Weekly Vulnerabilities Reports > October 15 to 21, 2012

Overview

138 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 64 products from 14 vendors including Oracle, SUN, Debian, Redhat, and Canonical. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Credentials Management", "Permissions, Privileges, and Access Controls", and "Code Injection".

  • 115 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 83 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 116 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-10-17 CVE-2012-3202 Oracle
SUN 		Remote Security vulnerability in Oracle JRockit

Multiple unspecified vulnerabilities in the Oracle JRockit component in Oracle Fusion Middleware 28.2.4 and earlier, and 27.7.3 and earlier, when using JDK/JRE 5 or 6, allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
10.0
2012-10-16 CVE-2012-5088 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
10.0
2012-10-16 CVE-2012-5087 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
10.0
2012-10-16 CVE-2012-5086 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.
10.0
2012-10-16 CVE-2012-5083 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
10.0
2012-10-16 CVE-2012-5078 Oracle Remote Security vulnerability in Oracle JavaFX

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5080.
10.0
2012-10-16 CVE-2012-5076 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS.
10.0
2012-10-16 CVE-2012-3143 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089.
10.0
2012-10-16 CVE-2012-1533 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159.
10.0
2012-10-16 CVE-2012-1532 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
10.0
2012-10-16 CVE-2012-1531 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
10.0
2012-10-18 CVE-2012-2290 EMC Code Injection vulnerability in EMC Networker Module for Microsoft Applications 2.2.1/2.3/2.4

The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
9.3
2012-10-17 CVE-2012-3163 Oracle
Mariadb
Canonical
Debian
Redhat
F5 		Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
9.0

13 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-10-20 CVE-2012-4826 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2

Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure.
8.5
2012-10-20 CVE-2012-4933 Novell Credentials Management vulnerability in Novell Zenworks Asset Management 7.5

The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function.
7.8
2012-10-20 CVE-2012-2167 IBM Remote Denial of Service vulnerability in IBM products

The IBM XIV Storage System Gen3 before 11.1.0.a allows remote attackers to cause a denial of service (device outage) via TCP packets to unspecified ports.
7.8
2012-10-17 CVE-2012-3210 SUN Remote Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via unknown vectors related to Kernel.
7.8
2012-10-17 CVE-2012-3189 SUN Remote Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR.
7.8
2012-10-16 CVE-2012-5089 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-3143.
7.6
2012-10-16 CVE-2012-5084 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
7.6
2012-10-16 CVE-2012-5080 Oracle
Suse 		Remote Security vulnerability in Oracle JavaFX

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5078.
7.6
2012-10-16 CVE-2012-3158 Oracle
Mariadb
Debian
Canonical
Redhat 		Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.
7.5
2012-10-16 CVE-2012-5068 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.
7.5
2012-10-16 CVE-2012-3159 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1533.
7.5
2012-10-17 CVE-2012-3204 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management.
7.2
2012-10-17 CVE-2012-3199 SUN Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gnome Trusted Extension.
7.2

73 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-10-17 CVE-2012-3187 SUN Local Security vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.
6.9
2012-10-20 CVE-2012-4845 IBM Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios

The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file.
6.8
2012-10-18 CVE-2012-0306 Symantec Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec Ghost Solutions Suite

Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file.
6.8
2012-10-17 CVE-2012-5066 Oracle Remote Security vulnerability in Oracle Industry Applications 1.3/1.4/1.4.2

Unspecified vulnerability in the Oracle Central Designer component in Oracle Industry Applications 1.3, 1.4, and 1.4.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
6.8
2012-10-17 CVE-2012-3177 Oracle
Redhat
Canonical
Debian
Mariadb 		Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
6.8
2012-10-16 CVE-2012-1751 Oracle SQL Injection vulnerability in Oracle Database Server 11.1.0.7/11.2.0.2/11.2.0.3

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to flashback archive.
6.5
2012-10-17 CVE-2012-3196 Oracle Remote Oracle Human Resources vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and availability, related to PDF generation.
6.4
2012-10-16 CVE-2012-3153 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.4.0/11.1.1.6.0/11.1.2.0

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet.
6.4
2012-10-16 CVE-2012-3152 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.4.0/11.1.1.6.0/11.1.2.0

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component.
6.4
2012-10-16 CVE-2012-3147 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client.
6.4
2012-10-16 CVE-2012-5074 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS.
6.4
2012-10-16 CVE-2012-5071 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX.
6.4
2012-10-16 CVE-2012-4416 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot.
6.4
2012-10-16 CVE-2012-5069 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency.
5.8
2012-10-17 CVE-2012-3209 SUN Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect integrity and availability via unknown vectors related to Logical Domain (LDOM).
5.6
2012-10-17 CVE-2012-5092 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0

Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supply Chain Relationship Management.
5.5
2012-10-17 CVE-2012-3226 Oracle Remote Security vulnerability in Oracle FLEXCUBE Universal Banking

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 12.0.0 allows remote authenticated users to affect confidentiality and integrity, related to BASE.
5.5
2012-10-16 CVE-2012-3140 Oracle Remote Oracle Agile PLM For Process vulnerability in Oracle Supply Chain Products Suite 6.0.0.6.3/6.1.0.1.14

Unspecified vulnerability in the Oracle Agile PLM For Process component in Oracle Supply Chain Products Suite 6.0.0.6.3 and 6.1.0.1.14 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supply Chain Relationship Management.
5.5
2012-10-17 CVE-2012-5094 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0

Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidentiality via unknown vectors related to User Group Management.
5.0
2012-10-17 CVE-2012-5063 Oracle Remote Security vulnerability in Oracle FLEXCUBE Universal Banking

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 12.0.0 allows remote attackers to affect integrity, related to BASE.
5.0
2012-10-17 CVE-2012-3222 Oracle Remote Oracle iRecruitment vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect availability via unknown vectors related to Signon.
5.0
2012-10-17 CVE-2012-3171 Oracle Remote Oracle Applications Technology Stack vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Autoconfig Templates.
5.0
2012-10-16 CVE-2012-3155 Oracle
SUN 		Remote Security vulnerability in Oracle Multiple Products

Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB.
5.0
2012-10-16 CVE-2012-5082 Oracle Remote Security vulnerability in Oracle Java SE

Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors.
5.0
2012-10-16 CVE-2012-5081 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE.
5.0
2012-10-16 CVE-2012-5079 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073.
5.0
2012-10-16 CVE-2012-5075 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX.
5.0
2012-10-16 CVE-2012-5073 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079.
5.0
2012-10-16 CVE-2012-5072 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security.
5.0
2012-10-16 CVE-2012-5070 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX.
5.0
2012-10-16 CVE-2012-5067 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment.
5.0
2012-10-17 CVE-2012-3228 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity and availability, related to BASE.
4.9
2012-10-17 CVE-2012-3208 SUN Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability, related to Kernel/RCTL.
4.9
2012-10-17 CVE-2012-3207 SUN Local Security vulnerability in SUN Sunos 5.10/5.11/5.9

Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel.
4.9
2012-10-17 CVE-2012-3186 Oracle Remote Security vulnerability in Oracle WebCenter Sites

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3185.
4.9
2012-10-17 CVE-2012-3185 Oracle Remote Security vulnerability in Oracle WebCenter Sites

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3186.
4.9
2012-10-17 CVE-2012-3183 Oracle Remote Security vulnerability in Oracle WebCenter Sites

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3185 and CVE-2012-3186.
4.9
2012-10-16 CVE-2012-0106 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web.
4.9
2012-10-17 CVE-2012-3212 SUN Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel.
4.7
2012-10-17 CVE-2012-3211 SUN Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/System Call.
4.6
2012-10-17 CVE-2012-5095 SUN Local Security vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to inetd.
4.4
2012-10-17 CVE-2012-5093 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0

Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect integrity via unknown vectors related to Global Spec Management.
4.3
2012-10-17 CVE-2012-5091 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0

Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidentiality via unknown vectors related to Supplier Portal.
4.3
2012-10-17 CVE-2012-5058 Oracle Remote Oracle iStore vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to the Web interface.
4.3
2012-10-17 CVE-2012-3230 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework.
4.3
2012-10-17 CVE-2012-3194 Oracle Remote Security vulnerability in Oracle BI Publisher

Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote attackers to affect integrity via unknown vectors related to Administration.
4.3
2012-10-17 CVE-2012-3184 Oracle Remote Security vulnerability in Oracle WebCenter Sites

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Advanced UI.
4.3
2012-10-17 CVE-2012-3182 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology.
4.3
2012-10-17 CVE-2012-3175 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.4.3

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-0518.
4.3
2012-10-16 CVE-2012-3161 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1.1

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote attackers to affect integrity via unknown vectors related to Web Client (CS).
4.3
2012-10-16 CVE-2012-3139 Oracle Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity, related to Signon (local and SSO).
4.3
2012-10-16 CVE-2012-3138 Oracle Remote Oracle iStore vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Web interface.
4.3
2012-10-16 CVE-2012-1686 Oracle Cross-Site Scripting vulnerability in Oracle Fusion Middleware 11.1.1.6.0

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.6 and other versions allows remote attackers to affect integrity via unknown vectors related to Installation.
4.3
2012-10-16 CVE-2012-1685 Oracle Remote Security vulnerability in Oracle Virtualization 4.6

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core.
4.3
2012-10-16 CVE-2012-0518 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.4.3

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175.
4.3
2012-10-16 CVE-2012-0107 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect availability via unknown vectors related to Web.
4.3
2012-10-16 CVE-2012-0093 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0071.
4.3
2012-10-16 CVE-2012-0071 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0093.
4.3
2012-10-17 CVE-2012-5090 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0

Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Document Reference Library.
4.0
2012-10-17 CVE-2012-5061 Oracle Remote Security vulnerability in Oracle FLEXCUBE Universal Banking

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 12.0.0 allows remote authenticated users to affect confidentiality, related to BASE.
4.0
2012-10-17 CVE-2012-3229 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Documentation.
4.0
2012-10-17 CVE-2012-3201 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.0

Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Self-Service (Student Records).
4.0
2012-10-17 CVE-2012-3200 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1.1

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality, related to ROLESPRV.
4.0
2012-10-17 CVE-2012-3198 Oracle Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Query.
4.0
2012-10-17 CVE-2012-3195 Oracle Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal.
4.0
2012-10-17 CVE-2012-3181 Oracle Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Security.
4.0
2012-10-17 CVE-2012-3180 Oracle
Mariadb
Debian
Canonical
Redhat 		Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
4.0
2012-10-17 CVE-2012-3166 Oracle
Mariadb
Redhat
Canonical
Debian 		Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
4.0
2012-10-16 CVE-2012-3154 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.0 allows remote authenticated users to affect confidentiality, related to ATTACH.
4.0
2012-10-16 CVE-2012-3150 Oracle
Mariadb
Debian
Canonical
Redhat 		Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
4.0
2012-10-16 CVE-2012-3144 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
4.0
2012-10-16 CVE-2012-3141 Oracle Remote Security vulnerability in Oracle FLEXCUBE Universal Banking

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 allows remote authenticated users to affect integrity, related to BASE, a different vulnerability than CVE-2012-3227.
4.0
2012-10-16 CVE-2012-1763 Oracle Remote Security vulnerability in Oracle Clinical Remote Data Capture

Unspecified vulnerability in the Oracle Clinical/Remote Data Capture component in Oracle Industry Applications 4.6.0 and 4.6.2 allows remote authenticated users to affect confidentiality, related to HTML Surround.
4.0

39 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2012-10-17 CVE-2012-3225 Oracle Remote Security vulnerability in Oracle Financial Services Software 5.3.0/5.3.4

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality and integrity, related to BASE.
3.6
2012-10-17 CVE-2012-3165 SUN Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx.
3.6
2012-10-17 CVE-2012-5064 Oracle Remote Security vulnerability in Oracle FLEXCUBE Universal Banking

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality, related to BASE.
3.5
2012-10-17 CVE-2012-3227 Oracle Remote Security vulnerability in Oracle FLEXCUBE Universal Banking

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 allows remote authenticated users to affect integrity, related to BASE, a different vulnerability than CVE-2012-3141.
3.5
2012-10-17 CVE-2012-3224 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE.
3.5
2012-10-17 CVE-2012-3197 Oracle
Mariadb
Debian
Canonical
Redhat 		Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
3.5
2012-10-17 CVE-2012-3193 Oracle Remote Security vulnerability in Oracle BI Publisher

Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Administration.
3.5
2012-10-17 CVE-2012-3188 Oracle Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50 and 8.51 allows remote authenticated users to affect integrity, related to PIA Core Technology.
3.5
2012-10-17 CVE-2012-3179 Oracle Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Tree Manager.
3.5
2012-10-17 CVE-2012-3176 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Panel Processor.
3.5
2012-10-17 CVE-2012-3164 Oracle Remote Oracle Marketing vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Publish Item.
3.5
2012-10-16 CVE-2012-3157 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, 6.2.0, and 12 allows remote authenticated users to affect integrity, related to BASE.
3.5
2012-10-16 CVE-2012-3156 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server.
3.5
2012-10-16 CVE-2012-3149 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client.
3.5
2012-10-16 CVE-2012-3148 Oracle Remote Oracle Field Service vulnerability in Oracle E-Business Suite 12.1.3

Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity, related to Wireless/WAP upload.
3.5
2012-10-16 CVE-2012-3142 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.5, 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE.
3.5
2012-10-16 CVE-2012-0108 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0095.
3.5
2012-10-16 CVE-2012-0092 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0090.
3.5
2012-10-16 CVE-2012-0090 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0092.
3.5
2012-10-16 CVE-2012-0086 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0095 and CVE-2012-0108.
3.5
2012-10-16 CVE-2012-3151 Oracle
Linux 		Local Core RDBMS vulnerability in Oracle Database Server

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Unix and Linux platforms, allows local users to affect integrity and availability via unknown vectors.
3.3
2012-10-16 CVE-2012-5077 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security.
2.6
2012-10-16 CVE-2012-3216 Oracle
SUN 		Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
2.6
2012-10-18 CVE-2012-2284 EMC
Microsoft 		Credentials Management vulnerability in EMC Networker Module for Microsoft Applications 2.2.1/2.3/2.4

The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
2.1
2012-10-17 CVE-2012-5065 Oracle Local Security vulnerability in Oracle WebCenter Sites

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows local users to affect integrity via unknown vectors related to ImagePicker.
2.1
2012-10-17 CVE-2012-3223 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, and 6.0.1 allows remote authenticated users to affect confidentiality, related to BASE.
2.1
2012-10-17 CVE-2012-3221 Oracle Local Security vulnerability in Oracle Virtualization 3.2/4.0/4.1

Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core.
2.1
2012-10-17 CVE-2012-3217 Oracle Local Security vulnerability in Oracle Fusion Middleware 8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.
2.1
2012-10-17 CVE-2012-3214 Oracle Local Security vulnerability in Oracle Fusion Middleware 8.3.7.0

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.
2.1
2012-10-17 CVE-2012-3206 Oracle Local Security vulnerability in Oracle Multiple SPARC Products

Unspecified vulnerability in the Integrated Lights Out Manager CLI in Oracle Sun Products Suite SysFW 8.2.0.a for SPARC and Netra SPARC T3 and T4-based servers, and other versions and servers, allows local users to affect confidentiality via unknown vectors.
2.1
2012-10-17 CVE-2012-3205 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via unknown vectors related to Vino server.
2.1
2012-10-17 CVE-2012-3203 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Gnome Display Manager GDM.
2.1
2012-10-17 CVE-2012-3191 Oracle Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Data Mover.
2.1
2012-10-16 CVE-2012-3160 Oracle
Canonical
Debian
Mariadb
Redhat 		Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
2.1
2012-10-16 CVE-2012-3146 Oracle Remote Core RDBMS vulnerability in Oracle Database Server

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors.
2.1
2012-10-16 CVE-2012-0095 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0

Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0108.
2.1
2012-10-17 CVE-2012-3215 SUN Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel.
1.7
2012-10-16 CVE-2012-3162 Oracle Local Oracle Applications Framework vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows local users to affect confidentiality, related to MDS loading.
1.7
2012-10-16 CVE-2012-3145 Oracle Local Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, and 6.2.0 allows local users to affect confidentiality, related to BASE.
1.5