Weekly Vulnerabilities Reports > January 14 to 20, 2013

Overview

103 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 62 products from 22 vendors including Oracle, Canonical, Mariadb, Redhat, and SUN. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", and "Resource Management Errors".

  • 91 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 65 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 75 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-01-17 CVE-2012-6392 Cisco
Linux
Improper Input Validation vulnerability in Cisco Prime LAN Management Solution

Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779.

10.0
2013-01-17 CVE-2013-0366 Oracle Remote vulnerability in Oracle Database Mobile/Lite Server 10.3.0.3/11.1.0.0

Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0361.

10.0
2013-01-17 CVE-2013-0361 Oracle Remote vulnerability in Oracle Database Lite and Database Mobile/Lite Server

Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0366.

10.0
2013-01-14 CVE-2012-3174 Oracle Permissions, Privileges, and Access Controls vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422.

10.0
2013-01-17 CVE-2013-0632 Adobe Incorrect Default Permissions vulnerability in Adobe Coldfusion

administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.

9.8
2013-01-17 CVE-2012-4607 EMC Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Networker

Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data.

9.3
2013-01-17 CVE-2012-3220 Oracle Remote Stack Based Buffer Overflow vulnerability in Oracle Database Server

Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Session privileges to affect confidentiality, integrity, and availability via unknown vectors.

9.0

6 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-01-17 CVE-2013-0364 Oracle Remote vulnerability in Oracle Database Lite and Database Mobile/Lite Server

Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0362 and CVE-2013-0363.

7.8
2013-01-17 CVE-2013-0363 Oracle Remote vulnerability in Oracle Database Mobile/Lite Server 10.3.0.3/11.1.0.0

Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0362 and CVE-2013-0364.

7.8
2013-01-17 CVE-2013-0362 Oracle Remote vulnerability in Oracle Database Mobile/Lite Server 10.3.0.3/11.1.0.0

Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0363 and CVE-2013-0364.

7.8
2013-01-19 CVE-2012-5185 Olivetoast Path Traversal vulnerability in Olivetoast Documents PRO File Viewer 1.11

Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access.

7.5
2013-01-17 CVE-2013-0359 Oracle Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1/12.1.0.2/6.5

Unspecified vulnerability in the APM - Application Performance Management component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Business Transaction Management.

7.5
2013-01-18 CVE-2009-4738 Justsystems Local Privilege Escalation vulnerability in Justsystems Atok, Atok Flat-Rate Service and Just Smile

Unspecified vulnerability in JustSystems Corporation ATOK 2006 through 2009 and ATOK flat-rate service, and Just Smile 4 with the ATOK Smile module, allows physically proximate users to bypass the screen lock and execute commands with system privileges via unknown vectors related to "launching external applications."

7.2

79 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-01-18 CVE-2009-5134 Utorrent Buffer Errors vulnerability in Utorrent 1.8.3

Buffer overflow in the "create torrent dialog" functionality in uTorrent 1.8.3 build 15772, and possibly other versions before 1.8.3 (Build 16010), allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a text file containing a large string.

6.8
2013-01-17 CVE-2013-1109 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Training Center

Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067.

6.8
2013-01-17 CVE-2013-0418 Microsoft
Oracle
Heap Based Buffer Overflow vulnerability in Oracle Outside In Technology

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393.

6.8
2013-01-17 CVE-2013-0393 Oracle Denial Of Service vulnerability in Oracle Outside In Technology

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0418.

6.8
2013-01-17 CVE-2013-0389 Oracle
Mariadb
Canonical
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
6.8
2013-01-17 CVE-2013-0386 Oracle
Mariadb
Canonical
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.
6.8
2013-01-17 CVE-2013-0384 Oracle
Canonical
Redhat
Mariadb
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
6.8
2013-01-17 CVE-2012-5060 Oracle
Mariadb
Canonical
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
6.8
2013-01-17 CVE-2013-0400 SUN Local Solaris vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs.

6.6
2013-01-17 CVE-2013-0399 SUN Local Solaris vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount.

6.6
2013-01-17 CVE-2013-0385 Oracle
Mariadb
Canonical
Redhat
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
6.6
2013-01-17 CVE-2013-0397 Oracle Security Bypass vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics.

6.4
2013-01-17 CVE-2013-0382 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Campaign Management.

6.4
2013-01-17 CVE-2013-0381 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework.

6.4
2013-01-17 CVE-2012-3190 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity, related to UWQ Server Issues.

6.4
2013-01-17 CVE-2013-0415 Xerox
SUN
Local Solaris vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package.

6.0
2013-01-18 CVE-2012-5656 Inkscape
Fedoraproject
Canonical
Opensuse
XXE vulnerability in multiple products

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

5.5
2013-01-17 CVE-2013-0391 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle Peoplesoft products 8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security.

5.5
2013-01-17 CVE-2013-0375 Oracle
Mariadb
Canonical
Redhat
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
5.5
2013-01-17 CVE-2013-0369 Oracle Remote Security vulnerability in Oracle PeopleSoft PeopleTools

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Query.

5.5
2013-01-17 CVE-2012-3218 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security Groups.

5.5
2013-01-18 CVE-2012-5875 Fireflymediaserver Unspecified vulnerability in Fireflymediaserver Firefly Media Server 1.0.0.1359

Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version.

5.0
2013-01-17 CVE-2012-5972 Specview Path Traversal vulnerability in Specview

Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ...

5.0
2013-01-17 CVE-2012-5444 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence Video Communication Servers Software X7.0.3

Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989.

5.0
2013-01-17 CVE-2013-0417 Oracle Remote Sun Storage Common Array Manager (CAM) vulnerability in Oracle SUN products Suite 6.9.0

Unspecified vulnerability in the Sun Storage Common Array Manager (CAM) component in Oracle Sun Products Suite 6.9.0 allows remote attackers to affect confidentiality, related to Fault Management System (FMS).

5.0
2013-01-17 CVE-2013-0396 Oracle Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1/12.1.0.2/6.5

Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Business Transaction Management, a different vulnerability than CVE-2013-0360.

5.0
2013-01-17 CVE-2013-0394 Oracle Remote PeopleSoft HRMS vulnerability in Oracle PeopleSoft products 9.0/9.1

Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote attackers to affect confidentiality via unknown vectors related to Candidate Gateway.

5.0
2013-01-17 CVE-2013-0360 Oracle Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1/12.1.0.2/6.5

Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Business Transaction Management, a different vulnerability than CVE-2013-0396.

5.0
2013-01-17 CVE-2012-3170 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastructure, a different vulnerability than CVE-2012-3169.

5.0
2013-01-17 CVE-2012-3169 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastructure, a different vulnerability than CVE-2012-3170.

5.0
2013-01-17 CVE-2012-1702 Oracle
Mariadb
Canonical
Redhat
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
5.0
2013-01-17 CVE-2012-1701 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Highly Interactive Web UI.

5.0
2013-01-19 CVE-2012-6396 Cisco Resource Management Errors vulnerability in Cisco products

Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCud44300.

4.9
2013-01-17 CVE-2012-5429 Cisco
Microsoft
Local Denial of Service vulnerability in Cisco VPN Client for Windows

The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669.

4.6
2013-01-17 CVE-2013-0407 Xerox
SUN
Local vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework.

4.6
2013-01-19 CVE-2012-5184 Olivetoast Cross-Site Scripting vulnerability in Olivetoast Documents PRO File Viewer 1.11

Cross-site scripting (XSS) vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-01-18 CVE-2012-6360 IBM Cross-Site Scripting vulnerability in IBM Intelligent Operations Center 1.5.0

Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations Center 1.5.0 allows remote attackers to inject arbitrary web script or HTML via event data fields.

4.3
2013-01-18 CVE-2012-6359 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes.

4.3
2013-01-18 CVE-2012-5531 Redhat Cross-Site Scripting vulnerability in Redhat Jboss Enterprise Portal Platform 5.2.2

Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-01-17 CVE-2012-4689 GE Numeric Errors vulnerability in GE products

Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request.

4.3
2013-01-17 CVE-2012-6397 Cisco Cross-Site Scripting vulnerability in Cisco Quad and Webex Social

Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977.

4.3
2013-01-17 CVE-2013-0392 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2012-5059.

4.3
2013-01-17 CVE-2013-0388 Oracle Remote PeopleSoft HRMS vulnerability in Oracle Peoplesoft products 9.1

Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.1 allows remote attackers to affect integrity via unknown vectors related to Mobile Company Directory.

4.3
2013-01-17 CVE-2013-0387 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to PeopleCode.

4.3
2013-01-17 CVE-2013-0383 Oracle
Mariadb
Canonical
Redhat
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
4.3
2013-01-17 CVE-2013-0380 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to View Payslip.

4.3
2013-01-17 CVE-2013-0379 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Siebel Calendar, a different vulnerability than CVE-2013-0378.

4.3
2013-01-17 CVE-2013-0378 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Siebel Calendar, a different vulnerability than CVE-2013-0379.

4.3
2013-01-17 CVE-2013-0377 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Client System Analyzer.

4.3
2013-01-17 CVE-2013-0376 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Diagnostics.

4.3
2013-01-17 CVE-2013-0374 Oracle SQL Injection vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Database Cloning.

4.3
2013-01-17 CVE-2013-0373 Oracle SQL Injection vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features.

4.3
2013-01-17 CVE-2013-0372 Oracle SQL Injection vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1 and 12.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features.

4.3
2013-01-17 CVE-2013-0358 Oracle SQL Injection vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Resource Manager.

4.3
2013-01-17 CVE-2013-0357 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle Peoplesoft products 8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology.

4.3
2013-01-17 CVE-2013-0356 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity, related to PIA Core Technology.

4.3
2013-01-17 CVE-2013-0355 Oracle Cross-Site Scripting vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features.

4.3
2013-01-17 CVE-2013-0354 Oracle HTTP Response Splitting vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Policy Framework.

4.3
2013-01-17 CVE-2013-0353 Oracle SQL Injection vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 allows remote attackers to affect integrity via unknown vectors related to Enterprise Configuration Management.

4.3
2013-01-17 CVE-2013-0352 Oracle Cross-Site Scripting vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Content Management.

4.3
2013-01-17 CVE-2012-5097 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.4.3/11.1.1.5.0/11.1.2.0

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3.0, 11.1.1.5.0, and 11.1.2.0.0 allows remote attackers to affect integrity, related to OAM Webgate.

4.3
2013-01-17 CVE-2012-5062 Oracle Remote Security vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect integrity via unknown vectors related to User Interface Framework.

4.3
2013-01-17 CVE-2012-5059 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2013-0392.

4.3
2013-01-17 CVE-2012-3219 Oracle Open Redirection vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Storage Management.

4.3
2013-01-17 CVE-2012-1755 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle Peoplesoft products 8.51

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote attackers to affect integrity via vectors related to PeopleBooks - PSOL.

4.3
2013-01-17 CVE-2012-1677 Oracle Remote Security vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors.

4.3
2013-01-17 CVE-2013-0395 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Security.

4.0
2013-01-17 CVE-2013-0371 Oracle
Mariadb
Canonical
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.
4.0
2013-01-17 CVE-2013-0368 Oracle
Mariadb
Canonical
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
4.0
2013-01-17 CVE-2013-0367 Oracle
Mariadb
Canonical
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
4.0
2013-01-17 CVE-2013-0365 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

4.0
2013-01-17 CVE-2012-3172 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Siebel Apps - Multi-channel Technologies.

4.0
2013-01-17 CVE-2012-3168 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Siebel Core - Server Infrastructure.

4.0
2013-01-17 CVE-2012-1705 Oracle
Mariadb
Canonical
Redhat
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
4.0
2013-01-17 CVE-2012-1700 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel UI Framework.

4.0
2013-01-17 CVE-2012-1680 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Apps - Multi-channel Technologies.

4.0
2013-01-17 CVE-2012-0578 Oracle
Mariadb
Canonical
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
4.0
2013-01-17 CVE-2012-0574 Oracle
Mariadb
Canonical
Redhat
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
4.0
2013-01-17 CVE-2012-0572 Oracle
Mariadb
Canonical
Redhat
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
4.0

11 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-01-17 CVE-2012-3310 IBM Credentials Management vulnerability in IBM Tivoli Federated Identity Manager

IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) keystore passwords, (3) a cleartext Basic Authentication password from a client, or (4) a cleartext user password by leveraging a logging configuration with a log trace setting of all.

3.5
2013-01-17 CVE-2013-0172 Samba Permissions, Privileges, and Access Controls vulnerability in Samba 4.0.0

Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute.

3.5
2013-01-17 CVE-2012-5096 Oracle
Mariadb
Canonical
Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.
3.5
2013-01-17 CVE-2012-3192 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity, related to Rich Text Editor (RTE).

3.5
2013-01-17 CVE-2012-1678 Oracle Remote Security vulnerability in Oracle JD Edwards products 24.0/8.98/9.1

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98, 9.1, and 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC.

3.5
2013-01-17 CVE-2013-0414 SUN Local vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Utility/ksh93.

3.3
2013-01-17 CVE-2012-0569 Xerox
SUN
Local vulnerability in Oracle Solaris

Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch.

3.3
2013-01-17 CVE-2013-0420 Opensuse
Oracle
Local vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core.

2.4
2013-01-17 CVE-2013-0390 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Bookmarkable Pages.

2.1
2013-01-17 CVE-2013-0370 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1.1

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

2.1
2013-01-17 CVE-2012-3178 SUN Local vulnerability in SUN Sunos 5.11

Unspecified vulnerability in the kernel in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors.

2.1