Tuesday Sep 24, 2013

Multiple vulnerabilities in Wireshark

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-4920 Buffer Errors vulnerability 5.0 Wireshark
Solaris 11.1 11.1.11.4.0
CVE-2013-4921 Numeric Errors vulnerability 5.0
CVE-2013-4922 Resource Management Errors vulnerability 5.0
CVE-2013-4923 Resource Management Errors vulnerability 5.0
CVE-2013-4924 Input Validation vulnerability 5.0
CVE-2013-4925 Numeric Errors vulnerability 5.0
CVE-2013-4926 Input Validation vulnerability 5.0
CVE-2013-4927 Numeric Errors vulnerability 7.8
CVE-2013-4928 Numeric Errors vulnerability 7.8
CVE-2013-4929 Numeric Errors vulnerability 7.8
CVE-2013-4930 Input Validation vulnerability 5.0
CVE-2013-4931 Resource Management Errors vulnerability 5.0
CVE-2013-4932 Input Validation vulnerability 5.0
CVE-2013-4933 Buffer Errors vulnerability 5.0
CVE-2013-4934 Buffer Errors vulnerability 4.3
CVE-2013-4935 Numeric Errors vulnerability 4.3
CVE-2013-4936 Denial of Service (DoS) vulnerability 5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2013-4073 Cryptographic Issues vulnerability in Ruby

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-4073 Cryptographic Issues vulnerability 6.8 Ruby
Solaris 11.1 11.1.11.4.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in Ruby

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-1005 Permissions, Privileges, and Access Controls vulnerability 5.0 Ruby
Solaris 11.1 11.1.11.4.0
CVE-2012-4481 Permissions, Privileges, and Access Control vulnerability 4.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in ImageMagick

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-0259 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 4.3 ImageMagick
Solaris 11.1 11.1.11.4.0
CVE-2012-0260 Resource Management Errors vulnerability 5.0
CVE-2012-1610 Numeric Errors vulnerability 4.3
CVE-2012-1798 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability 4.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2011-0284 Resource Management Errors vulnerability in kerberos

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-0284 Resource Management Errors vulnerability 7.6 Kerberos
Solaris 11.1 11.1.11.4.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2010-1322 Improper Input Validation vulnerability in kerberos

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2010-1322 Improper Input Validation vulnerability 6.5 Kerberos
Solaris 11.1 11.1.11.4.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities in kerberos

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2010-1323 Design Error vulnerability 2.6 Kerberos
Solaris 11.1 11.1.11.4.0
CVE-2010-1324 Design Error vulnerability 4.3
CVE-2010-4020 Design Error vulnerability 3.5
CVE-2010-4021 Configuration vulnerability 2.1

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-6095 Race Conditions vulnerability in ProFTPD

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-6095 Race Conditions vulnerability 1.2 ProFTPD
Solaris 11.1 11.1.11.4.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2013-2116 Input Validation vulnerability in GnuTLS

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-2116 Input Validation vulnerability 5.0 GnuTLS
Solaris 11.1 11.1.11.4.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2013-1619 Cryptographic Issues vulnerability in GnuTLS

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1619 Cryptographic Issues vulnerability 4.0 GnuTLS
Solaris 10 Patches planned but not yet available
Solaris 11.1 11.1.11.4.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

About

This blog provides security vulnerability fix notifications relevant to third party software components distributed and supported as part of Oracle Products.
Summarized version of this blog is available as a mapping of CVEs and solutions.

Search

Archives
« September 2013 »
SunMonTueWedThuFriSat
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
25
26
27
28
29
30
     
       
Today