Weekly Vulnerabilities Reports > January 14 to 20, 2013

Overview

133 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 19 high severity vulnerabilities. This weekly summary report vulnerabilities in 66 products from 25 vendors including Oracle, Google, Opensuse, Cisco, and Mysql. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Resource Management Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "Numeric Errors".

  • 121 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 94 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 75 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-01-17 CVE-2012-6392 Cisco
Linux
Improper Input Validation vulnerability in Cisco Prime LAN Management Solution

Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779.

10.0
2013-01-17 CVE-2013-0366 Oracle Remote vulnerability in Oracle Database Mobile/Lite Server 10.3.0.3/11.1.0.0

Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0361.

10.0
2013-01-17 CVE-2013-0361 Oracle Remote vulnerability in Oracle Database Lite and Database Mobile/Lite Server

Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0366.

10.0
2013-01-17 CVE-2013-0632 Adobe Information Exposure vulnerability in Adobe Coldfusion

administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.

10.0
2013-01-14 CVE-2012-3174 Oracle Permissions, Privileges, and Access Controls vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422.

10.0
2013-01-17 CVE-2012-4607 EMC Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Networker

Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data.

9.3
2013-01-17 CVE-2012-3220 Oracle Remote Stack Based Buffer Overflow vulnerability in Oracle Database Server

Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Session privileges to affect confidentiality, integrity, and availability via unknown vectors.

9.0

19 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-01-17 CVE-2012-5419 Cisco Resource Management Errors vulnerability in Cisco products

Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Firewall allows remote attackers to cause a denial of service (device reload) via a malformed H.225 H.323 IPv4 packet, aka Bug IDs CSCuc42812 and CSCuc88741.

7.8
2013-01-17 CVE-2013-0364 Oracle Remote vulnerability in Oracle Database Lite and Database Mobile/Lite Server

Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0362 and CVE-2013-0363.

7.8
2013-01-17 CVE-2013-0363 Oracle Remote vulnerability in Oracle Database Mobile/Lite Server 10.3.0.3/11.1.0.0

Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0362 and CVE-2013-0364.

7.8
2013-01-17 CVE-2013-0362 Oracle Remote vulnerability in Oracle Database Mobile/Lite Server 10.3.0.3/11.1.0.0

Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0363 and CVE-2013-0364.

7.8
2013-01-19 CVE-2012-5185 Olivetoast Path Traversal vulnerability in Olivetoast Documents PRO File Viewer 1.11

Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access.

7.5
2013-01-17 CVE-2013-0359 Oracle Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1/12.1.0.2/6.5

Unspecified vulnerability in the APM - Application Performance Management component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Business Transaction Management.

7.5
2013-01-15 CVE-2013-0838 Google
Linux
Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors.

7.5
2013-01-15 CVE-2013-0837 Opensuse
Google
Improper Input Validation vulnerability in multiple products

Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of extension tabs.

7.5
2013-01-15 CVE-2013-0832 Opensuse
Google
Resource Management Errors vulnerability in multiple products

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.

7.5
2013-01-15 CVE-2013-0831 Google
Opensuse
Path Traversal vulnerability in Google Chrome

Directory traversal vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to have an unspecified impact by leveraging access to an extension process.

7.5
2013-01-15 CVE-2013-0830 Opensuse
Google
Microsoft
Improper Input Validation vulnerability in multiple products

The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a NUL character required for termination of an unspecified data structure, which has unknown impact and attack vectors.

7.5
2013-01-15 CVE-2012-5154 Opensuse
Google
Microsoft
Numeric Errors vulnerability in multiple products

Integer overflow in Google Chrome before 24.0.1312.52 on Windows allows attackers to cause a denial of service or possibly have unspecified other impact via vectors related to allocation of shared memory.

7.5
2013-01-15 CVE-2012-5153 Google
Opensuse
Buffer Errors vulnerability in Google Chrome

Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds access to stack memory.

7.5
2013-01-15 CVE-2012-5150 Google
Opensuse
Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving seek operations on video data.

7.5
2013-01-15 CVE-2012-5149 Opensuse
Google
Numeric Errors vulnerability in multiple products

Integer overflow in the audio IPC layer in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

7.5
2013-01-15 CVE-2012-5148 Opensuse
Google
Improper Input Validation vulnerability in multiple products

The hyphenation functionality in Google Chrome before 24.0.1312.52 does not properly validate file names, which has unspecified impact and attack vectors.

7.5
2013-01-15 CVE-2012-5147 Opensuse
Google
Resource Management Errors vulnerability in multiple products

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM handling.

7.5
2013-01-15 CVE-2012-5145 Opensuse
Google
USE After Free vulnerability in multiple products

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG layout.

7.5
2013-01-18 CVE-2009-4738 Justsystems Local Privilege Escalation vulnerability in Justsystems Atok, Atok Flat-Rate Service and Just Smile

Unspecified vulnerability in JustSystems Corporation ATOK 2006 through 2009 and ATOK flat-rate service, and Just Smile 4 with the ATOK Smile module, allows physically proximate users to bypass the screen lock and execute commands with system privileges via unknown vectors related to "launching external applications."

7.2

95 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-01-18 CVE-2009-5134 Utorrent Buffer Errors vulnerability in Utorrent 1.8.3

Buffer overflow in the "create torrent dialog" functionality in uTorrent 1.8.3 build 15772, and possibly other versions before 1.8.3 (Build 16010), allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a text file containing a large string.

6.8
2013-01-17 CVE-2013-1109 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Training Center

Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067.

6.8
2013-01-17 CVE-2013-0418 Microsoft
Oracle
Heap Based Buffer Overflow vulnerability in Oracle Outside In Technology

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393.

6.8
2013-01-17 CVE-2013-0393 Oracle Denial Of Service vulnerability in Oracle Outside In Technology

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0418.

6.8
2013-01-17 CVE-2013-0389 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

6.8
2013-01-17 CVE-2013-0386 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.

6.8
2013-01-17 CVE-2013-0384 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

6.8
2013-01-17 CVE-2012-5060 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

6.8
2013-01-15 CVE-2013-0836 Google
Opensuse
Resource Management Errors vulnerability in Google Chrome

Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code.

6.8
2013-01-15 CVE-2013-0828 Google Resource Management Errors vulnerability in Google Chrome

The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document.

6.8
2013-01-15 CVE-2012-5156 Google Resource Management Errors vulnerability in Google Chrome

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving PDF fields.

6.8
2013-01-15 CVE-2012-5151 Google Numeric Errors vulnerability in Google Chrome

Integer overflow in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code in a PDF document.

6.8
2013-01-17 CVE-2013-0400 SUN Local Solaris vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs.

6.6
2013-01-17 CVE-2013-0399 SUN Local Solaris vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount.

6.6
2013-01-17 CVE-2013-0385 Mysql
Oracle
Local Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.

6.6
2013-01-17 CVE-2013-0397 Oracle Security Bypass vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics.

6.4
2013-01-17 CVE-2013-0382 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Campaign Management.

6.4
2013-01-17 CVE-2013-0381 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework.

6.4
2013-01-17 CVE-2012-3190 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity, related to UWQ Server Issues.

6.4
2013-01-15 CVE-2013-0829 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 24.0.1312.52 does not properly maintain database metadata, which allows remote attackers to bypass intended file-access restrictions via unspecified vectors.

6.4
2013-01-18 CVE-2012-6395 Cisco Improper Input Validation vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do not properly validate unspecified input related to UNC share pathnames, which allows remote authenticated users to cause a denial of service (device crash) via unknown vectors, aka Bug ID CSCuc65775.

6.3
2013-01-18 CVE-2012-5717 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco products

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device crash) by establishing multiple sessions, aka Bug ID CSCtc59462.

6.3
2013-01-17 CVE-2013-0415 Xerox
SUN
Local Solaris vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package.

6.0
2013-01-17 CVE-2013-0391 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle Peoplesoft products 8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security.

5.5
2013-01-17 CVE-2013-0375 Oracle SQL Injection vulnerability in Oracle Mysql

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

5.5
2013-01-17 CVE-2013-0369 Oracle Remote Security vulnerability in Oracle PeopleSoft PeopleTools

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Query.

5.5
2013-01-17 CVE-2012-3218 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security Groups.

5.5
2013-01-19 CVE-2012-6113 PHP Information Exposure vulnerability in PHP

The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 through 5.3.13 does not initialize a certain variable, which allows remote attackers to obtain sensitive information from process memory by providing zero bytes of input data.

5.0
2013-01-18 CVE-2012-5875 Fireflymediaserver Unspecified vulnerability in Fireflymediaserver Firefly Media Server 1.0.0.1359

Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version.

5.0
2013-01-18 CVE-2012-2124 Squirrelmail
Redhat
Resource Management Errors vulnerability in multiple products

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial of service (disk consumption) by making many IMAP login attempts with different usernames, leading to the creation of many preference files.

5.0
2013-01-17 CVE-2012-5972 Specview Path Traversal vulnerability in Specview

Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ...

5.0
2013-01-17 CVE-2012-5444 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence Video Communication Servers Software X7.0.3

Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989.

5.0
2013-01-17 CVE-2013-0417 Oracle Remote Sun Storage Common Array Manager (CAM) vulnerability in Oracle SUN products Suite 6.9.0

Unspecified vulnerability in the Sun Storage Common Array Manager (CAM) component in Oracle Sun Products Suite 6.9.0 allows remote attackers to affect confidentiality, related to Fault Management System (FMS).

5.0
2013-01-17 CVE-2013-0396 Oracle Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1/12.1.0.2/6.5

Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Business Transaction Management, a different vulnerability than CVE-2013-0360.

5.0
2013-01-17 CVE-2013-0394 Oracle Remote PeopleSoft HRMS vulnerability in Oracle PeopleSoft products 9.0/9.1

Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote attackers to affect confidentiality via unknown vectors related to Candidate Gateway.

5.0
2013-01-17 CVE-2013-0360 Oracle Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1/12.1.0.2/6.5

Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Business Transaction Management, a different vulnerability than CVE-2013-0396.

5.0
2013-01-17 CVE-2012-3170 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastructure, a different vulnerability than CVE-2012-3169.

5.0
2013-01-17 CVE-2012-3169 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastructure, a different vulnerability than CVE-2012-3170.

5.0
2013-01-17 CVE-2012-1702 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

5.0
2013-01-17 CVE-2012-1701 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Highly Interactive Web UI.

5.0
2013-01-15 CVE-2013-0835 Google
Opensuse
Geolocation Implementation Denial of Service vulnerability in Google Chrome

Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

5.0
2013-01-15 CVE-2013-0834 Opensuse
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving glyphs.

5.0
2013-01-15 CVE-2013-0833 Google
Opensuse
Buffer Errors vulnerability in Google Chrome

Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to printing.

5.0
2013-01-15 CVE-2012-5155 Google
Apple
Permissions, Privileges, and Access Controls vulnerability in Google Chrome

Google Chrome before 24.0.1312.52 on Mac OS X does not use an appropriate sandboxing approach for worker processes, which makes it easier for remote attackers to bypass intended access restrictions via unspecified vectors.

5.0
2013-01-15 CVE-2012-5152 Opensuse
Google
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors involving seek operations on video data.

5.0
2013-01-15 CVE-2012-5146 Opensuse
Google
Permissions, Privileges, and Access Controls vulnerability in multiple products

Google Chrome before 24.0.1312.52 allows remote attackers to bypass the Same Origin Policy via a malformed URL.

5.0
2013-01-19 CVE-2012-6396 Cisco Resource Management Errors vulnerability in Cisco products

Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCud44300.

4.9
2013-01-17 CVE-2012-5429 Cisco
Microsoft
Local Denial of Service vulnerability in Cisco VPN Client for Windows

The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669.

4.6
2013-01-17 CVE-2013-0407 Xerox
SUN
Local vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework.

4.6
2013-01-19 CVE-2012-5184 Olivetoast Cross-Site Scripting vulnerability in Olivetoast Documents PRO File Viewer 1.11

Cross-site scripting (XSS) vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-01-18 CVE-2012-6360 IBM Cross-Site Scripting vulnerability in IBM Intelligent Operations Center 1.5.0

Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations Center 1.5.0 allows remote attackers to inject arbitrary web script or HTML via event data fields.

4.3
2013-01-18 CVE-2012-6359 IBM Permissions, Privileges, and Access Controls vulnerability in IBM products

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes.

4.3
2013-01-18 CVE-2012-6088 RPM Credentials Management vulnerability in RPM 4.10.0/4.10.1

The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass RPM signature checks via a crafted package.

4.3
2013-01-18 CVE-2012-5531 Redhat Cross-Site Scripting vulnerability in Redhat Jboss Enterprise Portal Platform 5.2.2

Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2013-01-17 CVE-2012-4689 GE Numeric Errors vulnerability in GE products

Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request.

4.3
2013-01-17 CVE-2012-6397 Cisco Cross-Site Scripting vulnerability in Cisco Quad and Webex Social

Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977.

4.3
2013-01-17 CVE-2013-0392 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2012-5059.

4.3
2013-01-17 CVE-2013-0388 Oracle Remote PeopleSoft HRMS vulnerability in Oracle Peoplesoft products 9.1

Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.1 allows remote attackers to affect integrity via unknown vectors related to Mobile Company Directory.

4.3
2013-01-17 CVE-2013-0387 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to PeopleCode.

4.3
2013-01-17 CVE-2013-0383 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.

4.3
2013-01-17 CVE-2013-0380 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to View Payslip.

4.3
2013-01-17 CVE-2013-0379 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Siebel Calendar, a different vulnerability than CVE-2013-0378.

4.3
2013-01-17 CVE-2013-0378 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Siebel Calendar, a different vulnerability than CVE-2013-0379.

4.3
2013-01-17 CVE-2013-0377 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Client System Analyzer.

4.3
2013-01-17 CVE-2013-0376 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Diagnostics.

4.3
2013-01-17 CVE-2013-0374 Oracle SQL Injection vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Database Cloning.

4.3
2013-01-17 CVE-2013-0373 Oracle SQL Injection vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features.

4.3
2013-01-17 CVE-2013-0372 Oracle SQL Injection vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1 and 12.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features.

4.3
2013-01-17 CVE-2013-0358 Oracle SQL Injection vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Resource Manager.

4.3
2013-01-17 CVE-2013-0357 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle Peoplesoft products 8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology.

4.3
2013-01-17 CVE-2013-0356 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity, related to PIA Core Technology.

4.3
2013-01-17 CVE-2013-0355 Oracle Cross-Site Scripting vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features.

4.3
2013-01-17 CVE-2013-0354 Oracle HTTP Response Splitting vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Policy Framework.

4.3
2013-01-17 CVE-2013-0353 Oracle SQL Injection vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 allows remote attackers to affect integrity via unknown vectors related to Enterprise Configuration Management.

4.3
2013-01-17 CVE-2013-0352 Oracle Cross-Site Scripting vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Content Management.

4.3
2013-01-17 CVE-2012-5097 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.4.3/11.1.1.5.0/11.1.2.0

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3.0, 11.1.1.5.0, and 11.1.2.0.0 allows remote attackers to affect integrity, related to OAM Webgate.

4.3
2013-01-17 CVE-2012-5062 Oracle Remote Security vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect integrity via unknown vectors related to User Interface Framework.

4.3
2013-01-17 CVE-2012-5059 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2013-0392.

4.3
2013-01-17 CVE-2012-3219 Oracle Open Redirection vulnerability in Oracle products

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Storage Management.

4.3
2013-01-17 CVE-2012-1755 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle Peoplesoft products 8.51

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote attackers to affect integrity via vectors related to PeopleBooks - PSOL.

4.3
2013-01-17 CVE-2012-1677 Oracle Remote Security vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors.

4.3
2013-01-15 CVE-2012-5157 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome

Google Chrome before 24.0.1312.52 does not properly handle image data in PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted document.

4.3
2013-01-17 CVE-2013-0395 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Security.

4.0
2013-01-17 CVE-2013-0371 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.

4.0
2013-01-17 CVE-2013-0368 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4.0
2013-01-17 CVE-2013-0367 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

4.0
2013-01-17 CVE-2013-0365 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

4.0
2013-01-17 CVE-2012-3172 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Siebel Apps - Multi-channel Technologies.

4.0
2013-01-17 CVE-2012-3168 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Siebel Core - Server Infrastructure.

4.0
2013-01-17 CVE-2012-1705 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4.0
2013-01-17 CVE-2012-1700 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel UI Framework.

4.0
2013-01-17 CVE-2012-1680 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Apps - Multi-channel Technologies.

4.0
2013-01-17 CVE-2012-0578 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4.0
2013-01-17 CVE-2012-0574 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

4.0
2013-01-17 CVE-2012-0572 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4.0

12 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-01-17 CVE-2012-3310 IBM Credentials Management vulnerability in IBM Tivoli Federated Identity Manager

IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) keystore passwords, (3) a cleartext Basic Authentication password from a client, or (4) a cleartext user password by leveraging a logging configuration with a log trace setting of all.

3.5
2013-01-17 CVE-2013-0172 Samba Permissions, Privileges, and Access Controls vulnerability in Samba 4.0.0

Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute.

3.5
2013-01-17 CVE-2012-5096 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.

3.5
2013-01-17 CVE-2012-3192 Oracle Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity, related to Rich Text Editor (RTE).

3.5
2013-01-17 CVE-2012-1678 Oracle Remote Security vulnerability in Oracle JD Edwards products 24.0/8.98/9.1

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98, 9.1, and 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC.

3.5
2013-01-17 CVE-2013-0414 SUN Local vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Utility/ksh93.

3.3
2013-01-17 CVE-2012-0569 Xerox
SUN
Local vulnerability in Oracle Solaris

Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch.

3.3
2013-01-17 CVE-2013-0420 Opensuse
Oracle
Local vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core.

2.4
2013-01-18 CVE-2012-5656 Inkscape Permissions, Privileges, and Access Controls vulnerability in Inkscape

The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack.

2.1
2013-01-17 CVE-2013-0390 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Bookmarkable Pages.

2.1
2013-01-17 CVE-2013-0370 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1.1

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

2.1
2013-01-17 CVE-2012-3178 SUN Local vulnerability in SUN Sunos 5.11

Unspecified vulnerability in the kernel in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors.

2.1