Weekly Vulnerabilities Reports > October 15 to 21, 2012
Overview
142 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 51 products from 13 vendors including Oracle, SUN, Mysql, Debian, and Canonical. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Credentials Management", "Permissions, Privileges, and Access Controls", and "Improper Input Validation".
- 119 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 85 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 118 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 12 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
13 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-10-17 | CVE-2012-3202 | Oracle SUN | Remote Security vulnerability in Oracle JRockit Multiple unspecified vulnerabilities in the Oracle JRockit component in Oracle Fusion Middleware 28.2.4 and earlier, and 27.7.3 and earlier, when using JDK/JRE 5 or 6, allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 10.0 |
| 2012-10-16 | CVE-2012-5088 | Oracle | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | 10.0 |
| 2012-10-16 | CVE-2012-5087 | Oracle | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. | 10.0 |
| 2012-10-16 | CVE-2012-5086 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. | 10.0 |
| 2012-10-16 | CVE-2012-5083 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | 10.0 |
| 2012-10-16 | CVE-2012-5078 | Oracle | Remote Security vulnerability in Oracle JavaFX Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5080. | 10.0 |
| 2012-10-16 | CVE-2012-5076 | Oracle | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JAX-WS. | 10.0 |
| 2012-10-16 | CVE-2012-3143 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-5089. | 10.0 |
| 2012-10-16 | CVE-2012-1533 | Oracle SUN | Remote Code Execution vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-3159. | 10.0 |
| 2012-10-16 | CVE-2012-1532 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier and 6 Update 35 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 10.0 |
| 2012-10-16 | CVE-2012-1531 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | 10.0 |
| 2012-10-18 | CVE-2012-2290 | EMC | Code Injection vulnerability in EMC Networker Module for Microsoft Applications 2.2.1/2.3/2.4 The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel. | 9.3 |
| 2012-10-17 | CVE-2012-3163 | Mysql Oracle | Remote MySQL Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. | 9.0 |
14 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-10-20 | CVE-2012-4826 | IBM | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure. | 8.5 |
| 2012-10-20 | CVE-2012-4933 | Novell | Credentials Management vulnerability in Novell Zenworks Asset Management 7.5 The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (2) GetConfigInfo_Password operations, which allows remote attackers to obtain sensitive information via a crafted rtrlet/rtr request for the HandleMaintenanceCalls function. | 7.8 |
| 2012-10-20 | CVE-2012-2167 | IBM | Remote Denial of Service vulnerability in IBM products The IBM XIV Storage System Gen3 before 11.1.0.a allows remote attackers to cause a denial of service (device outage) via TCP packets to unspecified ports. | 7.8 |
| 2012-10-17 | CVE-2012-3210 | SUN | Remote Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via unknown vectors related to Kernel. | 7.8 |
| 2012-10-17 | CVE-2012-3189 | SUN | Remote Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR. | 7.8 |
| 2012-10-16 | CVE-2012-5089 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to JMX, a different vulnerability than CVE-2012-3143. | 7.6 |
| 2012-10-16 | CVE-2012-5084 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Swing. | 7.6 |
| 2012-10-16 | CVE-2012-5080 | Oracle Suse | Remote Security vulnerability in Oracle JavaFX Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2012-5078. | 7.6 |
| 2012-10-20 | CVE-2012-2971 | The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does not properly process RPC requests, which allows remote attackers to execute arbitrary code or cause a denial of service via a crafted request. | 7.5 | |
| 2012-10-16 | CVE-2012-3158 | Mysql Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol. | 7.5 |
| 2012-10-16 | CVE-2012-5068 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | 7.5 |
| 2012-10-16 | CVE-2012-3159 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2012-1533. | 7.5 |
| 2012-10-17 | CVE-2012-3204 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management. | 7.2 |
| 2012-10-17 | CVE-2012-3199 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gnome Trusted Extension. | 7.2 |
75 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-10-17 | CVE-2012-3187 | SUN | Local Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. | 6.9 |
| 2012-10-20 | CVE-2012-4845 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. | 6.8 |
| 2012-10-18 | CVE-2012-0306 | Symantec | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec Ghost Solutions Suite Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file. | 6.8 |
| 2012-10-17 | CVE-2012-5066 | Oracle | Remote Security vulnerability in Oracle Industry Applications 1.3/1.4/1.4.2 Unspecified vulnerability in the Oracle Central Designer component in Oracle Industry Applications 1.3, 1.4, and 1.4.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 6.8 |
| 2012-10-17 | CVE-2012-3177 | Oracle Canonical Debian Redhat | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server. | 6.8 |
| 2012-10-16 | CVE-2012-1751 | Oracle | SQL Injection vulnerability in Oracle Database Server 11.1.0.7/11.2.0.2/11.2.0.3 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to flashback archive. | 6.5 |
| 2012-10-17 | CVE-2012-3196 | Oracle | Remote Oracle Human Resources vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and availability, related to PDF generation. | 6.4 |
| 2012-10-16 | CVE-2012-3153 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.4.0/11.1.1.6.0/11.1.2.0 Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. | 6.4 |
| 2012-10-16 | CVE-2012-3152 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.4.0/11.1.1.6.0/11.1.2.0 Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Report Server Component. | 6.4 |
| 2012-10-16 | CVE-2012-3147 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client. | 6.4 |
| 2012-10-16 | CVE-2012-5074 | Oracle | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS. | 6.4 |
| 2012-10-16 | CVE-2012-5071 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. | 6.4 |
| 2012-10-16 | CVE-2012-4416 | Oracle SUN | Remote Information Disclosure vulnerability in Oracle Java Virtual Machine (JVM) Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot. | 6.4 |
| 2012-10-16 | CVE-2012-5069 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency. | 5.8 |
| 2012-10-17 | CVE-2012-3209 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect integrity and availability via unknown vectors related to Logical Domain (LDOM). | 5.6 |
| 2012-10-17 | CVE-2012-5092 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0 Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supply Chain Relationship Management. | 5.5 |
| 2012-10-17 | CVE-2012-3226 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 12.0.0 allows remote authenticated users to affect confidentiality and integrity, related to BASE. | 5.5 |
| 2012-10-16 | CVE-2012-3140 | Oracle | Remote Oracle Agile PLM For Process vulnerability in Oracle Supply Chain Products Suite 6.0.0.6.3/6.1.0.1.14 Unspecified vulnerability in the Oracle Agile PLM For Process component in Oracle Supply Chain Products Suite 6.0.0.6.3 and 6.1.0.1.14 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supply Chain Relationship Management. | 5.5 |
| 2012-10-20 | CVE-2012-2972 | The (1) server and (2) agent components in CA ARCserve Backup r12.5, r15, and r16 on Windows do not properly validate RPC requests, which allows remote attackers to cause a denial of service (service crash) via a crafted request. | 5.0 | |
| 2012-10-17 | CVE-2012-5094 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0 Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidentiality via unknown vectors related to User Group Management. | 5.0 |
| 2012-10-17 | CVE-2012-5063 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 12.0.0 allows remote attackers to affect integrity, related to BASE. | 5.0 |
| 2012-10-17 | CVE-2012-3222 | Oracle | Remote Oracle iRecruitment vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect availability via unknown vectors related to Signon. | 5.0 |
| 2012-10-17 | CVE-2012-3171 | Oracle | Remote Oracle Applications Technology Stack vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Autoconfig Templates. | 5.0 |
| 2012-10-16 | CVE-2012-3155 | Oracle SUN | Remote Security vulnerability in Oracle Multiple Products Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB. | 5.0 |
| 2012-10-16 | CVE-2012-5082 | Oracle | Remote Security vulnerability in Oracle Java SE Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors. | 5.0 |
| 2012-10-16 | CVE-2012-5081 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE. | 5.0 |
| 2012-10-16 | CVE-2012-5079 | Oracle SUN | Remote Security Bypass vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073. | 5.0 |
| 2012-10-16 | CVE-2012-5075 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX. | 5.0 |
| 2012-10-16 | CVE-2012-5073 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079. | 5.0 |
| 2012-10-16 | CVE-2012-5072 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security. | 5.0 |
| 2012-10-16 | CVE-2012-5070 | Oracle | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX. | 5.0 |
| 2012-10-16 | CVE-2012-5067 | Oracle | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | 5.0 |
| 2012-10-17 | CVE-2012-3228 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity and availability, related to BASE. | 4.9 |
| 2012-10-17 | CVE-2012-3208 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability, related to Kernel/RCTL. | 4.9 |
| 2012-10-17 | CVE-2012-3207 | SUN | Local Security vulnerability in SUN Sunos 5.10/5.11/5.9 Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel. | 4.9 |
| 2012-10-17 | CVE-2012-3186 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3185. | 4.9 |
| 2012-10-17 | CVE-2012-3185 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3186. | 4.9 |
| 2012-10-17 | CVE-2012-3183 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3185 and CVE-2012-3186. | 4.9 |
| 2012-10-16 | CVE-2012-0106 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web. | 4.9 |
| 2012-10-17 | CVE-2012-3212 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel. | 4.7 |
| 2012-10-17 | CVE-2012-3211 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/System Call. | 4.6 |
| 2012-10-17 | CVE-2012-5095 | SUN | Local Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to inetd. | 4.4 |
| 2012-10-17 | CVE-2012-5093 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0 Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect integrity via unknown vectors related to Global Spec Management. | 4.3 |
| 2012-10-17 | CVE-2012-5091 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0 Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidentiality via unknown vectors related to Supplier Portal. | 4.3 |
| 2012-10-17 | CVE-2012-5058 | Oracle | Remote Oracle iStore vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to the Web interface. | 4.3 |
| 2012-10-17 | CVE-2012-3230 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework. | 4.3 |
| 2012-10-17 | CVE-2012-3194 | Oracle | Remote Security vulnerability in Oracle BI Publisher Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote attackers to affect integrity via unknown vectors related to Administration. | 4.3 |
| 2012-10-17 | CVE-2012-3184 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Advanced UI. | 4.3 |
| 2012-10-17 | CVE-2012-3182 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology. | 4.3 |
| 2012-10-17 | CVE-2012-3175 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.4.3 Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-0518. | 4.3 |
| 2012-10-16 | CVE-2012-3161 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1.1 Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote attackers to affect integrity via unknown vectors related to Web Client (CS). | 4.3 |
| 2012-10-16 | CVE-2012-3139 | Oracle | Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity, related to Signon (local and SSO). | 4.3 |
| 2012-10-16 | CVE-2012-3138 | Oracle | Remote Oracle iStore vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Web interface. | 4.3 |
| 2012-10-16 | CVE-2012-1686 | Oracle | Cross-Site Scripting vulnerability in Oracle Fusion Middleware 11.1.1.6.0 Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.6 and other versions allows remote attackers to affect integrity via unknown vectors related to Installation. | 4.3 |
| 2012-10-16 | CVE-2012-1685 | Oracle | Remote Security vulnerability in Oracle Virtualization 4.6 Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core. | 4.3 |
| 2012-10-16 | CVE-2012-0518 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.4.3 Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175. | 4.3 |
| 2012-10-16 | CVE-2012-0107 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect availability via unknown vectors related to Web. | 4.3 |
| 2012-10-16 | CVE-2012-0093 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0071. | 4.3 |
| 2012-10-16 | CVE-2012-0071 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0093. | 4.3 |
| 2012-10-17 | CVE-2012-5090 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0 Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Document Reference Library. | 4.0 |
| 2012-10-17 | CVE-2012-5061 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 12.0.0 allows remote authenticated users to affect confidentiality, related to BASE. | 4.0 |
| 2012-10-17 | CVE-2012-3229 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Documentation. | 4.0 |
| 2012-10-17 | CVE-2012-3201 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.0 Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Self-Service (Student Records). | 4.0 |
| 2012-10-17 | CVE-2012-3200 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1.1 Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality, related to ROLESPRV. | 4.0 |
| 2012-10-17 | CVE-2012-3198 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Query. | 4.0 |
| 2012-10-17 | CVE-2012-3195 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal. | 4.0 |
| 2012-10-17 | CVE-2012-3181 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Security. | 4.0 |
| 2012-10-17 | CVE-2012-3180 | Mysql Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 4.0 |
| 2012-10-17 | CVE-2012-3173 | Mysql Oracle | Remote MySQL Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin. | 4.0 |
| 2012-10-17 | CVE-2012-3166 | Oracle Canonical Debian Redhat | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 4.0 |
| 2012-10-16 | CVE-2012-3154 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1 Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.0 allows remote authenticated users to affect confidentiality, related to ATTACH. | 4.0 |
| 2012-10-16 | CVE-2012-3150 | Mysql Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 4.0 |
| 2012-10-16 | CVE-2012-3144 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server. | 4.0 |
| 2012-10-16 | CVE-2012-3141 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 allows remote authenticated users to affect integrity, related to BASE, a different vulnerability than CVE-2012-3227. | 4.0 |
| 2012-10-16 | CVE-2012-1763 | Oracle | Remote Security vulnerability in Oracle Clinical Remote Data Capture Unspecified vulnerability in the Oracle Clinical/Remote Data Capture component in Oracle Industry Applications 4.6.0 and 4.6.2 allows remote authenticated users to affect confidentiality, related to HTML Surround. | 4.0 |
40 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2012-10-17 | CVE-2012-3225 | Oracle | Remote Security vulnerability in Oracle Financial Services Software 5.3.0/5.3.4 Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality and integrity, related to BASE. | 3.6 |
| 2012-10-17 | CVE-2012-3165 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx. | 3.6 |
| 2012-10-17 | CVE-2012-5064 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality, related to BASE. | 3.5 |
| 2012-10-17 | CVE-2012-3227 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 allows remote authenticated users to affect integrity, related to BASE, a different vulnerability than CVE-2012-3141. | 3.5 |
| 2012-10-17 | CVE-2012-3224 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE. | 3.5 |
| 2012-10-17 | CVE-2012-3197 | Mysql Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication. | 3.5 |
| 2012-10-17 | CVE-2012-3193 | Oracle | Remote Security vulnerability in Oracle BI Publisher Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Administration. | 3.5 |
| 2012-10-17 | CVE-2012-3188 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50 and 8.51 allows remote authenticated users to affect integrity, related to PIA Core Technology. | 3.5 |
| 2012-10-17 | CVE-2012-3179 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Tree Manager. | 3.5 |
| 2012-10-17 | CVE-2012-3176 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Panel Processor. | 3.5 |
| 2012-10-17 | CVE-2012-3167 | Oracle Debian Canonical | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search. | 3.5 |
| 2012-10-17 | CVE-2012-3164 | Oracle | Remote Oracle Marketing vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Publish Item. | 3.5 |
| 2012-10-16 | CVE-2012-3157 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, 6.2.0, and 12 allows remote authenticated users to affect integrity, related to BASE. | 3.5 |
| 2012-10-16 | CVE-2012-3156 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server. | 3.5 |
| 2012-10-16 | CVE-2012-3149 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client. | 3.5 |
| 2012-10-16 | CVE-2012-3148 | Oracle | Remote Oracle Field Service vulnerability in Oracle E-Business Suite 12.1.3 Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity, related to Wireless/WAP upload. | 3.5 |
| 2012-10-16 | CVE-2012-3142 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.5, 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE. | 3.5 |
| 2012-10-16 | CVE-2012-0108 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0095. | 3.5 |
| 2012-10-16 | CVE-2012-0092 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0090. | 3.5 |
| 2012-10-16 | CVE-2012-0090 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0092. | 3.5 |
| 2012-10-16 | CVE-2012-0086 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0095 and CVE-2012-0108. | 3.5 |
| 2012-10-16 | CVE-2012-3151 | Oracle Linux | Local Core RDBMS vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Unix and Linux platforms, allows local users to affect integrity and availability via unknown vectors. | 3.3 |
| 2012-10-16 | CVE-2012-5077 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security. | 2.6 |
| 2012-10-16 | CVE-2012-3216 | Oracle SUN | Remote Java Runtime Environment vulnerability in Oracle Java SE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | 2.6 |
| 2012-10-18 | CVE-2012-2284 | EMC Microsoft | Credentials Management vulnerability in EMC Networker Module for Microsoft Applications 2.2.1/2.3/2.4 The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. | 2.1 |
| 2012-10-17 | CVE-2012-5065 | Oracle | Local Security vulnerability in Oracle WebCenter Sites Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows local users to affect integrity via unknown vectors related to ImagePicker. | 2.1 |
| 2012-10-17 | CVE-2012-3223 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, and 6.0.1 allows remote authenticated users to affect confidentiality, related to BASE. | 2.1 |
| 2012-10-17 | CVE-2012-3221 | Oracle | Local Security vulnerability in Oracle Virtualization 3.2/4.0/4.1 Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. | 2.1 |
| 2012-10-17 | CVE-2012-3217 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK. | 2.1 |
| 2012-10-17 | CVE-2012-3214 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | 2.1 |
| 2012-10-17 | CVE-2012-3206 | Oracle | Local Security vulnerability in Oracle Multiple SPARC Products Unspecified vulnerability in the Integrated Lights Out Manager CLI in Oracle Sun Products Suite SysFW 8.2.0.a for SPARC and Netra SPARC T3 and T4-based servers, and other versions and servers, allows local users to affect confidentiality via unknown vectors. | 2.1 |
| 2012-10-17 | CVE-2012-3205 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via unknown vectors related to Vino server. | 2.1 |
| 2012-10-17 | CVE-2012-3203 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Gnome Display Manager GDM. | 2.1 |
| 2012-10-17 | CVE-2012-3191 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Data Mover. | 2.1 |
| 2012-10-16 | CVE-2012-3160 | Oracle Canonical Debian | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation. | 2.1 |
| 2012-10-16 | CVE-2012-3146 | Oracle | Remote Core RDBMS vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors. | 2.1 |
| 2012-10-16 | CVE-2012-0095 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0108. | 2.1 |
| 2012-10-17 | CVE-2012-3215 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel. | 1.7 |
| 2012-10-16 | CVE-2012-3162 | Oracle | Local Oracle Applications Framework vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows local users to affect confidentiality, related to MDS loading. | 1.7 |
| 2012-10-16 | CVE-2012-3145 | Oracle | Local Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, and 6.2.0 allows local users to affect confidentiality, related to BASE. | 1.5 |