| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complex
ity
|
Authen
tication
|
Confiden
tiality
|
Integrity
|
Availa
bility
|
|
1 |
CVE-2012-0814 |
255 |
|
+Info |
2012-01-27 |
2012-02-01 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
The auth_parse_options function in auth-options.c in sshd in OpenSSH before 5.7 provides debug messages containing authorized_keys command options, which allows remote authenticated users to obtain potentially sensitive information by reading these messages, as demonstrated by the shared user account required by Gitolite. NOTE: this can cross privilege boundaries because a user account may intentionally have no shell or filesystem access, and therefore may have no supported way to read an authorized_keys file in its own home directory. |
|
2 |
CVE-2012-0117 |
|
|
|
2012-01-18 |
2012-01-24 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0486, CVE-2012-0487, CVE-2012-0488, CVE-2012-0489, CVE-2012-0491, CVE-2012-0493, and CVE-2012-0495. |
|
3 |
CVE-2012-0114 |
|
|
|
2012-01-18 |
2012-01-19 |
3.0 |
None |
Local |
Medium |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors. |
|
4 |
CVE-2012-0112 |
|
|
|
2012-01-18 |
2012-01-19 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492. |
|
5 |
CVE-2012-0111 |
|
|
|
2012-01-18 |
2012-01-19 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders. |
|
6 |
CVE-2012-0109 |
|
|
|
2012-01-18 |
2012-01-30 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows local users to affect confidentiality and availability, related to TCP/IP. |
|
7 |
CVE-2012-0105 |
|
|
|
2012-01-18 |
2012-01-30 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions. |
|
8 |
CVE-2012-0084 |
|
|
|
2012-01-18 |
2012-01-30 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 7.5.2, 10.1.3.5.1, 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect integrity via unknown vectors related to Content Server. |
|
9 |
CVE-2012-0081 |
|
|
|
2012-01-18 |
2012-01-30 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Administration. |
|
10 |
CVE-2012-0077 |
|
|
|
2012-01-18 |
2012-01-30 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.2.4, 10.0.2, 10.3.3, 10.3.4, and 10.3.5 allows remote authenticated users to affect integrity, related to WLS-Console. |
|
11 |
CVE-2011-5060 |
264 |
|
|
2012-01-13 |
2012-01-30 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The par_mktmpdir function in the PAR module before 1.003 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program, a different vulnerability in a different package than CVE-2011-4114. |
|
12 |
CVE-2011-5030 |
79 |
|
XSS |
2011-12-29 |
2011-12-30 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Meta tags quick module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors, probably related to "names of entity bundles." |
|
13 |
CVE-2011-4830 |
79 |
1
|
XSS |
2011-12-14 |
2011-12-15 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php. |
|
14 |
CVE-2011-4606 |
264 |
|
|
2011-12-14 |
2011-12-15 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 allows local users to overwrite arbitrary files via a symlink attack on .rocksndiamonds/cache/artworkinfo.cache under a user's home directory. |
|
15 |
CVE-2011-4560 |
79 |
|
XSS |
2011-11-28 |
2012-01-03 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Petition Node module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors related to signing a petition. |
|
16 |
CVE-2011-4497 |
200 |
|
+Info |
2011-11-21 |
2011-11-21 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
QIS_wizard.htm on the ASUS RT-N56U router with firmware before 1.0.1.4o allows remote attackers to obtain the administrator password via a flag=detect request. |
|
17 |
CVE-2011-4436 |
79 |
|
XSS |
2011-11-11 |
2011-11-14 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in the administrative web interface on the Dell KACE K2000 System Deployment Appliance allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
18 |
CVE-2011-4434 |
264 |
|
Bypass |
2011-11-11 |
2011-11-15 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags. |
|
19 |
CVE-2011-4346 |
79 |
|
XSS |
2011-12-10 |
2011-12-12 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the web interface in Red Hat Network (RHN) Satellite 5.4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field of the asset tag in a Custom Info page. |
|
20 |
CVE-2011-4339 |
264 |
|
|
2011-12-14 |
2012-01-04 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ipmitool package 1.8.11 in Red Hat Enterprise Linux (RHEL) 6, Debian GNU/Linux, Fedora 16, and other products uses 0666 permissions for its ipmievd.pid PID file, which allows local users to kill arbitrary processes by writing to this file. |
|
21 |
CVE-2011-4160 |
|
|
Bypass |
2011-11-23 |
2011-11-24 |
3.2 |
None |
Local |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in HP Operations Agent 11.00 and Performance Agent 4.73 and 5.0 on AIX, HP-UX, Linux, and Solaris allows local users to bypass intended directory-access restrictions via unknown vectors. |
|
22 |
CVE-2011-4114 |
264 |
|
|
2012-01-13 |
2012-01-17 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The par_mktmpdir function in the PAR::Packer module before 1.012 for Perl creates temporary files in a directory with a predictable name without verifying ownership and permissions of this directory, which allows local users to overwrite files when another user extracts a PAR packed program. NOTE: a similar vulnerability was reported for PAR, but this has been assigned a different CVE identifier. |
|
23 |
CVE-2011-4060 |
59 |
|
|
2011-10-17 |
2011-10-18 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The runtime linker in QNX Neutrino RTOS 6.5.0 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environment variables when a program is spawned from a setuid program, which allows local users to overwrite files via a symlink attack. |
|
24 |
CVE-2011-3978 |
79 |
|
XSS |
2011-10-04 |
2011-10-04 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php in LightNEasy 3.2.4 allow remote authenticated users to inject arbitrary web script or HTML via the (1) commentemail, (2) commentmessage, or (3) commentname parameter in a sendcomment action for the news page. |
|
25 |
CVE-2011-3574 |
|
|
|
2012-01-18 |
2012-01-19 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in Oracle Communications Unified 7.0 allows local users to affect confidentiality and integrity via unknown vectors related to Calendar Server. |
|
26 |
CVE-2011-3571 |
|
|
|
2012-01-18 |
2012-01-19 |
3.6 |
None |
Remote |
High |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) component in Oracle Virtualization 3.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Session. |
|
27 |
CVE-2011-3553 |
|
|
|
2011-10-19 |
2011-11-23 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote authenticated users to affect confidentiality, related to JAXWS. |
|
28 |
CVE-2011-3523 |
|
|
|
2011-10-18 |
2011-10-29 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Console. |
|
29 |
CVE-2011-3519 |
|
|
|
2011-10-18 |
2012-01-13 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services. |
|
30 |
CVE-2011-3511 |
|
|
|
2011-10-18 |
2011-10-19 |
3.6 |
None |
Remote |
High |
Single system |
None |
Partial |
Partial |
|
Unspecified vulnerability in the Database Vault component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2 allows remote authenticated users to affect integrity and availability via unknown vectors related to Privileged Account. |
|
31 |
CVE-2011-3507 |
|
|
|
2011-10-18 |
2012-01-11 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Communications Unified component in Oracle Sun Products Suite 7.0 allows remote authenticated users to affect integrity via unknown vectors related to Messaging Server. |
|
32 |
CVE-2011-3204 |
59 |
|
|
2011-09-06 |
2011-09-22 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
hammerhead.cc in Hammerhead 2.1.4 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/hammer.log (aka the HH_LOG file) or (2) the REPORT_LOG file. |
|
33 |
CVE-2011-3171 |
22 |
|
Dir. Trav. |
2011-11-04 |
2011-11-07 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors. |
|
34 |
CVE-2011-2779 |
264 |
|
|
2011-07-19 |
2011-08-10 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than CVE-2011-0770. |
|
35 |
CVE-2011-2711 |
79 |
|
XSS |
2011-08-02 |
2011-09-06 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the print_fileinfo function in ui-diff.c in cgit 0.9.0.2 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the filename associated with the rename hint. |
|
36 |
CVE-2011-2664 |
|
|
|
2011-07-08 |
2011-09-06 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in Check Point Multi-Domain Management / Provider-1 NGX R65, R70, R71, and R75, and SmartCenter during installation on non-Windows machines, allows local users on the MDS system to overwrite arbitrary files via unknown vectors. |
|
37 |
CVE-2011-2544 |
79 |
1
|
DoS XSS CSRF |
2011-09-23 |
2011-09-27 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the web interface in Cisco TelePresence System MXP Series F9.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via a crafted Call ID, as demonstrated by resultant cross-site request forgery (CSRF) attacks that change passwords or cause a denial of service, aka Bug ID CSCtq46488. |
|
38 |
CVE-2011-2533 |
59 |
|
|
2011-06-22 |
2011-11-21 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
|
The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows local users to overwrite arbitrary files via a symlink attack on an unspecified file in /tmp/. |
|
39 |
CVE-2011-2406 |
79 |
|
XSS |
2011-08-11 |
2011-09-21 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in HP OpenView Performance Insight 5.3, 5.31, 5.4, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
|
40 |
CVE-2011-2372 |
264 |
|
Bypass |
2011-09-28 |
2012-01-18 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before 7.0, and SeaMonkey before 2.4 do not prevent the starting of a download in response to the holding of the Enter key, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site. |
|
41 |
CVE-2011-2322 |
|
|
|
2011-10-18 |
2011-10-19 |
3.6 |
None |
Remote |
High |
Single system |
None |
Partial |
Partial |
|
Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.1.0.7 allows remote authenticated users to affect integrity and availability, related to SYSDBA. |
|
42 |
CVE-2011-2303 |
|
|
|
2011-10-18 |
2012-01-13 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload. |
|
43 |
CVE-2011-2300 |
|
|
|
2011-07-20 |
2012-01-26 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows. |
|
44 |
CVE-2011-2289 |
|
|
|
2011-07-20 |
2011-10-04 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in Oracle Solaris 10 allows local users to affect integrity and availability via unknown vectors related to LiveUpgrade. |
|
45 |
CVE-2011-2282 |
|
|
|
2011-07-20 |
2011-10-04 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50.21 and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors. |
|
46 |
CVE-2011-2274 |
|
|
|
2011-07-20 |
2011-10-04 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49.32, 8.50.21, and 8.51.11 allows remote authenticated users to affect integrity via unknown vectors. |
|
47 |
CVE-2011-2271 |
|
|
|
2012-01-18 |
2012-01-19 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File Upload. |
|
48 |
CVE-2011-2243 |
|
|
|
2011-07-20 |
2011-10-04 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7.3, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect integrity, related to SYSDBA. |
|
49 |
CVE-2011-2237 |
|
|
|
2011-10-18 |
2011-12-23 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
Partial |
None |
|
Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 10.1.3.5.0 and 10.1.3.5.1 allows remote authenticated users to affect integrity, related to WSM Console. |
|
50 |
CVE-2011-2147 |
264 |
|
Bypass |
2011-05-20 |
2011-09-06 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Openswan 2.2.x does not properly restrict permissions for (1) /var/run/starter.pid, related to starter.c in the IPsec starter, and (2) /var/lock/subsys/ipsec, which allows local users to kill arbitrary processes by writing a PID to a file, or possibly bypass disk quotas by writing arbitrary data to a file, as demonstrated by files with 0666 permissions, a different vulnerability than CVE-2011-1784. |
