Weekly Vulnerabilities Reports > April 15 to 21, 2013
Overview
182 new vulnerabilities reported during this period, including 26 critical vulnerabilities and 13 high severity vulnerabilities. This weekly summary report vulnerabilities in 75 products from 27 vendors including Oracle, SUN, Mariadb, Redhat, and Cisco. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Permissions, Privileges, and Access Controls", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Numeric Errors".
- 159 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 7 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 109 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 137 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 23 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
26 Critical Vulnerabilities
13 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-04-16 | CVE-2012-3022 | Canarylabs | Permissions, Privileges, and Access Controls vulnerability in Canarylabs Trendlink The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted web site. | 8.5 |
2013-04-18 | CVE-2013-0139 | Arecont | Denial of Service vulnerability in Arecont Vision AV1355DN The Arecont Vision AV1355DN MegaDome camera allows remote attackers to cause a denial of service (video-capture outage) via a packet to UDP port 69. | 7.8 |
2013-04-18 | CVE-2012-4714 | Rockwellautomation | Numeric Errors vulnerability in Rockwellautomation Factorytalk Services Platform Cpr9 Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a large integer value. | 7.8 |
2013-04-18 | CVE-2012-4713 | Rockwellautomation | Numeric Errors vulnerability in Rockwellautomation Factorytalk Services Platform Cpr9 Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a negative integer value. | 7.8 |
2013-04-17 | CVE-2013-2430 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and OpenJDK 6 and 7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. | 7.6 |
2013-04-17 | CVE-2013-2429 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. | 7.6 |
2013-04-17 | CVE-2013-2394 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491. | 7.6 |
2013-04-17 | CVE-2013-1563 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | 7.6 |
2013-04-18 | CVE-2013-1177 | Cisco | SQL Injection vulnerability in Cisco Network Admission Control Manager and Server System Software SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. | 7.5 |
2013-04-18 | CVE-2013-1748 | Chatelao | SQL Injection vulnerability in Chatelao PHP Address Book 8.2.5 Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. | 7.5 |
2013-04-18 | CVE-2013-0133 | Parallels | Unspecified vulnerability in Parallels Plesk Panel 11.0.9 Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain privileges via a crafted PATH environment variable. | 7.2 |
2013-04-18 | CVE-2013-1176 | Cisco | Improper Input Validation vulnerability in Cisco products The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448. | 7.1 |
2013-04-18 | CVE-2012-4695 | Rockwellautomation | Improper Input Validation vulnerability in Rockwellautomation Rslinx Enterprise Cpr9 LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage) via a zero-byte UDP packet that is not properly handled by Logger.dll. | 7.1 |
108 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-04-17 | CVE-2013-2439 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install. | 6.9 |
2013-04-19 | CVE-2013-2697 | Lester Chan Wordpress | Cross-Site Request Forgery (CSRF) vulnerability in Lester Chan Wp-Downloadmanager Cross-site request forgery (CSRF) vulnerability in the WP-DownloadManager plugin before 1.61 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that insert XSS sequences. | 6.8 |
2013-04-18 | CVE-2013-0132 | Parallels | Code Injection vulnerability in Parallels Plesk Panel 11.0.9 The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables. | 6.8 |
2013-04-17 | CVE-2013-2395 | Oracle | Remote MySQL Server vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567. | 6.8 |
2013-04-16 | CVE-2013-2760 | Bestwebsharing | Buffer Errors vulnerability in Bestwebsharing Groovy Media Player 3.2.0 Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file. | 6.8 |
2013-04-16 | CVE-2013-1197 | Cisco | Improper Input Validation vulnerability in Cisco Unified Presence The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug ID CSCue13912. | 6.8 |
2013-04-18 | CVE-2013-0687 | Schneider Electric | Permissions, Privileges, and Access Controls vulnerability in Schneider-Electric Micom S1 Studio The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file. | 6.6 |
2013-04-17 | CVE-2013-2378 | Oracle Mariadb Redhat | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. | 6.5 |
2013-04-17 | CVE-2013-2375 | Oracle Mariadb Redhat | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 6.5 |
2013-04-17 | CVE-2013-1552 | Oracle Mariadb Redhat | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 6.5 |
2013-04-17 | CVE-2013-1531 | Oracle Mariadb Redhat | Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges. | 6.5 |
2013-04-17 | CVE-2013-1521 | Oracle Mariadb Redhat | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking. | 6.5 |
2013-04-21 | CVE-2013-3060 | Apache | Improper Authentication vulnerability in Apache Activemq The web console in Apache ActiveMQ before 5.8.0 does not require authentication, which allows remote attackers to obtain sensitive information or cause a denial of service via HTTP requests. | 6.4 |
2013-04-17 | CVE-2013-1553 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.6.0 Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Services Security. | 6.4 |
2013-04-17 | CVE-2013-0405 | SUN | Remote Security vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6. | 6.4 |
2013-04-16 | CVE-2013-1937 | Phpmyadmin | Cross-site Scripting vulnerability in PHPmyadmin Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. | 6.1 |
2013-04-17 | CVE-2013-2398 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Open UI Client. | 6.0 |
2013-04-17 | CVE-2013-1551 | Oracle | Remote vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Integration Business Services. | 6.0 |
2013-04-17 | CVE-2013-0411 | SUN | Local Security vulnerability in SUN Sunos 5.10/5.8/5.9 Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration. | 5.9 |
2013-04-16 | CVE-2013-2304 | Fenrir INC | Permissions, Privileges, and Access Controls vulnerability in Fenrir-Inc Sleipnir Mobile The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile Black Edition application 2.8.0 and earlier for Android allow remote attackers to load arbitrary Extension APIs, and trigger downloads or obtain sensitive HTTP response-body information, via a crafted web page. | 5.8 |
2013-04-17 | CVE-2013-2405 | Oracle | Remote Security vulnerability in Oracle Primavera products Suite 7.0/8.1/8.2 Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Access. | 5.5 |
2013-04-17 | CVE-2013-2397 | Oracle | SQL Injection vulnerability in Oracle Retail Central Office Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Industry Applications 13.1, 13.2, 13.3, and 13.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Customer Operations (Add, Search). | 5.5 |
2013-04-17 | CVE-2013-1533 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.1.0, 5.2.0, 5.3.1 through 5.3.3, and 6.0.1 through 12.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE. | 5.5 |
2013-04-17 | CVE-2013-1520 | Oracle | Remote Security vulnerability in Oracle Industry Applications 4.6.0/4.6.6 Unspecified vulnerability in the Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications 4.6.0 and 4.6.6 allows remote authenticated users to affect confidentiality and integrity via vectors related to HTML Surround. | 5.5 |
2013-04-16 | CVE-2012-5415 | Cisco | Race Condition vulnerability in Cisco products Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272. | 5.4 |
2013-04-21 | CVE-2012-6551 | Apache | Resource Management Errors vulnerability in Apache Activemq The default configuration of Apache ActiveMQ before 5.8.0 enables a sample web application, which allows remote attackers to cause a denial of service (broker resource consumption) via HTTP requests. | 5.0 |
2013-04-19 | CVE-2013-3210 | Opera | Information Exposure vulnerability in Opera Browser Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain. | 5.0 |
2013-04-17 | CVE-2013-2438 | Oracle | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX. | 5.0 |
2013-04-17 | CVE-2013-2424 | SUN Oracle | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality via vectors related to JMX. | 5.0 |
2013-04-17 | CVE-2013-2419 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. | 5.0 |
2013-04-17 | CVE-2013-2417 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to Networking. | 5.0 |
2013-04-17 | CVE-2013-1564 | Oracle | Remote Java Runtime Environment vulnerability in Oracle Javafx, JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX. | 5.0 |
2013-04-17 | CVE-2013-1561 | Oracle | Remote Java Runtime Environment vulnerability in Oracle Javafx, JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to JavaFX. | 5.0 |
2013-04-17 | CVE-2013-2409 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via vectors related to PIA Core Technology. | 5.0 |
2013-04-17 | CVE-2013-2388 | Oracle | Remote Oracle Applications Technology Stack vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect availability via unknown vectors related to Mid Tier File Management. | 5.0 |
2013-04-17 | CVE-2013-1570 | Oracle | Remote MySQL Server vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached. | 5.0 |
2013-04-17 | CVE-2013-1565 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 3.0.0.11 Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.11 allows remote attackers to affect availability via unknown vectors. | 5.0 |
2013-04-17 | CVE-2013-1554 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors. | 5.0 |
2013-04-17 | CVE-2013-1545 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5/11.1.1.5.0/11.1.1.6.0 Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.5.0, and 11.1.1.6.0 allows remote attackers to affect availability via unknown vectors related to Web Listener. | 5.0 |
2013-04-17 | CVE-2013-1538 | Oracle | Remote Security vulnerability in Oracle Database Server 11.2.0.2/11.2.0.3 Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to affect availability via unknown vectors. | 5.0 |
2013-04-17 | CVE-2013-1535 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0, 5.1.0, 5.2.0, 5.3.4, and 6.0.1 allows remote attackers to affect confidentiality via vectors related to BASE. | 5.0 |
2013-04-17 | CVE-2013-1519 | Oracle | Remote Security vulnerability in Oracle Database Server 4.2.1 Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors. | 5.0 |
2013-04-17 | CVE-2013-1510 | Oracle | Remote vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0419. | 5.0 |
2013-04-17 | CVE-2013-0408 | SUN | Local Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers. | 5.0 |
2013-04-16 | CVE-2013-2303 | Fenrir INC | Address Bar Spoofing vulnerability in Fenrir-Inc Sleipnir 3.9.1.4000/4.0.0.4000 Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to spoof the SSL lock icon and address-bar colors via unspecified vectors. | 5.0 |
2013-04-16 | CVE-2013-1187 | Cisco | Improper Input Validation vulnerability in Cisco Jabber Extensible Communications Platform The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762. | 5.0 |
2013-04-17 | CVE-2013-2413 | Oracle | Remote vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services. | 4.9 |
2013-04-17 | CVE-2013-2386 | Oracle | Remote Security vulnerability in Oracle Financial Services Software 2.8.0/3.1.0/4.1.0 Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect integrity and availability via vectors related to BASE. | 4.9 |
2013-04-17 | CVE-2013-1507 | SUN | Local Ssecurity vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Filesystem. | 4.9 |
2013-04-17 | CVE-2013-1505 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE. | 4.9 |
2013-04-17 | CVE-2013-1498 | SUN | Local Security vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1496. | 4.9 |
2013-04-17 | CVE-2013-1496 | SUN | Local Security vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498. | 4.9 |
2013-04-17 | CVE-2013-1494 | SUN Oracle | Local Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel. | 4.7 |
2013-04-17 | CVE-2013-2418 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 4.6 |
2013-04-17 | CVE-2013-1523 | Oracle Mariadb | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer. | 4.6 |
2013-04-17 | CVE-2013-0413 | SUN | Local Security vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service. | 4.4 |
2013-04-19 | CVE-2013-1086 | Novell | Cross-Site Scripting vulnerability in Novell Groupwise Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise before 8.0.3 HP3, and 2012 before SP2, allows remote attackers to inject arbitrary web script or HTML via vectors involving an onError attribute. | 4.3 |
2013-04-18 | CVE-2013-1749 | Chatelao | Cross-Site Scripting vulnerability in Chatelao PHP Address Book 8.2.5 Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field. | 4.3 |
2013-04-17 | CVE-2013-2433 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540. | 4.3 |
2013-04-17 | CVE-2013-2423 | Oracle | Security Bypass vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors related to HotSpot. | 4.3 |
2013-04-17 | CVE-2013-2416 | Oracle | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. | 4.3 |
2013-04-17 | CVE-2013-1540 | Oracle SUN | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433. | 4.3 |
2013-04-17 | CVE-2013-2411 | Oracle | Remote Security vulnerability in Oracle Primavera products Suite 7.0/8.1/8.2 Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote attackers to affect integrity via unknown vectors related to Web Access. | 4.3 |
2013-04-17 | CVE-2013-2408 | Oracle Microsoft | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology and use of Internet Explorer 6. | 4.3 |
2013-04-17 | CVE-2013-2404 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to Portal, a different vulnerability than CVE-2013-3818. | 4.3 |
2013-04-17 | CVE-2013-2402 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to WorkCenter. | 4.3 |
2013-04-17 | CVE-2013-2396 | Oracle | Remote Oracle Applications Manager vulnerability in Oracle E-Business Suite 12.0.6/12.1.3 Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via vectors related to HTML OAM client. | 4.3 |
2013-04-17 | CVE-2013-2390 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-1504. | 4.3 |
2013-04-17 | CVE-2013-1550 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via unknown vectors related to WorkCenter. | 4.3 |
2013-04-17 | CVE-2013-1542 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5 Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Servlet Runtime. | 4.3 |
2013-04-17 | CVE-2013-1529 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.3.3.0/6.5.1 Unspecified vulnerability in the Oracle WebCenter Interaction component in Oracle Fusion Middleware 6.5.1 and 10.3.3.0 allows remote attackers to affect integrity via unknown vectors related to Image Service. | 4.3 |
2013-04-17 | CVE-2013-1528 | Oracle | Remote Oracle HRMS vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle HRMS component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Payroll. | 4.3 |
2013-04-17 | CVE-2013-1524 | Oracle | Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 12.0.6/12.1.3 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Attachments. | 4.3 |
2013-04-17 | CVE-2013-1522 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5.1/11.1.1.6.0 Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Content Server. | 4.3 |
2013-04-17 | CVE-2013-1515 | Oracle | Remote Oracle GlassFish Server vulnerability in Oracle Sun Middleware products 3.0.1/3.1.2 Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to ADMIN Interface. | 4.3 |
2013-04-17 | CVE-2013-1513 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology. | 4.3 |
2013-04-17 | CVE-2013-1508 | Oracle | Remote Oracle GlassFish Server vulnerability in Oracle Sun Middleware Products Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to REST Interface. | 4.3 |
2013-04-17 | CVE-2013-1504 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-2390. | 4.3 |
2013-04-17 | CVE-2013-1501 | Oracle | Remote Oracle iStore vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Login. | 4.3 |
2013-04-17 | CVE-2013-1497 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.4.3 Unspecified vulnerability in the Oracle COREid Access component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to WebGate - WebServer plugin. | 4.3 |
2013-04-17 | CVE-2013-0410 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 6.1.1.0/6.1.2.0/6.1.2.2 Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Base Component - Common Objects. | 4.3 |
2013-04-17 | CVE-2013-0406 | SUN | Remote Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec. | 4.3 |
2013-04-16 | CVE-2012-4829 | IBM | Cryptographic Issues vulnerability in IBM XIV Storage System Gen3 IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 certificate for authentication, which allows man-in-the-middle attackers to spoof servers by leveraging an inappropriate certificate-trust relationship. | 4.3 |
2013-04-19 | CVE-2013-1416 | MIT Opensuse Fedoraproject Redhat | Null Pointer Dereference vulnerability in multiple products The prep_reprocess_req function in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.10.5 does not properly perform service-principal realm referral, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted TGS-REQ request. | 4.0 |
2013-04-17 | CVE-2013-2441 | Oracle | Remote Security vulnerability in Oracle Supply Chain products Suite 6.1.1.0/6.1.2.0/6.1.2.2 Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to Java Client. | 4.0 |
2013-04-17 | CVE-2013-2410 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.1 Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management. | 4.0 |
2013-04-17 | CVE-2013-2399 | Oracle | Remote vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Call Center component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Email - COMM Server Components. | 4.0 |
2013-04-17 | CVE-2013-2392 | Oracle Mariadb Redhat | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 4.0 |
2013-04-17 | CVE-2013-2389 | Oracle Mariadb Redhat | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 4.0 |
2013-04-17 | CVE-2013-2385 | Oracle | Remote Security vulnerability in Oracle Financial Services Software 2.8.0/3.1.0/4.1.0 Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via vectors related to BASE, a different vulnerability than CVE-2013-1560. | 4.0 |
2013-04-17 | CVE-2013-2376 | Oracle Mariadb | Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. | 4.0 |
2013-04-17 | CVE-2013-2374 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Rich Text Editor. | 4.0 |
2013-04-17 | CVE-2013-1568 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 5.3.3, 6.0.1, and 6.2.0 allows remote authenticated users to affect availability via unknown vectors related to CB. | 4.0 |
2013-04-17 | CVE-2013-1562 | Oracle | Remote Security vulnerability in Oracle Financial Services Software 2.8.0/3.1.0/4.1.0 Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect integrity via vectors related to HELP. | 4.0 |
2013-04-17 | CVE-2013-1559 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 10.1.3.5.1/11.1.1.6.0 Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors related to Content Server. | 4.0 |
2013-04-17 | CVE-2013-1555 | Oracle Mariadb Redhat | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition. | 4.0 |
2013-04-17 | CVE-2013-1544 | Oracle Mariadb Redhat | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. | 4.0 |
2013-04-17 | CVE-2013-1543 | Oracle | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Open UI Client. | 4.0 |
2013-04-17 | CVE-2013-1536 | Oracle | Remote Security vulnerability in Oracle Transportation Management Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.05 and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 4.0 |
2013-04-17 | CVE-2013-1532 | Oracle Mariadb Redhat | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema. | 4.0 |
2013-04-17 | CVE-2013-1527 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Report Distribution. | 4.0 |
2013-04-17 | CVE-2013-1526 | Oracle Mariadb | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. | 4.0 |
2013-04-17 | CVE-2013-1525 | Oracle | Directory Traversal vulnerability in Oracle Industry Applications 13.0/13.1/13.2 Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Industry Applications 13.0, 13.1, and 13.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Retail Integration Bus Manager. | 4.0 |
2013-04-17 | CVE-2013-1516 | Oracle | Remote Code Execution vulnerability in Oracle Fusion Middleware 10.1.3.5.1 Unspecified vulnerability in the Oracle WebCenter Capture component in Oracle Fusion Middleware 10.1.3.5.1 allows remote authenticated users to affect availability via unknown vectors related to Import Server. | 4.0 |
2013-04-17 | CVE-2013-1514 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5 Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote authenticated users to affect integrity via vectors related to RMI Support. | 4.0 |
2013-04-17 | CVE-2013-1512 | Oracle Mariadb | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. | 4.0 |
2013-04-17 | CVE-2013-1509 | Oracle | HTTP Header Injection vulnerability in Oracle Fusion Middleware 11.1.1.6.0/11.1.1.6.1/7.6.2 Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites. | 4.0 |
2013-04-17 | CVE-2013-0416 | Oracle | Remote vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability than CVE-2013-2403. | 4.0 |
35 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2013-04-17 | CVE-2013-1530 | SUN | Local Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. | 3.8 |
2013-04-17 | CVE-2013-0404 | SUN | Local Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot. | 3.7 |
2013-04-17 | CVE-2013-2387 | Oracle | Remote Security vulnerability in Oracle Financial Services Software 2.8.0/3.1.0/4.1.0 Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE. | 3.6 |
2013-04-17 | CVE-2013-0412 | SUN | Local Security vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax. | 3.6 |
2013-04-19 | CVE-2013-0129 | PD Admin | Cross-Site Scripting vulnerability in Pd-Admin 4.16 Multiple cross-site scripting (XSS) vulnerabilities in pd-admin before 4.17 allow remote authenticated users to inject arbitrary web script or HTML via (1) the WebFTP Overview "Create new directory" field or (2) the body of an e-mail autoresponder message. | 3.5 |
2013-04-17 | CVE-2013-2406 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology. | 3.5 |
2013-04-17 | CVE-2013-2403 | Oracle | Remote vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability than CVE-2013-0416. | 3.5 |
2013-04-17 | CVE-2013-2401 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.51/8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Portal. | 3.5 |
2013-04-17 | CVE-2013-2381 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges. | 3.5 |
2013-04-17 | CVE-2013-2379 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via unknown vectors related to RT. | 3.5 |
2013-04-17 | CVE-2013-2377 | Oracle | Remote Security vulnerability in Oracle Financial Services Software 2.8.0/3.1.0/4.1.0 Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to My Services. | 3.5 |
2013-04-17 | CVE-2013-1567 | Oracle | Remote MySQL Server vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395. | 3.5 |
2013-04-17 | CVE-2013-1566 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 3.5 |
2013-04-17 | CVE-2013-1556 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to OTH. | 3.5 |
2013-04-17 | CVE-2013-1549 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 5.3.3, 6.0.1, and 12.0.0 allows remote authenticated users to affect integrity via vectors related to BASE. | 3.5 |
2013-04-17 | CVE-2013-1548 | Oracle Mariadb Redhat | Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types. | 3.5 |
2013-04-17 | CVE-2013-1547 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to BASE. | 3.5 |
2013-04-17 | CVE-2013-1541 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.0.2 through 5.0.5, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality via vectors related to BASE. | 3.5 |
2013-04-17 | CVE-2013-1539 | Oracle | Remote Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.0.2 through 5.0.5, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality via vectors related to CTF. | 3.5 |
2013-04-17 | CVE-2013-1511 | Oracle Mariadb | Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 3.5 |
2013-04-17 | CVE-2013-1503 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5.1/11.1.1.6.0 Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Content Server. | 3.5 |
2013-04-17 | CVE-2012-4303 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.6.0 Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Content Server. | 3.5 |
2013-04-17 | CVE-2013-2391 | Oracle Redhat Mariadb | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install. | 3.0 |
2013-04-17 | CVE-2013-1506 | Oracle Redhat Mariadb | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking. | 2.8 |
2013-04-17 | CVE-2013-1517 | Oracle | Remote Oracle Application Object Library vulnerability in Oracle E-Business Suite 11.5.10.2/12.0.6/12.1.3 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Diagnostics. | 2.6 |
2013-04-17 | CVE-2013-2415 | Oracle | Remote Java Runtime Environment vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and 7, allows local users to affect confidentiality via vectors related to JAX-WS. | 2.1 |
2013-04-17 | CVE-2013-1560 | Oracle | Remote Security vulnerability in Oracle Financial Services Software 2.8.0/3.1.0/4.1.0 Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via vectors related to BASE, a different vulnerability than CVE-2013-2385. | 2.1 |
2013-04-17 | CVE-2012-0570 | SUN | Local Security vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc. | 2.1 |
2013-04-17 | CVE-2012-0568 | SUN | Local Security vulnerability in SUN Sunos 5.10/5.8/5.9 Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality via unknown vectors related to Utility/fdformat. | 2.1 |
2013-04-17 | CVE-2013-0403 | SUN | Local Security vulnerability in Oracle Sun Products Suite Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility. | 1.9 |
2013-04-17 | CVE-2013-2382 | Oracle | Local Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE. | 1.7 |
2013-04-17 | CVE-2013-1499 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration. | 1.7 |
2013-04-17 | CVE-2013-2393 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.3.7.0/8.4 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | 1.5 |
2013-04-17 | CVE-2013-1546 | Oracle | Local Security vulnerability in Oracle FLEXCUBE Direct Banking Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 and 5.0.2 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE. | 1.5 |
2013-04-17 | CVE-2013-1502 | Oracle Mariadb | Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition. | 1.5 |