Weekly Vulnerabilities Reports > January 14 to 20, 2013
Overview
103 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 6 high severity vulnerabilities. This weekly summary report vulnerabilities in 62 products from 22 vendors including Oracle, Canonical, Mariadb, Redhat, and SUN. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Path Traversal", and "Resource Management Errors".
- 91 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 65 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 75 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 4 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
7 Critical Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2013-01-17 | CVE-2012-6392 | Cisco Linux | Improper Input Validation vulnerability in Cisco Prime LAN Management Solution Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux does not properly validate authentication and authorization requests in TCP sessions, which allows remote attackers to execute arbitrary commands via a crafted session, aka Bug ID CSCuc79779. | 10.0 |
| 2013-01-17 | CVE-2013-0366 | Oracle | Remote vulnerability in Oracle Database Mobile/Lite Server 10.3.0.3/11.1.0.0 Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0361. | 10.0 |
| 2013-01-17 | CVE-2013-0361 | Oracle | Remote vulnerability in Oracle Database Lite and Database Mobile/Lite Server Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0366. | 10.0 |
| 2013-01-17 | CVE-2013-0632 | Adobe | Information Exposure vulnerability in Adobe Coldfusion administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013. | 10.0 |
| 2013-01-14 | CVE-2012-3174 | Oracle | Permissions, Privileges, and Access Controls vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java 7 before Update 11 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2013-0422. | 10.0 |
| 2013-01-17 | CVE-2012-4607 | EMC | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Networker Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before 7.6.5, and 8.x before 8.0.0.6, allows remote attackers to execute arbitrary code via crafted SunRPC data. | 9.3 |
| 2013-01-17 | CVE-2012-3220 | Oracle | Remote Stack Based Buffer Overflow vulnerability in Oracle Database Server Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Session privileges to affect confidentiality, integrity, and availability via unknown vectors. | 9.0 |
6 High Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2013-01-17 | CVE-2013-0364 | Oracle | Remote vulnerability in Oracle Database Lite and Database Mobile/Lite Server Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0362 and CVE-2013-0363. | 7.8 |
| 2013-01-17 | CVE-2013-0363 | Oracle | Remote vulnerability in Oracle Database Mobile/Lite Server 10.3.0.3/11.1.0.0 Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0362 and CVE-2013-0364. | 7.8 |
| 2013-01-17 | CVE-2013-0362 | Oracle | Remote vulnerability in Oracle Database Mobile/Lite Server 10.3.0.3/11.1.0.0 Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2013-0363 and CVE-2013-0364. | 7.8 |
| 2013-01-19 | CVE-2012-5185 | Olivetoast | Path Traversal vulnerability in Olivetoast Documents PRO File Viewer 1.11 Directory traversal vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to read or delete files by leveraging guest access. | 7.5 |
| 2013-01-17 | CVE-2013-0359 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1/12.1.0.2/6.5 Unspecified vulnerability in the APM - Application Performance Management component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Business Transaction Management. | 7.5 |
| 2013-01-18 | CVE-2009-4738 | Justsystems | Local Privilege Escalation vulnerability in Justsystems Atok, Atok Flat-Rate Service and Just Smile Unspecified vulnerability in JustSystems Corporation ATOK 2006 through 2009 and ATOK flat-rate service, and Just Smile 4 with the ATOK Smile module, allows physically proximate users to bypass the screen lock and execute commands with system privileges via unknown vectors related to "launching external applications." | 7.2 |
79 Medium Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2013-01-18 | CVE-2009-5134 | Utorrent | Buffer Errors vulnerability in Utorrent 1.8.3 Buffer overflow in the "create torrent dialog" functionality in uTorrent 1.8.3 build 15772, and possibly other versions before 1.8.3 (Build 16010), allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a text file containing a large string. | 6.8 |
| 2013-01-17 | CVE-2013-1109 | Cisco | Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Training Center Cross-site request forgery (CSRF) vulnerability in testingLibraryAction.do in the Training Center testing library in Cisco WebEx Training Center allows remote attackers to hijack the authentication of arbitrary users for requests that delete tests, aka Bug ID CSCzu81067. | 6.8 |
| 2013-01-17 | CVE-2013-0418 | Microsoft Oracle | Heap Based Buffer Overflow vulnerability in Oracle Outside In Technology Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. | 6.8 |
| 2013-01-17 | CVE-2013-0393 | Oracle | Denial Of Service vulnerability in Oracle Outside In Technology Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0418. | 6.8 |
| 2013-01-17 | CVE-2013-0389 | Oracle Mariadb Canonical | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 6.8 |
| 2013-01-17 | CVE-2013-0386 | Oracle Mariadb Canonical | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. | 6.8 |
| 2013-01-17 | CVE-2013-0384 | Oracle Canonical Redhat Mariadb | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema. | 6.8 |
| 2013-01-17 | CVE-2012-5060 | Oracle Mariadb Canonical | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension. | 6.8 |
| 2013-01-17 | CVE-2013-0400 | SUN | Local Solaris vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs. | 6.6 |
| 2013-01-17 | CVE-2013-0399 | SUN | Local Solaris vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount. | 6.6 |
| 2013-01-17 | CVE-2013-0385 | Oracle Mariadb Canonical Redhat | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication. | 6.6 |
| 2013-01-17 | CVE-2013-0397 | Oracle | Security Bypass vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics. | 6.4 |
| 2013-01-17 | CVE-2013-0382 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Campaign Management. | 6.4 |
| 2013-01-17 | CVE-2013-0381 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Application Framework. | 6.4 |
| 2013-01-17 | CVE-2012-3190 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity, related to UWQ Server Issues. | 6.4 |
| 2013-01-17 | CVE-2013-0415 | Xerox SUN | Local Solaris vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind package. | 6.0 |
| 2013-01-18 | CVE-2012-5656 | Inkscape Fedoraproject Canonical Opensuse | XXE vulnerability in multiple products The rasterization process in Inkscape before 0.48.4 allows local users to read arbitrary files via an external entity in a SVG file, aka an XML external entity (XXE) injection attack. | 5.5 |
| 2013-01-17 | CVE-2013-0391 | Oracle | Remote PeopleSoft PeopleTools vulnerability in Oracle Peoplesoft products 8.52 Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security. | 5.5 |
| 2013-01-17 | CVE-2013-0375 | Oracle Mariadb Canonical Redhat | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication. | 5.5 |
| 2013-01-17 | CVE-2013-0369 | Oracle | Remote Security vulnerability in Oracle PeopleSoft PeopleTools Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Query. | 5.5 |
| 2013-01-17 | CVE-2012-3218 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Security Groups. | 5.5 |
| 2013-01-18 | CVE-2012-5875 | Fireflymediaserver | Unspecified vulnerability in Fireflymediaserver Firefly Media Server 1.0.0.1359 Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version. | 5.0 |
| 2013-01-17 | CVE-2012-5972 | Specview | Path Traversal vulnerability in Specview Directory traversal vulnerability in the web server in SpecView 2.5 build 853 and earlier allows remote attackers to read arbitrary files via a ... | 5.0 |
| 2013-01-17 | CVE-2012-5444 | Cisco | Permissions, Privileges, and Access Controls vulnerability in Cisco Telepresence Video Communication Servers Software X7.0.3 Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, aka Bug ID CSCub67989. | 5.0 |
| 2013-01-17 | CVE-2013-0417 | Oracle | Remote Sun Storage Common Array Manager (CAM) vulnerability in Oracle SUN products Suite 6.9.0 Unspecified vulnerability in the Sun Storage Common Array Manager (CAM) component in Oracle Sun Products Suite 6.9.0 allows remote attackers to affect confidentiality, related to Fault Management System (FMS). | 5.0 |
| 2013-01-17 | CVE-2013-0396 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1/12.1.0.2/6.5 Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Business Transaction Management, a different vulnerability than CVE-2013-0360. | 5.0 |
| 2013-01-17 | CVE-2013-0394 | Oracle | Remote PeopleSoft HRMS vulnerability in Oracle PeopleSoft products 9.0/9.1 Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote attackers to affect confidentiality via unknown vectors related to Candidate Gateway. | 5.0 |
| 2013-01-17 | CVE-2013-0360 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1/12.1.0.2/6.5 Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Business Transaction Management, a different vulnerability than CVE-2013-0396. | 5.0 |
| 2013-01-17 | CVE-2012-3170 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastructure, a different vulnerability than CVE-2012-3169. | 5.0 |
| 2013-01-17 | CVE-2012-3169 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastructure, a different vulnerability than CVE-2012-3170. | 5.0 |
| 2013-01-17 | CVE-2012-1702 | Oracle Mariadb Canonical Redhat | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors. | 5.0 |
| 2013-01-17 | CVE-2012-1701 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Highly Interactive Web UI. | 5.0 |
| 2013-01-19 | CVE-2012-6396 | Cisco | Resource Management Errors vulnerability in Cisco products Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a crafted configuration that references interfaces that do not exist on the new card, aka Bug ID CSCud44300. | 4.9 |
| 2013-01-17 | CVE-2012-5429 | Cisco Microsoft | Local Denial of Service vulnerability in Cisco VPN Client for Windows The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted application, aka Bug ID CSCuc81669. | 4.6 |
| 2013-01-17 | CVE-2013-0407 | Xerox SUN | Local vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework. | 4.6 |
| 2013-01-19 | CVE-2012-5184 | Olivetoast | Cross-Site Scripting vulnerability in Olivetoast Documents PRO File Viewer 1.11 Cross-site scripting (XSS) vulnerability in the Olive Toast Documents Pro File Viewer (formerly Files HD) app before 1.11.1 for iOS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-01-18 | CVE-2012-6360 | IBM | Cross-Site Scripting vulnerability in IBM Intelligent Operations Center 1.5.0 Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations Center 1.5.0 allows remote attackers to inject arbitrary web script or HTML via event data fields. | 4.3 |
| 2013-01-18 | CVE-2012-6359 | IBM | Permissions, Privileges, and Access Controls vulnerability in IBM products IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 do not check whether an OpenID attribute is signed in the (1) SREG (aka simple registration extension) and (2) AX (aka attribute exchange extension) cases, which allows man-in-the-middle attackers to spoof OpenID provider data by inserting unsigned attributes. | 4.3 |
| 2013-01-18 | CVE-2012-5531 | Redhat | Cross-Site Scripting vulnerability in Redhat Jboss Enterprise Portal Platform 5.2.2 Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal in JBoss Enterprise Portal Platform 5.2.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2013-01-17 | CVE-2012-4689 | GE | Numeric Errors vulnerability in GE products Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denial of service (daemon crash) via a malformed HTTP request. | 4.3 |
| 2013-01-17 | CVE-2012-6397 | Cisco | Cross-Site Scripting vulnerability in Cisco Quad and Webex Social Cross-site scripting (XSS) vulnerability in Cisco WebEx Social (formerly Cisco Quad) allows remote attackers to inject arbitrary web script or HTML via a crafted RSS service link, aka Bug ID CSCub61977. | 4.3 |
| 2013-01-17 | CVE-2013-0392 | Oracle | Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52 Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2012-5059. | 4.3 |
| 2013-01-17 | CVE-2013-0388 | Oracle | Remote PeopleSoft HRMS vulnerability in Oracle Peoplesoft products 9.1 Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.1 allows remote attackers to affect integrity via unknown vectors related to Mobile Company Directory. | 4.3 |
| 2013-01-17 | CVE-2013-0387 | Oracle | Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52 Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to PeopleCode. | 4.3 |
| 2013-01-17 | CVE-2013-0383 | Oracle Mariadb Canonical Redhat | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking. | 4.3 |
| 2013-01-17 | CVE-2013-0380 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to View Payslip. | 4.3 |
| 2013-01-17 | CVE-2013-0379 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Siebel Calendar, a different vulnerability than CVE-2013-0378. | 4.3 |
| 2013-01-17 | CVE-2013-0378 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Siebel Calendar, a different vulnerability than CVE-2013-0379. | 4.3 |
| 2013-01-17 | CVE-2013-0377 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Client System Analyzer. | 4.3 |
| 2013-01-17 | CVE-2013-0376 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Diagnostics. | 4.3 |
| 2013-01-17 | CVE-2013-0374 | Oracle | SQL Injection vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Database Cloning. | 4.3 |
| 2013-01-17 | CVE-2013-0373 | Oracle | SQL Injection vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1, and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features. | 4.3 |
| 2013-01-17 | CVE-2013-0372 | Oracle | SQL Injection vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1 and 12.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features. | 4.3 |
| 2013-01-17 | CVE-2013-0358 | Oracle | SQL Injection vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Resource Manager. | 4.3 |
| 2013-01-17 | CVE-2013-0357 | Oracle | Remote PeopleSoft PeopleTools vulnerability in Oracle Peoplesoft products 8.52 Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology. | 4.3 |
| 2013-01-17 | CVE-2013-0356 | Oracle | Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52 Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity, related to PIA Core Technology. | 4.3 |
| 2013-01-17 | CVE-2013-0355 | Oracle | Cross-Site Scripting vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Distributed/Cross DB Features. | 4.3 |
| 2013-01-17 | CVE-2013-0354 | Oracle | HTTP Response Splitting vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows remote attackers to affect integrity via unknown vectors related to Policy Framework. | 4.3 |
| 2013-01-17 | CVE-2013-0353 | Oracle | SQL Injection vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 allows remote attackers to affect integrity via unknown vectors related to Enterprise Configuration Management. | 4.3 |
| 2013-01-17 | CVE-2013-0352 | Oracle | Cross-Site Scripting vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Content Management. | 4.3 |
| 2013-01-17 | CVE-2012-5097 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.4.3/11.1.1.5.0/11.1.2.0 Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3.0, 11.1.1.5.0, and 11.1.2.0.0 allows remote attackers to affect integrity, related to OAM Webgate. | 4.3 |
| 2013-01-17 | CVE-2012-5062 | Oracle | Remote Security vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect integrity via unknown vectors related to User Interface Framework. | 4.3 |
| 2013-01-17 | CVE-2012-5059 | Oracle | Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52 Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2013-0392. | 4.3 |
| 2013-01-17 | CVE-2012-3219 | Oracle | Open Redirection vulnerability in Oracle products Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and 12.1.0.2 allows remote attackers to affect integrity via unknown vectors related to Storage Management. | 4.3 |
| 2013-01-17 | CVE-2012-1755 | Oracle | Remote PeopleSoft PeopleTools vulnerability in Oracle Peoplesoft products 8.51 Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote attackers to affect integrity via vectors related to PeopleBooks - PSOL. | 4.3 |
| 2013-01-17 | CVE-2012-1677 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors. | 4.3 |
| 2013-01-17 | CVE-2013-0395 | Oracle | Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52 Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Security. | 4.0 |
| 2013-01-17 | CVE-2013-0371 | Oracle Mariadb Canonical | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM. | 4.0 |
| 2013-01-17 | CVE-2013-0368 | Oracle Mariadb Canonical | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 4.0 |
| 2013-01-17 | CVE-2013-0367 | Oracle Mariadb Canonical | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition. | 4.0 |
| 2013-01-17 | CVE-2013-0365 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 4.0 |
| 2013-01-17 | CVE-2012-3172 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Siebel Apps - Multi-channel Technologies. | 4.0 |
| 2013-01-17 | CVE-2012-3168 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Siebel Core - Server Infrastructure. | 4.0 |
| 2013-01-17 | CVE-2012-1705 | Oracle Mariadb Canonical Redhat | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 4.0 |
| 2013-01-17 | CVE-2012-1700 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel UI Framework. | 4.0 |
| 2013-01-17 | CVE-2012-1680 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Apps - Multi-channel Technologies. | 4.0 |
| 2013-01-17 | CVE-2012-0578 | Oracle Mariadb Canonical | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 4.0 |
| 2013-01-17 | CVE-2012-0574 | Oracle Mariadb Canonical Redhat | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors. | 4.0 |
| 2013-01-17 | CVE-2012-0572 | Oracle Mariadb Canonical Redhat | Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 4.0 |
11 Low Vulnerabilities
| DATE | CVE | VENDOR | VULNERABILITY | CVSS |
|---|---|---|---|---|
| 2013-01-17 | CVE-2012-3310 | IBM | Credentials Management vulnerability in IBM Tivoli Federated Identity Manager IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) keystore passwords, (3) a cleartext Basic Authentication password from a client, or (4) a cleartext user password by leveraging a logging configuration with a log trace setting of all. | 3.5 |
| 2013-01-17 | CVE-2013-0172 | Samba | Permissions, Privileges, and Access Controls vulnerability in Samba 4.0.0 Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authenticated users to bypass intended restrictions on modifying LDAP directory objects by leveraging (1) objectClass access by a user, (2) objectClass access by a group, or (3) write access to an attribute. | 3.5 |
| 2013-01-17 | CVE-2012-5096 | Oracle Mariadb Canonical | Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors. | 3.5 |
| 2013-01-17 | CVE-2012-3192 | Oracle | Remote PeopleSoft PeopleTools vulnerability in Oracle PeopleSoft products 8.51/8.52 Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity, related to Rich Text Editor (RTE). | 3.5 |
| 2013-01-17 | CVE-2012-1678 | Oracle | Remote Security vulnerability in Oracle JD Edwards products 24.0/8.98/9.1 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98, 9.1, and 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC. | 3.5 |
| 2013-01-17 | CVE-2013-0414 | SUN | Local vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Utility/ksh93. | 3.3 |
| 2013-01-17 | CVE-2012-0569 | Xerox SUN | Local vulnerability in Oracle Solaris Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch. | 3.3 |
| 2013-01-17 | CVE-2013-0420 | Opensuse Oracle | Local vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. | 2.4 |
| 2013-01-17 | CVE-2013-0390 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Bookmarkable Pages. | 2.1 |
| 2013-01-17 | CVE-2013-0370 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.1.1 Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 2.1 |
| 2013-01-17 | CVE-2012-3178 | SUN | Local vulnerability in SUN Sunos 5.11 Unspecified vulnerability in the kernel in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors. | 2.1 |