Weekly Vulnerabilities Reports > July 16 to 22, 2012
Overview
158 new vulnerabilities reported during this period, including 14 critical vulnerabilities and 11 high severity vulnerabilities. This weekly summary report vulnerabilities in 93 products from 41 vendors including Oracle, Mozilla, Moodle, SUN, and Mariadb. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", and "Resource Management Errors".
- 133 reported vulnerabilities are remotely exploitables.
- 5 reported vulnerabilities have public exploit available.
- 17 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 109 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 63 reported vulnerabilities.
- Mozilla has the most reported critical vulnerabilities, with 9 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
14 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-20 | CVE-2012-2688 | PHP | Buffer Overflow vulnerability in PHP '_php_stream_scandir()' Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown impact and remote attack vectors, related to an "overflow." | 10.0 |
2012-07-19 | CVE-2012-2974 | SMC | Improper Authentication vulnerability in SMC Smc8024L2 Switch The web interface on the SMC SMC8024L2 switch allows remote attackers to bypass authentication and obtain administrative access via a direct request to a .html file under (1) status/, (2) system/, (3) ports/, (4) trunks/, (5) vlans/, (6) qos/, (7) rstp/, (8) dot1x/, (9) security/, (10) igmps/, or (11) snmp/. | 10.0 |
2012-07-18 | CVE-2012-4033 | Zingiri Wordpress | Unspecified vulnerability in Zingiri web Shop Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin before 2.4.0 for WordPress have unknown impact and attack vectors. | 10.0 |
2012-07-18 | CVE-2012-1967 | Mozilla | Privilege Escalation vulnerability in Mozilla Firefox/Thunderbird/SeaMonkey Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly implement the JavaScript sandbox utility, which allows remote attackers to execute arbitrary JavaScript code with improper privileges via a javascript: URL. | 10.0 |
2012-07-18 | CVE-2012-1962 | Mozilla | Resource Management Errors vulnerability in Mozilla products Use-after-free vulnerability in the JSDependentString::undepend function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via vectors involving strings with multiple dependencies. | 10.0 |
2012-07-18 | CVE-2012-1954 | Mozilla | Resource Management Errors vulnerability in Mozilla products Use-after-free vulnerability in the nsDocument::AdoptNode function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code via vectors involving multiple adoptions and empty documents. | 10.0 |
2012-07-18 | CVE-2012-1951 | Mozilla | Resource Management Errors vulnerability in Mozilla products Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (heap memory corruption) or possibly execute arbitrary code by interacting with objects used for SMIL Timing. | 10.0 |
2012-07-17 | CVE-2012-3135 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.3 and before, and 27.7.2 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
2012-07-19 | CVE-2012-0284 | Cisco | Buffer Errors vulnerability in Cisco Linksys Playerpt Activex Control 1.0.0.15 Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument). | 9.3 |
2012-07-18 | CVE-2012-1958 | Mozilla | Resource Management Errors vulnerability in Mozilla products Use-after-free vulnerability in the nsGlobalWindow::PageHidden function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 might allow remote attackers to execute arbitrary code via vectors related to focused content. | 9.3 |
2012-07-18 | CVE-2012-1953 | Mozilla | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla products The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allows remote attackers to cause a denial of service (buffer over-read, incorrect pointer dereference, and heap-based buffer overflow) or possibly execute arbitrary code via a crafted web site. | 9.3 |
2012-07-18 | CVE-2012-1952 | Mozilla | Resource Management Errors vulnerability in Mozilla products The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly perform a cast of a frame variable during processing of mixed row-group and column-group frames, which might allow remote attackers to execute arbitrary code via a crafted web site. | 9.3 |
2012-07-18 | CVE-2012-1949 | Mozilla | Memory Corruption vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
2012-07-18 | CVE-2012-1948 | Mozilla | Memory Corruption vulnerability in Mozilla Firefox/Thunderbird/Seamonkey MFSA 2012-42 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors. | 9.3 |
11 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-20 | CVE-2012-3008 | Osisoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Osisoft PI OPC DA Interface 2.3.16.16/2.3.17.18 Stack-based buffer overflow in OSIsoft PI OPC DA Interface before 2.3.20.9 allows remote authenticated users to execute arbitrary code by sending packet data during the processing of messages associated with OPC items. | 8.5 |
2012-07-17 | CVE-2012-3120 | SUN | Unspecified vulnerability in SUN Sunos 5.8 Unspecified vulnerability in Oracle Sun Solaris 8 allows remote attackers to affect availability, related to TCP/IP. | 7.8 |
2012-07-17 | CVE-2012-1740 | Oracle | Unspecified vulnerability in Oracle Application Express Listener Unspecified vulnerability in the Oracle Application Express Listener component in Oracle Application Express Listener 1.1-ea, 1.1.1, 1.1.2, and 1.1.3 allows remote attackers to affect confidentiality via unknown vectors. | 7.8 |
2012-07-22 | CVE-2012-4045 | Nullsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nullsoft Winamp Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 build 3235 allow remote attackers to execute arbitrary code via the (1) strf chunk in BI_RGB or (2) UYVY video data in an AVI file, or (3) decompressed TechSmith Screen Capture Codec (TSCC) data in an AVI file. | 7.5 |
2012-07-22 | CVE-2011-3464 | Libpng | Numeric Errors vulnerability in Libpng Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow. | 7.5 |
2012-07-18 | CVE-2012-2303 | Florian Weber Drupal | Permissions, Privileges, and Access Controls vulnerability in Florian Weber Spaces The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) Spaces OG module. | 7.5 |
2012-07-18 | CVE-2012-2140 | Rubygems | Improper Input Validation vulnerability in Rubygems Mail GEM 2.3.2/2.3.3 The Mail gem before 2.4.3 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) sendmail or (2) exim delivery. | 7.5 |
2012-07-17 | CVE-2012-3241 | Eucalyptus | Permissions, Privileges, and Access Controls vulnerability in Eucalyptus 2.0.3/3.0.1 The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows remote attackers to execute arbitrary VMware Broker API commands. | 7.5 |
2012-07-17 | CVE-2012-3240 | Eucalyptus | Permissions, Privileges, and Access Controls vulnerability in Eucalyptus 2.0.3/3.0.1 The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges via a crafted REST request. | 7.5 |
2012-07-16 | CVE-2012-2607 | Johnsoncontrols | OS Command Injection vulnerability in Johnsoncontrols Network Controller and Network Controller Firmware The Johnson Controls CK721-A controller with firmware before SSM4388_03.1.0.14_BB allows remote attackers to perform arbitrary actions via crafted packets to TCP port 41014 (aka the download port). | 7.5 |
2012-07-17 | CVE-2012-3125 | SUN | Unspecified vulnerability in SUN Sunos 5.10/5.8/5.9 Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows remote attackers to affect availability, related to TCP/IP. | 7.1 |
101 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-22 | CVE-2012-3384 | Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Wordpress Cross-site request forgery (CSRF) vulnerability in the customizer in WordPress before 3.4.1 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 6.8 |
2012-07-19 | CVE-2012-4025 | Squashfs Project | Integer Overflow OR Wraparound vulnerability in Squashfs Project Squashfs Integer overflow in the queue_init function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted block_log field in the superblock of a .sqsh file, leading to a heap-based buffer overflow. | 6.8 |
2012-07-19 | CVE-2012-4024 | Squashfs Project | Out-Of-Bounds Write vulnerability in Squashfs Project Squashfs Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). | 6.8 |
2012-07-18 | CVE-2012-0868 | Postgresql | SQL Injection vulnerability in Postgresql CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored. | 6.8 |
2012-07-18 | CVE-2012-1955 | Mozilla | Location Bar Spoofing vulnerability in Mozilla Firefox Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 allow remote attackers to spoof the address bar via vectors involving history.forward and history.back calls. | 6.8 |
2012-07-17 | CVE-2012-1737 | Oracle | SQL Injection vulnerability in Oracle Enterprise Manager for Oracle Database Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Enterprise Manager Grid Control EM Base Platform 10.2.0.5, EM Base Platform 11.1.0.1, EM Plugin for DB 12.1.0.1, and EM Plugin for DB 12.1.0.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Performance Advisories/UIs. | 6.8 |
2012-07-17 | CVE-2012-1735 | Oracle Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 6.8 |
2012-07-17 | CVE-2012-1731 | Oracle | Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI. | 6.8 |
2012-07-17 | CVE-2012-0282 | Xnview | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xnview Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ImageLeftPosition value in an ImageDescriptor structure in a GIF image. | 6.8 |
2012-07-17 | CVE-2012-0277 | Xnview | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xnview Heap-based buffer overflow in XnView before 1.99 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PCT image. | 6.8 |
2012-07-17 | CVE-2012-0276 | Xnview | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xnview Multiple heap-based buffer overflows in XnView before 1.99 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a (1) SGI32LogLum compressed TIFF image or (2) SGI32LogLum compressed TIFF image with the PhotometricInterpretation encoding set to LogL. | 6.8 |
2012-07-21 | CVE-2012-2363 | Moodle | SQL Injection vulnerability in Moodle SQL injection vulnerability in calendar/event.php in the calendar implementation in Moodle 1.9.x before 1.9.18 allows remote authenticated users to execute arbitrary SQL commands via a crafted calendar event. | 6.5 |
2012-07-20 | CVE-2011-4583 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service tokens associated with (1) disabled services and (2) users who no longer have authorization, which allows remote authenticated users to have an unspecified impact by reading these tokens. | 6.5 |
2012-07-18 | CVE-2012-0866 | Postgresql | Permissions, Privileges, and Access Controls vulnerability in Postgresql CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table. | 6.5 |
2012-07-17 | CVE-2012-0795 | Moodle | Improper Input Validation vulnerability in Moodle Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 does not validate e-mail address settings, which allows remote authenticated users to have an unspecified impact via a crafted address. | 6.5 |
2012-07-16 | CVE-2012-2282 | EMC | Permissions, Privileges, and Access Controls vulnerability in EMC Celerra Network Server, VNX and Vnxe EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before 7.0.53.2, and VNXe 2.0 and 2.1 before 2.1.3.19077 (aka MR1 SP3.2) and 2.2 before 2.2.0.19078 (aka MR2 SP0.2) do not properly implement NFS access control, which allows remote authenticated users to read or modify files via a (1) NFSv2, (2) NFSv3, or (3) NFSv4 request. | 6.5 |
2012-07-18 | CVE-2012-1950 | Mozilla | Address Bar URI Spoofing vulnerability in Mozilla Firefox and Firefox ESR The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 allows remote attackers to spoof the address bar by canceling a page load. | 6.4 |
2012-07-17 | CVE-2011-4358 | Oracle | Unspecified vulnerability in Oracle SUN Glassfish Enterprise Server 3.0.1/3.1.1 Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect confidentiality and integrity, related to JSF. | 6.4 |
2012-07-17 | CVE-2012-3126 | Oracle | Local Solaris Cluster vulnerability in Oracle SUN products Suite 3.3 Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Products Suite 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Apache Tomcat Agent. | 6.2 |
2012-07-17 | CVE-2012-1741 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.5 Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to User Administration Pages. | 5.8 |
2012-07-17 | CVE-2012-1728 | Oracle | Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Portal Framework. | 5.8 |
2012-07-17 | CVE-2012-4032 | Websitepanel | Improper Input Validation vulnerability in Websitepanel Open redirect vulnerability in the login page in WebsitePanel before 1.2.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in ReturnUrl to Default.aspx. | 5.8 |
2012-07-17 | CVE-2012-1687 | SUN | Local Solaris vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability, related to Logical Domains (LDOM). | 5.6 |
2012-07-22 | CVE-2012-3361 | Openstack | Permissions, Privileges, and Access Controls vulnerability in Openstack Diablo, Essex and Folsom virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) allows remote authenticated users to overwrite arbitrary files via a symlink attack on a file in an image. | 5.5 |
2012-07-22 | CVE-2012-3360 | Openstack | Path Traversal vulnerability in Openstack Essex and Folsom Directory traversal vulnerability in virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when used over libvirt-based hypervisors, allows remote authenticated users to write arbitrary files to the disk image via a .. | 5.5 |
2012-07-21 | CVE-2012-2366 | Moodle | Unspecified vulnerability in Moodle mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 does not properly iterate through an array, which allows remote authenticated users to overwrite arbitrary database activity presets via unspecified vectors. | 5.5 |
2012-07-21 | CVE-2012-2358 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that already exist. | 5.5 |
2012-07-20 | CVE-2011-4589 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not check for the moodle/course:changeidnumber privilege during handling of course ID numbers, which allows remote authenticated users to overwrite ID numbers via a restore action. | 5.5 |
2012-07-17 | CVE-2012-3113 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 9.0.20 Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users to affect confidentiality and integrity, related to EPERF. | 5.5 |
2012-07-17 | CVE-2012-0798 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 allows remote authenticated users to obtain the manager role by leveraging the teacher role. | 5.5 |
2012-07-17 | CVE-2012-0797 | Moodle | Configuration vulnerability in Moodle The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token. | 5.5 |
2012-07-17 | CVE-2012-3127 | SUN | Remote Solaris vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to SCTP. | 5.4 |
2012-07-17 | CVE-2012-1753 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to PC. | 5.4 |
2012-07-17 | CVE-2012-3129 | SUN | Remote Solaris vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, integrity, and availability, related to Gnome PDF viewer. | 5.1 |
2012-07-22 | CVE-2012-3385 | Wordpress | Permissions, Privileges, and Access Controls vulnerability in Wordpress WordPress before 3.4.1 does not properly restrict access to post contents such as private or draft posts, which allows remote authors or contributors to obtain sensitive information via unknown vectors. | 5.0 |
2012-07-22 | CVE-2012-3357 | Viewvc | Information Exposure vulnerability in Viewvc The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before 1.1.15 does not properly handle log messages when a readable path is copied from an unreadable path, which allows remote attackers to obtain sensitive information, related to a "log msg leak." | 5.0 |
2012-07-20 | CVE-2012-3365 | PHP | Permissions, Privileges, and Access Controls vulnerability in PHP The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the open_basedir protection mechanism via unspecified vectors. | 5.0 |
2012-07-18 | CVE-2012-2139 | Rubygems | Path Traversal vulnerability in Rubygems Mail GEM 2.3.2/2.3.3/2.4.1 Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. | 5.0 |
2012-07-18 | CVE-2012-1960 | Mozilla | Information Exposure vulnerability in Mozilla Firefox, Seamonkey and Thunderbird The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS implementation in Mozilla Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey before 2.11 might allow remote attackers to obtain sensitive information from process memory via a crafted color profile that triggers an out-of-bounds read operation. | 5.0 |
2012-07-18 | CVE-2012-1959 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla products Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not consider the presence of same-compartment security wrappers (SCSW) during the cross-compartment wrapping of objects, which allows remote attackers to bypass intended XBL access restrictions via crafted content. | 5.0 |
2012-07-17 | CVE-2012-3124 | SUN | Remote Solaris vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect availability, related to Kernel/KSSL. | 5.0 |
2012-07-17 | CVE-2012-3123 | SUN | Remote Solaris vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect confidentiality, related to Apache HTTP Server. | 5.0 |
2012-07-17 | CVE-2012-3121 | SUN | Remote Solaris vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote attackers to affect availability via unknown vectors related to in.tnamed and NameServer. | 5.0 |
2012-07-17 | CVE-2012-1749 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.1/11.1.1.5.0 Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps. | 5.0 |
2012-07-17 | CVE-2012-1747 | Oracle | Unspecified vulnerability in Oracle Database Server Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1746. | 5.0 |
2012-07-17 | CVE-2012-1746 | Oracle Microsoft | Unspecified vulnerability in Oracle Database Server Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Windows, allows remote attackers to affect availability via unknown vectors, a different vulnerability than CVE-2012-1747. | 5.0 |
2012-07-17 | CVE-2012-1745 | Oracle | Remote Network Layer vulnerability in Oracle Database Server Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors. | 5.0 |
2012-07-17 | CVE-2012-1742 | Oracle | Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1760. | 5.0 |
2012-07-17 | CVE-2012-1738 | Oracle | Unspecified vulnerability in Oracle products Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite Java System Web Server 6.1 and Oracle iPlanet Web Server 7.0 allows remote attackers to affect availability via unknown vectors related to Web Server. | 5.0 |
2012-07-17 | CVE-2012-1736 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.1 Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1 allows remote attackers to affect confidentiality via unknown vectors related to Oracle Maps. | 5.0 |
2012-07-17 | CVE-2012-4031 | Wangkongbao | Path Traversal vulnerability in Wangkongbao Cns-1000 and Cns-1100 Multiple directory traversal vulnerabilities in src/acloglogin.php in Wangkongbao CNS-1000 and 1100 allow remote attackers to read arbitrary files via a .. | 5.0 |
2012-07-16 | CVE-2012-4026 | Johnsoncontrols | Improper Input Validation vulnerability in Johnsoncontrols products The Johnson Controls Pegasys P2000 server with software before 3.11 allows remote attackers to trigger false alerts via crafted packets to TCP port 41013 (aka the upload port), a different vulnerability than CVE-2012-2607. | 5.0 |
2012-07-20 | CVE-2011-4582 | Moodle | Improper Input Validation vulnerability in Moodle 2.1.0/2.1.1/2.1.2 Open redirect vulnerability in the Calendar set page in Moodle 2.1.x before 2.1.3 allows remote authenticated users to redirect users to arbitrary web sites and conduct phishing attacks via a redirection URL. | 4.9 |
2012-07-17 | CVE-2012-1752 | SUN | Unspecified vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Kernel/NFS. | 4.9 |
2012-07-17 | CVE-2012-1765 | SUN | Local Solaris vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via unknown vectors related to Branded Zone. | 4.7 |
2012-07-17 | CVE-2012-1750 | SUN | Local Solaris vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to mailx. | 4.4 |
2012-07-22 | CVE-2009-5031 | Trustwave Opensuse | Cross-Site Scripting vulnerability in multiple products ModSecurity before 2.5.11 treats request parameter values containing single quotes as files, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks via a single quote in a request parameter in the Content-Disposition field of a request with a multipart/form-data Content-Type header. | 4.3 |
2012-07-20 | CVE-2012-2955 | IBM | Cross-Site Scripting vulnerability in IBM products Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in IBM Lotus Protector for Mail Security 2.1, 2.5, 2.5.1, and 2.8 and IBM ISS Proventia Network Mail Security System allow remote attackers to inject arbitrary web script or HTML via the query string. | 4.3 |
2012-07-18 | CVE-2012-0867 | Opensuse Project Postgresql Debian Redhat | Improper Input Validation vulnerability in multiple products PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 truncates the common name to only 32 characters when verifying SSL certificates, which allows remote attackers to spoof connections when the host name is exactly 32 characters. | 4.3 |
2012-07-18 | CVE-2012-1966 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Firefox ESR Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not have the same context-menu restrictions for data: URLs as for javascript: URLs, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted URL. | 4.3 |
2012-07-18 | CVE-2012-1965 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Firefox and Firefox ESR Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do not properly establish the security context of a feed: URL, which allows remote attackers to bypass unspecified cross-site scripting (XSS) protection mechanisms via a feed:javascript: URL. | 4.3 |
2012-07-18 | CVE-2012-1963 | Mozilla | Permissions, Privileges, and Access Controls vulnerability in Mozilla products The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly restrict the strings placed into the blocked-uri parameter of a violation report, which allows remote web servers to capture OpenID credentials and OAuth 2.0 access tokens by triggering a violation. | 4.3 |
2012-07-18 | CVE-2012-1961 | Mozilla | Improper Input Validation vulnerability in Mozilla products Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 do not properly handle duplicate values in X-Frame-Options headers, which makes it easier for remote attackers to conduct clickjacking attacks via a FRAME element referencing a web site that produces these duplicate values. | 4.3 |
2012-07-18 | CVE-2012-1957 | Mozilla | Cross-Site Scripting vulnerability in Mozilla products An unspecified parser-utility class in Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.11 does not properly handle EMBED elements within description elements in RSS feeds, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a feed. | 4.3 |
2012-07-17 | CVE-2012-3131 | SUN | Remote Solaris vulnerability in SUN Sunos 5.10/5.11/5.9 Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows remote attackers to affect confidentiality, related to Network/NFS. | 4.3 |
2012-07-17 | CVE-2012-3130 | SUN | Unspecified vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to pkg.depotd. | 4.3 |
2012-07-17 | CVE-2012-3115 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware 10.1.3.1/11.1.1.5.0/11.1.1.6.0 Unspecified vulnerability in the Oracle MapViewer component in Oracle Fusion Middleware 10.1.3.1, 11.1.1.5, and 11.1.1.6 allows remote attackers to affect integrity via unknown vectors related to Install. | 4.3 |
2012-07-17 | CVE-2012-3114 | Oracle | Unspecified vulnerability in Oracle Supply Chain products Suite Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
2012-07-17 | CVE-2012-3112 | SUN | Remote Solaris vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors related to Solaris Management Console. | 4.3 |
2012-07-17 | CVE-2012-1761 | Oracle | Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to UI Framework. | 4.3 |
2012-07-17 | CVE-2012-1760 | Oracle | Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1742. | 4.3 |
2012-07-17 | CVE-2012-1730 | Oracle | Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Password Management. | 4.3 |
2012-07-17 | CVE-2012-1729 | Oracle | Unspecified vulnerability in Oracle Hyperion Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3 and earlier allows remote attackers to affect integrity via unknown vectors related to UI and Visualization. | 4.3 |
2012-07-17 | CVE-2012-1715 | Oracle | Unspecified vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity, related to HTML Pages. | 4.3 |
2012-07-17 | CVE-2011-3562 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware 11.1.1.5.0/11.1.1.6.0/11.1.2.0 Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
2012-07-17 | CVE-2012-1571 | Christos Zoulas TIM Robbins | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid pointer dereference. | 4.3 |
2012-07-17 | CVE-2012-0799 | Moodle | Information Exposure vulnerability in Moodle Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous front-page forum is enabled, allows remote attackers to obtain session keys for their sessions by visiting the front page. | 4.3 |
2012-07-16 | CVE-2012-2645 | Yahoo | Information Exposure vulnerability in Yahoo Yahoo! Browser 1.2.0 The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for Android does not properly implement the WebView class, which allows remote attackers to obtain sensitive information via a crafted application. | 4.3 |
2012-07-16 | CVE-2012-2021 | HP | Cross-Site Scripting vulnerability in HP Assetmanager Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager 5.20, 5.21, 5.22, and 9.30 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2012-07-22 | CVE-2012-2738 | Nalin Dahyabhai | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nalin Dahyabhai VTE The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote authenticated users to cause a denial of service (long loop and CPU consumption) via an escape sequence with a large repeat count value. | 4.0 |
2012-07-21 | CVE-2012-2367 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass the moodle/calendar:manageownentries capability requirement and add a calendar entry via a New Entry action. | 4.0 |
2012-07-21 | CVE-2012-2356 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action. | 4.0 |
2012-07-21 | CVE-2012-2355 | Moodle | Permissions, Privileges, and Access Controls vulnerability in Moodle Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass question:use* capability requirements and add arbitrary questions to a quiz via the questions feature. | 4.0 |
2012-07-21 | CVE-2012-2353 | Moodle | Information Exposure vulnerability in Moodle Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section. | 4.0 |
2012-07-20 | CVE-2011-4590 | Moodle | Improper Authentication vulnerability in Moodle The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 does not properly consider the maintenance-mode state and account attributes during login attempts, which allows remote authenticated users to bypass intended access restrictions by connecting to a webservice server. | 4.0 |
2012-07-18 | CVE-2012-2655 | Postgresql | Resource Management Errors vulnerability in Postgresql PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service (server crash) by adding the (1) SECURITY DEFINER or (2) SET attributes to a procedural language's call handler. | 4.0 |
2012-07-18 | CVE-2012-1964 | Mozilla | Clickjacking vulnerability in Mozilla Firefox/Thunderbird/Seamonkey The certificate-warning functionality in browser/components/certerror/content/aboutCertError.xhtml in Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.6, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey before 2.10 does not properly handle attempted clickjacking of the about:certerror page, which allows man-in-the-middle attackers to trick users into adding an unintended exception via an IFRAME element. | 4.0 |
2012-07-17 | CVE-2012-3134 | Oracle | Remote Core RDBMS vulnerability in Oracle Database Server 11.1.0.7/11.2.0.2/11.2.0.3 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect availability via unknown vectors. | 4.0 |
2012-07-17 | CVE-2012-3119 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 9.0.20 Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway. | 4.0 |
2012-07-17 | CVE-2012-3118 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality, related to PANPROC. | 4.0 |
2012-07-17 | CVE-2012-3117 | Oracle | Unspecified vulnerability in Oracle Supply Chain products Suite Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to HTTP. | 4.0 |
2012-07-17 | CVE-2012-1759 | Oracle | Unspecified vulnerability in Oracle Supply Chain products Suite 20.0.2/20.1 Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1758. | 4.0 |
2012-07-17 | CVE-2012-1758 | Oracle | Unspecified vulnerability in Oracle Supply Chain products Suite 20.0.2/20.1 Unspecified vulnerability in the Oracle AutoVue component in Oracle Supply Chain Products Suite 20.0.2 and 20.1 allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-1759. | 4.0 |
2012-07-17 | CVE-2012-1757 | Oracle Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 4.0 |
2012-07-17 | CVE-2012-1756 | Oracle Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier allows remote authenticated users to affect availability via unknown vectors. | 4.0 |
2012-07-17 | CVE-2012-1754 | Oracle | Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1732. | 4.0 |
2012-07-17 | CVE-2012-1748 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 9.1 Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Candidate Gateway, a different vulnerability than CVE-2012-0562. | 4.0 |
2012-07-17 | CVE-2012-1734 | Oracle Mariadb Redhat | Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 4.0 |
2012-07-17 | CVE-2012-1732 | Oracle | Unspecified vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework, a different vulnerability than CVE-2012-1754. | 4.0 |
2012-07-17 | CVE-2012-1689 | Oracle Mariadb Redhat | Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 4.0 |
2012-07-17 | CVE-2012-0540 | Oracle Mariadb Redhat | Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension. | 4.0 |
32 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-07-17 | CVE-2012-3128 | Oracle | Local SPARC T-Series Servers vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle SPARC T-Series Servers running System Firmware 8.2.0 and 8.1.4.e or earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Integrated Lights Out Manager. | 3.7 |
2012-07-17 | CVE-2012-3355 | Gnome | Code Injection vulnerability in Gnome Rhythmbox (1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) LyricsTab.py in the Context module in GNOME Rhythmbox 0.13.3 and earlier allows local users to execute arbitrary code via a symlink attack on a temporary HTML template file in the /tmp/context directory. | 3.6 |
2012-07-21 | CVE-2012-2365 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php. | 3.5 |
2012-07-21 | CVE-2012-2361 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php. | 3.5 |
2012-07-21 | CVE-2012-2360 | Moodle | Cross-Site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title. | 3.5 |
2012-07-17 | CVE-2012-3111 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH, a different vulnerability than CVE-2012-1762. | 3.5 |
2012-07-17 | CVE-2012-1764 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to MCF. | 3.5 |
2012-07-17 | CVE-2012-1762 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity, related to TECH, a different vulnerability than CVE-2012-3111. | 3.5 |
2012-07-17 | CVE-2012-1739 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Financials Business Intelligence. | 3.5 |
2012-07-17 | CVE-2012-1733 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 8.50/8.51/8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to CM. | 3.5 |
2012-07-17 | CVE-2012-1727 | Oracle | Unspecified vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Document Repository. | 3.5 |
2012-07-17 | CVE-2012-3371 | Openstack | Improper Input Validation vulnerability in Openstack Compute, Essex and Folsom The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and Essex (2012.1), when DifferentHostFilter or SameHostFilter is enabled, allows remote authenticated users to cause a denial of service (excessive database lookup calls and server hang) via a request with many repeated IDs in the os:scheduler_hints section. | 3.5 |
2012-07-17 | CVE-2012-1743 | Oracle | Unspecified vulnerability in Oracle Industry Applications 4.6.0/4.6.2/4.6.3 Unspecified vulnerability in the Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications 4.6.0.x, 4.6.2, and 4.6.3 allows remote authenticated users to affect confidentiality, related to HTML Surround. | 2.8 |
2012-07-22 | CVE-2012-3383 | Wordpress | Permissions, Privileges, and Access Controls vulnerability in Wordpress 3.4.0 The map_meta_cap function in wp-includes/capabilities.php in WordPress 3.4.x before 3.4.2, when the multisite feature is enabled, does not properly assign the unfiltered_html capability, which allows remote authenticated users to bypass intended access restrictions and conduct cross-site scripting (XSS) attacks by leveraging the Administrator or Editor role and composing crafted text. | 2.6 |
2012-07-17 | CVE-2012-3122 | SUN | Unspecified vulnerability in SUN Sunos 5.8/5.9 Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local users to affect confidentiality and integrity via unknown vectors related to sort. | 2.6 |
2012-07-17 | CVE-2012-3110 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, and CVE-2012-3108. | 2.1 |
2012-07-17 | CVE-2012-3109 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1768. | 2.1 |
2012-07-17 | CVE-2012-3108 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-3107 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-3106 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1773 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1772 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1771 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1770 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1769 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1767, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1768 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-3109. | 2.1 |
2012-07-17 | CVE-2012-1767 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5/8.3.7 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1766, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1766 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107, CVE-2012-3108, and CVE-2012-3110. | 2.1 |
2012-07-17 | CVE-2012-1744 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware 8.3.5.0/8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent users to affect availability via unknown vectors related to Outside In Filters. | 2.1 |
2012-07-17 | CVE-2012-0563 | SUN | Unspecified vulnerability in SUN Sunos 5.10/5.11/5.9 Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kerberos/klist. | 2.1 |
2012-07-22 | CVE-2012-2737 | RAY Stode | Race Condition vulnerability in RAY Stode Accountsservice The user_change_icon_file_authorized_cb function in /usr/libexec/accounts-daemon in AccountsService before 0.6.22 does not properly check the UID when copying an icon file to the system cache directory, which allows local users to read arbitrary files via a race condition. | 1.9 |
2012-07-17 | CVE-2012-3116 | Oracle | Unspecified vulnerability in Oracle Supply Chain products Suite Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and 6.2 allows local users to affect confidentiality via unknown vectors. | 1.9 |