CVE Daily
← All years

Uncategorized 2012

Page 3/19.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2012-11-10
Medium

CVE-2012-2455

Advanced Productivity Software DTE Axiom before 12.3.3 does not validate the registration ID, which allows remote attackers to bypass authentication and read or modify data about users, customers, an…

CVSS: 6.4CWE: CWE-264
Read more
2012-11-09
Critical

CVE-2012-3757

Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PICT file.

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2012-3754

Use-after-free vulnerability in the Clear method in the ActiveX control in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application cra…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2012-3751

Use-after-free vulnerability in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with…

CVSS: 9.3CWE: CWE-399
Read more
2012-11-08
Medium

CVE-2012-4022

Pebble before 2.6.4 allows remote attackers to trigger loss of blog-entry viewability via a crafted comment.

CVSS: 6.4CWE: CWE-264
Read more
Medium

CVE-2012-4020

MosP kintai kanri before 4.1.0 does not enforce privilege requirements, which allows remote authenticated users to read other users' information via unspecified vectors.

CVSS: 4.0CWE: CWE-264
Read more
2012-11-07
Critical

CVE-2012-3270

Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via u…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2012-3269

Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and 5.41, when Sybase is used, allows remote attackers to obtain sensitive information, modify data, or cause a denial of service via u…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2012-5127

Integer overflow in Google Chrome before 23.0.1271.64 allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a crafted WebP image.

CVSS: 7.5CWE: CWE-189
Read more
High

CVE-2012-5122

Google Chrome before 23.0.1271.64 does not properly perform a cast of an unspecified variable during handling of input, which allows remote attackers to cause a denial of service or possibly have oth…

CVSS: 7.5CWE: CWE-399
Read more
High

CVE-2012-5117

Google Chrome before 23.0.1271.64 does not properly restrict the loading of an SVG subresource in the context of an IMG element, which has unspecified impact and remote attack vectors.

CVSS: 7.5CWE: CWE-264
Read more
Critical

CVE-2012-5278

Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on Windows and Mac OS X, before 10.3.183.43 and 11.x before 11.2.202.251 on Linux, before 11.1.111.24 on Android 2.x and 3.x, and be…

CVSS: 10.0CWE: CWE-264
Read more
2012-11-04
Medium

CVE-2012-5811

The Breezy application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-…

CVSS: 5.8CWE: CWE-310
Read more
Medium

CVE-2012-5809

The Groupon Redemptions application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whic…

CVSS: 5.8CWE: CWE-310
Read more
2012-11-03
Low

CVE-2012-3750

The Passcode Lock implementation in Apple iOS before 6.0.1 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement and access P…

CVSS: 3.6CWE: CWE-264
Read more
2012-11-02
Medium

CVE-2012-0025

Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial o…

CVSS: 6.8CWE: CWE-399
Read more
High

CVE-2012-4498

The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not properly restrict access to the "Campaign" content type, which might allow remote attackers to bypass access restrictions and possibly h…

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2012-4487

The Subuser module before 6.x-1.8 for Drupal does not properly check "switch subuser" permissions, which allows remote authenticated parent users to change their role by switching to a subuser they c…

CVSS: 4.0CWE: CWE-264
Read more
Critical

CVE-2012-5417

Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not properly restrict access to certain JBoss MainDeployer functionality, which allows remote attackers to execute arbitrary commands…

CVSS: 10.0CWE: CWE-264
Read more
2012-11-01
Low

CVE-2012-5704

The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote authenticated users with the "administer hotblocks" permission to cause a denial of service (infinite loop and time out) via a blo…

CVSS: 3.5CWE: CWE-399
Read more
2012-10-31
Low

CVE-2012-4500

The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the "access announcements" permission to bypass node access restrictions and possibly have other unsp…

CVSS: 3.5CWE: CWE-264
Read more
Medium

CVE-2012-4499

The contact formatter page in the Email Field module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to email the stored address in the entity via unspecified vec…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2012-4495

The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not properly restrict access to files outside Drupal's publish files directory, which allows remote authenticated users to send arbitrary f…

CVSS: 4.0CWE: CWE-264
Read more
Medium

CVE-2012-4494

The Shibboleth authentication module 7.x-4.0 for Drupal does not properly check the active status of users, which allows remote blocked users to access bypass intended access restrictions and possibl…

CVSS: 4.3CWE: CWE-264
Read more
Medium

CVE-2012-4491

The Monthly Archive by Node Type module 6.x for Drupal does not properly check permissions defined by node_access modules, which allows remote attackers to access restricted nodes via unspecified vec…

CVSS: 5.8CWE: CWE-264
Read more
Medium

CVE-2012-4488

The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 for Drupal does not properly check user or node access permissions, which allows remote attackers to read node or user results via…

CVSS: 5.0CWE: CWE-264
Read more
Medium

CVE-2012-4483

The commons_discussion_views_default_views function in modules/features/commons_discussion/commons_discussion.views_default.inc in the Drupal Commons module 6.x-2.x before 6.x-2.8 for Drupal does not…

CVSS: 5.0CWE: CWE-264
Read more
Critical

CVE-2012-5692

Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.

CVSS: 10.0CWE: N/A
Read more
Low

CVE-2012-4934

TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL.

CVSS: 3.5CWE: CWE-264
Read more
Low

CVE-2012-4610

EMC Avamar Client for VMware 6.1 stores the cleartext server root password on the proxy client, which might allow remote attackers to obtain sensitive information by leveraging "network access" to th…

CVSS: 3.3CWE: CWE-255
Read more
2012-10-30
Critical

CVE-2012-0023

Double free vulnerability in the get_chunk_header function in modules/demux/ty.c in VideoLAN VLC media player 0.9.0 through 1.1.12 allows remote attackers to cause a denial of service (crash) and pos…

CVSS: 9.3CWE: CWE-399
Read more
2012-10-29
High

CVE-2012-4643

The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services Module (ASASM) in Cisco Catalyst 6500 series devices, with software 7.0 before 7.2(5.8), 7.1 befo…

CVSS: 7.1CWE: CWE-399
Read more
2012-10-26
Critical

CVE-2012-4501

Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows remote attackers to make arbitrary API calls by leveraging the system user account, as demonstrated by API calls to delete VMs.

CVSS: 10.0CWE: CWE-264
Read more
2012-10-25
Medium

CVE-2012-5672

Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a craf…

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2012-3506

Unspecified vulnerability in the Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
2012-10-24
Medium

CVE-2012-5456

The Zoner AntiVirus Free application for Android does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which allows man-in-t…

CVSS: 4.3CWE: CWE-310
Read more
High

CVE-2012-5302

The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not properly implement access control, which allows remote attackers to obtain sensitive information or modify data via unspecified vect…

CVSS: 7.5CWE: CWE-264
Read more
2012-10-22
Medium

CVE-2012-5454

user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not properly restrict access, which allows remote authenticated users to modify arbitrary user passwords via a crafted request. NOTE…

CVSS: 6.5CWE: CWE-264
Read more
High

CVE-2012-5168

ATutor AContent before 1.2-1 allows remote attackers to modify arbitrary user passwords or category names via a direct request to (1) user/index_inline_editor_submit.php or (2) course_category/index_…

CVSS: 7.5CWE: CWE-264
Read more
Low

CVE-2012-4518

ibacm 1.0.7 creates files with world-writable permissions, which allows local users to overwrite the ib_acm daemon log or ibacm.port file.

CVSS: 3.6CWE: CWE-264
Read more
Medium

CVE-2012-4517

ibacm before 1.0.6 does not properly manage reference counts for multicast connections, which allows remote attackers to cause a denial of service (ibacm service crash) via a crafted join response.

CVSS: 5.0CWE: CWE-399
Read more
Medium

CVE-2012-4516

librdmacm 1.0.16, when ibacm.port is not specified, connects to port 6125, which allows remote attackers to specify the address resolution information for the application via a malicious ib_acm servi…

CVSS: 5.8CWE: N/A
Read more
Medium

CVE-2012-4507

The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted email.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2012-3466

GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unsp…

CVSS: 4.4CWE: CWE-264
Read more
Low

CVE-2012-2679

Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg before 5.10.27-8 uses weak permissions (world-readable) for /var/log/rhncfg-actions, which allows local users to obtain sensitive…

CVSS: 2.1CWE: CWE-264
Read more
Medium

CVE-2012-1154

mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used in JBoss Enterprise Application Platform 5.1.2, when "ROOT" is set to excludedContexts, exposes the root context of the server, w…

CVSS: 4.3CWE: CWE-264
Read more
2012-10-20
High

CVE-2012-4933

The rtrlet web application in the Web Console in Novell ZENworks Asset Management (ZAM) 7.5 uses a hard-coded username of Ivanhoe and a hard-coded password of Scott for the (1) GetFile_Password and (…

CVSS: 7.8CWE: CWE-255
Read more
High

CVE-2012-2167

The IBM XIV Storage System Gen3 before 11.1.0.a allows remote attackers to cause a denial of service (device outage) via TCP packets to unspecified ports.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2012-4845

The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not properly manage privileges in an RBAC environment, which allows attackers to bypass intended file-read restrictions by le…

CVSS: 6.8CWE: CWE-264
Read more
2012-10-18
Low

CVE-2012-2284

The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local use…

CVSS: 2.1CWE: CWE-255
Read more
2012-10-17
Medium

CVE-2012-5095

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to inetd.

CVSS: 4.4CWE: N/A
Read more
Medium

CVE-2012-5094

Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidentiality via unknown vectors r…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2012-5093

Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect integrity via unknown vectors related…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2012-5092

Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality and integri…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2012-5091

Unspecified vulnerability in the Oracle Agile Product Supplier Collaboration for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect confidenti…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2012-5090

Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0 allows remote authenticated users to affect confidentiality via unknown…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2012-5066

Unspecified vulnerability in the Oracle Central Designer component in Oracle Industry Applications 1.3, 1.4, and 1.4.2 allows remote attackers to affect confidentiality, integrity, and availability v…

CVSS: 6.8CWE: N/A
Read more
Low

CVE-2012-5065

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows local users to affect i…

CVSS: 2.1CWE: N/A
Read more
Low

CVE-2012-5064

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 al…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2012-5063

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 1…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2012-5061

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 1…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2012-5058

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors relat…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2012-3230

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2012-3229

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel Documentati…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2012-3228

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authent…

CVSS: 4.9CWE: N/A
Read more
Low

CVE-2012-3227

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, and 11.0.0 through 11.2.0 al…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2012-3226

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0, 10.0.2, 10.1.0, 10.2.0, 10.2.2, 10.3.0, 10.5.0, 11.0.0 through 11.4.0, and 1…

CVSS: 5.5CWE: N/A
Read more
Low

CVE-2012-3225

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality and int…

CVSS: 3.6CWE: N/A
Read more
Low

CVE-2012-3224

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.1.0, 5.2.0, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confi…

CVSS: 3.5CWE: N/A
Read more
Low

CVE-2012-3223

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.0.5, 5.1.0, 5.2.0, 5.3.0 through 5.3.4, and 6.0.1 allows remote authenticated…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2012-3222

Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect availability via unknown vect…

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2012-3221

Unspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core.…

CVSS: 2.1CWE: N/A
Read more
Low

CVE-2012-3217

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Expor…

CVSS: 2.1CWE: N/A
Read more
Low

CVE-2012-3215

Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect confidentiality via unknown vectors related to Kernel.

CVSS: 1.7CWE: N/A
Read more
Low

CVE-2012-3214

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Ou…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2012-3212

Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel.

CVSS: 4.7CWE: N/A
Read more
Medium

CVE-2012-3211

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/System Call.

CVSS: 4.6CWE: N/A
Read more
High

CVE-2012-3210

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via unknown vectors related to Kernel.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2012-3209

Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when running on SPARC, allows local users to affect integrity and availability via unknown vectors related to Logical Domain (LDOM).

CVSS: 5.6CWE: N/A
Read more
Medium

CVE-2012-3208

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability, related to Kernel/RCTL.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2012-3207

Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows local users to affect availability via unknown vectors related to Kernel.

CVSS: 4.9CWE: N/A
Read more
Low

CVE-2012-3206

Unspecified vulnerability in the Integrated Lights Out Manager CLI in Oracle Sun Products Suite SysFW 8.2.0.a for SPARC and Netra SPARC T3 and T4-based servers, and other versions and servers, allows…

CVSS: 2.1CWE: N/A
Read more
Low

CVE-2012-3205

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via unknown vectors related to Vino server.

CVSS: 2.1CWE: N/A
Read more
High

CVE-2012-3204

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management.

CVSS: 7.2CWE: N/A
Read more
Low

CVE-2012-3203

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability, related to Gnome Display Manager GDM.

CVSS: 2.1CWE: N/A
Read more
Critical

CVE-2012-3202

Multiple unspecified vulnerabilities in the Oracle JRockit component in Oracle Fusion Middleware 28.2.4 and earlier, and 27.7.3 and earlier, when using JDK/JRE 5 or 6, allow remote attackers to affec…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2012-3201

Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality via unknown vectors rel…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2012-3200

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality, related to ROLESPRV.

CVSS: 4.0CWE: N/A
Read more
High

CVE-2012-3199

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Gnome Trusted Extension.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2012-3198

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect availability via unknown vectors r…

CVSS: 4.0CWE: N/A
Read more
Low

CVE-2012-3197

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors relate…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2012-3196

Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and availa…

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2012-3195

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality via unknown…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2012-3194

Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote attackers to affect integrity via unknown v…

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2012-3193

Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 10.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and 11.1.1.6.2 allows remote authenticated users to affect confidentiality…

CVSS: 3.5CWE: N/A
Read more
Low

CVE-2012-3191

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect availability via unknown ve…

CVSS: 2.1CWE: N/A
Read more
High

CVE-2012-3189

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability, related to COMSTAR.

CVSS: 7.8CWE: N/A
Read more
Low

CVE-2012-3188

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50 and 8.51 allows remote authenticated users to affect integrity, related to PIA Core Tec…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2012-3187

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2012-3186

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated us…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2012-3185

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated us…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2012-3184

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to aff…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2012-3183

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5, 7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated us…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2012-3182

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2012-3181

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect availability via unknown ve…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2012-3180

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors relate…

CVSS: 4.0CWE: N/A
Read more
Low

CVE-2012-3179

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect integrity via unknown vecto…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2012-3177

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors relate…

CVSS: 6.8CWE: N/A
Read more
Low

CVE-2012-3176

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Pa…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2012-3175

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to R…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2012-3173

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors relate…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2012-3171

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown…

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2012-3167

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors relate…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2012-3166

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors relate…

CVSS: 4.0CWE: N/A
Read more
Low

CVE-2012-3165

Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect confidentiality and integrity via unknown vectors related to mailx.

CVSS: 3.6CWE: N/A
Read more
Low

CVE-2012-3164

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown…

CVSS: 3.5CWE: N/A
Read more
Critical

CVE-2012-3163

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availab…

CVSS: 9.0CWE: N/A
Read more
2012-10-16
Low

CVE-2012-3162

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows local users to affect confidentiality, related to MDS loading.

CVSS: 1.7CWE: N/A
Read more
Medium

CVE-2012-3161

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote attackers to affect integrity via unknown vectors related to Web Clie…

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2012-3160

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server…

CVSS: 2.1CWE: N/A
Read more
>