Computer Security
[EN] securityvulns.ru no-pyccku


Oracle / Sun / MySQL / PeopleSoft multiple applications security vulnerabilities
updated since 22.04.2013
Published:04.05.2013
Source:
SecurityVulns ID:13017
Type:library
Threat Level:
9/10
Description:128 vulnerabilities in different application.
Affected:ORACLE : Oracle 10g
 ORACLE : Oracle E-Business Suite 11i
 ORACLE : MySQL 5.1
 ORACLE : Oracle 11g
 ORACLE : Oracle Clinical Remote Data Capture Option 4.6
 ORACLE : Oracle Transportation Management 6.2
 ORACLE : MySQL 5.5
 ORACLE : JRockit 28.2
 ORACLE : Siebel CRM 8.2
 ORACLE : Oracle Application Express 4.2
 ORACLE : Oracle Containers for J2EE 10.1
 ORACLE : COREid Access 10.1
 ORACLE : GoldenGate Veridata 3.0
 ORACLE : Oracle HTTP Server 11.1
 ORACLE : Outside In Technology 8.4
 ORACLE : WebCenter Capture 10.1
 ORACLE : WebCenter Content 11.1
 ORACLE : WebCenter Sites 11.1
 ORACLE : WebLogic Server 12.1
 ORACLE : Oracle Web Services Manager 12.1
 ORACLE : Oracle E-Business Suite 12i
 ORACLE : Agile EDM 6.1
 ORACLE : PeopleSoft HRMS 9.1
 ORACLE : PeopleSoft PeopleTools 8.53
 ORACLE : Oracle Retail Central Office 13.4
 ORACLE : Oracle Retail Integration Bus 13.2
 ORACLE : FLEXCUBE Direct Banking 12.0
 ORACLE : Primavera P6 Enterprise Project Portfolio Management 8.2
 ORACLE : MySQL 5.6
 ORACLE : Oracle Automatic Service Request 4.3
CVE:CVE-2013-2441 (Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to Java Client.)
 CVE-2013-2413 (Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services.)
 CVE-2013-2411 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote attackers to affect integrity via unknown vectors related to Web Access.)
 CVE-2013-2410 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Absence Management.)
 CVE-2013-2409 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect confidentiality via vectors related to PIA Core Technology.)
 CVE-2013-2408 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology and use of Internet Explorer 6.)
 CVE-2013-2406 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology.)
 CVE-2013-2405 (Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 7.0, 8.1, and 8.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Access.)
 CVE-2013-2404 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to Portal.)
 CVE-2013-2403 (Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability than CVE-2013-0416.)
 CVE-2013-2402 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via unknown vectors related to WorkCenter.)
 CVE-2013-2401 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Portal.)
 CVE-2013-2399 (Unspecified vulnerability in the Siebel Call Center component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Email - COMM Server Components.)
 CVE-2013-2398 (Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Open UI Client.)
 CVE-2013-2397 (Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Industry Applications 13.1, 13.2, 13.3, and 13.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Customer Operations (Add, Search).)
 CVE-2013-2396 (Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via vectors related to HTML OAM client.)
 CVE-2013-2395 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-1567.)
 CVE-2013-2393 (Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.)
 CVE-2013-2392 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.)
 CVE-2013-2391 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.)
 CVE-2013-2390 (Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-1504.)
 CVE-2013-2389 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.)
 CVE-2013-2388 (Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect availability via unknown vectors related to Mid Tier File Management.)
 CVE-2013-2387 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE.)
 CVE-2013-2386 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect integrity and availability via vectors related to BASE.)
 CVE-2013-2385 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via vectors related to BASE, a different vulnerability than CVE-2013-1560.)
 CVE-2013-2382 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE.)
 CVE-2013-2381 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Server Privileges.)
 CVE-2013-2380 (Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this might be a duplicate of CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be REJECTed in the future.)
 CVE-2013-2379 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via unknown vectors related to RT.)
 CVE-2013-2378 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.)
 CVE-2013-2377 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via unknown vectors related to My Services.)
 CVE-2013-2376 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Stored Procedure.)
 CVE-2013-2375 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2013-2374 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Rich Text Editor.)
 CVE-2013-1570 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote attackers to affect availability via unknown vectors related to MemCached.)
 CVE-2013-1568 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 5.3.3, 6.0.1, and 6.2.0 allows remote authenticated users to affect availability via unknown vectors related to CB.)
 CVE-2013-1567 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language, a different vulnerability than CVE-2013-2395.)
 CVE-2013-1566 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.)
 CVE-2013-1565 (Unspecified vulnerability in the Oracle GoldenGate Veridata component in Oracle Fusion Middleware 3.0.0.11 allows remote attackers to affect availability via unknown vectors.)
 CVE-2013-1562 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect integrity via vectors related to HELP.)
 CVE-2013-1560 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0 allows remote authenticated users to affect confidentiality via vectors related to BASE, a different vulnerability than CVE-2013-2385.)
 CVE-2013-1559 (Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect availability via unknown vectors related to Content Server.)
 CVE-2013-1556 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to OTH.)
 CVE-2013-1555 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.)
 CVE-2013-1554 (Unspecified vulnerability in the Network Layer component in Oracle Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to affect availability via unknown vectors.)
 CVE-2013-1553 (Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.6.0 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Web Services Security.)
 CVE-2013-1552 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2013-1551 (Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Integration Business Services.)
 CVE-2013-1550 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via unknown vectors related to WorkCenter.)
 CVE-2013-1549 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 5.3.3, 6.0.1, and 12.0.0 allows remote authenticated users to affect integrity via vectors related to BASE.)
 CVE-2013-1548 (Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.)
 CVE-2013-1547 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 12.0.1 allows remote authenticated users to affect integrity via vectors related to BASE.)
 CVE-2013-1546 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 and 5.0.2 through 12.0.1 allows local users to affect confidentiality via vectors related to BASE.)
 CVE-2013-1545 (Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.5.0, and 11.1.1.6.0 allows remote attackers to affect availability via unknown vectors related to Web Listener.)
 CVE-2013-1544 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.)
 CVE-2013-1543 (Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Open UI Client.)
 CVE-2013-1542 (Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Servlet Runtime.)
 CVE-2013-1541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.0.2 through 5.0.5, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality via vectors related to BASE.)
 CVE-2013-1539 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.0.2 through 5.0.5, and 5.3.0 through 5.3.4 allows remote authenticated users to affect confidentiality via vectors related to CTF.)
 CVE-2013-1538 (Unspecified vulnerability in the Network Layer component in Oracle Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to affect availability via unknown vectors.)
 CVE-2013-1536 (Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 5.5.05 and 6.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.)
 CVE-2013-1535 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 4.1.0, 5.1.0, 5.2.0, 5.3.4, and 6.0.1 allows remote attackers to affect confidentiality via vectors related to BASE.)
 CVE-2013-1534 (Unspecified vulnerability in the Workload Manager component in Oracle Database Server 11.2.0.2 and 11.2.0.3, when used in RAC configurations, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2013-1533 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0, 5.1.0, 5.2.0, 5.3.1 through 5.3.3, and 6.0.1 through 12.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE.)
 CVE-2013-1532 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Information Schema.)
 CVE-2013-1531 (Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Privileges.)
 CVE-2013-1530 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.)
 CVE-2013-1529 (Unspecified vulnerability in the Oracle WebCenter Interaction component in Oracle Fusion Middleware 6.5.1 and 10.3.3.0 allows remote attackers to affect integrity via unknown vectors related to Image Service.)
 CVE-2013-1528 (Unspecified vulnerability in the Oracle HRMS component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Payroll.)
 CVE-2013-1527 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Report Distribution.)
 CVE-2013-1526 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Replication.)
 CVE-2013-1525 (Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Industry Applications 13.0, 13.1, and 13.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Retail Integration Bus Manager.)
 CVE-2013-1524 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Attachments.)
 CVE-2013-1523 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Optimizer.)
 CVE-2013-1522 (Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote attackers to affect integrity via unknown vectors related to Content Server.)
 CVE-2013-1521 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.)
 CVE-2013-1520 (Unspecified vulnerability in the Oracle Clinical Remote Data Capture Option component in Oracle Industry Applications 4.6.0 and 4.6.6 allows remote authenticated users to affect confidentiality and integrity via vectors related to HTML Surround.)
 CVE-2013-1519 (Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.1 allows remote attackers to affect integrity via unknown vectors.)
 CVE-2013-1517 (Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Diagnostics.)
 CVE-2013-1516 (Unspecified vulnerability in the Oracle WebCenter Capture component in Oracle Fusion Middleware 10.1.3.5.1 allows remote authenticated users to affect availability via unknown vectors related to Import Server.)
 CVE-2013-1515 (Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to ADMIN Interface.)
 CVE-2013-1514 (Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote authenticated users to affect integrity via vectors related to RMI Support.)
 CVE-2013-1513 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core Technology.)
 CVE-2013-1512 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation Language.)
 CVE-2013-1511 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.)
 CVE-2013-1510 (Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework.)
 CVE-2013-1509 (Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites.)
 CVE-2013-1508 (Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Sun Middleware Products 3.0.1 and 3.1.2 allows remote attackers to affect integrity via vectors related to REST Interface.)
 CVE-2013-1507 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Filesystem.)
 CVE-2013-1506 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.)
 CVE-2013-1505 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 2.8.0 through 3.1.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to BASE.)
 CVE-2013-1504 (Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows remote attackers to affect integrity via unknown vectors related to WebLogic Console, a different vulnerability than CVE-2013-2390.)
 CVE-2013-1503 (Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Content Server.)
 CVE-2013-1502 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to affect availability via unknown vectors related to Server Partition.)
 CVE-2013-1501 (Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Login.)
 CVE-2013-1499 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Network Configuration.)
 CVE-2013-1498 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1496.)
 CVE-2013-1497 (Unspecified vulnerability in the Oracle COREid Access component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to WebGate - WebServer plugin.)
 CVE-2013-1496 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Kernel/IO, a different vulnerability than CVE-2013-1498.)
 CVE-2013-1495 (asr in Oracle Auto Service Request in Oracle Support Tools before 4.3.2 allows local users to modify arbitrary files via a symlink attack on a predictable filename in /tmp.)
 CVE-2013-1494 (Unspecified vulnerability in Oracle Sun Solaris 10, when running on SPARC T4 servers, allows local users to affect availability via unknown vectors related to Kernel.)
 CVE-2013-0416 (Unspecified vulnerability in the Siebel Enterprise Application Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Services, a different vulnerability than CVE-2013-2403.)
 CVE-2013-0413 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Remote Execution Service.)
 CVE-2013-0412 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect integrity and availability via unknown vectors related to Utility/pax.)
 CVE-2013-0411 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via vectors related to RBAC Configuration.)
 CVE-2013-0410 (Unspecified vulnerability in the Agile EDM component in Oracle Supply Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Base Component - Common Objects.)
 CVE-2013-0408 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to CPU performance counters drivers.)
 CVE-2013-0406 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote attackers to affect integrity via unknown vectors via vectors related to Kernel/IPsec.)
 CVE-2013-0405 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows remote attackers to affect confidentiality and integrity via vectors related to NFS client mounts and IPv6.)
 CVE-2013-0404 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/Boot.)
 CVE-2013-0403 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Utility.)
 CVE-2012-5614 (Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.)
 CVE-2012-4303 (Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Content Server.)
 CVE-2012-2751 (ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform other attacks such as cross-site scripting (XSS) attacks. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-5031.)
 CVE-2012-0841 (libxml2 before 2.8.0 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted XML data.)
 CVE-2012-0570 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 allows local users to affect availability via unknown vectors related to Libraries/Libc.)
 CVE-2012-0568 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality via unknown vectors related to Utility/fdformat.)
 CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.)
 CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.)
 CVE-2010-0408 (The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.)
 CVE-2009-2699 (The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows remote attackers to cause a denial of service (daemon hang) via unspecified HTTP requests, related to the prefork and event MPMs.)
 CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache APR-util before 1.3.5 on big-endian platforms allows remote attackers to obtain sensitive information or cause a denial of service (application crash) via crafted input.)
 CVE-2009-1955 (The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.)
 CVE-2009-1890 (The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests.)
 CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.)
 CVE-2009-0023 (The apr_strmatch_precompile function in strmatch/apr_strmatch.c in Apache APR-util before 1.3.5 allows remote attackers to cause a denial of service (daemon crash) via crafted input involving (1) a .htaccess file used with the Apache HTTP Server, (2) the SVNMasterURI directive in the mod_dav_svn module in the Apache HTTP Server, (3) the mod_apreq2 module for the Apache HTTP Server, or (4) an application that uses the libapreq2 library, which triggers a heap-based buffer underflow.)
 CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentially sensitive information.)
Original documentdocumentNCC Group Research, NGS00423 Patch Notification: Oracle Retail Invoice Manager SQL Injection (04.05.2013)
 documentNCC Group Research, NGS00422 Patch Notification: Oracle Retail Integration Bus Manager Directory Traversal (04.05.2013)
 documentNCC Group Research, NGS00416 Patch Notification: Oracle 11g TNS listener remote Invalid Pointer Read (pre-auth) (04.05.2013)
 documentNCC Group Research, NGS00415 Patch Notification: Oracle 11g TNS listener remote Null Pointer Dereference (pre-auth) (04.05.2013)
Files:Oracle Critical Patch Update Advisory - April 2013

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod