Wednesday Dec 12, 2012

Multiple Tomcat vulnerabilities in Oracle Health Sciences LabPas

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2733 Improper Input Validation vulnerability 5.0 Apache Tomcat
Oracle Health Sciences LabPas upgrade to Apache Tomcat v6.0.36
CVE-2012-3439 DIGEST authentication implementation issues 5.0
CVE-2012-3546 Security constraints bypass vulnerability 4.3
CVE-2012-4431 CSRF prevention filter bypass vulnerability 4.3
CVE-2012-4534 Denial of Service (DoS) vulnerability 2.6

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Tuesday Dec 11, 2012

Multiple vulnerabilities in Webmin

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2981 Improper Input Validation vulnerability 6.0 Webmin
Solaris 10 SPARC: 145006-04 X86: 145007-04
CVE-2012-2982 Arbitrary code execution vulnerability 6.5
CVE-2012-2983 Improper Authentication vulnerability 5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2006-4514 Buffer overflow vulnerability in Gnome Structured File library (libgsf)

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2006-4514 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 7.5 Gnome Structured File library (libgsf)
Solaris 10 SPARC: 149108-01 X86: 149109-01

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Monday Dec 10, 2012

Multiple vulnerabilities in Mozilla Firefox

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-2372 Permissions, Privileges, and Access Controls vulnerability 3.5 Firefox web browser
Solaris 10 SPARC: 145080-12 X86: 145081-11
Solaris 11 11/11 SRU 3
CVE-2011-2995 Denial of Service (DoS) vulnerability 10.0
CVE-2011-2997 Denial of Service (DoS) vulnerability 10.0
CVE-2011-3000 Improper Control of Generation of Code ('Code Injection') vulnerability 4.3
CVE-2011-3001 Permissions, Privileges, and Access Controls vulnerability 4.3
CVE-2011-3002 Denial of Service (DoS) vulnerability 9.3
CVE-2011-3003 Denial of Service (DoS) vulnerability 10.0
CVE-2011-3004 Improper Input Validation vulnerability 4.3
CVE-2011-3005 Denial of Service (DoS) vulnerability 9.3
CVE-2011-3232 Improper Control of Generation of Code ('Code Injection') vulnerability 9.3
CVE-2011-3648 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2011-3650 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2011-3651 Denial of Service (DoS) vulnerability 10.0
CVE-2011-3652 Denial of Service (DoS) vulnerability 10.0
CVE-2011-3654 Denial of Service (DoS) vulnerability 10.0
CVE-2011-3655 Improper Control of Generation of Code ('Code Injection') vulnerability 9.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Tuesday Dec 04, 2012

CVE-2012-0882 Buffer Overflow vulnerability in yaSSL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-0882 Buffer overflow vulnerability 7.5 yaSSL
MySQL 5.1 5.1.62
MySQL 5.5 5.5.22

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Categories
Archives
« December 2012 »
SunMonTueWedThuFriSat
      
1
2
3
5
6
7
8
9
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
     
Today