Uncategorized CVEs — 2011 (Page 5/13)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2011-08-10

Critical

CVE-2011-2416

Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1…

CVSS: 10.0CWE: CWE-189

Medium

CVE-2011-2139

Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and Solaris and before 10.3.186.3 on Android, and Adobe AIR before 2.7.1 on Windows and Mac OS X and before 2.7.1.1961 on Android, al…

CVSS: 6.4CWE: CWE-264

Critical

CVE-2011-2138

CVSS: 10.0CWE: CWE-189

Critical

CVE-2011-2136

CVSS: 10.0CWE: CWE-189

Critical

CVE-2011-3129

The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to…

CVSS: 9.3CWE: CWE-264

Critical

CVE-2011-3125

Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening."

CVSS: 10.0CWE: N/A

Critical

CVE-2011-1975

Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1…

CVSS: 9.3CWE: N/A

High

CVE-2011-1974

NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users…

CVSS: 7.2CWE: CWE-264

Medium

CVE-2011-1971

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of ser…

CVSS: 4.7CWE: CWE-399

High

CVE-2011-1968

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a…

CVSS: 7.1CWE: CWE-399

High

CVE-2011-1967

Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and…

CVSS: 7.2CWE: CWE-264

High

CVE-2011-1965

Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of s…

CVSS: 7.1CWE: CWE-399

Critical

CVE-2011-1961

The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site,…

CVSS: 9.3CWE: N/A

High

CVE-2011-1871

Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a s…

CVSS: 7.8CWE: CWE-399

High

CVE-2011-3124

IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, assigns incorrect ownership to unspecified files, which al…

CVSS: 7.2CWE: CWE-264

High

CVE-2011-3123

IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, as used in IBM InfoSphere DataStage 8.5 and 8.5.0.1 and other products, uses weak permissions for unspecified files, which allows…

CVSS: 7.2CWE: CWE-264

Critical

CVE-2011-3122

Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."

CVSS: 10.0CWE: N/A

Medium

CVE-2011-3006

The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS Endpoint Protection 5.2.1 and earlier allows remote attackers to bypass the MyASUtil.SecureObjectFactory.CreateSecureObject domain…

CVSS: 6.8CWE: CWE-264

Medium

CVE-2011-2511

Integer overflow in libvirt before 0.9.3 allows remote authenticated users to cause a denial of service (libvirtd crash) and possibly execute arbitrary code via a crafted VirDomainGetVcpus RPC call t…

CVSS: 4.0CWE: CWE-189

Medium

CVE-2011-2178

The virSecurityManagerGetPrivateData function in security/security_manager.c in libvirt 0.8.8 through 0.9.1 uses the wrong argument for a sizeof call, which causes incorrect processing of "security m…

CVSS: 4.4CWE: N/A

2011-08-09

Medium

CVE-2011-3014

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 does not properly restrict caching of HTTPS responses, which makes it easier for remote attackers to obtain sensit…

CVSS: 5.0CWE: CWE-264

Medium

CVE-2011-3013

WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 supports weak SSL ciphers, which makes it easier for remote attackers to obtain access via a brute-for…

CVSS: 5.0CWE: CWE-310

Medium

CVE-2011-2223

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 sends the Admin LDAP password in cleartext, which allows remote attackers to obtain sensitive information by sniff…

CVSS: 5.0CWE: CWE-310

Medium

CVE-2011-2222

Session fixation vulnerability in WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to hijack web sessions via unspecified vecto…

CVSS: 4.3CWE: N/A

Medium

CVE-2011-2221

The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecifi…

CVSS: 5.0CWE: CWE-264

Medium

CVE-2011-2979

Bugzilla 4.1.x before 4.1.3 generates different responses for certain assignee queries depending on whether the group name is valid, which allows remote attackers to determine the existence of privat…

CVSS: 5.0CWE: N/A

Low

CVE-2011-2977

Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x before 4.1.3 on Windows does not delete the temporary files associated with uploaded attachments, which allows local users to obtain…

CVSS: 2.1CWE: N/A

Medium

CVE-2008-7298

The Android browser in Android cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2008-7297

Opera cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header in an…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2008-7296

Apple Safari cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-Cookie header…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2008-7295

Microsoft Internet Explorer cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Se…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2008-7294

Google Chrome before 4.0.211.0 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2008-7293

Mozilla Firefox before 4 cannot properly restrict modifications to cookies established in HTTPS sessions, which allows man-in-the-middle attackers to overwrite or delete arbitrary cookies via a Set-C…

CVSS: 5.8CWE: CWE-264

2011-08-05

Medium

CVE-2011-3009

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number…

CVSS: 5.0CWE: CWE-310

Medium

CVE-2011-3008

The default configuration of Avaya Secure Access Link (SAL) Gateway 1.5, 1.8, and 2.0 contains certain domain names in the Secondary Core Server URL and Secondary Remote Server URL fields, which allo…

CVSS: 5.0CWE: CWE-16

Medium

CVE-2011-2721

Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is n…

CVSS: 5.0CWE: CWE-189

Medium

CVE-2011-2686

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number…

CVSS: 5.0CWE: CWE-310

2011-08-03

Medium

CVE-2011-2819

Google Chrome before 13.0.782.107 allows remote attackers to bypass the Same Origin Policy via vectors related to handling of the base URI.

CVSS: 6.8CWE: N/A

Medium

CVE-2011-2798

Google Chrome before 13.0.782.107 does not properly restrict access to internal schemes, which allows remote attackers to have an unspecified impact via a crafted web site.

CVSS: 6.8CWE: N/A

Medium

CVE-2011-2795

Google Chrome before 13.0.782.107 does not prevent calls to functions in other frames, which allows remote attackers to bypass intended access restrictions via a crafted web site, related to a "cross…

CVSS: 4.3CWE: N/A

Medium

CVE-2011-2360

Google Chrome before 13.0.782.107 does not ensure that the user is prompted before download of a dangerous file, which makes it easier for remote attackers to bypass intended content restrictions via…

CVSS: 4.3CWE: N/A

2011-08-01

Medium

CVE-2011-2975

Double free vulnerability in the msAddImageSymbol function in mapsymbol.c in MapServer before 6.0.1 might allow remote attackers to cause a denial of service (application crash) or have unspecified o…

CVSS: 6.8CWE: CWE-399

High

CVE-2011-2399

Unspecified vulnerability in the Media Management Daemon (mmd) in HP Data Protector 6.11 and earlier allows remote attackers to cause a denial of service via unknown vectors.

CVSS: 7.8CWE: N/A

Medium

CVE-2011-1744

EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin of calls to ActiveX functions, which allows remote attackers to read arbitrary files or cause a denial of service via a crafted w…

CVSS: 5.8CWE: CWE-264

Low

CVE-2011-1742

EMC Data Protection Advisor before 5.8.1 places cleartext account credentials in the DPA configuration file in unspecified circumstances, which might allow local users to obtain sensitive information…

CVSS: 2.1CWE: CWE-255

2011-07-29

High

CVE-2011-2401

Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x allows remote attackers to hijack web sessions via unspecified vectors.

CVSS: 8.3CWE: N/A

2011-07-28

High

CVE-2011-2549

Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco Aggregation Services Routers (ASR) 9000 series devices allows remote attackers to cause a denial of service (line-card reload) vi…

CVSS: 7.8CWE: N/A

Critical

CVE-2011-2547

The web-based management interface on Cisco SA 500 series security appliances with software before 2.1.19 allows remote authenticated users to execute arbitrary commands via crafted parameters to web…

CVSS: 9.0CWE: CWE-264

Medium

CVE-2011-2957

Unspecified vulnerability in Rockwell Automation FactoryTalk Diagnostics Viewer before V2.30.00 (CPR9 SR3) allows local users to execute arbitrary code via a crafted FactoryTalk Diagnostics Viewer (.…

CVSS: 6.9CWE: N/A

2011-07-27

Medium

CVE-2011-2893

The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows user-assisted remote attackers to cause a denial of service (application crash) via a large .xls spreadsheet with an invalid Value refe…

CVSS: 4.3CWE: CWE-399

Medium

CVE-2011-2888

IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application hang) via complex graphics in a presentation.

CVSS: 4.3CWE: CWE-399

Medium

CVE-2011-2887

IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to cause a denial of service (application crash) via a certain sample document.

CVSS: 4.3CWE: CWE-399

Medium

CVE-2011-2886

IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via a .docx document with empty bullet styles for parent bullets.

CVSS: 4.3CWE: CWE-399

Medium

CVE-2011-2885

IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a denial of service (application crash) via the sample .doc document that incorporates a user-defined toolbar.

CVSS: 4.3CWE: CWE-399

Critical

CVE-2011-2884

Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before FP3 have unknown impact and attack vectors, related to "critical security vulnerability issues."

CVSS: 10.0CWE: N/A

Medium

CVE-2011-2745

upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier relies on client-side JavaScript code to restrict the file extensions of uploaded files, which allows remote authenticated users…

CVSS: 6.5CWE: CWE-264

High

CVE-2011-2687

Drupal 7.x before 7.3 allows remote attackers to bypass intended node_access restrictions via vectors related to a listing that shows nodes but lacks a JOIN clause for the node table.

CVSS: 7.5CWE: CWE-264

High

CVE-2011-2489

Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 and earlier might allow local users to gain privileges via a crafted command line.

CVSS: 7.2CWE: CWE-189

Medium

CVE-2011-2196

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP05 and 5.1.0; JBoss Enterprise Application Platform (aka JBoss EAP or J…

CVSS: 6.8CWE: CWE-264

Medium

CVE-2011-1484

jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as distributed in Red Hat JBoss Enterprise SOA Platform 4.3.0.CP04 and 5.1.0 and JBoss Enterprise Application Platform (aka JBoss EAP o…

CVSS: 6.8CWE: CWE-264

2011-07-21

Medium

CVE-2011-0219

Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads fonts.

CVSS: 5.8CWE: CWE-264

Critical

CVE-2011-0216

Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow and application crash) via a crafted…

CVSS: 9.3CWE: CWE-189

Medium

CVE-2011-0214

CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via…

CVSS: 5.0CWE: CWE-310

Critical

CVE-2010-1383

CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection" issue.

CVSS: 9.3CWE: CWE-255

High

CVE-2011-2307

Unspecified vulnerability in Oracle SysFW 8.1.0.a in various Oracle SPARC T3, Netra SPARC T3, Sun Fire, and Sun Blade servers allows remote attackers to affect confidentiality, integrity, and availab…

CVSS: 7.5CWE: N/A

Medium

CVE-2011-2305

Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

CVSS: 6.2CWE: N/A

Low

CVE-2011-2300

Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 through 4.0.8 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest A…

CVSS: 3.7CWE: N/A

High

CVE-2011-2299

Unspecified vulnerability in Oracle SPARC Enterprise M3000, M4000, M5000, M8000, and M9000 XCP 1101 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related…

CVSS: 7.5CWE: N/A

Medium

CVE-2011-2298

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to KSSL.

CVSS: 5.0CWE: N/A

Medium

CVE-2011-2297

Unspecified vulnerability in Oracle Solaris Cluster 3.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Data Service for WebLogic Server.

CVSS: 6.1CWE: N/A

Medium

CVE-2011-2296

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability, related to Kernel/SCTP.

CVSS: 4.9CWE: N/A

Medium

CVE-2011-2295

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to Driver/USB.

CVSS: 4.7CWE: N/A

Medium

CVE-2011-2294

Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows remote attackers to affect availability, related to SSH.

CVSS: 5.0CWE: N/A

Medium

CVE-2011-2293

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Zones.

CVSS: 4.9CWE: N/A

Low

CVE-2011-2291

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality via unknown vectors related to Trusted Extensions.

CVSS: 1.7CWE: N/A

Medium

CVE-2011-2290

Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel/sockfs.

CVSS: 4.9CWE: N/A

Low

CVE-2011-2289

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade.

CVSS: 3.6CWE: N/A

Critical

CVE-2011-2288

Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM) in SysFW 8.1.0.a and earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows remote attackers…

CVSS: 10.0CWE: N/A

High

CVE-2011-2287

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to fingerd.

CVSS: 7.8CWE: N/A

High

CVE-2011-2285

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Installer.

CVSS: 7.2CWE: N/A

Medium

CVE-2011-2284

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors rela…

CVSS: 4.0CWE: N/A

Medium

CVE-2011-2283

Unspecified vulnerability in the PeopleSoft Enterprise FMS component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote authenticated users to affect confidentiality and in…

CVSS: 5.5CWE: N/A

Low

CVE-2011-2282

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50.20 and 8.51.11 allows remote authenticated users to affect integrity via unknown vector…

CVSS: 3.5CWE: N/A

Medium

CVE-2011-2281

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 Update 2011-D allows remote authenticated users to affect confidentiality and integrity via unk…

CVSS: 5.5CWE: N/A

Medium

CVE-2011-2280

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote authenticated users to affect integrity via unkn…

CVSS: 4.0CWE: N/A

Medium

CVE-2011-2279

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1, Bundle, and #6 allows remote authenticated users to affect confidentiality and integrity via u…

CVSS: 5.5CWE: N/A

Medium

CVE-2011-2278

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9, Bundle, #24, 9.0, Bundle, #17, 9.1, Bundle, and #6 allows remote authenticated users to affect…

CVSS: 4.0CWE: N/A

Medium

CVE-2011-2277

Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote authenticated users to affect confidentiality and in…

CVSS: 5.5CWE: N/A

Medium

CVE-2011-2275

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.31, 8.50.20, and 8.51.11 allows remote attackers to affect integrity via unknown vector…

CVSS: 4.3CWE: N/A

Low

CVE-2011-2274

CVSS: 3.5CWE: N/A

Medium

CVE-2011-2273

Unspecified vulnerability in the Agile Core Technology component in Oracle Supply Chain Products Suite 9.3.0.3 and 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vect…

CVSS: 4.0CWE: N/A

Medium

CVE-2011-2272

Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.0, Bundle, #36, 9.1, Bundle, and #13 allows remote authenticated users to affect confidentiality…

CVSS: 5.5CWE: N/A

Low

CVE-2011-2267

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect availability via unknown vectors r…

CVSS: 1.9CWE: N/A

Medium

CVE-2011-2264

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect confidentiality, integrity, and av…

CVSS: 4.4CWE: N/A

2011-07-20

Low

CVE-2011-2263

Unspecified vulnerability in Sun Integrated Lights Out Manager in Oracle SysFW 8.0.3.b or earlier for various Oracle SPARC T3, SPARC Netra T3, Sun Blade, and Sun Fire servers allows local users to af…

CVSS: 2.1CWE: N/A

Critical

CVE-2011-2261

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a…

CVSS: 10.0CWE: N/A

Medium

CVE-2011-2260

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Ad…

CVSS: 5.8CWE: N/A

Medium

CVE-2011-2259

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability, related to UFS.

CVSS: 4.9CWE: N/A

Medium

CVE-2011-2258

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rksh.

CVSS: 4.6CWE: N/A

Medium

CVE-2011-2257

Unspecified vulnerability in the Database Target Type Menus component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager…

CVSS: 6.8CWE: N/A

High

CVE-2011-2253

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidential…

CVSS: 7.1CWE: N/A

Medium

CVE-2011-2252

CVSS: 6.8CWE: N/A

Medium

CVE-2011-2251

Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.3.0.3 allows remote attackers to affect integrity via unknown vectors.

CVSS: 4.3CWE: N/A

Medium

CVE-2011-2250

Unspecified vulnerability in the PeopleSoft Enterprise FIN component in Oracle PeopleSoft Products 9.0 Bundle #36 and 9.1 Bundle #13 allows remote authenticated users to affect confidentiality and in…

CVSS: 5.5CWE: N/A

Medium

CVE-2011-2249

Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote authenticated users to affect availability, related to TCP/IP.

CVSS: 5.2CWE: N/A

Medium

CVE-2011-2248

Unspecified vulnerability in the SQL Performance Advisories/UIs component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Oracle Enterprise Manager Grid Control 10.1.0.6, 10.2.0.5, an…

CVSS: 6.8CWE: N/A

Medium

CVE-2011-2246

Unspecified vulnerability in the Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unkno…

CVSS: 4.3CWE: N/A

High

CVE-2011-2245

Unspecified vulnerability in the Solaris component in Oracle Sun Products Suite 9 and 10 allows remote attackers to affect confidentiality, integrity, and availability, related to SSH.

CVSS: 7.5CWE: N/A

Medium

CVE-2011-2244

Unspecified vulnerability in the Security Framework component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.1, and 11.2.0.2; and Enterprise Manager Grid Control 1…

CVSS: 6.4CWE: N/A

Low

CVE-2011-2243

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7.3, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect integrity, related to SYSDBA.

CVSS: 3.5CWE: N/A

Low

CVE-2011-2242

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.1 and 11.2.0.2 allows local users to affect confidentiality, related to XML DB FTP.

CVSS: 1.3CWE: N/A

Medium

CVE-2011-2241

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.1 and 11.1.1.3 allows remote attackers to affect availability via unkno…

CVSS: 5.0CWE: N/A

Low

CVE-2011-2240

Unspecified vulnerability in the Oracle Universal Installer component in Oracle Database Server 10.1.0.5 allows local users to affect confidentiality via unknown vectors.

CVSS: 1.7CWE: N/A

High

CVE-2011-2239

CVSS: 7.1CWE: N/A

Medium

CVE-2011-2238

Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect integrity, related…

CVSS: 4.0CWE: N/A

Medium

CVE-2011-2232

Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 11.1.0.7, and 11.2.0.1, and Oracle Fusion Middleware 10.1.3.5, allows remote authe…

CVSS: 6.0CWE: N/A

Medium

CVE-2011-2231

Unspecified vulnerability in the XML Developer Kit component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1, Oracle Fusion Middleware 10.1.3.5, allows remote…

CVSS: 4.3CWE: N/A

Medium

CVE-2011-2230

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.1 allows remote attackers to affect availability via unkno…

CVSS: 5.0CWE: N/A

Medium

CVE-2011-1511

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Products Suite 2.1.1 and 3.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to Admini…

CVSS: 6.4CWE: N/A

Medium

CVE-2011-0884

Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Fusion Middleware 11.1.1.3.0, 11.1.1.4.0, and 11.1.1.5.0 allows remote authenticated users to affect availability, rel…

CVSS: 4.0CWE: N/A