Uncategorized CVEs — 2012 (Page 18/19)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2012-02-02

Medium

CVE-2011-3450

CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly restrict the allocation of stack memory, which allows remote attackers to execute arbitrary code or cause a denial of service (memory c…

CVSS: 6.8CWE: CWE-399

Medium

CVE-2011-3449

Use-after-free vulnerability in CoreText in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted embedded font…

CVSS: 6.8CWE: CWE-399

High

CVE-2011-3446

Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not properly manage memory for data-font files, which allows remote attackers to execute arbitrary code or cause a denial of service (ap…

CVSS: 7.5CWE: N/A

Medium

CVE-2011-3444

Address Book in Apple Mac OS X before 10.7.3 automatically switches to unencrypted sessions upon failure of encrypted connections, which allows remote attackers to read CardDAV data by terminating an…

CVSS: 4.3CWE: CWE-310

High

CVE-2011-2393

The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in FreeBSD, NetBSD, and possibly other BSD-based operating systems allows remote attackers to cause a denial of service (CPU cons…

CVSS: 7.8CWE: CWE-399

Medium

CVE-2011-4144

Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 before SP2 P02, 6.5 SP3 before SP3 P02, and 6.6 before P02 allows local users to obtain "highest super user privileges" by leveragi…

CVSS: 6.8CWE: N/A

Medium

CVE-2012-0057

PHP before 5.3.9 has improper libxslt security settings, which allows remote attackers to create arbitrary files via a crafted XSLT stylesheet that uses the libxslt output extension.

CVSS: 6.4CWE: CWE-264

Critical

CVE-2011-4790

Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, and 9.10 allows remote attackers to execute arbitrary code via unknown vectors.

CVSS: 9.3CWE: N/A

2012-02-01

Low

CVE-2012-0450

Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and Mac OS X set weak permissions for Firefox Recovery Key.html, which might allow local users to read a Firefox Sync key via standar…

CVSS: 2.1CWE: CWE-264

Medium

CVE-2012-0445

Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to bypass the HTML5 frame-navigation policy and replace arbitrary sub-frames by creating…

CVSS: 5.0CWE: CWE-264

Critical

CVE-2012-0443

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of servic…

CVSS: 10.0CWE: N/A

Critical

CVE-2012-0442

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote a…

CVSS: 9.3CWE: N/A

2012-01-30

Medium

CVE-2012-0937

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not limit the number of MySQL queries sent to external MySQL database servers, which allows remote attacker…

CVSS: 5.0CWE: N/A

High

CVE-2011-4899

wp-admin/setup-config.php in the installation component in WordPress 3.3.1 and earlier does not ensure that the specified MySQL database service is appropriate, which allows remote attackers to confi…

CVSS: 7.5CWE: N/A

2012-01-29

Medium

CVE-2011-5075

translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 allows remote attackers to obtain sensitive information via a direct request using the save action, which reveals the installati…

CVSS: 5.0CWE: N/A

Medium

CVE-2011-5069

Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an…

CVSS: 6.0CWE: N/A

Medium

CVE-2011-3833

Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then…

CVSS: 6.0CWE: N/A

2012-01-28

Medium

CVE-2012-0053

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to…

CVSS: 4.3CWE: N/A

2012-01-27

Low

CVE-2012-0814

The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain p…

CVSS: 3.5CWE: CWE-255

Medium

CVE-2012-0056

The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by mod…

CVSS: 6.9CWE: CWE-264

Medium

CVE-2011-4622

The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and possibly other versions, does not properly handle when Programmable Interval Timer (PIT) interrupt requests (IRQs) when a virtual…

CVSS: 4.9CWE: N/A

High

CVE-2011-4608

mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat Linux allows worker nodes to register with arbitrary virtual hosts, which allows remote attackers to bypass intended access rest…

CVSS: 7.5CWE: CWE-264

Medium

CVE-2011-4325

The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain functions without properly initializing certain data, which allows local users to cause a denial of service (NULL pointer derefe…

CVSS: 4.9CWE: N/A

Low

CVE-2011-4110

The user_update function in security/keys/user_defined.c in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and kernel oops) via vectors related to a us…

CVSS: 2.1CWE: CWE-264

High

CVE-2011-3626

Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted s…

CVSS: 7.5CWE: CWE-399

Low

CVE-2011-2203

The hfs_find_init function in the Linux kernel 2.6 allows local users to cause a denial of service (NULL pointer dereference and Oops) by mounting an HFS file system with a malformed MDB extent recor…

CVSS: 2.1CWE: CWE-264

Medium

CVE-2011-4354

crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as used in stunnel and other products, in certain circumstances involving ECDH or ECDHE cipher suites, uses an incorrect modular redu…

CVSS: 5.8CWE: CWE-310

2012-01-25

Medium

CVE-2012-0885

chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x before 10.0.1, when the res_srtp module is used and media support is improperly configured, allows remote attackers to cause a denial…

CVSS: 4.3CWE: N/A

Medium

CVE-2011-3479

Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which all…

CVSS: 6.8CWE: CWE-264

Medium

CVE-2011-4867

The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android does not properly protect data, which allows remote attackers to read or modify contact information and a password hash via a cr…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2011-4865

The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 applications for Android do not properly protect data, which allows remote attackers to read or modify message drafts and search key…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2011-4864

The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for Android does not properly protect data, which allows remote attackers to read or modify messages and a friends list via a crafted appli…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2011-4863

The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS/MMS messages and a contact list via…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2011-4773

The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted appli…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2011-4772

The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted applic…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2011-4771

The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for Android does not properly protect data, which allows remote attackers to read or modify scanned files and a Google account via a cra…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2011-4770

The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application.

CVSS: 5.8CWE: CWE-264

Medium

CVE-2011-4769

The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.x before 2.3.0 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list v…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2011-4705

The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and 1.9.2.1 for Android does not properly protect data, which allows remote attackers to read or modify blacklists and a contact list…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2011-4704

The Voxofon (com.voxofon) application before 2.5.2 for Android does not properly protect data, which allows remote attackers to read or modify SMS information via a crafted application.

CVSS: 5.8CWE: CWE-264

Medium

CVE-2011-4703

The Limit My Call (com.limited.call.view) application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted appli…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2011-4702

The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application.

CVSS: 5.8CWE: CWE-264

Medium

CVE-2011-4701

The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 for Android does not properly protect data, which allows remote attackers to read or modify allow/block lists via a crafted appl…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2011-4700

The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 for Android does not properly protect data, which allows remote attackers to read or modify Twitter information via a crafted appl…

CVSS: 5.8CWE: CWE-264

2012-01-24

Critical

CVE-2012-0918

Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00…

CVSS: 10.0CWE: N/A

Critical

CVE-2012-0915

Integer signedness error in RenRen Talk 2.9 allows remote attackers to execute arbitrary code via crafted dimensions of a skin file, leading to a heap-based buffer overflow, as demonstrated using a B…

CVSS: 9.3CWE: CWE-189

2012-01-23

Critical

CVE-2012-0192

Multiple integer overflows in vclmi.dll in the visual class library module in IBM Lotus Symphony before 3.0.1 might allow remote attackers to execute arbitrary code via an embedded (1) JPEG or (2) PN…

CVSS: 9.3CWE: CWE-189

2012-01-20

Medium

CVE-2012-0904

VLC media player 1.1.11 allows remote attackers to cause a denial of service (crash) via a long string in an amr file.

CVSS: 4.3CWE: CWE-399

Medium

CVE-2012-0902

AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of service (reboot) via a direct request to cgi-bin/loader.

CVSS: 5.0CWE: N/A

2012-01-19

Medium

CVE-2012-0050

OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, which allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an out-of-bounds read. NO…

CVSS: 5.0CWE: CWE-399

Medium

CVE-2012-0268

Integer overflow in the CYImage::LoadJPG method in YImage.dll in Yahoo! Messenger before 11.5.0.155, when photo sharing is enabled, might allow remote attackers to execute arbitrary code via a crafte…

CVSS: 5.1CWE: CWE-189

Critical

CVE-2012-0035

Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as used in GNU Emacs before 23.4 and other products, allows local users to gain privileges via a crafted Lisp expression in a Project…

CVSS: 9.3CWE: N/A

Medium

CVE-2011-4873

Unspecified vulnerability in the server in Certec EDV atvise before 2.1 allows remote attackers to cause a denial of service (daemon crash) via crafted requests to TCP port 4840.

CVSS: 5.0CWE: N/A

Critical

CVE-2011-4659

Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video Phone E20 has a default password for the root account after an upgrade to TE 4.1.0, which makes it easier for remote attackers to mod…

CVSS: 10.0CWE: CWE-264

Critical

CVE-2011-4053

Untrusted search path vulnerability in 7-Technologies (7T) Interactive Graphical SCADA System (IGSS) before 9.0.0.11291 allows local users to gain privileges via a Trojan horse DLL in the current wor…

CVSS: 9.3CWE: N/A

Low

CVE-2011-4142

The Web Search feature in EMC SourceOne Email Management 6.5 before 6.5.2.4033, 6.6 before 6.6.1.2194, and 6.7 before 6.7.2.2033 places cleartext credentials in log files, which allows local users to…

CVSS: 2.1CWE: CWE-255

Medium

CVE-2011-1376

iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 on the IBM i platform sets weak permissions under systemapps/isclite.ear/ and bin/…

CVSS: 4.6CWE: CWE-264

Medium

CVE-2012-0022

Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consu…

CVSS: 5.0CWE: CWE-189

2012-01-18

Medium

CVE-2012-0496

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

CVSS: 4.3CWE: N/A

Medium

CVE-2012-0495

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-011…

CVSS: 4.0CWE: N/A

Low

CVE-2012-0494

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows local users to affect availability via unknown vectors.

CVSS: 1.7CWE: N/A

Low

CVE-2012-0493

CVSS: 2.1CWE: N/A

Low

CVE-2012-0492

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV…

CVSS: 2.1CWE: N/A

Medium

CVE-2012-0491

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0490

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0489

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0488

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0487

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0486

CVSS: 5.0CWE: N/A

Medium

CVE-2012-0485

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0484

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0120

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0119

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0118

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different v…

CVSS: 4.9CWE: N/A

Low

CVE-2012-0117

CVSS: 3.5CWE: N/A

Medium

CVE-2012-0116

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

CVSS: 4.9CWE: N/A

Medium

CVE-2012-0115

CVSS: 4.0CWE: N/A

Low

CVE-2012-0114

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.

CVSS: 3.0CWE: N/A

Medium

CVE-2012-0113

CVSS: 5.5CWE: N/A

Low

CVE-2012-0112

CVSS: 3.5CWE: N/A

Low

CVE-2012-0111

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.

CVSS: 3.6CWE: N/A

Medium

CVE-2012-0110

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availa…

CVSS: 4.4CWE: N/A

Low

CVE-2012-0109

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP.

CVSS: 3.6CWE: N/A

Low

CVE-2012-0105

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to W…

CVSS: 3.7CWE: N/A

Medium

CVE-2012-0104

Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 and 3.1.1 allows remote attackers to affect availability via unknown vectors related to Web Container.

CVSS: 5.0CWE: N/A

Medium

CVE-2012-0103

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect availability via unknown vectors related to Kernel.

CVSS: 4.9CWE: N/A

Medium

CVE-2012-0102

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CV…

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0101

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0100

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kerberos.

CVSS: 6.8CWE: N/A

Low

CVE-2012-0099

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to sshd.

CVSS: 2.6CWE: N/A

Low

CVE-2012-0098

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect availability via unknown vectors related to Kernel, a different vulnerability than CVE-2011-0813.

CVSS: 1.9CWE: N/A

Low

CVE-2012-0097

Unspecified vulnerability in Oracle Solaris 11 Express allows local users to affect confidentiality via unknown vectors related to ksh93 Shell.

CVSS: 2.1CWE: N/A

Medium

CVE-2012-0096

Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect availability via unknown vectors related to Network.

CVSS: 5.0CWE: N/A

High

CVE-2012-0094

Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express allows remote attackers to affect availability, related to TCP/IP.

CVSS: 7.8CWE: N/A

Low

CVE-2012-0091

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52.05 allows remote authenticated users to affect integrity and availability via unknown v…

CVSS: 2.7CWE: N/A

Medium

CVE-2012-0089

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to ePerf…

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0088

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 8.9, 9.0, and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors re…

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0087

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0085

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2 and 10.1.3.5.1 allows remote attackers to affect integrity via unknown vectors related to Content…

CVSS: 4.3CWE: N/A

Low

CVE-2012-0084

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect integri…

CVSS: 3.5CWE: N/A

Medium

CVE-2012-0083

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality a…

CVSS: 6.4CWE: N/A

Medium

CVE-2012-0082

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect in…

CVSS: 5.5CWE: N/A

Low

CVE-2012-0081

Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration.

CVSS: 3.7CWE: N/A

Medium

CVE-2012-0080

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors re…

CVSS: 5.5CWE: N/A

Medium

CVE-2012-0079

Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote attackers to affect integrity via unknown vectors related to Administration.

CVSS: 4.3CWE: N/A

Medium

CVE-2012-0078

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST…

CVSS: 4.0CWE: N/A

Low

CVE-2012-0077

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote authenticated users to affect integrity, related…

CVSS: 3.5CWE: N/A

Medium

CVE-2012-0076

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related…

CVSS: 4.0CWE: N/A

Low

CVE-2012-0075

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.

CVSS: 1.7CWE: N/A

Medium

CVE-2012-0074

Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 8.9 allows remote authenticated users to affect integrity via unknown vectors related to Sales.

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0073

Unspecified vulnerability in the Oracle Forms component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.

CVSS: 4.3CWE: N/A

Medium

CVE-2012-0072

Unspecified vulnerability in the Listener component in Oracle Database Server 10.1.0.5, 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote attackers to affect availability via unknown…

CVSS: 5.0CWE: N/A

Low

CVE-2011-3574

Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality and integrity via unknown vectors related to Calendar Server.

CVSS: 3.3CWE: N/A

Medium

CVE-2011-3573

Unspecified vulnerability in Oracle Communications Unified 7.0 allows remote authenticated users to affect availability via unknown vectors related to Calendar Server.

CVSS: 4.0CWE: N/A

Low

CVE-2011-3571

Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vect…

CVSS: 3.6CWE: N/A

Low

CVE-2011-3570

Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality via unknown vectors related to Calendar Server.

CVSS: 2.1CWE: N/A

Medium

CVE-2011-3569

Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect confidentiality via unknown vecto…

CVSS: 5.0CWE: N/A

Medium

CVE-2011-3568

Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect confidentiality and int…

CVSS: 5.5CWE: N/A

Medium

CVE-2011-3566

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote attackers to affect availability via unknown vect…

CVSS: 5.0CWE: N/A

Medium

CVE-2011-3565

Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Calendar Server.

CVSS: 4.6CWE: N/A