Tuesday Sep 25, 2012

Multiple OpenSSL vulnerabilities in Sun SPARC Enterprise M-series XCP Firmware

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2008-5077 Improper Input Validation vulnerability 5.8 OpenSSL in XCP1113 Firmware
Sun SPARC Enterprise M3000 SPARC: 14216085
Sun SPARC Enterprise M4000 SPARC: 14216091
Sun SPARC Enterprise M5000 SPARC: 14216093
Sun SPARC Enterprise M8000 SPARC: 14216096
Sun SPARC Enterprise M9000 SPARC: 14216098
CVE-2008-7270 Cryptographic Issues vulnerability 4.3
CVE-2009-0590 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 5.0
CVE-2009-3245 Improper Input Validation vulnerability 10.0
CVE-2010-4180 Cipher suite downgrade vulnerability 4.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Tuesday Sep 18, 2012

Multiple vulnerabilities in Wireshark

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-4048 Improper Control of Generation of Code ('Code Injection') vulnerability 3.3 Wireshark
Solaris 11 11/11 SRU 11.4
CVE-2012-4049 Improper Control of Generation of Code ('Code Injection') vulnerability 2.9

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Wireshark

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2392 Resource Management Errors vulnerability 3.3 Wireshark
Solaris 11 11/11 SRU 11.4
CVE-2012-2393 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 3.3
CVE-2012-2394 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 3.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2011-2524 Directory traversal vulnerability in libsoup

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-2524 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.0 libsoup
Solaris 11 11/11 SRU 11.4

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-2763 Buffer overflow vulnerability in Gimp

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2763 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 7.5 Gimp
Solaris 11 11/11 SRU 11.4

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Oracle Java Web Console

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2007-5333 Information Exposure vulnerability 5.0 Apache Tomcat
Solaris 10 SPARC: 147673-04 X86: 147674-04
CVE-2007-5342 Permissions, Privileges, and Access Controls vulnerability 6.4
CVE-2007-6286 Request handling vulnerability 4.3
CVE-2008-0002 Information disclosure vulnerability 5.8
CVE-2008-1232 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2008-1947 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2008-2370 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.0
CVE-2008-2938 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 4.3
CVE-2008-5515 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.0
CVE-2009-0033 Improper Input Validation vulnerability 5.0
CVE-2009-0580 Information Exposure vulnerability 4.3
CVE-2009-0781 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2009-0783 Information Exposure vulnerability 4.6
CVE-2009-2693 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 5.8
CVE-2009-2901 Permissions, Privileges, and Access Controls vulnerability 4.3
CVE-2009-2902 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability 4.3
CVE-2009-3548 Credentials Management vulnerability 7.5
CVE-2010-1157 Information Exposure vulnerability 2.6
CVE-2010-2227 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 6.4
CVE-2010-3718 Directory traversal vulnerability 1.2
CVE-2010-4172 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2010-4312 Configuration vulnerability 6.4
CVE-2011-0013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2011-0534 Resource Management Errors vulnerability 5.0
CVE-2011-1184 Permissions, Privileges, and Access Controls vulnerability 5.0
CVE-2011-2204 Information Exposure vulnerability 1.9
CVE-2011-2526 Improper Input Validation vulnerability 4.4
CVE-2011-3190 Permissions, Privileges, and Access Controls vulnerability 7.5
CVE-2011-4858 Resource Management Errors vulnerability 5.0
CVE-2011-5062 Permissions, Privileges, and Access Controls vulnerability 5.0
CVE-2011-5063 Improper Authentication vulnerability 4.3
CVE-2011-5064 Cryptographic Issues vulnerability 4.3
CVE-2012-0022 Numeric Errors vulnerability 5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Oracle Java Web Console

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-0534 Resource Management Errors vulnerability 5.0 Apache Tomcat
Solaris 10 SPARC: 147673-04 X86: 147674-04
CVE-2011-1184 Permissions, Privileges, and Access Controls vulnerability 5.0
CVE-2011-2204 Information Exposure vulnerability 1.9
CVE-2011-2526 Improper Input Validation vulnerability 4.4
CVE-2011-2729 Permissions, Privileges, and Access Controls vulnerability 5.0
CVE-2011-3190 Permissions, Privileges, and Access Controls vulnerability 7.5
CVE-2011-3375 Information Exposure vulnerability 5.0
CVE-2011-4858 Resource Management Errors vulnerability 5.0
CVE-2011-5062 Permissions, Privileges, and Access Controls vulnerability 5.0
CVE-2011-5063 Improper Authentication vulnerability 4.3
CVE-2011-5064 Cryptographic Issues vulnerability 4.3
CVE-2012-0022 Numeric Errors vulnerability 5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Pidgin

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2010-4528 Improper Input Validation vulnerability 4.0 Pidgin
Solaris 10 SPARC: 147992-02 X86: 147993-02
CVE-2011-1091 Denial of service(DOS) vulnerability 4.0
CVE-2011-2943 Denial of service(DOS) vulnerability 4.3
CVE-2011-3184 Resource Management Errors vulnerability 4.3
CVE-2011-3185 Improper Input Validation vulnerability 9.3
CVE-2011-4601 Improper Input Validation vulnerability 5.0
CVE-2011-4602 Improper Input Validation vulnerability 5.0
CVE-2011-4603 Improper Input Validation vulnerability 5.0
CVE-2011-4922 Information Exposure vulnerability 2.1
CVE-2011-4939 Permissions, Privileges, and Access Controls vulnerability 6.4
CVE-2012-1178 Resource Management Errors vulnerability 5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Firefox web browser

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3062 Numeric Errors vulnerability 6.8 Firefox web browser
Solaris 11 11/11 SRU 9.5
Solaris 10 SPARC: 145080-11 X86: 145081-10
CVE-2012-0467 Denial of service (DoS) vulnerability 10.0
CVE-2012-0468 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0
CVE-2012-0469 Resource Management Errors vulnerability 10.0
CVE-2012-0470 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0
CVE-2012-0471 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2012-0473 Numeric Errors vulnerability 5.0
CVE-2012-0474 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2012-0477 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2012-0478 Permissions, Privileges, and Access Controls vulnerability 9.3
CVE-2012-0479 Identity spoofing vulnerability 4.3

This notification describes vulnerabilities fixed in third-party components that are included in Sun's product distribution.
Information about vulnerabilities affecting Oracle Sun products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in International Components for Unicode (ICU)

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-2791 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 7.5 International Components for Unicode (ICU)
Solaris 10 SPARC: 119810-07 X86: 119811-07
Solaris 11 11/11 SRU 11.4
CVE-2011-4599 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 7.5

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« September 2012 »
SunMonTueWedThuFriSat
      
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
19
20
21
22
23
24
26
27
28
29
30
      
Today