services Manager

Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services Security.

5.5
2012-01-19 CVE-2012-0268 Yahoo Numeric Errors vulnerability in Yahoo Messenger

Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow.

5.1
2012-01-20 CVE-2012-0902 Airties Denial of Service vulnerability in Airties AIR 4450 1.1.2.18

AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader.

5.0
2012-01-20 CVE-2012-0898 Camaleo
Wordpress
Path Traversal vulnerability in Camaleo Myeasybackup 1.0.8.1

Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a ..

5.0
2012-01-20 CVE-2012-0896 TOM Braider
Wordpress
Count PER DAY Project
Path Traversal vulnerability in multiple products

Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.

5.0
2012-01-20 CVE-2012-0193 IBM Improper Input Validation vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.

5.0
2012-01-19 CVE-2011-4873 Atvise Remote Denial of Service vulnerability in atvise

Unspecified vulnerability in the server in Certec EDV atvise before 2.1 allows remote attackers to cause a denial of service (daemon crash) via crafted requests to TCP port 4840.

5.0
2012-01-19 CVE-2011-3375 Apache Information Exposure vulnerability in Apache Tomcat

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

5.0
2012-01-18 CVE-2012-0486 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.

5.0
2012-01-18 CVE-2012-0104 Oracle Remote vulnerability in Oracle GlassFish Enterprise Server 3.0.1/3.1.1

Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container.

5.0
2012-01-18 CVE-2012-0096 SUN Remote vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network.

5.0
2012-01-18 CVE-2012-0072 Oracle Listener Remote vulnerability in Oracle Database Server

Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors.

5.0
2012-01-18 CVE-2011-3569 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.3.0/11.1.1.4.0/11.1.1.5.0

Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Web Services Security.

5.0
2012-01-18 CVE-2011-3566 Oracle Remote Security vulnerability in Oracle Weblogic Server

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vectors related to Web Container.

5.0
2012-01-18 CVE-2011-3531 Oracle Remote Oracle Web Services Manager vulnerability in Oracle Web Services Manager

Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect availability via unknown vectors related to Web Services Security.

5.0
2012-01-18 CVE-2011-2324 Oracle Denial Of Service vulnerability in Oracle products

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote attackers to affect availability, related to Enterprise Infrastructure SEC (JDENET).

5.0
2012-01-18 CVE-2011-2262 Mysql
Oracle
Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.

5.0
2012-01-18 CVE-2012-0781 PHP Resource Management Errors vulnerability in PHP 5.3.8

The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.

5.0
2012-01-18 CVE-2011-4153 PHP Improper Input Validation vulnerability in PHP 5.3.8

PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.

5.0
2012-01-18 CVE-2012-0118 Mysql
Oracle
Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.

4.9
2012-01-18 CVE-2012-0116 Mysql
Oracle
Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

4.9
2012-01-18 CVE-2012-0103 SUN Local Solaris vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel.

4.9
2012-01-19 CVE-2011-1376 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations.

4.6
2012-01-18 CVE-2011-3565 Oracle Local Security vulnerability in Oracle Communications Unified 7.0

Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Calendar Server.

4.6
2012-01-18 CVE-2012-0110 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK.

4.4
2012-01-20 CVE-2012-0904 Videolan Resource Management Errors vulnerability in Videolan VLC Media Player 1.1.11

VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.

4.3
2012-01-20 CVE-2012-0903 Vmware Cross-Site Scripting vulnerability in VMWare Zimbra Desktop 7.1.2

Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name.

4.3
2012-01-20 CVE-2012-0901 Attenzione Cross-Site Scripting vulnerability in Attenzione Yousaytoo 1.0

Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter.

4.3
2012-01-20 CVE-2012-0900 Beehive Forum Cross-Site Scripting vulnerability in Beehive Forum Beehive Forum 1.0.1

Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php.

4.3
2012-01-20 CVE-2012-0899 Annuairephp Cross-Site Scripting vulnerability in Annuairephp Annuaire PHP

Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter.

4.3
2012-01-20 CVE-2012-0895 TOM Braider
Wordpress
Cross-Site Scripting vulnerability in TOM Braider Count PER DAY

Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.

4.3
2012-01-18 CVE-2012-0496 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

4.3
2012-01-18 CVE-2012-0085 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5.1/7.5.2

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2 and 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server.

4.3
2012-01-18 CVE-2012-0079 Oracle Unspecified vulnerability in Oracle Opensso 7.1/8.0

Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration.

4.3
2012-01-18 CVE-2012-0073 Oracle Remote Oracle Forms vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.

4.3
2012-01-18 CVE-2012-0495 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0493.

4.0
2012-01-18 CVE-2012-0491 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and CVE-2012-0495.

4.0
2012-01-18 CVE-2012-0490 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.

4.0
2012-01-18 CVE-2012-0489 Oracle Remote MySQL Server vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.

4.0
2012-01-18 CVE-2012-0488 Oracle Remote MySQL Server vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.

4.0
2012-01-18 CVE-2012-0487 Oracle Remote MySQL Server vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.

4.0
2012-01-18 CVE-2012-0485 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.

4.0
2012-01-18 CVE-2012-0484 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.

4.0
2012-01-18 CVE-2012-0120 Mysql
Oracle
Remote vulnerability in Oracle MySQL

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.

4.0
2012-01-18 CVE-2012-0119 Mysql
Oracle
Remote vulnerability in Oracle MySQL

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

4.0
2012-01-18 CVE-2012-0115 Mysql
Oracle
Remote vulnerability in Oracle MySQL

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

4.0
2012-01-18 CVE-2012-0102 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.

4.0
2012-01-18 CVE-2012-0101 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.

4.0
2012-01-18 CVE-2012-0089 Oracle Remote PeopleSoft Enterprise HCM vulnerability in Oracle Peoplesoft products 9.1

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance.

4.0
2012-01-18 CVE-2012-0088 Oracle PeopleSoft Enterprise HCM Remote vulnerability in Oracle Peoplesoft products 8.9/9.0/9.1

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Benefits Administration.

4.0
2012-01-18 CVE-2012-0087 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.

4.0
2012-01-18 CVE-2012-0078 Oracle Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 12.1.2/12.1.3

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services (Menu, LOV).

4.0
2012-01-18 CVE-2012-0076 Oracle Remote PeopleSoft Enterprise HCM vulnerability in Oracle PeopleSoft Enterprise HCM

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance.

4.0
2012-01-18 CVE-2012-0074 Oracle Remote PeopleSoft Enterprise CRM vulnerability in Oracle Peoplesoft products 8.9

Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect integrity via unknown vectors related to Sales.

4.0
2012-01-18 CVE-2011-3573 Oracle Remote Security vulnerability in Oracle Communications Unified 7.0

Unspecified vulnerability in Oracle Communications Unified 7.0 allows remote authenticated users to affect availability via unknown vectors related to Calendar Server.

4.0
2012-01-18 CVE-2011-3524 Oracle Information Disclosure vulnerability in Oracle products

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3509.

4.0
2012-01-18 CVE-2011-3514 Oracle Remote Security Bypass vulnerability in Oracle products

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastructure SEC (JDENET).

4.0
2012-01-18 CVE-2011-3509 Oracle Remote File Disclosure vulnerability in Oracle products

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3524.

4.0
2012-01-18 CVE-2011-2326 Oracle Information Disclosure vulnerability in Oracle products

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-3509, and CVE-2011-3524.

4.0
2012-01-18 CVE-2011-2325 Oracle Password Disclosure Security vulnerability in Oracle products

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2326, CVE-2011-3509, and CVE-2011-3524.

4.0
2012-01-18 CVE-2011-2321 Oracle Information Disclosure vulnerability in Oracle products

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDNET).

4.0
2012-01-18 CVE-2011-2317 Oracle Arbitrary File Upload vulnerability in Oracle products

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastucture SEC (JDNET).

4.0

25 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-01-18 CVE-2012-0105 Oracle Local vulnerability in Oracle Virtualization and VM Virtualbox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions.

3.7
2012-01-18 CVE-2012-0081 Oracle Local GlassFish Enterprise Server vulnerability in Oracle Glassfish Server 3.1.1

Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration.

3.7
2012-01-18 CVE-2012-0111 Oracle Local vulnerability in Oracle Virtualization and VM Virtualbox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.

3.6
2012-01-18 CVE-2012-0109 SUN Local Solaris vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP.

3.6
2012-01-18 CVE-2011-3571 Oracle Remote vulnerability in Oracle Virtualization 3.2

Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session.

3.6
2012-01-18 CVE-2012-0117 Oracle Remote MySQL Server vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495.

3.5
2012-01-18 CVE-2012-0112 Mysql
Oracle
Remote MySQL Server vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

3.5
2012-01-18 CVE-2012-0084 Oracle Remote Oracle WebCenter Content vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect integrity via unknown vectors related to Content Server.

3.5
2012-01-18 CVE-2012-0077 Oracle Remote Oracle WebLogic Server vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote authenticated users to affect integrity, related to WLS-Console.

3.5
2012-01-18 CVE-2011-2271 Oracle Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload.

3.5
2012-01-18 CVE-2011-3574 Oracle Local Oracle Communications Unified vulnerability in Oracle Communications Unified 7.0

Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality and integrity via unknown vectors related to Calendar Server.

3.3
2012-01-18 CVE-2012-0114 Mysql
Oracle
Local Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.

3.0
2012-01-18 CVE-2012-0091 Oracle Remote vulnerability in Oracle Peoplesoft products 8.52.05

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52.05 allows remote authenticated users to affect integrity and availability via unknown vectors related to Upgrade Change Assistance.

2.7
2012-01-18 CVE-2012-0099 SUN Remote Security vulnerability in SUN Sunos 5.10/5.11/5.9

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd.

2.6
2012-01-17 CVE-2011-3328 Greg Roelofs Unspecified vulnerability in Greg Roelofs Libpng 1.5.4

The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.

2.6
2012-01-19 CVE-2007-6744 Flexerasoftware Information Exposure vulnerability in Flexerasoftware Installshield 10.5/11/11.5

Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe.

2.1
2012-01-19 CVE-2011-4142 EMC Credentials Management vulnerability in EMC Sourceone Email Management

The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files.

2.1
2012-01-18 CVE-2012-0493 Oracle Remote vulnerability in Oracle MySQL

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495.

2.1
2012-01-18 CVE-2012-0492 Mysql
Oracle
Remote MySQL Server vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.

2.1
2012-01-18 CVE-2012-0097 SUN Local Solaris vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell.

2.1
2012-01-18 CVE-2011-3570 Oracle Local Security vulnerability in Oracle Communications Unified 7.0

Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server.

2.1
2012-01-18 CVE-2011-3564 Oracle Local Security vulnerability in Oracle SUN Glassfish Enterprise Server 2.1.1

Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration.

2.1
2012-01-18 CVE-2012-0098 SUN Local Solaris vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813.

1.9
2012-01-18 CVE-2012-0494 Oracle Local Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors.

1.7
2012-01-18 CVE-2012-0075 Mysql
Oracle
Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.

1.7