Tuesday Jan 29, 2013

Multiple vulnerabilities in Wireshark

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-3548 Resource Management Errors vulnerability 4.3 Wireshark
Solaris 11.1 11.1.3.4
CVE-2012-5237 Resource Management Errors vulnerability 3.3
CVE-2012-5238 Denial Of Service(DoS) vulnerability 3.3
CVE-2012-5239 Denial Of Service(DoS) vulnerability 4.3
CVE-2012-5240 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 5.8

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Apache HTTP server

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-0883 Permissions, Privileges, and Access Controls vulnerability 6.9 Apache HTTP server
Solaris 10 SPARC: 120543-30 X86: 120544-30
Solaris 11.1 11.1.3.4
CVE-2012-2687 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 2.6

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Firefox

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-1960 Information Exposure vulnerability 5.0 Firefox
Solaris 10 SPARC: 145080-12 X86: 145081-11
Solaris 11.1 11.1.2.5
CVE-2012-1970 Denial of Service (DoS) vulnerability 10.0
CVE-2012-1971 Denial of Service (DoS) vulnerability 9.3
CVE-2012-1972 Resource Management Errors vulnerability 10.0
CVE-2012-1973 Resource Management Errors vulnerability 10.0
CVE-2012-1974 Resource Management Errors vulnerability 10.0
CVE-2012-1975 Resource Management Errors vulnerability 10.0
CVE-2012-1976 Resource Management Errors vulnerability 10.0
CVE-2012-3956 Resource Management Errors vulnerability 10.0
CVE-2012-3957 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0
CVE-2012-3958 Resource Management Errors vulnerability 10.0
CVE-2012-3959 Resource Management Errors vulnerability 10.0
CVE-2012-3960 Resource Management Errors vulnerability 10.0
CVE-2012-3961 Resource Management Errors vulnerability 10.0
CVE-2012-3962 Arbitrary code execution vulnerability 9.3
CVE-2012-3963 Resource Management Errors vulnerability 10.0
CVE-2012-3964 Resource Management Errors vulnerability 10.0
CVE-2012-3966 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0
CVE-2012-3967 Arbitrary code execution vulnerability 6.8
CVE-2012-3968 Resource Management Errors vulnerability 10.0
CVE-2012-3969 Numeric Errors vulnerability 9.3
CVE-2012-3970 Resource Management Errors vulnerability 10.0
CVE-2012-3972 Information Exposure vulnerability 5.0
CVE-2012-3974 Resource Management Errors vulnerability 6.9
CVE-2012-3976 Denial of Service (DoS) vulnerability 5.8
CVE-2012-3978 Permissions, Privileges, and Access Controls vulnerability 6.8
CVE-2012-3980 Improper Control of Generation of Code ('Code Injection') vulnerability 9.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Thunderbird

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-1948 Denial of service (DoS) vulnerability 9.3 Thunderbird
Solaris 10 SPARC: 145200-12 X86: 145201-12
Solaris 11.1 11.1.2.5
CVE-2012-1950 Address spoofing vulnerability 6.4
CVE-2012-1951 Resource Management Errors vulnerability 10.0
CVE-2012-1952 Resource Management Errors vulnerability 9.3
CVE-2012-1953 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 9.3
CVE-2012-1954 Resource Management Errors vulnerability 10.0
CVE-2012-1955 Address spoofing vulnerability 6.8
CVE-2012-1957 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2012-1958 Resource Management Errors vulnerability 9.3
CVE-2012-1959 Permissions, Privileges, and Access Controls vulnerability 5.0
CVE-2012-1961 Improper Input Validation vulnerability 4.3
CVE-2012-1962 Resource Management Errors vulnerability 10.0
CVE-2012-1963 Permissions, Privileges, and Access Controls vulnerability 4.3
CVE-2012-1964 Clickjacking vulnerability 4.0
CVE-2012-1965 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3
CVE-2012-1966 Permissions, Privileges, and Access Controls vulnerability 4.3
CVE-2012-1967 Arbitrary code execution vulnerability 10.0
CVE-2012-1970 Denial of service (DoS) vulnerability 10.0
CVE-2012-1973 Resource Management Errors vulnerability 10.0
CVE-2012-3966 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 10.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-3955 Denial of Service (DoS) vulnerability in ISC DHCP

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-3955 Denial of Service (DoS) vulnerability 7.1 ISC DHCP
Solaris 11 11/11 SRU 13.4
Solaris 11.1 11.1.1.4

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-5166 Denial of Service vulnerability in ISC BIND

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-5166 Denial of Service vulnerability 7.8 BIND
Solaris 10 SPARC : 119783-25 x86 : 119784-25
Solaris 11 11/11 SRU 13.4
Solaris 11.1 11.1.1.4
Solaris 9 SPARC: 112837-29 X86: 114265-28

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-4244 Denial of Service vulnerability in ISC BIND

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-4244 Denial of Service vulnerability 7.8 BIND
Solaris 10 SPARC : 119783-24 , x86 : 119784-24
Solaris 11 11/11 SRU 12.4
Solaris 11.1 11.1.1.4
Solaris 9 SPARC : 112837-28 , x86 : 114265-27

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Tuesday Jan 22, 2013

Multiple Tomcat vulnerabilities in Oracle Health Sciences Clinical Development Center

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2733 Improper Input Validation vulnerability 5.0 Apache Tomcat
Oracle Health Sciences Clinical Development Center upgrade to Apache Tomcat v6.0.36
CVE-2012-5885 DIGEST authentication implementation issues 5.0
CVE-2012-5886 DIGEST authentication implementation issues 5.0
CVE-2012-5887 DIGEST authentication implementation issues 5.0
CVE-2012-3546 Security constraints bypass vulnerability 4.3
CVE-2012-4431 CSRF prevention filter bypass vulnerability 4.3
CVE-2012-4534 Denial of Service (DoS) vulnerability 2.6

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« January 2013 »
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
23
24
25
26
27
28
30
31
  
       
Today