Tuesday Apr 01, 2014

Multiple vulnerabilities in Lighthttpd

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2010-0295 Resource Management Errors vulnerability 5.0 Lighthttpd
Solaris 11.1 11.1.17.5.0
CVE-2013-1427 Design Error vulnerability 1.9

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2013-1849 Denial of Service(DoS) vulnerability in Apache Subversion

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1849 Denial of Service(DoS) vulnerability 4.3 Apache Subversion
Solaris 11.1 11.1.17.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2013-4505 Permissions, Privileges and Access Control vulnerability in Apache Subversion

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-4505 Permissions, Privileges and Access Control vulnerability 2.6 Apache Subversion
Solaris 11.1 11.1.17.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2013-4365 Buffer Errors vulnerability in Apache

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-4365 Buffer Errors vulnerability 5.0 Apache HTTP Server
Solaris 11.1 11.1.17.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2013-2236 Buffer Errors vulnerability in Quagga

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-2236 Buffer Errors vulnerability 2.6 Quagga
Solaris 10 Patches planned but not yet available
Solaris 11.1 11.1.17.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2013-4396 Use-after-free vulnerability in X.Org

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-4396 Use-after-free vulnerability 6.5 X.Org
Solaris 10 Patches planned but not yet available
Solaris 11.1 11.1.17.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2014-1912 Buffer Errors vulnerability in Python

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2014-1912 Buffer Errors vulnerability 7.5 Python
Solaris 10 Patches planned but not yet available
Solaris 11.1 11.1.17.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2007-6750 Resource Management Errors vulnerability in Apache

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2007-6750 Resource Management Errors vulnerability 5.0 Apache HTTP Server
Solaris 10 SPARC: 122911-33 X86: 122912-33
Solaris 9 SPARC: 113146-17 X86: 114145-16

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Tomcat

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-3544 Input Validation vulnerability 5.0 Tomcat
Solaris 11.1 11.1.11.4.0
Solaris 10 SPARC: 122911-33 X86: 122912-33
Solaris 9 SPARC: 114016-14 X86: 114017-13
CVE-2013-2067 Authentication Issues vulnerability 6.8

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Apache Tomcat

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2733 Improper Input Validation vulnerability 5.0 Apache Tomcat
Solaris 10 SPARC: 122911-31 X86: 122912-31
Solaris 11.1 11.1.4.5
Solaris 9 SPARC: 114016-14 X86: 114017-13
CVE-2012-3546 Security constraints bypass vulnerability 4.3
CVE-2012-4431 CSRF prevention filter bypass vulnerability 4.3
CVE-2012-4534 Denial of Service (DoS) vulnerability 2.6
CVE-2012-5885 Permissions, Privileges, and Access Controls vulnerability 5.0
CVE-2012-5886 Improper Authentication vulnerability 5.0
CVE-2012-5887 Improper Authentication vulnerability 5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
2
3
4
5
6
7
8
9
10
11
12
13
14
16
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today