Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, and IdP before 2.3.2, allows remote attackers to forge messages and bypass authentication via an "XML Signature wrapping attack."
Max CVSS
5.8
EPSS Score
0.56%
Published
2011-09-02
Updated
2013-10-11
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0093.
Max CVSS
4.3
EPSS Score
0.23%
Published
2012-10-16
Updated
2016-11-22
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0095 and CVE-2012-0108.
Max CVSS
3.5
EPSS Score
0.07%
Published
2012-10-16
Updated
2016-11-22
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0092.
Max CVSS
3.5
EPSS Score
0.07%
Published
2012-10-16
Updated
2016-11-19
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0090.
Max CVSS
3.5
EPSS Score
0.07%
Published
2012-10-16
Updated
2016-11-19
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0071.
Max CVSS
4.3
EPSS Score
0.23%
Published
2012-10-16
Updated
2016-11-22
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0108.
Max CVSS
2.1
EPSS Score
0.07%
Published
2012-10-16
Updated
2016-11-22
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web.
Max CVSS
4.9
EPSS Score
0.07%
Published
2012-10-16
Updated
2013-10-11
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect availability via unknown vectors related to Web.
Max CVSS
4.3
EPSS Score
0.14%
Published
2012-10-16
Updated
2013-10-11
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web, a different vulnerability than CVE-2012-0086 and CVE-2012-0095.
Max CVSS
3.5
EPSS Score
0.07%
Published
2012-10-16
Updated
2016-11-22

CVE-2012-0217

Public exploit
The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and other products; Oracle Solaris 11 and earlier; illumos before r13724; Joyent SmartOS before 20120614T184600Z; FreeBSD before 9.0-RELEASE-p3; NetBSD 6.0 Beta and earlier; Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1; and possibly other operating systems, when running on an Intel processor, incorrectly uses the sysret path in cases where a certain address is not a canonical address, which allows local users to gain privileges via a crafted application. NOTE: because this issue is due to incorrect use of the Intel specification, it should have been split into separate identifiers; however, there was some value in preserving the original mapping of the multi-codebase coordinated-disclosure effort to a single identifier.
Max CVSS
7.2
EPSS Score
0.06%
Published
2012-06-12
Updated
2020-09-28

CVE-2012-0518

Known exploited
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect integrity via unknown vectors related to Redirects, a different vulnerability than CVE-2012-3175.
Max CVSS
4.3
EPSS Score
0.48%
Published
2012-10-16
Updated
2016-11-28
CISA KEV Added
2022-03-28
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier; and JavaFX 2.2 and earlier; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
Max CVSS
10.0
EPSS Score
2.84%
Published
2012-10-16
Updated
2022-05-13
Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.6 allows remote attackers to affect integrity via unknown vectors related to Core.
Max CVSS
4.3
EPSS Score
0.16%
Published
2012-10-16
Updated
2017-08-29
Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.6 and other versions allows remote attackers to affect integrity via unknown vectors related to Installation.
Max CVSS
4.3
EPSS Score
0.23%
Published
2012-10-16
Updated
2016-10-05
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to flashback archive.
Max CVSS
6.5
EPSS Score
1.01%
Published
2012-10-16
Updated
2013-10-11
Unspecified vulnerability in the Oracle Clinical/Remote Data Capture component in Oracle Industry Applications 4.6.0 and 4.6.2 allows remote authenticated users to affect confidentiality, related to HTML Surround.
Max CVSS
4.0
EPSS Score
0.11%
Published
2012-10-16
Updated
2013-10-11
SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors involving CREATE INDEX with a CTXSYS.CONTEXT INDEXTYPE and DBMS_STATS.GATHER_TABLE_STATS.
Max CVSS
6.5
EPSS Score
0.20%
Published
2012-08-10
Updated
2013-10-11
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, which leaks information about the cryptographic hash and makes it easier to conduct brute force password guessing attacks, aka "stealth password cracking vulnerability."
Max CVSS
6.4
EPSS Score
5.47%
Published
2012-09-21
Updated
2016-11-28
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Web interface.
Max CVSS
4.3
EPSS Score
0.14%
Published
2012-10-16
Updated
2013-10-11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!