Uncategorized CVEs — 2013 (Page 18/19)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2013-01-27

Medium

CVE-2012-6098

grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly enforce the moodle/grade:manage…

CVSS: 4.0CWE: CWE-264

Medium

CVE-2013-0652

GE Intelligent Platforms Proficy Real-Time Information Portal does not restrict access to methods of an unspecified Java class, which allows remote attackers to obtain a username listing via an RMI c…

CVSS: 5.0CWE: CWE-264

Medium

CVE-2013-0651

The Portal installation process in GE Intelligent Platforms Proficy Real-Time Information Portal stores sensitive information under the web root with insufficient access control, which allows remote…

CVSS: 5.0CWE: CWE-264

Critical

CVE-2013-0462

Unspecified vulnerability in IBM WebSphere Application Server (WAS) 6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A

High

CVE-2012-5484

The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly obtain the Certification Authority (CA) certificate from the server, which allows man-in-the-middle attackers to spoof a join procedur…

CVSS: 7.9CWE: CWE-310

2013-01-26

Medium

CVE-2012-4917

The TripAdvisor app 6.6 for iOS sends cleartext credentials, which allows remote attackers to obtain sensitive information by sniffing the network.

CVSS: 5.0CWE: CWE-310

Medium

CVE-2012-0435

SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify the hosts list, and subsequently conduct man-in-the-middle attacks, via a crafted /host request on TCP port 4984.

CVSS: 5.8CWE: N/A

2013-01-24

Critical

CVE-2013-1105

Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.3, 7.1 and 7.2 before 7.2.111.3, and 7.3 before 7.3.101.0 allow remote authenticated users to bypass wireless-management s…

CVSS: 9.0CWE: CWE-264

Critical

CVE-2013-1104

The HTTP Profiling functionality on Cisco Wireless LAN Controller (WLC) devices with software 7.3.101.0 allows remote authenticated users to execute arbitrary code via a crafted HTTP User-Agent heade…

CVSS: 9.0CWE: N/A

High

CVE-2013-1103

Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.220.0, 7.1 before 7.1.91.0, and 7.2 before 7.2.103.0 allow remote attackers to cause a denial of service (Access Point reload)…

CVSS: 7.8CWE: N/A

High

CVE-2013-1102

The Wireless Intrusion Prevention System (wIPS) component on Cisco Wireless LAN Controller (WLC) devices with software 7.0 before 7.0.235.0, 7.1 and 7.2 before 7.2.110.0, and 7.3 before 7.3.101.0 all…

CVSS: 7.8CWE: N/A

Critical

CVE-2013-0842

Google Chrome before 24.0.1312.56 does not properly handle %00 characters in pathnames, which has unspecified impact and attack vectors.

CVSS: 10.0CWE: N/A

Critical

CVE-2013-0840

Google Chrome before 24.0.1312.56 does not validate URLs during the opening of new windows, which has unspecified impact and remote attack vectors.

CVSS: 10.0CWE: N/A

High

CVE-2013-0839

Use-after-free vulnerability in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the handling of…

CVSS: 7.5CWE: CWE-399

High

CVE-2012-6509

Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 allows remote attackers to execute arbitrary PHP code by uploading a file a double extension, as demonstrated by .php%00.jpg.

CVSS: 7.5CWE: N/A

Critical

CVE-2012-6503

Unspecified vulnerability in the NinjaXplorer component before 1.0.7 for Joomla! has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A

2013-01-22

Low

CVE-2012-5616

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly Citrix CloudStack) before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain (1) t…

CVSS: 1.5CWE: CWE-255

Low

CVE-2012-4461

The KVM subsystem in the Linux kernel before 3.6.9, when running on hosts that use qemu userspace without XSAVE, allows local users to cause a denial of service (kernel OOPS) by using the KVM_SET_SRE…

CVSS: 1.9CWE: N/A

Medium

CVE-2012-2372

The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG…

CVSS: 4.4CWE: N/A

2013-01-21

Medium

CVE-2013-1110

Cisco WebEx Training Center allow remote authenticated users to bypass intended privilege restrictions and (1) enable or (2) disable training-center recordings via a crafted URL, aka Bug ID CSCzu8106…

CVSS: 4.0CWE: CWE-264

Medium

CVE-2013-1108

Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064.

CVSS: 4.0CWE: CWE-264

High

CVE-2012-2291

EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to g…

CVSS: 7.2CWE: CWE-264

2013-01-19

Medium

CVE-2012-6396

Cisco NX-OS on Nexus 7000 series switches does not properly handle certain line-card replacements, which might allow remote authenticated users to cause a denial of service (memory consumption) via a…

CVSS: 4.9CWE: CWE-399

2013-01-18

High

CVE-2009-4738

Unspecified vulnerability in JustSystems Corporation ATOK 2006 through 2009 and ATOK flat-rate service, and Just Smile 4 with the ATOK Smile module, allows physically proximate users to bypass the sc…

CVSS: 7.2CWE: N/A

Medium

CVE-2012-6359

IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, 6.2.1 before 6.2.1.3, and 6.2.2 before 6.2.2.2 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.1…

CVSS: 4.3CWE: CWE-264

Medium

CVE-2012-5717

Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x through 8.4(1) do not properly manage SSH sessions, which allows remote authenticated users to cause a denial of service (device cra…

CVSS: 6.3CWE: CWE-264

Medium

CVE-2012-6088

The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 does not return an error code in certain situations involving an "unparseable signature," which allows remote attackers to bypass…

CVSS: 4.3CWE: CWE-255

Medium

CVE-2012-5875

Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2…

CVSS: 5.0CWE: N/A

Medium

CVE-2012-2124

functions/imap_general.php in SquirrelMail, as used in Red Hat Enterprise Linux (RHEL) 4 and 5, does not properly handle 8-bit characters in passwords, which allows remote attackers to cause a denial…

CVSS: 5.0CWE: CWE-399

2013-01-17

Low

CVE-2012-3310

IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 before 6.2.0.12, and 6.2.1 before 6.2.1.4 allows context-dependent attackers to discover (1) a cleartext LDAP Bind Password, (2) ke…

CVSS: 3.5CWE: CWE-255

Low

CVE-2013-0172

Samba 4.0.x before 4.0.1, in certain Active Directory domain-controller configurations, does not properly interpret Access Control Entries that are based on an objectClass, which allows remote authen…

CVSS: 3.5CWE: CWE-264

Medium

CVE-2012-5429

The VPN driver in Cisco VPN Client on Windows does not properly interact with the kernel, which allows local users to cause a denial of service (kernel fault and system crash) via a crafted applicati…

CVSS: 4.6CWE: N/A

Medium

CVE-2012-4689

Integer overflow in CimWebServer.exe in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY 4.01 through 8.0, and Proficy Process Systems with CIMPLICITY, allows remote attackers to cause a denia…

CVSS: 4.3CWE: CWE-189

Medium

CVE-2012-5444

Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not properly process certain search rules, which allows remote attackers to create conferences via an unspecified Conductor request, ak…

CVSS: 5.0CWE: CWE-264

High

CVE-2012-5419

Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for the Cisco ASA 1000V Cloud Firewall allows remote attackers to cause a denial of service (device reload) via a malformed H.225 H.…

CVSS: 7.8CWE: CWE-399

Low

CVE-2013-0420

Unspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: Th…

CVSS: 2.4CWE: N/A

Medium

CVE-2013-0418

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related…

CVSS: 6.8CWE: N/A

Medium

CVE-2013-0417

Unspecified vulnerability in the Sun Storage Common Array Manager (CAM) component in Oracle Sun Products Suite 6.9.0 allows remote attackers to affect confidentiality, related to Fault Management Sys…

CVSS: 5.0CWE: N/A

Medium

CVE-2013-0415

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the Bind/Postinstall script for Bind packag…

CVSS: 6.0CWE: N/A

Low

CVE-2013-0414

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Utility/ksh93.

CVSS: 3.3CWE: N/A

Medium

CVE-2013-0407

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/DTrace Framework.

CVSS: 4.6CWE: N/A

Medium

CVE-2013-0400

Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Filesystem/cachefs.

CVSS: 6.6CWE: N/A

Medium

CVE-2013-0399

Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Utility/Umount.

CVSS: 6.6CWE: N/A

Medium

CVE-2013-0397

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via u…

CVSS: 6.4CWE: N/A

Medium

CVE-2013-0396

Unspecified vulnerability in the Application Performance Management (APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect integrity via u…

CVSS: 5.0CWE: N/A

Medium

CVE-2013-0395

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity via unknown vectors related to Secu…

CVSS: 4.0CWE: N/A

Medium

CVE-2013-0394

Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote attackers to affect confidentiality via unknown vectors related to Candidate Gateway.

CVSS: 5.0CWE: N/A

Medium

CVE-2013-0393

CVSS: 6.8CWE: N/A

Medium

CVE-2013-0392

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity via unknown vectors related to Portal, a diff…

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0391

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors rela…

CVSS: 5.5CWE: N/A

Low

CVE-2013-0390

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect integrity via unknown vec…

CVSS: 2.1CWE: N/A

Medium

CVE-2013-0389

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to S…

CVSS: 6.8CWE: N/A

Medium

CVE-2013-0388

Unspecified vulnerability in the PeopleSoft HRMS component in Oracle PeopleSoft Products 9.1 allows remote attackers to affect integrity via unknown vectors related to Mobile Company Directory.

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0387

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vec…

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0386

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.

CVSS: 6.8CWE: N/A

Medium

CVE-2013-0385

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to…

CVSS: 6.6CWE: N/A

Medium

CVE-2013-0384

CVSS: 6.8CWE: N/A

Medium

CVE-2013-0383

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Lock…

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0382

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity vi…

CVSS: 6.4CWE: N/A

Medium

CVE-2013-0381

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via…

CVSS: 6.4CWE: N/A

Medium

CVE-2013-0380

Unspecified vulnerability in the Oracle Payroll component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors rela…

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0379

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Siebel Calendar, a different vuln…

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0378

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0377

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vector…

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0376

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect integrity via unknown vectors relat…

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0375

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vec…

CVSS: 5.4CWE: N/A

Medium

CVE-2013-0374

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.…

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0373

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0372

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1 and 12.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.…

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0371

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability, related to MyISAM.

CVSS: 4.0CWE: N/A

Low

CVE-2013-0370

Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.1.1 allows remote authenticated users to affect confidentiality via unknown vectors rel…

CVSS: 2.1CWE: N/A

Medium

CVE-2013-0369

CVSS: 5.5CWE: N/A

Medium

CVE-2013-0368

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

CVSS: 4.0CWE: N/A

Medium

CVE-2013-0367

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

CVSS: 4.0CWE: N/A

Critical

CVE-2013-0366

Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality,…

CVSS: 10.0CWE: N/A

Medium

CVE-2013-0365

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

CVSS: 4.0CWE: N/A

High

CVE-2013-0364

CVSS: 7.8CWE: N/A

High

CVE-2013-0363

CVSS: 7.8CWE: N/A

High

CVE-2013-0362

CVSS: 7.8CWE: N/A

Critical

CVE-2013-0361

CVSS: 10.0CWE: N/A

Medium

CVE-2013-0360

CVSS: 5.0CWE: N/A

High

CVE-2013-0359

Unspecified vulnerability in the APM - Application Performance Management component in Oracle Enterprise Manager Grid Control 6.5, 11.1, and 12.1.0.2 allows remote attackers to affect confidentiality…

CVSS: 7.5CWE: N/A

Medium

CVE-2013-0358

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0357

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.52 allows remote attackers to affect integrity, related to PIA Core Technology.

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0356

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to affect integrity, related to PIA Core Technology.

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0355

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1, and EM DB Control 11.1.0.7, 11.2.0.2, and…

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0354

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, al…

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0353

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.…

CVSS: 4.3CWE: N/A

Medium

CVE-2013-0352

CVSS: 4.3CWE: N/A

Medium

CVE-2012-5097

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3.0, 11.1.1.5.0, and 11.1.2.0.0 allows remote attackers to affect integrity, related to OAM Webgate.

CVSS: 4.3CWE: N/A

Low

CVE-2012-5096

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users with Server Privileges to affect availability via unknown vectors.

CVSS: 3.5CWE: N/A

Medium

CVE-2012-5062

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.…

CVSS: 4.3CWE: N/A

Medium

CVE-2012-5060

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

CVSS: 6.8CWE: N/A

Medium

CVE-2012-5059

CVSS: 4.3CWE: N/A

Critical

CVE-2012-3220

Unspecified vulnerability in the Spatial component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users with Create Session privi…

CVSS: 9.0CWE: N/A

Medium

CVE-2012-3219

CVSS: 4.3CWE: N/A

Medium

CVE-2012-3218

Unspecified vulnerability in the Human Resources component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unkno…

CVSS: 5.5CWE: N/A

Low

CVE-2012-3192

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated users to affect integrity, related to Rich Text Editor (RTE).

CVSS: 3.5CWE: N/A

Medium

CVE-2012-3190

Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and i…

CVSS: 6.4CWE: N/A

Low

CVE-2012-3178

Unspecified vulnerability in the kernel in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors.

CVSS: 2.1CWE: N/A

Medium

CVE-2012-3172

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Siebel Apps - Multi-…

CVSS: 4.0CWE: N/A

Medium

CVE-2012-3170

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Siebel Core - Server Infrastru…

CVSS: 5.0CWE: N/A

Medium

CVE-2012-3169

CVSS: 5.0CWE: N/A

Medium

CVE-2012-3168

CVSS: 4.0CWE: N/A

Medium

CVE-2012-1755

Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote attackers to affect integrity via vectors related to PeopleBooks - PSOL.

CVSS: 4.3CWE: N/A

Medium

CVE-2012-1705

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Ser…

CVSS: 4.0CWE: N/A

Medium

CVE-2012-1702

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

CVSS: 5.0CWE: N/A

Medium

CVE-2012-1701

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Highly Interactive Web UI.

CVSS: 5.0CWE: N/A

Medium

CVE-2012-1700

Unspecified vulnerability in the Siebel CRM component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Siebel UI Framewo…

CVSS: 4.0CWE: N/A

Medium

CVE-2012-1680

CVSS: 4.0CWE: N/A

Low

CVE-2012-1678

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98, 9.1, and 24 allows remote authenticated users to affect confidentiality, related to Enter…

CVSS: 3.5CWE: N/A

Medium

CVE-2012-1677

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors.

CVSS: 4.3CWE: N/A

Medium

CVE-2012-0578

Unspecified vulnerability in the Server component in Oracle MySQL 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0574

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

CVSS: 4.0CWE: N/A

Medium

CVE-2012-0572

CVSS: 4.0CWE: N/A

Low

CVE-2012-0569

Unspecified vulnerability Oracle Sun Solaris 10 allows local users to affect confidentiality and integrity via unknown vectors related to Install/smpatch.

CVSS: 3.3CWE: N/A

2013-01-15

High

CVE-2013-0838

Google Chrome before 24.0.1312.52 on Linux uses weak permissions for shared memory segments, which has unspecified impact and attack vectors.

CVSS: 7.5CWE: CWE-264

Medium

CVE-2013-0836

Google V8 before 3.14.5.3, as used in Google Chrome before 24.0.1312.52, does not properly implement garbage collection, which allows remote attackers to cause a denial of service (application crash)…

CVSS: 6.8CWE: CWE-399

Medium

CVE-2013-0835

Unspecified vulnerability in the Geolocation implementation in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service (application crash) via unknown vectors.

CVSS: 5.0CWE: N/A

High

CVE-2013-0832

Use-after-free vulnerability in Google Chrome before 24.0.1312.52 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to printing.

CVSS: 7.5CWE: CWE-399