Weekly Vulnerabilities Reports > April 30 to May 6, 2012

Overview

2 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 0 high severity vulnerabilities. This weekly summary report vulnerabilities in 3 products from 2 vendors including Oracle, and Vmware. Vulnerabilities are notably categorized as and "Improper Restriction of Operations within the Bounds of a Memory Buffer".

  • 2 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 1 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-05-04 CVE-2012-1516 Vmware Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in VMWare ESX and Esxi

The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers.

9.9
2012-05-03 CVE-2012-1710 Oracle Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.5

Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer, a different vulnerability than CVE-2012-1709.

9.8

0 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

0 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS