[AMEinfo.com "Security Management Under Control: Complete Vulnerability Mgmt."]
High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0
Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9
Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9
| High Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
| arecont -- vision_av1355dn_megadome_camera | The Arecont Vision AV1355DN MegaDome camera allows remote attackers to cause a denial of service (video-capture outage) via a packet to UDP port 69. | 2013-04-18 | 7.8 | CVE-2013-0139 |
| canarylabs -- trendlink | The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted web site. | 2013-04-16 | 8.5 | CVE-2012-3022 |
| chatelao -- php_address_book | Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by CVE-2008-2565.1 and the edit.php id vector is already covered by CVE-2008-2565.2. | 2013-04-18 | 7.5 | CVE-2013-1748 |
| cisco -- telepresence_mcu_4500_series_software | The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before 4.3(2.30), TelePresence MCU MSE 8510 devices before 4.3(2.30), and TelePresence Server before 2.3(1.55) does not properly validate H.264 data, which allows remote attackers to cause a denial of service (device reload) via crafted RTP packets in a (1) SIP session or (2) H.323 session, aka Bug IDs CSCuc11328 and CSCub05448. | 2013-04-18 | 7.1 | CVE-2013-1176 |
| cisco -- network_admission_control_manager_and_server_system_software | SQL injection vulnerability in Cisco Network Admission Control (NAC) Manager before 4.8.3.1 and 4.9.x before 4.9.2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCub23095. | 2013-04-18 | 7.5 | CVE-2013-1177 |
| google -- chrome_os | Use-after-free vulnerability in the O3D plug-in in Google Chrome OS before 26.0.1410.57 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to improper management of ownership relationships involving Elements and DrawElements. | 2013-04-16 | 10.0 | CVE-2013-2833 |
| ibm -- gentran_integration_suite | Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2.2 and other products, allows remote attackers to execute arbitrary commands via unknown vectors. | 2013-04-12 | 9.3 | CVE-2012-5937 |
| ibm -- cognos_disclosure_management | The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in Edraw Office Viewer Component, the client in IBM Cognos Disclosure Management (CDM) 10.2.0, and other products, allows remote attackers to read arbitrary files, or download an arbitrary program onto a client machine and execute this program, via a crafted web site. | 2013-04-12 | 9.3 | CVE-2013-0501 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXP. | 2013-04-17 | 10.0 | CVE-2013-1518 |
| oracle -- database_server | Unspecified vulnerability in the Workload Manager component in Oracle Database Server 11.2.0.2 and 11.2.0.3, when used in RAC configurations, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2013-04-17 | 10.0 | CVE-2013-1534 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. | 2013-04-17 | 10.0 | CVE-2013-1537 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. | 2013-04-17 | 10.0 | CVE-2013-1557 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Beans. | 2013-04-17 | 10.0 | CVE-2013-1558 |
| oracle -- javafx | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | 2013-04-17 | 7.6 | CVE-2013-1563 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2383, CVE-2013-2384, and CVE-2013-2420. | 2013-04-17 | 10.0 | CVE-2013-1569 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be REJECTed in the future. | 2013-04-17 | 10.0 | CVE-2013-2380 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420. | 2013-04-17 | 10.0 | CVE-2013-2383 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420. | 2013-04-17 | 10.0 | CVE-2013-2384 |
| oracle -- javafx | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2432 and CVE-2013-1491. | 2013-04-17 | 7.6 | CVE-2013-2394 |
| oracle -- javafx | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2427, and CVE-2013-2428. | 2013-04-17 | 10.0 | CVE-2013-2414 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2384. | 2013-04-17 | 10.0 | CVE-2013-2420 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. | 2013-04-17 | 9.3 | CVE-2013-2421 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | 2013-04-17 | 10.0 | CVE-2013-2422 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. | 2013-04-17 | 10.0 | CVE-2013-2425 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2436. | 2013-04-17 | 9.3 | CVE-2013-2426 |
| oracle -- javafx | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2428. | 2013-04-17 | 10.0 | CVE-2013-2427 |
| oracle -- javafx | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX, a different vulnerability than CVE-2013-0402, CVE-2013-2414, and CVE-2013-2427. | 2013-04-17 | 10.0 | CVE-2013-2428 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. | 2013-04-17 | 7.6 | CVE-2013-2429 |
| oracle -- javafx | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to ImageIO. | 2013-04-17 | 7.6 | CVE-2013-2430 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to HotSpot. | 2013-04-17 | 10.0 | CVE-2013-2431 |
| oracle -- javafx | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D, a different vulnerability than CVE-2013-2394 and CVE-2013-1491. | 2013-04-17 | 10.0 | CVE-2013-2432 |
| oracle -- javafx | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | 2013-04-17 | 10.0 | CVE-2013-2434 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2440. | 2013-04-17 | 10.0 | CVE-2013-2435 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries, a different vulnerability than CVE-2013-1488 and CVE-2013-2426. | 2013-04-17 | 9.3 | CVE-2013-2436 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2435. | 2013-04-17 | 10.0 | CVE-2013-2440 |
| parallels -- parallels_plesk_panel | Untrusted search path vulnerability in /usr/local/psa/admin/sbin/wrapper in Parallels Plesk Panel 11.0.9 allows local users to gain privileges via a crafted PATH environment variable. | 2013-04-18 | 7.2 | CVE-2013-0133 |
| redhat -- jboss_enterprise_portal_platform | The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 does not properly check authentication when importing Zip files, which allows remote attackers to modify site contents, remove the site, or alter the access controls for portlets. | 2013-04-12 | 7.5 | CVE-2013-0314 |
| rockwellautomation -- rslinx_enterprise | LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage) via a zero-byte UDP packet that is not properly handled by Logger.dll. | 2013-04-17 | 7.1 | CVE-2012-4695 |
| rockwellautomation -- factorytalk_services_platform | Integer signedness error in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a negative integer value. | 2013-04-17 | 7.8 | CVE-2012-4713 |
| rockwellautomation -- factorytalk_services_platform | Integer overflow in RNADiagnostics.dll in Rockwell Automation FactoryTalk Services Platform (FTSP) CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (service outage or RNADiagReceiver.exe daemon crash) via UDP data that specifies a large integer value. | 2013-04-17 | 7.8 | CVE-2012-4714 |
| rockwellautomation -- rslinx_enterprise | Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, CPR9-SR1, CPR9-SR2, CPR9-SR3, CPR9-SR4, CPR9-SR5, CPR9-SR5.1, and CPR9-SR6 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long UDP packet that is not properly handled by Logger.dll. | 2013-04-18 | 10.0 | CVE-2012-4715 |
| zapms -- zapms | SQL injection vulnerability in ZAPms 1.41 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter to product. | 2013-04-12 | 7.5 | CVE-2013-3050 |
| Back to top | ||||
| Medium Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
| bestwebsharing -- groovy_media_player | Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers to execute arbitrary code via a long string in a .m3u file. | 2013-04-16 | 6.8 | CVE-2013-2760 |
| chatelao -- php_address_book | Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field. | 2013-04-18 | 4.3 | CVE-2013-1749 |
| cisco -- 5500_adaptive_security_appliance | Race condition on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to cause a denial of service (CPU consumption or device reload) by establishing multiple connections, leading to improper handling of hash lookups for secondary flows, aka Bug IDs CSCue31622 and CSCuc71272. | 2013-04-16 | 5.4 | CVE-2012-5415 |
| cisco -- jabber_extensible_communications_platform | The Connection Manager in Cisco Jabber Extensible Communications Platform (aka Jabber XCP) does not properly validate login data, which allows remote attackers to cause a denial of service (service crash) by sending a series of malformed login packets, aka Bug ID CSCts76762. | 2013-04-16 | 5.0 | CVE-2013-1187 |
| cisco -- adaptive_security_appliance_software | The Secure Shell (SSH) implementation on Cisco Adaptive Security Appliances (ASA) devices, and in Cisco Firewall Services Module (FWSM), does not properly terminate sessions, which allows remote attackers to cause a denial of service (SSH service outage) by repeatedly establishing SSH connections, aka Bug IDs CSCue63881, CSCuf51892, CSCue78671, and CSCug26937. | 2013-04-16 | 5.0 | CVE-2013-1193 |
| cisco -- adaptive_security_appliance_software | The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) devices generates different responses for IKE aggressive-mode messages depending on whether invalid VPN groups are specified, which allows remote attackers to enumerate groups via a series of messages, aka Bug ID CSCue73708. | 2013-04-18 | 5.0 | CVE-2013-1194 |
| cisco -- unified_presence | The XML parser in the server in Cisco Unified Presence (CUP) allows remote authenticated users to cause a denial of service (jabberd daemon crash) via crafted XML content in an XMPP message, aka Bug ID CSCue13912. | 2013-04-16 | 6.8 | CVE-2013-1197 |
| cisco -- adaptive_security_appliance_clientless_ssl_vpn | Race condition in the CIFS implementation in the rewriter module in the Clientless SSL VPN component on Cisco Adaptive Security Appliances (ASA) devices allows remote authenticated users to cause a denial of service (device reload) by accessing resources within multiple sessions, aka Bug ID CSCub58996. | 2013-04-18 | 4.9 | CVE-2013-1199 |
| fenrir-inc -- sleipnir | Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to spoof the SSL lock icon and address-bar colors via unspecified vectors. | 2013-04-16 | 5.0 | CVE-2013-2303 |
| fenrir-inc -- sleipnir_mobile | The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile Black Edition application 2.8.0 and earlier for Android allow remote attackers to load arbitrary Extension APIs, and trigger downloads or obtain sensitive HTTP response-body information, via a crafted web page. | 2013-04-16 | 5.8 | CVE-2013-2304 |
| google -- chrome_os | The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in Google Chrome OS before 26.0.1410.57 does not prevent uninitialized data from remaining in a buffer, which might allow remote attackers to obtain sensitive information via unspecified vectors. | 2013-04-16 | 5.0 | CVE-2013-2832 |
| google -- chrome_os | Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2835. | 2013-04-16 | 5.0 | CVE-2013-2834 |
| google -- chrome_os | Google Chrome OS before 26.0.1410.57 does not properly enforce origin restrictions for the O3D and Google Talk plug-ins, which allows remote attackers to bypass the domain-whitelist protection mechanism via a crafted web site, a different vulnerability than CVE-2013-2834. | 2013-04-16 | 5.0 | CVE-2013-2835 |
| ibm -- xiv_storage_system_gen3 | IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 certificate for authentication, which allows man-in-the-middle attackers to spoof servers by leveraging an inappropriate certificate-trust relationship. | 2013-04-16 | 4.3 | CVE-2012-4829 |
| motorola -- atrix_hd | A certain Motorola build of Android 4.1.2 on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset allows physically proximate attackers to obtain root access by entering USB Debugging mode, using Android Debug Bridge (adb) to establish a USB connection, and uploading and executing the Motochopper pwn program. | 2013-04-12 | 6.9 | CVE-2013-2596 |
| motorola -- atrix_hd | The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local users to unlock the bootloader by using kernel mode to perform crafted 0x9 and 0x2 SMC operations, a different vulnerability than CVE-2013-2596. | 2013-04-13 | 6.2 | CVE-2013-3051 |
| mysql -- mysql | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. | 2013-04-17 | 4.0 | CVE-2013-1512 |
| mysql -- mysql | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking. | 2013-04-17 | 6.5 | CVE-2013-1521 |
| mysql -- mysql | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer. | 2013-04-17 | 4.6 | CVE-2013-1523 |
| mysql -- mysql | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2013-04-17 | 6.0 | CVE-2013-1552 |
| mysql -- mysql | Unspecified vulnerability in MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Partition. | 2013-04-17 | 4.0 | CVE-2013-1555 |
| mysql -- mysql | Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure. | 2013-04-17 | 4.0 | CVE-2013-2376 |
| mysql -- mysql | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema. | 2013-04-17 | 6.0 | CVE-2013-2378 |
| mysql -- mysql | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 2013-04-17 | 4.0 | CVE-2013-2389 |
| mysql -- mysql | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer. | 2013-04-17 | 4.0 | CVE-2013-2392 |
| openstack -- folsom | OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a large HTTP request, as demonstrated by a long tenant_name when requesting a token. | 2013-04-12 | 5.0 | CVE-2013-0270 |
| openstack -- essex | OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, and Essex does not properly check if the (1) user, (2) tenant, or (3) domain is enabled when using EC2-style authentication, which allows context-dependent attackers to bypass access restrictions. | 2013-04-12 | 5.0 | CVE-2013-0282 |
| oracle -- supply_chain_products_suite | Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Base Component - Common Objects. | 2013-04-17 | 4.3 | CVE-2013-0410 |
| oracle -- siebel_crm | Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability than CVE-2013-2403. | 2013-04-17 | 4.0 | CVE-2013-0416 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle COREid Access component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to WebGate - WebServer plugin. | 2013-04-17 | 4.3 | CVE-2013-1497 |
| oracle -- e-business_suite | Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Login. | 2013-04-17 | 4.3 | CVE-2013-1501 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-2390. | 2013-04-17 | 4.3 | CVE-2013-1504 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE. | 2013-04-17 | 4.9 | CVE-2013-1505 |
| oracle -- glassfish_server | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to REST Interface. | 2013-04-17 | 4.3 | CVE-2013-1508 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites. | 2013-04-17 | 4.0 | CVE-2013-1509 |
| oracle -- siebel_crm | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework. | 2013-04-17 | 5.0 | CVE-2013-1510 |
| oracle -- peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology. | 2013-04-17 | 4.3 | CVE-2013-1513 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote authenticated users to affect integrity via vectors related to RMI Support. | 2013-04-17 | 4.0 | CVE-2013-1514 |
| oracle -- sun_middleware_products | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to ADMIN Interface. | 2013-04-17 | 4.3 | CVE-2013-1515 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle WebCenter Capture component in Oracle Fusion Middleware 10.1.3.5.1 allows remote authenticated users to affect availability via unknown vectors related to Import Server. | 2013-04-17 | 4.0 | CVE-2013-1516 |
| oracle -- database_server | Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors. | 2013-04-17 | 5.0 | CVE-2013-1519 |
| oracle -- industry_applications | Unspecified vulnerability in the Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications 4.6.0 and 4.6.6 allows remote authenticated users to affect confidentiality and integrity via vectors related to HTML Surround. | 2013-04-17 | 5.5 | CVE-2013-1520 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Content Server. | 2013-04-17 | 4.3 | CVE-2013-1522 |
| oracle -- e-business_suite | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Attachments. | 2013-04-17 | 4.3 | CVE-2013-1524 |
| oracle -- industry_applications | Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Industry Applications 13.0, 13.1, and 13.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Retail Integration Bus Manager. | 2013-04-17 | 4.0 | CVE-2013-1525 |
| oracle -- mysql | Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication. | 2013-04-17 | 4.0 | CVE-2013-1526 |
| oracle -- peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Report Distribution. | 2013-04-17 | 4.0 | CVE-2013-1527 |
| oracle -- e-business_suite | Unspecified vulnerability in the Oracle HRMS component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Payroll. | 2013-04-17 | 4.3 | CVE-2013-1528 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle WebCenter Interaction component in Oracle Fusion Middleware 6.5.1 and 10.3.3.0 allows remote attackers to affect integrity via unknown vectors related to Image Service. | 2013-04-17 | 4.3 | CVE-2013-1529 |
| oracle -- mysql | Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges. | 2013-04-17 | 6.0 | CVE-2013-1531 |
| oracle -- mysql | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema. | 2013-04-17 | 4.0 | CVE-2013-1532 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.1.0, 5.2.0, 5.3.1 through 5.3.3, and 6.0.1 through 12.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE. | 2013-04-17 | 5.5 | CVE-2013-1533 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0, 5.1.0, 5.2.0, 5.3.4, and 6.0.1 allows remote attackers to affect confidentiality via vectors related to BASE. | 2013-04-17 | 5.0 | CVE-2013-1535 |
| oracle -- supply_chain_products_suite | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.05 and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 2013-04-17 | 4.0 | CVE-2013-1536 |
| oracle -- database_server | Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to affect availability via unknown vectors. | 2013-04-17 | 5.0 | CVE-2013-1538 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-2433. | 2013-04-17 | 4.3 | CVE-2013-1540 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Servlet Runtime. | 2013-04-17 | 4.3 | CVE-2013-1542 |
| oracle -- siebel_crm | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Open UI Client. | 2013-04-17 | 4.0 | CVE-2013-1543 |
| oracle -- mysql | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language. | 2013-04-17 | 4.0 | CVE-2013-1544 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.5.0, and 11.1.1.6.0 allows remote attackers to affect availability via unknown vectors related to Web Listener. | 2013-04-17 | 5.0 | CVE-2013-1545 |
| oracle -- peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via unknown vectors related to WorkCenter. | 2013-04-17 | 4.3 | CVE-2013-1550 |
| oracle -- siebel_crm | Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Integration Business Services. | 2013-04-17 | 6.0 | CVE-2013-1551 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Services Security. | 2013-04-17 | 6.4 | CVE-2013-1553 |
| oracle -- database_server | Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors. | 2013-04-17 | 5.0 | CVE-2013-1554 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors related to Content Server. | 2013-04-17 | 4.0 | CVE-2013-1559 |
| oracle -- javafx | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality via unknown vectors related to JavaFX. | 2013-04-17 | 5.0 | CVE-2013-1561 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect integrity via vectors related to HELP. | 2013-04-17 | 4.0 | CVE-2013-1562 |
| oracle -- javafx | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX. | 2013-04-17 | 5.0 | CVE-2013-1564 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.11 allows remote attackers to affect availability via unknown vectors. | 2013-04-17 | 5.0 | CVE-2013-1565 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 5.3.3, 6.0.1, and 6.2.0 allows remote authenticated users to affect availability via unknown vectors related to CB. | 2013-04-17 | 4.0 | CVE-2013-1568 |
| oracle -- mysql | Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached. | 2013-04-17 | 5.0 | CVE-2013-1570 |
| oracle -- peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Rich Text Editor. | 2013-04-17 | 4.0 | CVE-2013-2374 |
| oracle -- mysql | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2013-04-17 | 6.0 | CVE-2013-2375 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via vectors related to BASE, a different vulnerability than CVE-2013-1560. | 2013-04-17 | 4.0 | CVE-2013-2385 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect integrity and availability via vectors related to BASE. | 2013-04-17 | 4.9 | CVE-2013-2386 |
| oracle -- e-business_suite | Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect availability via unknown vectors related to Mid Tier File Management. | 2013-04-17 | 5.0 | CVE-2013-2388 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-1504. | 2013-04-17 | 4.3 | CVE-2013-2390 |
| oracle -- mysql | Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567. | 2013-04-17 | 6.8 | CVE-2013-2395 |
| oracle -- e-business_suite | Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via vectors related to HTML OAM client. | 2013-04-17 | 4.3 | CVE-2013-2396 |
| oracle -- industry_applications | Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Industry Applications 13.1, 13.2, 13.3, and 13.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Customer Operations (Add, Search). | 2013-04-17 | 5.5 | CVE-2013-2397 |
| oracle -- siebel_crm | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Open UI Client. | 2013-04-17 | 6.0 | CVE-2013-2398 |
| oracle -- siebel_crm | Unspecified vulnerability in the Siebel Call Center component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Email - COMM Server Components. | 2013-04-17 | 4.0 | CVE-2013-2399 |
| oracle -- peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to WorkCenter. | 2013-04-17 | 4.3 | CVE-2013-2402 |
| oracle -- peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to Portal. | 2013-04-17 | 4.3 | CVE-2013-2404 |
| oracle -- primavera_products_suite | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Access. | 2013-04-17 | 5.5 | CVE-2013-2405 |
| oracle -- peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology and use of Internet Explorer 6. | 2013-04-17 | 4.3 | CVE-2013-2408 |
| oracle -- peoplesoft_enterprise_peopletools | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via vectors related to PIA Core Technology. | 2013-04-17 | 5.0 | CVE-2013-2409 |
| oracle -- peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management. | 2013-04-17 | 4.0 | CVE-2013-2410 |
| oracle -- primavera_products_suite | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote attackers to affect integrity via unknown vectors related to Web Access. | 2013-04-17 | 4.3 | CVE-2013-2411 |
| oracle -- siebel_crm | Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services. | 2013-04-17 | 4.9 | CVE-2013-2413 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment. | 2013-04-17 | 4.3 | CVE-2013-2416 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect availability via unknown vectors related to Networking. | 2013-04-17 | 5.0 | CVE-2013-2417 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 2013-04-17 | 4.6 | CVE-2013-2418 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect availability via unknown vectors related to 2D. | 2013-04-17 | 5.0 | CVE-2013-2419 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to HotSpot. | 2013-04-17 | 4.3 | CVE-2013-2423 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier allows remote attackers to affect confidentiality via vectors related to JMX. | 2013-04-17 | 5.0 | CVE-2013-2424 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43 and earlier allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2013-1540. | 2013-04-17 | 4.3 | CVE-2013-2433 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows remote attackers to affect integrity via unknown vectors related to JavaFX. | 2013-04-17 | 5.0 | CVE-2013-2438 |
| oracle -- javafx | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Install. | 2013-04-17 | 6.9 | CVE-2013-2439 |
| oracle -- supply_chain_products_suite | Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to Java Client. | 2013-04-17 | 4.0 | CVE-2013-2441 |
| parallels -- parallels_plesk_panel | The suexec implementation in Parallels Plesk Panel 11.0.9 contains a cgi-wrapper whitelist entry, which allows user-assisted remote attackers to execute arbitrary PHP code via a request containing crafted environment variables. | 2013-04-18 | 6.8 | CVE-2013-0132 |
| phpmyadmin -- phpmyadmin | Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visualizationSettings[width] or (2) visualizationSettings[height] parameter. | 2013-04-16 | 4.3 | CVE-2013-1937 |
| redhat -- jboss_enterprise_portal_platform | Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. | 2013-04-12 | 6.8 | CVE-2012-3532 |
| redhat -- jboss_enterprise_portal_platform | The GateIn Portal export/import gadget in JBoss Enterprise Portal Platform 5.2.2 allows remote attackers to read arbitrary files via a crafted external XML entity in an XML document, aka an XML Entity Expansion (XEE) attack. | 2013-04-12 | 5.0 | CVE-2013-0315 |
| schneider-electric -- micom_s1_studio | The installer routine in Schneider Electric MiCOM S1 Studio uses world-writable permissions for executable files, which allows local users to modify the service or the configuration files, and consequently gain privileges or trigger incorrect protective-relay operation, via a Trojan horse executable file. | 2013-04-17 | 6.6 | CVE-2013-0687 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6. | 2013-04-17 | 6.4 | CVE-2013-0405 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec. | 2013-04-17 | 4.3 | CVE-2013-0406 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers. | 2013-04-17 | 5.0 | CVE-2013-0408 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration. | 2013-04-17 | 5.9 | CVE-2013-0411 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service. | 2013-04-17 | 4.4 | CVE-2013-0413 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel. | 2013-04-17 | 4.7 | CVE-2013-1494 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498. | 2013-04-17 | 4.9 | CVE-2013-1496 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1496. | 2013-04-17 | 4.9 | CVE-2013-1498 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Filesystem. | 2013-04-17 | 4.9 | CVE-2013-1507 |
| xen -- xen | Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running "under memory pressure" and the Xen Security Module (XSM) is enabled, uses the wrong ordering of operations when extending the per-domain event channel tracking table, which causes a use-after-free and allows local guest kernels to inject arbitrary events and gain privileges via unspecified vectors. | 2013-04-12 | 4.4 | CVE-2013-1920 |
| xmlsoft -- libxslt | libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (2) uninitialized variable to the xsltDocumentFunction function in functions.c. | 2013-04-12 | 5.0 | CVE-2012-6139 |
| Back to top | ||||
| Low Vulnerabilities | ||||
|---|---|---|---|---|
| Primary Vendor -- Product | Description | Published | CVSS Score | Source & Patch Info |
| mysql -- mysql | Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition. | 2013-04-17 | 1.5 | CVE-2013-1502 |
| mysql -- mysql | Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking. | 2013-04-17 | 2.8 | CVE-2013-1506 |
| mysql -- mysql | Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 2013-04-17 | 3.5 | CVE-2013-1511 |
| mysql -- mysql | Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types. | 2013-04-17 | 3.5 | CVE-2013-1548 |
| mysql -- mysql | Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install. | 2013-04-17 | 3.0 | CVE-2013-2391 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Content Server. | 2013-04-17 | 3.5 | CVE-2012-4303 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Content Server. | 2013-04-17 | 3.5 | CVE-2013-1503 |
| oracle -- e-business_suite | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Diagnostics. | 2013-04-17 | 2.6 | CVE-2013-1517 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.0.2 through 5.0.5, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality via vectors related to CTF. | 2013-04-17 | 3.5 | CVE-2013-1539 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.0.2 through 5.0.5, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality via vectors related to BASE. | 2013-04-17 | 3.5 | CVE-2013-1541 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 and 5.0.2 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE. | 2013-04-17 | 1.5 | CVE-2013-1546 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to BASE. | 2013-04-17 | 3.5 | CVE-2013-1547 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 5.3.3, 6.0.1, and 12.0.0 allows remote authenticated users to affect integrity via vectors related to BASE. | 2013-04-17 | 3.5 | CVE-2013-1549 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to OTH. | 2013-04-17 | 3.5 | CVE-2013-1556 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via vectors related to BASE, a different vulnerability than CVE-2013-2385. | 2013-04-17 | 2.1 | CVE-2013-1560 |
| oracle -- mysql | Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 2013-04-17 | 3.5 | CVE-2013-1566 |
| oracle -- mysql | Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395. | 2013-04-17 | 3.5 | CVE-2013-1567 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to My Services. | 2013-04-17 | 3.5 | CVE-2013-2377 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via unknown vectors related to RT. | 2013-04-17 | 3.5 | CVE-2013-2379 |
| oracle -- mysql | Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges. | 2013-04-17 | 3.5 | CVE-2013-2381 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE. | 2013-04-17 | 1.7 | CVE-2013-2382 |
| oracle -- financial_services_software | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE. | 2013-04-17 | 3.6 | CVE-2013-2387 |
| oracle -- fusion_middleware | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. | 2013-04-17 | 1.5 | CVE-2013-2393 |
| oracle -- peoplesoft_products | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Portal. | 2013-04-17 | 3.5 | CVE-2013-2401 |
| oracle -- siebel_crm | Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability than CVE-2013-0416. | 2013-04-17 | 3.5 | CVE-2013-2403 |
| oracle -- peoplesoft_enterprise_peopletools | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology. | 2013-04-17 | 3.5 | CVE-2013-2406 |
| oracle -- jdk | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier allows local users to affect confidentiality via vectors related to JAX-WS. | 2013-04-17 | 2.1 | CVE-2013-2415 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality via unknown vectors related to Utility/fdformat. | 2013-04-17 | 2.1 | CVE-2012-0568 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc. | 2013-04-17 | 2.1 | CVE-2012-0570 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility. | 2013-04-17 | 1.9 | CVE-2013-0403 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot. | 2013-04-17 | 3.7 | CVE-2013-0404 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax. | 2013-04-17 | 3.6 | CVE-2013-0412 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration. | 2013-04-17 | 1.7 | CVE-2013-1499 |
| sun -- sunos | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. | 2013-04-17 | 3.8 | CVE-2013-1530 |
| Back to top | ||||
- 자세한 내용 확인하기: US-CERT: Bulletin (SB13-112)
'IT 와 Social 이야기 > Security' 카테고리의 다른 글
| [Secunia] 2012년에는 얼마나 많은 취약점(Security Vulnerabilities)들이 발견 되었나? (0) | 2013.04.30 |
|---|---|
| [US-CERT: Bulletin (SB13-119)] 2013년 4월 29일까지 공개된 보안 취약점 요약 Vulnerability Summary (0) | 2013.04.30 |
| [Symantec] 2013년 1분기 Zero-Day 취약점 (0) | 2013.04.23 |
| NIST SP800-55 수준측정 지표 내역 (0) | 2013.04.22 |
| [US-CERT: Bulletin (SB13-105)] 2013년 4월 8일까지 공개된 보안 취약점 요약 Vulnerability Summary (0) | 2013.04.18 |
