Weekly Vulnerabilities Reports > January 16 to 22, 2012
Overview
109 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 3 high severity vulnerabilities. This weekly summary report vulnerabilities in 54 products from 32 vendors including Oracle, Mysql, SUN, IBM, and Wordpress. Vulnerabilities are notably categorized as "Cross-site Scripting", "Path Traversal", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Information Exposure".
- 90 reported vulnerabilities are remotely exploitables.
- 8 reported vulnerabilities have public exploit available.
- 12 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 61 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 66 reported vulnerabilities.
- IBM has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
12 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-01-19 | CVE-2011-4135 | Flexerasoftware | Path Traversal vulnerability in Flexerasoftware Flexnet Publisher 11.10 Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. | 10.0 |
| 2012-01-19 | CVE-2011-4134 | Flexerasoftware | Buffer Errors vulnerability in Flexerasoftware Flexnet Publisher 11.10 Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allows remote attackers to execute arbitrary code via a crafted 0x2f packet. | 10.0 |
| 2012-01-19 | CVE-2011-1389 | IBM | Path Traversal vulnerability in IBM products Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server (RLKS) 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. | 10.0 |
| 2012-01-19 | CVE-2011-4659 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco IP Video Phone E20 and Telepresence E20 Software Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to modify the configuration via an SSH session, aka Bug ID CSCtw69889, a different vulnerability than CVE-2011-2555. | 10.0 |
| 2012-01-19 | CVE-2011-4374 | Adobe | Integer Overflow or Wraparound vulnerability in Adobe Acrobat and Reader Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors. | 9.3 |
| 2012-01-19 | CVE-2012-0035 | Eric M Ludlam GNU | Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project.ede file in the directory, or a parent directory, of an opened file. | 9.3 |
| 2012-01-19 | CVE-2011-4053 | 7T | Unspecified vulnerability in 7T Igss Untrusted search path vulnerability in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) before 9.0.0.11291 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | 9.3 |
| 2012-01-18 | CVE-2012-0190 | IBM | Unspecified vulnerability in IBM Spss Data Collection and Spss Dimensions Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document. | 9.3 |
| 2012-01-18 | CVE-2012-0189 | IBM | Unspecified vulnerability in IBM Spss Samplepower 3.0 Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary code via a crafted HTML document. | 9.3 |
| 2012-01-18 | CVE-2012-0188 | IBM | Unspecified vulnerability in IBM Spss Data Collection and Spss Dimensions Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execute arbitrary code via a crafted HTML document. | 9.3 |
| 2012-01-17 | CVE-2010-5082 | Microsoft | Unspecified vulnerability in Microsoft Windows Server 2008 Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability." Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path' | 9.3 |
| 2012-01-19 | CVE-2012-0329 | Cisco | Code Injection vulnerability in Cisco Digital Media Manager Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows remote authenticated users to execute arbitrary code via vectors involving a URL and an administrative resource, aka Bug ID CSCts63878. | 9.0 |
3 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-01-18 | CVE-2012-0094 | SUN | Remote Security vulnerability in SUN Sunos 5.10/5.11/5.9 Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP. | 7.8 |
| 2012-01-20 | CVE-2012-0906 | Mystarmedia DEV L Z | SQL Injection vulnerability in Mystarmedia Moviebase Addon SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php. | 7.5 |
| 2012-01-20 | CVE-2012-0905 | DEV L S | SQL Injection vulnerability in Dev!L'S Dev!L'Z Clanportal Gamebase Addon SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php. | 7.5 |
69 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-01-20 | CVE-2012-0897 | Irfanview | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Irfanview Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment. | 6.8 |
| 2012-01-18 | CVE-2012-0100 | SUN | Local Security vulnerability in SUN Sunos 5.10/5.11/5.9 Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos. | 6.8 |
| 2012-01-18 | CVE-2012-0083 | Oracle | Remote Oracle WebCenter Content vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Search. | 6.4 |
| 2012-01-20 | CVE-2012-0907 | Neoaxis | Path Traversal vulnerability in Neoaxis web Player 1.1/1.2/1.3 Directory traversal vulnerability in the web player in NeoAxis NeoAxis web player 1.4 and earlier allows user-assisted remote attackers to write arbitrary files via a .. | 5.8 |
| 2012-01-18 | CVE-2012-0113 | Mysql Oracle | Remote MySQL Server vulnerability in Oracle MySQL Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118. | 5.5 |
| 2012-01-18 | CVE-2012-0082 | Oracle | Core RDBMS Remote vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity and availability via unknown vectors. | 5.5 |
| 2012-01-18 | CVE-2012-0080 | Oracle | PeopleSoft Enterprise HCM Remote vulnerability in Oracle Peoplesoft products 9.1 Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Management. | 5.5 |
| 2012-01-18 | CVE-2011-3568 | Oracle | Remote Oracle Web Services Manager vulnerability in Oracle Web Services Manager Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services Security. | 5.5 |
| 2012-01-19 | CVE-2012-0268 | Yahoo | Numeric Errors vulnerability in Yahoo Messenger Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafted JPG image that triggers a heap-based buffer overflow. | 5.1 |
| 2012-01-20 | CVE-2012-0902 | Airties | Denial of Service vulnerability in Airties AIR 4450 1.1.2.18 AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader. | 5.0 |
| 2012-01-20 | CVE-2012-0898 | Camaleo Wordpress | Path Traversal vulnerability in Camaleo Myeasybackup 1.0.8.1 Directory traversal vulnerability in meb_download.php in the myEASYbackup plugin 1.0.8.1 for WordPress allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2012-01-20 | CVE-2012-0896 | TOM Braider Wordpress Count PER DAY Project | Path Traversal vulnerability in multiple products Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter. | 5.0 |
| 2012-01-20 | CVE-2012-0193 | IBM | Improper Input Validation vulnerability in IBM Websphere Application Server IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 before 6.1.0.43, 7.0 before 7.0.0.23, and 8.0 before 8.0.0.3 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters. | 5.0 |
| 2012-01-19 | CVE-2011-4873 | Atvise | Remote Denial of Service vulnerability in atvise Unspecified vulnerability in the server in Certec EDV atvise before 2.1 allows remote attackers to cause a denial of service (daemon crash) via crafted requests to TCP port 4840. | 5.0 |
| 2012-01-19 | CVE-2011-3375 | Apache | Information Exposure vulnerability in Apache Tomcat Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data. | 5.0 |
| 2012-01-18 | CVE-2012-0486 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495. | 5.0 |
| 2012-01-18 | CVE-2012-0104 | Oracle | Remote vulnerability in Oracle GlassFish Enterprise Server 3.0.1/3.1.1 Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container. | 5.0 |
| 2012-01-18 | CVE-2012-0096 | SUN | Remote vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network. | 5.0 |
| 2012-01-18 | CVE-2012-0072 | Oracle | Listener Remote vulnerability in Oracle Database Server Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown vectors. | 5.0 |
| 2012-01-18 | CVE-2011-3569 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.3.0/11.1.1.4.0/11.1.1.5.0 Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Web Services Security. | 5.0 |
| 2012-01-18 | CVE-2011-3566 | Oracle | Remote Security vulnerability in Oracle Weblogic Server Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vectors related to Web Container. | 5.0 |
| 2012-01-18 | CVE-2011-3531 | Oracle | Remote Oracle Web Services Manager vulnerability in Oracle Web Services Manager Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect availability via unknown vectors related to Web Services Security. | 5.0 |
| 2012-01-18 | CVE-2011-2324 | Oracle | Denial Of Service vulnerability in Oracle products Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote attackers to affect availability, related to Enterprise Infrastructure SEC (JDENET). | 5.0 |
| 2012-01-18 | CVE-2011-2262 | Mysql Oracle | Remote MySQL Server vulnerability in Oracle MySQL Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors. | 5.0 |
| 2012-01-18 | CVE-2012-0781 | PHP | Resource Management Errors vulnerability in PHP 5.3.8 The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153. | 5.0 |
| 2012-01-18 | CVE-2011-4153 | PHP | Improper Input Validation vulnerability in PHP 5.3.8 PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c. | 5.0 |
| 2012-01-18 | CVE-2012-0118 | Mysql Oracle | Remote MySQL Server vulnerability in Oracle MySQL Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113. | 4.9 |
| 2012-01-18 | CVE-2012-0116 | Mysql Oracle | Remote MySQL Server vulnerability in Oracle MySQL Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 4.9 |
| 2012-01-18 | CVE-2012-0103 | SUN | Local Solaris vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel. | 4.9 |
| 2012-01-19 | CVE-2011-1376 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/client_ffdc/, which allows local users to read or modify files via standard filesystem operations. | 4.6 |
| 2012-01-18 | CVE-2011-3565 | Oracle | Local Security vulnerability in Oracle Communications Unified 7.0 Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Calendar Server. | 4.6 |
| 2012-01-18 | CVE-2012-0110 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availability, related to Outside In Image Export SDK. | 4.4 |
| 2012-01-20 | CVE-2012-0904 | Videolan | Resource Management Errors vulnerability in Videolan VLC Media Player 1.1.11 VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file. | 4.3 |
| 2012-01-20 | CVE-2012-0903 | Vmware | Cross-Site Scripting vulnerability in VMWare Zimbra Desktop 7.1.2 Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop 7.1.2 b10978 allow remote attackers to inject arbitrary web script or HTML via the (1) Username or (2) MailBox Name. | 4.3 |
| 2012-01-20 | CVE-2012-0901 | Attenzione | Cross-Site Scripting vulnerability in Attenzione Yousaytoo 1.0 Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo auto-publishing plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. | 4.3 |
| 2012-01-20 | CVE-2012-0900 | Beehive Forum | Cross-Site Scripting vulnerability in Beehive Forum Beehive Forum 1.0.1 Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php. | 4.3 |
| 2012-01-20 | CVE-2012-0899 | Annuairephp | Cross-Site Scripting vulnerability in Annuairephp Annuaire PHP Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter. | 4.3 |
| 2012-01-20 | CVE-2012-0895 | TOM Braider Wordpress | Cross-Site Scripting vulnerability in TOM Braider Count PER DAY Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter. | 4.3 |
| 2012-01-18 | CVE-2012-0496 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 4.3 |
| 2012-01-18 | CVE-2012-0085 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5.1/7.5.2 Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2 and 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content Server. | 4.3 |
| 2012-01-18 | CVE-2012-0079 | Oracle | Unspecified vulnerability in Oracle Opensso 7.1/8.0 Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration. | 4.3 |
| 2012-01-18 | CVE-2012-0073 | Oracle | Remote Oracle Forms vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2012-01-18 | CVE-2012-0495 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0493. | 4.0 |
| 2012-01-18 | CVE-2012-0491 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0493, and CVE-2012-0495. | 4.0 |
| 2012-01-18 | CVE-2012-0490 | Mysql Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors. | 4.0 |
| 2012-01-18 | CVE-2012-0489 | Oracle | Remote MySQL Server vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495. | 4.0 |
| 2012-01-18 | CVE-2012-0488 | Oracle | Remote MySQL Server vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495. | 4.0 |
| 2012-01-18 | CVE-2012-0487 | Oracle | Remote MySQL Server vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495. | 4.0 |
| 2012-01-18 | CVE-2012-0485 | Mysql Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492. | 4.0 |
| 2012-01-18 | CVE-2012-0484 | Mysql Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors. | 4.0 |
| 2012-01-18 | CVE-2012-0120 | Mysql Oracle | Remote vulnerability in Oracle MySQL Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492. | 4.0 |
| 2012-01-18 | CVE-2012-0119 | Mysql Oracle | Remote vulnerability in Oracle MySQL Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492. | 4.0 |
| 2012-01-18 | CVE-2012-0115 | Mysql Oracle | Remote vulnerability in Oracle MySQL Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492. | 4.0 |
| 2012-01-18 | CVE-2012-0102 | Mysql Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101. | 4.0 |
| 2012-01-18 | CVE-2012-0101 | Mysql Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102. | 4.0 |
| 2012-01-18 | CVE-2012-0089 | Oracle | Remote PeopleSoft Enterprise HCM vulnerability in Oracle Peoplesoft products 9.1 Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance. | 4.0 |
| 2012-01-18 | CVE-2012-0088 | Oracle | PeopleSoft Enterprise HCM Remote vulnerability in Oracle Peoplesoft products 8.9/9.0/9.1 Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Benefits Administration. | 4.0 |
| 2012-01-18 | CVE-2012-0087 | Mysql Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102. | 4.0 |
| 2012-01-18 | CVE-2012-0078 | Oracle | Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 12.1.2/12.1.3 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services (Menu, LOV). | 4.0 |
| 2012-01-18 | CVE-2012-0076 | Oracle | Remote PeopleSoft Enterprise HCM vulnerability in Oracle PeopleSoft Enterprise HCM Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerformance. | 4.0 |
| 2012-01-18 | CVE-2012-0074 | Oracle | Remote PeopleSoft Enterprise CRM vulnerability in Oracle Peoplesoft products 8.9 Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect integrity via unknown vectors related to Sales. | 4.0 |
| 2012-01-18 | CVE-2011-3573 | Oracle | Remote Security vulnerability in Oracle Communications Unified 7.0 Unspecified vulnerability in Oracle Communications Unified 7.0 allows remote authenticated users to affect availability via unknown vectors related to Calendar Server. | 4.0 |
| 2012-01-18 | CVE-2011-3524 | Oracle | Information Disclosure vulnerability in Oracle products Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3509. | 4.0 |
| 2012-01-18 | CVE-2011-3514 | Oracle | Remote Security Bypass vulnerability in Oracle products Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastructure SEC (JDENET). | 4.0 |
| 2012-01-18 | CVE-2011-3509 | Oracle | Remote File Disclosure vulnerability in Oracle products Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3524. | 4.0 |
| 2012-01-18 | CVE-2011-2326 | Oracle | Information Disclosure vulnerability in Oracle products Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-3509, and CVE-2011-3524. | 4.0 |
| 2012-01-18 | CVE-2011-2325 | Oracle | Password Disclosure Security vulnerability in Oracle products Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2326, CVE-2011-3509, and CVE-2011-3524. | 4.0 |
| 2012-01-18 | CVE-2011-2321 | Oracle | Information Disclosure vulnerability in Oracle products Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDNET). | 4.0 |
| 2012-01-18 | CVE-2011-2317 | Oracle | Arbitrary File Upload vulnerability in Oracle products Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastucture SEC (JDNET). | 4.0 |
25 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-01-18 | CVE-2012-0105 | Oracle | Local vulnerability in Oracle Virtualization and VM Virtualbox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions. | 3.7 |
| 2012-01-18 | CVE-2012-0081 | Oracle | Local GlassFish Enterprise Server vulnerability in Oracle Glassfish Server 3.1.1 Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration. | 3.7 |
| 2012-01-18 | CVE-2012-0111 | Oracle | Local vulnerability in Oracle Virtualization and VM Virtualbox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders. | 3.6 |
| 2012-01-18 | CVE-2012-0109 | SUN | Local Solaris vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP. | 3.6 |
| 2012-01-18 | CVE-2011-3571 | Oracle | Remote vulnerability in Oracle Virtualization 3.2 Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. | 3.6 |
| 2012-01-18 | CVE-2012-0117 | Oracle | Remote MySQL Server vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495. | 3.5 |
| 2012-01-18 | CVE-2012-0112 | Mysql Oracle | Remote MySQL Server vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492. | 3.5 |
| 2012-01-18 | CVE-2012-0084 | Oracle | Remote Oracle WebCenter Content vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect integrity via unknown vectors related to Content Server. | 3.5 |
| 2012-01-18 | CVE-2012-0077 | Oracle | Remote Oracle WebLogic Server vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote authenticated users to affect integrity, related to WLS-Console. | 3.5 |
| 2012-01-18 | CVE-2011-2271 | Oracle | Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload. | 3.5 |
| 2012-01-18 | CVE-2011-3574 | Oracle | Local Oracle Communications Unified vulnerability in Oracle Communications Unified 7.0 Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality and integrity via unknown vectors related to Calendar Server. | 3.3 |
| 2012-01-18 | CVE-2012-0114 | Mysql Oracle | Local Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors. | 3.0 |
| 2012-01-18 | CVE-2012-0091 | Oracle | Remote vulnerability in Oracle Peoplesoft products 8.52.05 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52.05 allows remote authenticated users to affect integrity and availability via unknown vectors related to Upgrade Change Assistance. | 2.7 |
| 2012-01-18 | CVE-2012-0099 | SUN | Remote Security vulnerability in SUN Sunos 5.10/5.11/5.9 Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd. | 2.6 |
| 2012-01-17 | CVE-2011-3328 | Greg Roelofs | Unspecified vulnerability in Greg Roelofs Libpng 1.5.4 The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value. | 2.6 |
| 2012-01-19 | CVE-2007-6744 | Flexerasoftware | Information Exposure vulnerability in Flexerasoftware Installshield 10.5/11/11.5 Flexera Macrovision InstallShield before 2008 sends a digital-signature password to an unintended application during certain signature operations involving .spc and .pvk files, which might allow local users to obtain sensitive information via unspecified vectors, related to an incorrect interaction between InstallShield and Signcode.exe. | 2.1 |
| 2012-01-19 | CVE-2011-4142 | EMC | Credentials Management vulnerability in EMC Sourceone Email Management The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to obtain sensitive information by reading these files. | 2.1 |
| 2012-01-18 | CVE-2012-0493 | Oracle | Remote vulnerability in Oracle MySQL Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0117, CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, and CVE-2012-0495. | 2.1 |
| 2012-01-18 | CVE-2012-0492 | Mysql Oracle | Remote MySQL Server vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485. | 2.1 |
| 2012-01-18 | CVE-2012-0097 | SUN | Local Solaris vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell. | 2.1 |
| 2012-01-18 | CVE-2011-3570 | Oracle | Local Security vulnerability in Oracle Communications Unified 7.0 Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server. | 2.1 |
| 2012-01-18 | CVE-2011-3564 | Oracle | Local Security vulnerability in Oracle SUN Glassfish Enterprise Server 2.1.1 Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration. | 2.1 |
| 2012-01-18 | CVE-2012-0098 | SUN | Local Solaris vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813. | 1.9 |
| 2012-01-18 | CVE-2012-0494 | Oracle | Local Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors. | 1.7 |
| 2012-01-18 | CVE-2012-0075 | Mysql Oracle | Remote MySQL Server vulnerability in Oracle MySQL Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors. | 1.7 |