CVE Daily
← All years

Uncategorized 2012

Page 19/19.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2012-01-18
Low

CVE-2011-3564

Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 allows local users to affect confidentiality via unknown vectors related to Administration.

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2011-3531

Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote attackers to affect availability via unknown vectors…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-3524

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (J…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2011-3514

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastructure SEC (JDENET).

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2011-3509

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (J…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2011-2326

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (J…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2011-2325

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (J…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2011-2324

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote attackers to affect availability, related to Enterprise Infrastructure SEC (JDENET).

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2011-2321

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (J…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2011-2317

Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastucture SEC (JDNET).

CVSS: 4.0CWE: N/A
Read more
Low

CVE-2011-2271

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2011-2262

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2012-0781

The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to…

CVSS: 5.0CWE: CWE-399
Read more
Critical

CVE-2012-0190

Unspecified vulnerability in the Render method in the ExportHTML.ocx ActiveX control in ExportHTML.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2012-0189

Multiple unspecified vulnerabilities in the (1) PrintFile and (2) SaveDoc methods in the VsVIEW6 ActiveX control in VsVIEW6.ocx in IBM SPSS SamplePower 3.0 allow remote attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2012-0188

Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX control in mraboutb.dll in IBM SPSS Dimensions 5.5 and SPSS Data Collection 5.6, 6.0, and 6.0.1 allows remote attackers to execu…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2012-0031

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a…

CVSS: 4.6CWE: N/A
Read more
2012-01-17
Low

CVE-2011-3328

The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash)…

CVSS: 2.6CWE: N/A
Read more
Critical

CVE-2010-5082

Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan h…

CVSS: 9.3CWE: N/A
Read more
2012-01-15
Medium

CVE-2011-4868

The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote atta…

CVSS: 6.1CWE: CWE-399
Read more
Critical

CVE-2011-1377

The Web Services Security component in the Web Services Feature Pack before 6.1.0.41 for IBM WebSphere Application Server (WAS) 6.1 does not properly handle the enabling of WS-Security for a JAX-WS a…

CVSS: 10.0CWE: N/A
Read more
2012-01-14
Medium

CVE-2011-5064

DigestAuthenticator.java in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 uses Catalina as the hard-coded server…

CVSS: 4.3CWE: CWE-310
Read more
Medium

CVE-2011-5062

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to by…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2011-1184

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not have the expected countermeasures against replay attacks,…

CVSS: 5.0CWE: CWE-264
Read more
High

CVE-2012-0039

GLib 2.31.8 and earlier, when the g_str_hash function is used, computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to…

CVSS: 7.5CWE: CWE-310
Read more
2012-01-13
Low

CVE-2011-5060

The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which a…

CVSS: 3.3CWE: CWE-264
Read more
Medium

CVE-2012-0030

Nova 2011.3 and Essex, when using the OpenStack API, allows remote authenticated users to bypass access restrictions for tenants of other users via an OSAPI request with a modified project_id URI par…

CVSS: 4.9CWE: CWE-264
Read more
Low

CVE-2011-4114

The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory,…

CVSS: 3.3CWE: CWE-264
Read more
Medium

CVE-2011-4057

Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other versions before 4.40 allows remote attackers to cause a denial of service (CodeMeter.exe crash) via certain crafted packets to TCP p…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-2939

Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service…

CVSS: 5.1CWE: CWE-189
Read more
Medium

CVE-2011-4925

Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource Manager) before 2.5.9, when munge authentication is used, allows remote authenticated users to impersonate arbitrary user account…

CVSS: 4.9CWE: CWE-264
Read more
2012-01-12
Critical

CVE-2012-0695

Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
2012-01-10
Medium

CVE-2011-5058

The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 SP4 Patch 2 allows remote attackers to create arbitrary directories under the web root by specifying a non-existent directory usin…

CVSS: 6.4CWE: CWE-264
Read more
Critical

CVE-2012-0013

Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2012-0009

Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse execu…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2012-0005

The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean syste…

CVSS: 6.9CWE: CWE-264
Read more
Critical

CVE-2012-0004

Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1…

CVSS: 9.3CWE: N/A
Read more
High

CVE-2012-0003

Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote a…

CVSS: 8.1CWE: N/A
Read more
Critical

CVE-2012-0001

The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception han…

CVSS: 9.3CWE: N/A
Read more
2012-01-08
Medium

CVE-2011-5057

Apache Struts 2.3.1.2 and earlier, 2.3.19-2.3.23, provides interfaces that do not properly restrict access to collections such as the session and request collections, which might allow remote attacke…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2012-0393

The ParameterInterceptor component in Apache Struts before 2.3.1.1 does not prevent access to public constructors, which allows remote attackers to create or overwrite arbitrary files via a crafted p…

CVSS: 6.4CWE: CWE-264
Read more
Medium

CVE-2012-0392

The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows remote attackers to execute arbitrary commands via a crafted HTTP Cookie header…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2011-4056

An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix FactoryLink 6.6.1 (aka 6.6 SP1), 7.5.217 (aka 7.5 SP2), and 8.0.2.54 allows remote attackers to create or overwrite arbitrary files…

CVSS: 5.8CWE: N/A
Read more
2012-01-06
Medium

CVE-2012-0390

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it eas…

CVSS: 4.3CWE: CWE-310
Read more
Medium

CVE-2012-0027

The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted d…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-4619

The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of servi…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-4577

OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate…

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2011-4576

The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive…

CVSS: 5.0CWE: CWE-310
Read more
Critical

CVE-2011-4109

Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2011-4108

The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a pad…

CVSS: 4.3CWE: CWE-310
Read more
2012-01-05
Medium

CVE-2011-4858

Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows rem…

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2011-4905

Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests.

CVSS: 5.0CWE: CWE-399
Read more
2012-01-04
High

CVE-2011-5051

Multiple unrestricted file upload vulnerabilities in the WP Symposium plugin before 11.12.24 for WordPress allow remote attackers to execute arbitrary code by uploading a file with an executable exte…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2011-5049

MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306.

CVSS: 4.3CWE: CWE-399
Read more
Medium

CVE-2011-3337

eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 for eEye Retina Network Security Scanner on HP-UX, IRIX, and Solaris allows local users to gain privileges via a Trojan horse gaun…

CVSS: 6.9CWE: CWE-264
Read more
Medium

CVE-2011-1386

IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.1.1, 6.2.0, and 6.2.1 do not properly handle signature validations based on SAML 1.0, 1.…

CVSS: 4.3CWE: CWE-264
Read more
2012-01-03
High

CVE-2011-4197

etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certifica…

CVSS: 7.5CWE: CWE-264
Read more
>