Weekly Vulnerabilities Reports > April 15 to 21, 2013

Overview

190 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 78 products from 27 vendors including Oracle, SUN, Mysql, Cisco, and Google. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Cross-site Scripting", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "Resource Management Errors".

  • 167 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 8 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 116 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 137 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 23 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

27 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-04-19 CVE-2013-3211 Opera Unspecified vulnerability in Opera Browser

Unspecified vulnerability in Opera before 12.15 has unknown impact and attack vectors, related to a "moderately severe issue."

10.0
2013-04-19 CVE-2013-3075 Mitsubishi Automation
Schneider Electric
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX Component 3, as distributed in Citect CitectFacilities 7.10 and CitectScada 7.10r1, allow remote attackers to execute arbitrary code via a long string, as demonstrated by a long WzTitle property value to a certain ActiveX control.

10.0
2013-04-18 CVE-2012-4715 Rockwellautomation Buffer Errors vulnerability in Rockwellautomation Rslinx Enterprise Cpr9

Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a UDP packet with a certain integer length value that is (1) too large or (2) too small, leading to improper handling by Logger.dll.

10.0
2013-04-17 CVE-2013-2440 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435.

10.0
2013-04-17 CVE-2013-2435 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2440.

10.0
2013-04-17 CVE-2013-2434 Oracle Remote Code Execution vulnerability in Oracle Javafx, JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10.0
2013-04-17 CVE-2013-2432 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491.

10.0
2013-04-17 CVE-2013-2431 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.

10.0
2013-04-17 CVE-2013-2428 Oracle Remote Code Execution vulnerability in Oracle Javafx, JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2427.

10.0
2013-04-17 CVE-2013-2427 Oracle Remote Java Runtime Environment vulnerability in Oracle Javafx, JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2428.

10.0
2013-04-17 CVE-2013-2425 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.

10.0
2013-04-17 CVE-2013-2422 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

10.0
2013-04-17 CVE-2013-2420 Oracle
SUN
Integer Overflow vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10.0
2013-04-17 CVE-2013-2414 Oracle Remote Java Runtime Environment vulnerability in Oracle Javafx, JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2427, and CVE-2013-2428.

10.0
2013-04-17 CVE-2013-2384 Oracle
SUN
Remote Code Execution vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420.

10.0
2013-04-17 CVE-2013-2383 Oracle
SUN
Remote Code Execution vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420.

10.0
2013-04-17 CVE-2013-1569 Oracle
SUN
Stack Buffer Overflow vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.

10.0
2013-04-17 CVE-2013-1558 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans.

10.0
2013-04-17 CVE-2013-1557 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.

10.0
2013-04-17 CVE-2013-1537 Oracle
SUN
Remote Code Execution vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.

10.0
2013-04-17 CVE-2013-1518 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP.

10.0
2013-04-17 CVE-2013-2380 Oracle Remote Security vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2013-04-17 CVE-2013-1534 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.2/11.2.0.3

Unspecified vulnerability in the Workload Manager component in Oracle Database Server 11.2.0.2 and 11.2.0.3, when used in RAC configurations, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2013-04-16 CVE-2013-2833 Google Resource Management Errors vulnerability in Google Chrome OS

Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper management of ownership relationships involving Elements and DrawElements.

10.0
2013-04-17 CVE-2013-2436 Oracle Security Bypass vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426.

9.3
2013-04-17 CVE-2013-2426 Oracle Remote Code Execution vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

9.3
2013-04-17 CVE-2013-2421 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot.

9.3

13 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-04-16 CVE-2012-3022 Canarylabs Permissions, Privileges, and Access Controls vulnerability in Canarylabs Trendlink

The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted web site.

8.5
2013-04-18 CVE-2013-0139 Arecont Denial of Service vulnerability in Arecont Vision AV1355DN

The Arecont Vision AV1355DN MegaDome camera allows remote attackers to cause a denial of service (video-capture outage) via a packet to UDP port 69.

7.8
2013-04-18 CVE-2012-4714 Rockwellautomation Numeric Errors vulnerability in Rockwellautomation Factorytalk Services Platform Cpr9

Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a large integer value.

7.8
2013-04-18 CVE-2012-4713 Rockwellautomation Numeric Errors vulnerability in Rockwellautomation Factorytalk Services Platform Cpr9

Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a negative integer value.

7.8
2013-04-17 CVE-2013-2430 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO.

7.6
2013-04-17 CVE-2013-2429 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO.

7.6
2013-04-17 CVE-2013-2394 Oracle
SUN
Remote Code Execution vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491.

7.6
2013-04-17 CVE-2013-1563 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install.

7.6
2013-04-18 CVE-2013-1177 Cisco SQL Injection vulnerability in Cisco Network Admission Control Manager and Server System Software

SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095.

7.5
2013-04-18 CVE-2013-1748 Chatelao SQL Injection vulnerability in Chatelao PHP Address Book 8.2.5

Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php.

7.5
2013-04-18 CVE-2013-0133 Parallels Unspecified vulnerability in Parallels Plesk Panel 11.0.9

Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain privileges via a crafted PATH environment variable.

7.2
2013-04-18 CVE-2013-1176 Cisco Improper Input Validation vulnerability in Cisco products

The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448.

7.1
2013-04-18 CVE-2012-4695 Rockwellautomation Improper Input Validation vulnerability in Rockwellautomation Rslinx Enterprise Cpr9

LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage) via a zero-byte UDP packet that is not properly handled by Logger.dll.

7.1

115 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-04-17 CVE-2013-2439 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install.

6.9
2013-04-19 CVE-2013-2697 Lester Chan
Wordpress
Cross-Site Request Forgery (CSRF) vulnerability in Lester Chan Wp-Downloadmanager

Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences.

6.8
2013-04-18 CVE-2013-0132 Parallels Code Injection vulnerability in Parallels Plesk Panel 11.0.9

The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables.

6.8
2013-04-17 CVE-2013-2395 Oracle Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567.

6.8
2013-04-16 CVE-2013-2760 Bestwebsharing Buffer Errors vulnerability in Bestwebsharing Groovy Media Player 3.2.0

Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file.

6.8
2013-04-16 CVE-2013-1197 Cisco Improper Input Validation vulnerability in Cisco Unified Presence

The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug ID CSCue13912.

6.8
2013-04-18 CVE-2013-0687 Schneider Electric Permissions, Privileges, and Access Controls vulnerability in Schneider-Electric Micom S1 Studio

The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file.

6.6
2013-04-17 CVE-2013-1521 Oracle
Mysql
Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.

6.5
2013-04-21 CVE-2013-3060 Apache Improper Authentication vulnerability in Apache Activemq

The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests.

6.4
2013-04-17 CVE-2013-1553 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.6.0

Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Services Security.

6.4
2013-04-17 CVE-2013-0405 SUN Remote Security vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6.

6.4
2013-04-17 CVE-2013-2398 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Open UI Client.

6.0
2013-04-17 CVE-2013-2378 Mysql
Oracle
Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

6.0
2013-04-17 CVE-2013-2375 Oracle Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.0
2013-04-17 CVE-2013-1552 Oracle
Mysql
Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.0
2013-04-17 CVE-2013-1551 Oracle Remote vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Integration Business Services.

6.0
2013-04-17 CVE-2013-1531 Oracle Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.

6.0
2013-04-17 CVE-2013-0411 SUN Local Security vulnerability in SUN Sunos 5.10/5.8/5.9

Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration.

5.9
2013-04-16 CVE-2013-2304 Fenrir INC
Google
Permissions, Privileges, and Access Controls vulnerability in Fenrir-Inc Sleipnir Mobile

The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile Black Edition application 2.8.0 and earlier for Android allow remote attackers to load arbitrary Extension APIs, and trigger downloads or obtain sensitive HTTP response-body information, via a crafted web page.

5.8
2013-04-17 CVE-2013-2405 Oracle Remote Security vulnerability in Oracle Primavera products Suite 7.0/8.1/8.2

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Access.

5.5
2013-04-17 CVE-2013-2397 Oracle SQL Injection vulnerability in Oracle Retail Central Office

Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Industry Applications 13.1, 13.2, 13.3, and 13.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Customer Operations (Add, Search).

5.5
2013-04-17 CVE-2013-1533 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.1.0, 5.2.0, 5.3.1 through 5.3.3, and 6.0.1 through 12.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE.

5.5
2013-04-17 CVE-2013-1520 Oracle Remote Security vulnerability in Oracle Industry Applications 4.6.0/4.6.6

Unspecified vulnerability in the Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications 4.6.0 and 4.6.6 allows remote authenticated users to affect confidentiality and integrity via vectors related to HTML Surround.

5.5
2013-04-16 CVE-2012-5415 Cisco Race Condition vulnerability in Cisco products

Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272.

5.4
2013-04-21 CVE-2012-6551 Apache Resource Management Errors vulnerability in Apache Activemq

The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests.

5.0
2013-04-19 CVE-2013-3210 Opera Information Exposure vulnerability in Opera Browser

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain.

5.0
2013-04-18 CVE-2013-1194 Cisco Information Exposure vulnerability in Cisco products

The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708.

5.0
2013-04-17 CVE-2013-2438 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.

5.0
2013-04-17 CVE-2013-2424 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX.

5.0
2013-04-17 CVE-2013-2419 Oracle
SUN
Remote Code Execution vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D.

5.0
2013-04-17 CVE-2013-2417 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking.

5.0
2013-04-17 CVE-2013-1564 Oracle Remote Java Runtime Environment vulnerability in Oracle Javafx, JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX.

5.0
2013-04-17 CVE-2013-1561 Oracle Remote Java Runtime Environment vulnerability in Oracle Javafx, JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to JavaFX.

5.0
2013-04-17 CVE-2013-2409 Oracle Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via vectors related to PIA Core Technology.

5.0
2013-04-17 CVE-2013-2388 Oracle Remote Oracle Applications Technology Stack vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect availability via unknown vectors related to Mid Tier File Management.

5.0
2013-04-17 CVE-2013-1570 Oracle Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached.

5.0
2013-04-17 CVE-2013-1565 Oracle Remote Security vulnerability in Oracle Fusion Middleware 3.0.0.11

Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.11 allows remote attackers to affect availability via unknown vectors.

5.0
2013-04-17 CVE-2013-1554 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors.

5.0
2013-04-17 CVE-2013-1545 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5/11.1.1.5.0/11.1.1.6.0

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.5.0, and 11.1.1.6.0 allows remote attackers to affect availability via unknown vectors related to Web Listener.

5.0
2013-04-17 CVE-2013-1538 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.2/11.2.0.3

Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to affect availability via unknown vectors.

5.0
2013-04-17 CVE-2013-1535 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0, 5.1.0, 5.2.0, 5.3.4, and 6.0.1 allows remote attackers to affect confidentiality via vectors related to BASE.

5.0
2013-04-17 CVE-2013-1519 Oracle Remote Security vulnerability in Oracle Database Server 4.2.1

Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors.

5.0
2013-04-17 CVE-2013-1510 Oracle Remote vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0419.

5.0
2013-04-17 CVE-2013-0408 SUN Local Security vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers.

5.0
2013-04-16 CVE-2013-2835 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome OS

Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834.

5.0
2013-04-16 CVE-2013-2834 Google Permissions, Privileges, and Access Controls vulnerability in Google Chrome OS

Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835.

5.0
2013-04-16 CVE-2013-2832 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Chrome OS

The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote attackers to obtain sensitive information via unspecified vectors.

5.0
2013-04-16 CVE-2013-2303 Fenrir INC Address Bar Spoofing vulnerability in Fenrir-Inc Sleipnir 3.9.1.4000/4.0.0.4000

Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to spoof the SSL lock icon and address-bar colors via unspecified vectors.

5.0
2013-04-16 CVE-2013-1193 Cisco Denial of Service vulnerability in Cisco products

The Secure Shell (SSH) implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly terminate sessions, which allows remote attackers to cause a denial of service (SSH service outage) by repeatedly establishing SSH connections, aka Bug IDs CSCue63881, CSCuf51892, CSCue78671, and CSCug26937.

5.0
2013-04-16 CVE-2013-1187 Cisco Improper Input Validation vulnerability in Cisco Jabber Extensible Communications Platform

The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762.

5.0
2013-04-18 CVE-2013-1199 Cisco Race Condition vulnerability in Cisco products

Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58996.

4.9
2013-04-17 CVE-2013-2413 Oracle Remote vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services.

4.9
2013-04-17 CVE-2013-2386 Oracle Remote Security vulnerability in Oracle Financial Services Software 2.8.0/3.1.0/4.1.0

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect integrity and availability via vectors related to BASE.

4.9
2013-04-17 CVE-2013-1507 SUN Local Ssecurity vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Filesystem.

4.9
2013-04-17 CVE-2013-1505 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE.

4.9
2013-04-17 CVE-2013-1498 SUN Local Security vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1496.

4.9
2013-04-17 CVE-2013-1496 SUN Local Security vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498.

4.9
2013-04-17 CVE-2013-1494 SUN
Oracle
Local Security vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel.

4.7
2013-04-17 CVE-2013-2418 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

4.6
2013-04-17 CVE-2013-1523 Oracle Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.

4.6
2013-04-17 CVE-2013-0413 SUN Local Security vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service.

4.4
2013-04-21 CVE-2012-6092 Apache Cross-Site Scripting vulnerability in Apache Activemq

Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to PortfolioPublishServlet.java (aka demo/portfolioPublish or Market Data Publisher), or vectors involving (2) debug logs or (3) subscribe messages in webapp/websocket/chat.js.

4.3
2013-04-19 CVE-2013-1086 Novell Cross-Site Scripting vulnerability in Novell Groupwise

Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute.

4.3
2013-04-18 CVE-2013-1749 Chatelao Cross-Site Scripting vulnerability in Chatelao PHP Address Book 8.2.5

Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field.

4.3
2013-04-17 CVE-2013-2433 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540.

4.3
2013-04-17 CVE-2013-2423 Oracle Security Bypass vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot.

4.3
2013-04-17 CVE-2013-2416 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment.

4.3
2013-04-17 CVE-2013-1540 Oracle
SUN
Remote Java Runtime Environment vulnerability in Oracle Java SE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433.

4.3
2013-04-17 CVE-2013-2411 Oracle Remote Security vulnerability in Oracle Primavera products Suite 7.0/8.1/8.2

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote attackers to affect integrity via unknown vectors related to Web Access.

4.3
2013-04-17 CVE-2013-2408 Oracle
Microsoft
Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology and use of Internet Explorer 6.

4.3
2013-04-17 CVE-2013-2404 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2013-3818.

4.3
2013-04-17 CVE-2013-2402 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to WorkCenter.

4.3
2013-04-17 CVE-2013-2396 Oracle Remote Oracle Applications Manager vulnerability in Oracle E-Business Suite 12.0.6/12.1.3

Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via vectors related to HTML OAM client.

4.3
2013-04-17 CVE-2013-2390 Oracle Remote Security vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-1504.

4.3
2013-04-17 CVE-2013-1550 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via unknown vectors related to WorkCenter.

4.3
2013-04-17 CVE-2013-1542 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Servlet Runtime.

4.3
2013-04-17 CVE-2013-1529 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.3.3.0/6.5.1

Unspecified vulnerability in the Oracle WebCenter Interaction component in Oracle Fusion Middleware 6.5.1 and 10.3.3.0 allows remote attackers to affect integrity via unknown vectors related to Image Service.

4.3
2013-04-17 CVE-2013-1528 Oracle Remote Oracle HRMS vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle HRMS component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Payroll.

4.3
2013-04-17 CVE-2013-1524 Oracle Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 12.0.6/12.1.3

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Attachments.

4.3
2013-04-17 CVE-2013-1522 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5.1/11.1.1.6.0

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Content Server.

4.3
2013-04-17 CVE-2013-1515 Oracle Remote Oracle GlassFish Server vulnerability in Oracle Sun Middleware products 3.0.1/3.1.2

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to ADMIN Interface.

4.3
2013-04-17 CVE-2013-1513 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology.

4.3
2013-04-17 CVE-2013-1508 Oracle Remote Oracle GlassFish Server vulnerability in Oracle Sun Middleware Products

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to REST Interface.

4.3
2013-04-17 CVE-2013-1504 Oracle Remote Security vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-2390.

4.3
2013-04-17 CVE-2013-1501 Oracle Remote Oracle iStore vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Login.

4.3
2013-04-17 CVE-2013-1497 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.4.3

Unspecified vulnerability in the Oracle COREid Access component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to WebGate - WebServer plugin.

4.3
2013-04-17 CVE-2013-0410 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 6.1.1.0/6.1.2.0/6.1.2.2

Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Base Component - Common Objects.

4.3
2013-04-17 CVE-2013-0406 SUN Remote Security vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec.

4.3
2013-04-16 CVE-2013-1937 Phpmyadmin Cross-Site Scripting vulnerability in PHPmyadmin

** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter.

4.3
2013-04-16 CVE-2012-4829 IBM Cryptographic Issues vulnerability in IBM XIV Storage System Gen3

IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 certificate for authentication, which allows man-in-the-middle attackers to spoof servers by leveraging an inappropriate certificate-trust relationship.

4.3
2013-04-19 CVE-2013-1416 MIT
Opensuse
Fedoraproject
Redhat
Null Pointer Dereference vulnerability in multiple products

The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request.

4.0
2013-04-17 CVE-2013-2441 Oracle Remote Security vulnerability in Oracle Supply Chain products Suite 6.1.1.0/6.1.2.0/6.1.2.2

Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to Java Client.

4.0
2013-04-17 CVE-2013-2410 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.1

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management.

4.0
2013-04-17 CVE-2013-2399 Oracle Remote vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Call Center component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Email - COMM Server Components.

4.0
2013-04-17 CVE-2013-2392 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

4.0
2013-04-17 CVE-2013-2389 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

4.0
2013-04-17 CVE-2013-2385 Oracle Remote Security vulnerability in Oracle Financial Services Software 2.8.0/3.1.0/4.1.0

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via vectors related to BASE, a different vulnerability than CVE-2013-1560.

4.0
2013-04-17 CVE-2013-2376 Oracle Remote MySQL Server vulnerability in Oracle Mysql and Solaris

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.

4.0
2013-04-17 CVE-2013-2374 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Rich Text Editor.

4.0
2013-04-17 CVE-2013-1568 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 5.3.3, 6.0.1, and 6.2.0 allows remote authenticated users to affect availability via unknown vectors related to CB.

4.0
2013-04-17 CVE-2013-1562 Oracle Remote Security vulnerability in Oracle Financial Services Software 2.8.0/3.1.0/4.1.0

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect integrity via vectors related to HELP.

4.0
2013-04-17 CVE-2013-1559 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 10.1.3.5.1/11.1.1.6.0

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors related to Content Server.

4.0
2013-04-17 CVE-2013-1555 Oracle
Mysql
Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

4.0
2013-04-17 CVE-2013-1544 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

4.0
2013-04-17 CVE-2013-1543 Oracle Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Open UI Client.

4.0
2013-04-17 CVE-2013-1536 Oracle Remote Security vulnerability in Oracle Transportation Management

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.05 and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

4.0
2013-04-17 CVE-2013-1532 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

4.0
2013-04-17 CVE-2013-1527 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Report Distribution.

4.0
2013-04-17 CVE-2013-1526 Oracle Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

4.0
2013-04-17 CVE-2013-1525 Oracle Directory Traversal vulnerability in Oracle Industry Applications 13.0/13.1/13.2

Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Industry Applications 13.0, 13.1, and 13.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Retail Integration Bus Manager.

4.0
2013-04-17 CVE-2013-1516 Oracle Remote Code Execution vulnerability in Oracle Fusion Middleware 10.1.3.5.1

Unspecified vulnerability in the Oracle WebCenter Capture component in Oracle Fusion Middleware 10.1.3.5.1 allows remote authenticated users to affect availability via unknown vectors related to Import Server.

4.0
2013-04-17 CVE-2013-1514 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote authenticated users to affect integrity via vectors related to RMI Support.

4.0
2013-04-17 CVE-2013-1512 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.

4.0
2013-04-17 CVE-2013-1509 Oracle HTTP Header Injection vulnerability in Oracle Fusion Middleware 11.1.1.6.0/11.1.1.6.1/7.6.2

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites.

4.0
2013-04-17 CVE-2013-0416 Oracle Remote vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability than CVE-2013-2403.

4.0

35 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2013-04-17 CVE-2013-1530 SUN Local Security vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.

3.8
2013-04-17 CVE-2013-0404 SUN Local Security vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot.

3.7
2013-04-17 CVE-2013-2387 Oracle Remote Security vulnerability in Oracle Financial Services Software 2.8.0/3.1.0/4.1.0

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE.

3.6
2013-04-17 CVE-2013-0412 SUN Local Security vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.

3.6
2013-04-19 CVE-2013-0129 PD Admin Cross-Site Scripting vulnerability in Pd-Admin 4.16

Multiple cross-site scripting (XSS) vulnerabilities in pd-admin before 4.17 allow remote authenticated users to inject arbitrary web script or HTML via (1) the WebFTP Overview "Create new directory" field or (2) the body of an e-mail autoresponder message.

3.5
2013-04-17 CVE-2013-2406 Oracle Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology.

3.5
2013-04-17 CVE-2013-2403 Oracle Remote vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability than CVE-2013-0416.

3.5
2013-04-17 CVE-2013-2401 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Portal.

3.5
2013-04-17 CVE-2013-2381 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.

3.5
2013-04-17 CVE-2013-2379 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via unknown vectors related to RT.

3.5
2013-04-17 CVE-2013-2377 Oracle Remote Security vulnerability in Oracle Financial Services Software 2.8.0/3.1.0/4.1.0

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to My Services.

3.5
2013-04-17 CVE-2013-1567 Oracle Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395.

3.5
2013-04-17 CVE-2013-1566 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

3.5
2013-04-17 CVE-2013-1556 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to OTH.

3.5
2013-04-17 CVE-2013-1549 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 5.3.3, 6.0.1, and 12.0.0 allows remote authenticated users to affect integrity via vectors related to BASE.

3.5
2013-04-17 CVE-2013-1548 Mysql
Oracle
Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.

3.5
2013-04-17 CVE-2013-1547 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to BASE.

3.5
2013-04-17 CVE-2013-1541 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.0.2 through 5.0.5, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality via vectors related to BASE.

3.5
2013-04-17 CVE-2013-1539 Oracle Remote Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.0.2 through 5.0.5, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality via vectors related to CTF.

3.5
2013-04-17 CVE-2013-1511 Oracle Remote Security vulnerability in Oracle Mysql and Solaris

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

3.5
2013-04-17 CVE-2013-1503 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5.1/11.1.1.6.0

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Content Server.

3.5
2013-04-17 CVE-2012-4303 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.6.0

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Content Server.

3.5
2013-04-17 CVE-2013-2391 Mysql
Oracle
Local MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

3.0
2013-04-17 CVE-2013-1506 Mysql
Oracle
Remote MySQL Server vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

2.8
2013-04-17 CVE-2013-1517 Oracle Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Diagnostics.

2.6
2013-04-17 CVE-2013-2415 Oracle Remote Java Runtime Environment vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS.

2.1
2013-04-17 CVE-2013-1560 Oracle Remote Security vulnerability in Oracle Financial Services Software 2.8.0/3.1.0/4.1.0

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via vectors related to BASE, a different vulnerability than CVE-2013-2385.

2.1
2013-04-17 CVE-2012-0570 SUN Local Security vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.

2.1
2013-04-17 CVE-2012-0568 SUN Local Security vulnerability in SUN Sunos 5.10/5.8/5.9

Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality via unknown vectors related to Utility/fdformat.

2.1
2013-04-17 CVE-2013-0403 SUN Local Security vulnerability in Oracle Sun Products Suite

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility.

1.9
2013-04-17 CVE-2013-2382 Oracle Local Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE.

1.7
2013-04-17 CVE-2013-1499 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration.

1.7
2013-04-17 CVE-2013-2393 Oracle Local Security vulnerability in Oracle Fusion Middleware 8.3.7.0/8.4

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.

1.5
2013-04-17 CVE-2013-1546 Oracle Local Security vulnerability in Oracle FLEXCUBE Direct Banking

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 and 5.0.2 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE.

1.5
2013-04-17 CVE-2013-1502 Oracle Local MySQL Server vulnerability in Oracle Mysql and Solaris

Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.

1.5