Weekly Vulnerabilities Reports > October 15 to 21, 2012
Overview
137 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 64 products from 14 vendors including Oracle, SUN, Redhat, Canonical, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Credentials Management", "Open Redirect", "Permissions, Privileges, and Access Controls", and "Code Injection".
- 114 reported vulnerabilities are remotely exploitables.
- 2 reported vulnerabilities have public exploit available.
- 82 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 115 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 12 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
13 Critical Vulnerabilities
13 High Vulnerabilities
72 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-10-17 | CVE-2012-3187 | SUN | Local Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. | 6.9 |
2012-10-20 | CVE-2012-4845 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM AIX and Vios The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by leveraging the setuid installation of the ftp executable file. | 6.8 |
2012-10-18 | CVE-2012-0306 | Symantec | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Symantec Ghost Solutions Suite Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted backup file. | 6.8 |
2012-10-17 | CVE-2012-5066 | Oracle | Remote Security vulnerability in Oracle Industry Applications 1.3/1.4/1.4.2 Unspecified vulnerability in the Oracle Central Designer component in Oracle Industry Applications 1.3, 1.4, and 1.4.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 6.8 |
2012-10-17 | CVE-2012-3177 | Oracle Redhat Canonical Debian Mariadb | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server. | 6.8 |
2012-10-16 | CVE-2012-1751 | Oracle | SQL Injection vulnerability in Oracle Database Server 11.1.0.7/11.2.0.2/11.2.0.3 Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to flashback archive. | 6.5 |
2012-10-17 | CVE-2012-3196 | Oracle | Remote Oracle Human Resources vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and availability, related to PDF generation. | 6.4 |
2012-10-16 | CVE-2012-3153 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.4.0/11.1.1.6.0/11.1.2.0 Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet. | 6.4 |
2012-10-16 | CVE-2012-3147 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote attackers to affect integrity and availability, related to MySQL Client. | 6.4 |
2012-10-16 | CVE-2012-5074 | Oracle | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality and integrity, related to JAX-WS. | 6.4 |
2012-10-16 | CVE-2012-5071 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity, related to JMX. | 6.4 |
2012-10-16 | CVE-2012-4416 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Hotspot. | 6.4 |
2012-10-16 | CVE-2012-5069 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality and integrity via unknown vectors related to Concurrency. | 5.8 |
2012-10-17 | CVE-2012-3209 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect integrity and availability via unknown vectors related to Logical Domain (LDOM). | 5.6 |
2012-10-17 | CVE-2012-5092 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0 Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supply Chain Relationship Management. | 5.5 |
2012-10-17 | CVE-2012-3226 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 12.0.0 allows remote authenticated users to affect confidentiality and integrity, related to BASE. | 5.5 |
2012-10-16 | CVE-2012-3140 | Oracle | Remote Oracle Agile PLM For Process vulnerability in Oracle Supply Chain Products Suite 6.0.0.6.3/6.1.0.1.14 Unspecified vulnerability in the Oracle Agile PLM For Process component in Oracle Supply Chain Products Suite 6.0.0.6.3 and 6.1.0.1.14 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supply Chain Relationship Management. | 5.5 |
2012-10-17 | CVE-2012-5094 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0 Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidentiality via unknown vectors related to User Group Management. | 5.0 |
2012-10-17 | CVE-2012-5063 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 12.0.0 allows remote attackers to affect integrity, related to BASE. | 5.0 |
2012-10-17 | CVE-2012-3222 | Oracle | Remote Oracle iRecruitment vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect availability via unknown vectors related to Signon. | 5.0 |
2012-10-17 | CVE-2012-3171 | Oracle | Remote Oracle Applications Technology Stack vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Autoconfig Templates. | 5.0 |
2012-10-16 | CVE-2012-3155 | Oracle SUN | Remote Security vulnerability in Oracle Multiple Products Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFish Server 3.0.1 and 3.1.2, and Sun Java System Application Server 8.1 and 8.2 allows remote attackers to affect availability, related to CORBA ORB. | 5.0 |
2012-10-16 | CVE-2012-5082 | Oracle | Remote Security vulnerability in Oracle Java SE Unspecified vulnerability in the JavaFX component in Oracle Java SE JavaFX 2.2 and earlier allows remote attackers to affect availability via unknown vectors. | 5.0 |
2012-10-16 | CVE-2012-5081 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect availability, related to JSSE. | 5.0 |
2012-10-16 | CVE-2012-5079 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5073. | 5.0 |
2012-10-16 | CVE-2012-5075 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, and 5.0 Update 36 and earlier allows remote attackers to affect confidentiality, related to JMX. | 5.0 |
2012-10-16 | CVE-2012-5073 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect integrity via unknown vectors related to Libraries, a different vulnerability than CVE-2012-5079. | 5.0 |
2012-10-16 | CVE-2012-5072 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35 and earlier, allows remote attackers to affect confidentiality via unknown vectors related to Security. | 5.0 |
2012-10-16 | CVE-2012-5070 | Oracle | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, related to JMX. | 5.0 |
2012-10-16 | CVE-2012-5067 | Oracle | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Deployment. | 5.0 |
2012-10-17 | CVE-2012-3228 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect integrity and availability, related to BASE. | 4.9 |
2012-10-17 | CVE-2012-3208 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability, related to Kernel/RCTL. | 4.9 |
2012-10-17 | CVE-2012-3207 | SUN | Local Security vulnerability in SUN Sunos 5.10/5.11/5.9 Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel. | 4.9 |
2012-10-17 | CVE-2012-3186 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3185. | 4.9 |
2012-10-17 | CVE-2012-3185 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3183 and CVE-2012-3186. | 4.9 |
2012-10-17 | CVE-2012-3183 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Advanced UI, a different vulnerability than CVE-2012-3185 and CVE-2012-3186. | 4.9 |
2012-10-16 | CVE-2012-0106 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web. | 4.9 |
2012-10-17 | CVE-2012-3212 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel. | 4.7 |
2012-10-16 | CVE-2012-0518 | Oracle | Open Redirect vulnerability in Oracle Fusion Middleware 10.1.4.3 Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175. | 4.7 |
2012-10-17 | CVE-2012-3211 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/System Call. | 4.6 |
2012-10-17 | CVE-2012-5095 | SUN | Local Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to inetd. | 4.4 |
2012-10-17 | CVE-2012-5093 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0 Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect integrity via unknown vectors related to Global Spec Management. | 4.3 |
2012-10-17 | CVE-2012-5091 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0 Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidentiality via unknown vectors related to Supplier Portal. | 4.3 |
2012-10-17 | CVE-2012-5058 | Oracle | Remote Oracle iStore vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to the Web interface. | 4.3 |
2012-10-17 | CVE-2012-3230 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework. | 4.3 |
2012-10-17 | CVE-2012-3194 | Oracle | Remote Security vulnerability in Oracle BI Publisher Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote attackers to affect integrity via unknown vectors related to Administration. | 4.3 |
2012-10-17 | CVE-2012-3184 | Oracle | Remote Security vulnerability in Oracle WebCenter Sites Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Advanced UI. | 4.3 |
2012-10-17 | CVE-2012-3182 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology. | 4.3 |
2012-10-17 | CVE-2012-3175 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.4.3 Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-0518. | 4.3 |
2012-10-16 | CVE-2012-3161 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1.1 Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote attackers to affect integrity via unknown vectors related to Web Client (CS). | 4.3 |
2012-10-16 | CVE-2012-3139 | Oracle | Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity, related to Signon (local and SSO). | 4.3 |
2012-10-16 | CVE-2012-3138 | Oracle | Remote Oracle iStore vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Web interface. | 4.3 |
2012-10-16 | CVE-2012-1686 | Oracle | Cross-Site Scripting vulnerability in Oracle Fusion Middleware 11.1.1.6.0 Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.6 and other versions allows remote attackers to affect integrity via unknown vectors related to Installation. | 4.3 |
2012-10-16 | CVE-2012-1685 | Oracle | Remote Security vulnerability in Oracle Virtualization 4.6 Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core. | 4.3 |
2012-10-16 | CVE-2012-0107 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect availability via unknown vectors related to Web. | 4.3 |
2012-10-16 | CVE-2012-0093 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0071. | 4.3 |
2012-10-16 | CVE-2012-0071 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0093. | 4.3 |
2012-10-17 | CVE-2012-5090 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 5.2.2/6.1.0 Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Document Reference Library. | 4.0 |
2012-10-17 | CVE-2012-5061 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 12.0.0 allows remote authenticated users to affect confidentiality, related to BASE. | 4.0 |
2012-10-17 | CVE-2012-3229 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Documentation. | 4.0 |
2012-10-17 | CVE-2012-3201 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.0 Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Self-Service (Student Records). | 4.0 |
2012-10-17 | CVE-2012-3200 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1.1 Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality, related to ROLESPRV. | 4.0 |
2012-10-17 | CVE-2012-3198 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Query. | 4.0 |
2012-10-17 | CVE-2012-3195 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal. | 4.0 |
2012-10-17 | CVE-2012-3181 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Security. | 4.0 |
2012-10-17 | CVE-2012-3180 | Oracle Mariadb Debian Canonical Redhat | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 4.0 |
2012-10-17 | CVE-2012-3166 | Oracle Mariadb Redhat Canonical Debian | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 4.0 |
2012-10-16 | CVE-2012-3154 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1 Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.0 allows remote authenticated users to affect confidentiality, related to ATTACH. | 4.0 |
2012-10-16 | CVE-2012-3150 | Oracle Mariadb Debian Canonical Redhat | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 4.0 |
2012-10-16 | CVE-2012-3144 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server. | 4.0 |
2012-10-16 | CVE-2012-3141 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 allows remote authenticated users to affect integrity, related to BASE, a different vulnerability than CVE-2012-3227. | 4.0 |
2012-10-16 | CVE-2012-1763 | Oracle | Remote Security vulnerability in Oracle Clinical Remote Data Capture Unspecified vulnerability in the Oracle Clinical/Remote Data Capture component in Oracle Industry Applications 4.6.0 and 4.6.2 allows remote authenticated users to affect confidentiality, related to HTML Surround. | 4.0 |
39 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2012-10-17 | CVE-2012-3225 | Oracle | Remote Security vulnerability in Oracle Financial Services Software 5.3.0/5.3.4 Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality and integrity, related to BASE. | 3.6 |
2012-10-17 | CVE-2012-3165 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx. | 3.6 |
2012-10-17 | CVE-2012-5064 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 allows remote authenticated users to affect confidentiality, related to BASE. | 3.5 |
2012-10-17 | CVE-2012-3227 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Universal Banking Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 allows remote authenticated users to affect integrity, related to BASE, a different vulnerability than CVE-2012-3141. | 3.5 |
2012-10-17 | CVE-2012-3224 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE. | 3.5 |
2012-10-17 | CVE-2012-3197 | Oracle Mariadb Debian Canonical Redhat | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication. | 3.5 |
2012-10-17 | CVE-2012-3193 | Oracle | Remote Security vulnerability in Oracle BI Publisher Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Administration. | 3.5 |
2012-10-17 | CVE-2012-3188 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50 and 8.51 allows remote authenticated users to affect integrity, related to PIA Core Technology. | 3.5 |
2012-10-17 | CVE-2012-3179 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Tree Manager. | 3.5 |
2012-10-17 | CVE-2012-3176 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Panel Processor. | 3.5 |
2012-10-17 | CVE-2012-3164 | Oracle | Remote Oracle Marketing vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Publish Item. | 3.5 |
2012-10-16 | CVE-2012-3157 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, 6.2.0, and 12 allows remote authenticated users to affect integrity, related to BASE. | 3.5 |
2012-10-16 | CVE-2012-3156 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.25 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server. | 3.5 |
2012-10-16 | CVE-2012-3149 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.26 and earlier allows remote authenticated users to affect confidentiality, related to MySQL Client. | 3.5 |
2012-10-16 | CVE-2012-3148 | Oracle | Remote Oracle Field Service vulnerability in Oracle E-Business Suite 12.1.3 Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity, related to Wireless/WAP upload. | 3.5 |
2012-10-16 | CVE-2012-3142 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.5, 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality, related to BASE. | 3.5 |
2012-10-16 | CVE-2012-0108 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0095. | 3.5 |
2012-10-16 | CVE-2012-0092 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0090. | 3.5 |
2012-10-16 | CVE-2012-0090 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0092. | 3.5 |
2012-10-16 | CVE-2012-0086 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0095 and CVE-2012-0108. | 3.5 |
2012-10-16 | CVE-2012-3151 | Oracle Linux | Local Core RDBMS vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, when running on Unix and Linux platforms, allows local users to affect integrity and availability via unknown vectors. | 3.3 |
2012-10-16 | CVE-2012-5077 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Security. | 2.6 |
2012-10-16 | CVE-2012-3216 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | 2.6 |
2012-10-18 | CVE-2012-2284 | EMC Microsoft | Credentials Management vulnerability in EMC Networker Module for Microsoft Applications 2.2.1/2.3/2.4 The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors. | 2.1 |
2012-10-17 | CVE-2012-5065 | Oracle | Local Security vulnerability in Oracle WebCenter Sites Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows local users to affect integrity via unknown vectors related to ImagePicker. | 2.1 |
2012-10-17 | CVE-2012-3223 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, and 6.0.1 allows remote authenticated users to affect confidentiality, related to BASE. | 2.1 |
2012-10-17 | CVE-2012-3221 | Oracle | Local Security vulnerability in Oracle Virtualization 3.2/4.0/4.1 Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. | 2.1 |
2012-10-17 | CVE-2012-3217 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK. | 2.1 |
2012-10-17 | CVE-2012-3214 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.3.7.0 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | 2.1 |
2012-10-17 | CVE-2012-3206 | Oracle | Local Security vulnerability in Oracle Multiple SPARC Products Unspecified vulnerability in the Integrated Lights Out Manager CLI in Oracle Sun Products Suite SysFW 8.2.0.a for SPARC and Netra SPARC T3 and T4-based servers, and other versions and servers, allows local users to affect confidentiality via unknown vectors. | 2.1 |
2012-10-17 | CVE-2012-3205 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via unknown vectors related to Vino server. | 2.1 |
2012-10-17 | CVE-2012-3203 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Gnome Display Manager GDM. | 2.1 |
2012-10-17 | CVE-2012-3191 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise PeopleTools Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect availability via unknown vectors related to Data Mover. | 2.1 |
2012-10-16 | CVE-2012-3160 | Oracle Canonical Debian Mariadb Redhat | Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation. | 2.1 |
2012-10-16 | CVE-2012-3146 | Oracle | Remote Core RDBMS vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors. | 2.1 |
2012-10-16 | CVE-2012-0095 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.6.0 Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0108. | 2.1 |
2012-10-17 | CVE-2012-3215 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel. | 1.7 |
2012-10-16 | CVE-2012-3162 | Oracle | Local Oracle Applications Framework vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows local users to affect confidentiality, related to MDS loading. | 1.7 |
2012-10-16 | CVE-2012-3145 | Oracle | Local Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, and 6.2.0 allows local users to affect confidentiality, related to BASE. | 1.5 |