Multiple Cross Site Scripting vulnerabilities in Apache HTTP server

| May 21, 2013
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-3499 Cross-Site Scripting vulnerability 4.3 Apache HTTP server
Solaris 10 contact support
Solaris 11.1 11.1.7.5.0
CVE-2012-4558 Cross-Site Scripting vulnerability 4.3

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product (more...)

CVE-2012-4429 Information Leak / Disclosure in vino

| May 21, 2013
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-4429 Information Exposure vulnerability 5.0 vino
Solaris 11.1 11.1.7.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-4564 Design Error vulnerability in GIMP

| May 21, 2013
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-4564 Design Error vulnerability 6.8 GIMP
Solaris 11.1 11.1.7.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-5195 Heap Buffer Overrun vulnerability in Perl

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-5195 Heap Buffer Overrun vulnerability 5.1 Perl
Solaris 11.1 11.1.7.5.0

Oracle acknowledges with thanks, Ricardo Signes from cpan.org for bringing this issue to our attention.

This notification describes vulnerabilities fixed in third-party components that (more...)

CVE-2012-5667 Heap Buffer Overflow vulnerability in GNU Grep

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-5667 Heap Buffer Overflow vulnerability 4.4 GNU Grep
Solaris 10 Contact Support
Solaris 11.1 11.1.7.5.0
Solaris 9 Contact Support

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information (more...)

CVE-2012-6329 Code Injection vulnerability in Perl 5.8

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-6329 Code Injection vulnerability 7.5 Perl 5.8
Solaris 11.1 11.1.7.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

CVE-2012-6329 Code Injection vulnerability in Perl

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-6329 Code Injection vulnerability 7.5 Perl
Solaris 11.1 11.1.7.5.0

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.

Multiple vulnerabilities fixed in Wireshark 1.8.4

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-6052 Information Exposure vulnerability 5.0 Wireshark
Solaris 11.1 11.1.7.5.0
CVE-2012-6053 Numeric Errors vulnerability 5.0
CVE-2012-6054 Numeric Errors vulnerability 5.0
CVE-2012-6055 Numeric Errors vulnerability 5.0
CVE-2012-6056 Numeric Errors vulnerability 5.0
CVE-2012-6057 Numeric (more...)

CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.16

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1667 Denial of Service (DoS) vulnerability 7.5 Perl 5.16
Solaris 11.1 11.1.7.5.0

Oracle acknowledges with thanks, Ricardo Signes from cpan.org for bringing this issue to our attention.

This notification describes vulnerabilities fixed in (more...)

CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.12

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1667 Denial of Service (DoS) vulnerability 7.5 Perl 5.12
Solaris 11.1 11.1.7.5.0

Oracle acknowledges with thanks, Ricardo Signes from cpan.org for bringing this issue to our attention.

This notification describes vulnerabilities fixed in (more...)

CVE-2013-1667 Denial of Service (DoS) vulnerability in Perl 5.8

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1667 Denial of Service (DoS) vulnerability 7.5 Perl 5.8
Solaris 10 SPARC: 148561-04 X86: 148562-04
Solaris 11.1 11.1.7.5.0

Oracle acknowledges with thanks, Ricardo Signes from cpan.org for bringing this issue to our attention.

(more...)

Multiple vulnerabilities in Samba Web Administration Tool (SWAT)

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-0213 Clickjacking vulnerability 2.9 Samba
Solaris 11.1 Contact Support
Solaris 10 SPARC: 119757-27 X86: 119758-27
CVE-2013-0214 Cross-site request forgery (CSRF) vulnerability 2.9

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information (more...)

Algorithmic complexity vulnerability in Apache Ant

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-2098 Algorithmic complexity vulnerability 5.0 Apache Ant
Solaris 11.1 11.1.3.4
Solaris 10 SPARC: 144994-02 144996-02 X86: 144995-02 144997-02

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities (more...)

Multiple vulnerabilities in Python

| Apr 10, 2013
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-3389 Improper Input Validation vulnerability 4.3 Python
Solaris 10 SPARC: 143506-06 X86: 143507-06
Solaris 11.1 11.1
CVE-2012-0845 Denial of Service (DoS) vulnerability 5.0
CVE-2012-0876 Resource Management Errors vulnerability 4.3
CVE-2012-1150 Denial of Service (DoS) vulnerability 5. (more...)

CVE-2012-3817 Denial of Service (DoS) vulnerability in Bind

| Apr 10, 2013
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2012-3817 Improper Input Validation vulnerability 7.8 Bind
Solaris 10 SPARC: 119783-23 X86: 119784-23
Solaris 11 11/11 SRU 10.5
Solaris 9 SPARC: 112837-28 X86: 114265-27

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
(more...)

CVE-2011-0419 Denial of Service (DoS) vulnerability in Solaris C Library

| Apr 10, 2013
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2011-0419 Denial of Service (DoS) vulnerability 4.3 C Library (libc)
Solaris 10 SPARC: 147713-01 X86: 147714-01
Solaris 9 SPARC: 112874-48 X86: 122301-64

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities (more...)

CVE-2013-0255 Array Index error vulnerability in PostgreSQL

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-0255 Array Index error vulnerability 6.8 PostgreSQL
Solaris 10 SPARC: 138822-12 138826-12 138824-12 X86: 138823-12 138827-12 138825-12

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be (more...)

Multiple vulnerabilities in yaSSL

| Mar 19, 2013
CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2013-1623 Vulnerability allows statistical analysis of timing data of crafted packets 4.3 yaSSL
MySQL 5.1 5.1.69
MySQL 5.5 5.5.31
MySQL 5.6 5.6.11
CVE-2012-4929 Cryptographic vulnerabiility 2.6

Multiple cross-site scripting (XSS) vulnerabilities in JFreeChart

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2007-6306 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability 4.3 JFreeChart
Solaris Cluster 3.2 Contact Support
Solaris Cluster 3.3 SPARC: 150100-01 149432-02 X86: 150101-01 149433-02
CVE-2007-6307 Improper Neutralization of Input During Web Page Generation ('Cross-site (more...)

CVE-2008-4316 Numeric Errors vulnerability in Glib

CVE DescriptionCVSSv2 Base ScoreComponentProduct and Resolution
CVE-2008-4316 Numeric Errors vulnerability 4.6 GLib
Solaris 10 SPARC: 149112-01 X86: 149113-01

This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch (more...)