This document provides the text form of the CPUJan2013 Advisory Risk Matrices. Please note that the CVE numbers in this document correspond to the same CVE numbers in the CPUJan2013 Advisory
This page contains the following text format Risk Matrices:
This table provides the text form of the Risk Matrix for Oracle Database Server.
CVE Identifier | Description |
---|---|
CVE-2012-3220 | Vulnerability in the Spatial component of Oracle Database Server. This vulnerability requires Create Session privileges for a successful attack. Supported versions that are affected are 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Easily exploitable vulnerability allows successful authenticated network attacks via Oracle Net. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS Base Score is 9.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial+. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Database Mobile/Lite Server.
CVE Identifier | Description |
---|---|
CVE-2013-0361 | Vulnerability in the Mobile Server component of Oracle Database Mobile/Lite Server. Supported versions that are affected are 10.3.0.3 and 11.1.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Oracle Database Mobile Server was formerly known as Oracle Database Lite for 10g. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2013-0362 | Vulnerability in the Mobile Server component of Oracle Database Mobile/Lite Server. Supported versions that are affected are 10.3.0.3 and 11.1.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location. Note: Oracle Database Mobile Server was formerly known as Oracle Database Lite for 10g. CVSS Base Score 7.8 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N). (legend) [Advisory] |
CVE-2013-0363 | Vulnerability in the Mobile Server component of Oracle Database Mobile/Lite Server. Supported versions that are affected are 10.3.0.3 and 11.1.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location. Note: Oracle Database Mobile Server was formerly known as Oracle Database Lite for 10g. CVSS Base Score 7.8 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N). (legend) [Advisory] |
CVE-2013-0364 | Vulnerability in the Mobile Server component of Oracle Database Mobile/Lite Server. Supported versions that are affected are 10.3.0.3 and 11.1.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to any arbitrary Operating System location. Note: Oracle Database Mobile Server was formerly known as Oracle Database Lite for 10g. CVSS Base Score 7.8 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N). (legend) [Advisory] |
CVE-2013-0366 | Vulnerability in the Mobile Server component of Oracle Database Mobile/Lite Server. Supported versions that are affected are 10.3.0.3 and 11.1.0.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: Oracle Database Mobile Server was formerly known as Oracle Database Lite for 10g. CVSS Base Score 10.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:C). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.
CVE Identifier | Description |
---|---|
CVE-2011-5035 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Container). Supported versions that are affected are 9.2.4, 10.0.2, 10.3.5, 10.3.6 and 12.1.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-0022 | Vulnerability in the Oracle GoldenGate Veridata component of Oracle Fusion Middleware (subcomponent: Server). The supported version that is affected is 3.0.0.11.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate Veridata. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1677 | Vulnerability in the Oracle Application Server Single Sign-On component of Oracle Fusion Middleware (subcomponent: None). For supported versions that are affected see note. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Application Server Single Sign-On accessible data. Note: Fixed in all supported releases and patchsets. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-5097 | Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: OAM Webgate). Supported versions that are affected are 10.1.4.3.0, 11.1.1.5.0 and 11.1.2.0.0. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Access Manager accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0393 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.7 and 8.4. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2013-0418 | Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters). Supported versions that are affected are 8.3.7 and 8.4. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. Note: Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Enterprise Manager Grid Control.
CVE Identifier | Description |
---|---|
CVE-2012-3219 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Storage Management). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1; EM DB Control: 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3; EM Plugin for DB: 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-5062 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: User Interface Framework). Supported versions that are affected are EM Base Platform: 10.2.0.5; EM DB Control: 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2 and 11.2.0.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0352 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Content Management). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1; EM DB Control: 10.2.0.3, 10.2.0.4; 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, EM Plugin for DB: 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0353 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Enterprise Configuration Management). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1; EM DB Control: 11.1.0.7, 11.2.0.2 and 11.2.0.3; EM Plugin for DB 12.1.0.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0354 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Policy Framework). Supported versions that are affected are EM Base Platform 10.2.0.5; EM DB Control: 11.1.0.7, 11.2.0.2 and 11.2.0.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0355 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Distributed/Cross DB Features). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1; EM DB Control: 11.1.0.7, 11.2.0.2 and 11.2.0.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0358 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Resource Manager). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1; EM DB Control: 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3; EM Plugin for DB: 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0359 | Vulnerability in the APM - Application Performance Management component of Oracle Enterprise Manager Grid Control (subcomponent: Business Transaction Management). Supported versions that are affected are 6.5, 11.1 and 12.1.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized takeover of APM - Application Performance Management possibly including arbitrary code execution within the APM - Application Performance Management. CVSS Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P). (legend) [Advisory] |
CVE-2013-0360 | Vulnerability in the APM - Application Performance Management component of Oracle Enterprise Manager Grid Control (subcomponent: Business Transaction Management). Supported versions that are affected are 6.5, 11.1 and 12.1.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all APM - Application Performance Management accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0372 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Distributed/Cross DB Features). Supported versions that are affected are EM Base Platform: 11.1.0.1, 12.1.0.1; EM DB Control: 11.1.0.7, 11.2.0.2 and 11.2.0.3; EM Plugin for DB: 12.1.0.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0373 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Distributed/Cross DB Features). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1; EM DB Control: 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3; EM Plugin for DB: 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0374 | Vulnerability in the Enterprise Manager Base Platform component of Oracle Enterprise Manager Grid Control (subcomponent: Database Cloning). Supported versions that are affected are EM Base Platform: 10.2.0.5, 11.1.0.1; EM DB Control: 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3; EM Plugin for DB: 12.1.0.1 and 12.1.0.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Enterprise Manager Base Platform accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0396 | Vulnerability in the APM - Application Performance Management component of Oracle Enterprise Manager Grid Control (subcomponent: Business Transaction Management). Supported versions that are affected are 6.5, 11.1 and 12.1.0.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all APM - Application Performance Management accessible data. CVSS Base Score 5.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle E-Business Suite.
CVE Identifier | Description |
---|---|
CVE-2012-3190 | Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: UWQ Server Issues). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Universal Work Queue accessible data as well as read access to all Oracle Universal Work Queue accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2012-3218 | Vulnerability in the Human Resources component of Oracle E-Business Suite (subcomponent: Security Groups). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Human Resources accessible data as well as read access to a subset of Human Resources accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2013-0376 | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0377 | Vulnerability in the Oracle Applications Technology Stack component of Oracle E-Business Suite (subcomponent: Client System Analyzer). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Technology Stack accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0380 | Vulnerability in the Oracle Payroll component of Oracle E-Business Suite (subcomponent: View Payslip). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Payroll accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0381 | Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: Application Framework). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle CRM Technical Foundation accessible data as well as read access to all Oracle CRM Technical Foundation accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2013-0382 | Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: Campaign Management). Supported versions that are affected are 11.5.10.2, 12.0.6, 12.1.1, 12.1.2 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all Oracle Marketing accessible data as well as read access to all Oracle Marketing accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2013-0390 | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Bookmarkable Pages). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data. CVSS Base Score 2.1 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0397 | Vulnerability in the Oracle Applications Framework component of Oracle E-Business Suite (subcomponent: Diagnostics). Supported versions that are affected are 11.5.10.2, 12.0.6 and 12.1.3. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Oracle Applications Framework accessible data as well as read access to a subset of Oracle Applications Framework accessible data. CVSS Base Score 6.4 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Supply Chain Products Suite.
CVE Identifier | Description |
---|---|
CVE-2013-0370 | Vulnerability in the Oracle Agile PLM Framework component of Oracle Supply Chain Products Suite (subcomponent: Security). The supported version that is affected is 9.3.1.1. Very difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Oracle Agile PLM Framework accessible data. CVSS Base Score 2.1 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:H/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle PeopleSoft Products.
CVE Identifier | Description |
---|---|
CVE-2012-1755 | Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleBooks - PSOL). The supported version that is affected is 8.51. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-3192 | Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: RTE - Rich Text Editor). Supported versions that are affected are 8.51 and 8.52. Difficult to exploit vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data. CVSS Base Score 3.5 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2012-5059 | Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.51 and 8.52. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0356 | Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). Supported versions that are affected are 8.51 and 8.52. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0357 | Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology). The supported version that is affected is 8.52. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0369 | Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: Query). Supported versions that are affected are 8.51 and 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data as well as read access to a subset of PeopleSoft PeopleTools accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2013-0387 | Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: PeopleCode). Supported versions that are affected are 8.51 and 8.52. Difficult to exploit vulnerability allows successful network attacks via HTTP, requiring multiple authentications. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data as well as read access to a subset of PeopleSoft PeopleTools accessible data. CVSS Base Score 4.3 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:M/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2013-0388 | Vulnerability in the PeopleSoft HRMS component of Oracle PeopleSoft Products (subcomponent: Mobile Company Directory). The supported version that is affected is 9.1. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft HRMS accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0391 | Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). The supported version that is affected is 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data as well as read access to a subset of PeopleSoft PeopleTools accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2013-0392 | Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: Portal). Supported versions that are affected are 8.51 and 8.52. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0394 | Vulnerability in the PeopleSoft HRMS component of Oracle PeopleSoft Products (subcomponent: Candidate Gateway). Supported versions that are affected are 9.0 and 9.1. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of PeopleSoft HRMS accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2013-0395 | Vulnerability in the PeopleSoft PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.51 and 8.52. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some PeopleSoft PeopleTools accessible data. CVSS Base Score 4.0 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle JD Edwards Products.
CVE Identifier | Description |
---|---|
CVE-2012-1678 | Vulnerability in the JD Edwards EnterpriseOne Tools component of Oracle JD Edwards Products (subcomponent: Enterprise Infrastructure SEC). Supported versions that are affected are 8.98, 9.1 and 24. Difficult to exploit vulnerability allows successful authenticated network attacks via JDENET. Successful attack of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS Base Score 3.5 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Siebel CRM.
CVE Identifier | Description |
---|---|
CVE-2012-1680 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel Apps - Multi-channel Technologies). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2012-1700 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel UI Framework). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2012-1701 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Highly Interactive Web UI). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2012-3168 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel Core - Server Infrastructure). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-3169 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel Core - Server Infrastructure). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP . Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-3170 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel Core - Server Infrastructure). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-3172 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel Apps - Multi-channel Technologies). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Siebel CRM. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2013-0365 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Security). Supported versions that are affected are 8.1.1 and 8.2.2. Easily exploitable vulnerability allows successful authenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized read access to a subset of Siebel CRM accessible data. CVSS Base Score 4.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N). (legend) [Advisory] |
CVE-2013-0378 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel Calendar). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
CVE-2013-0379 | Vulnerability in the Siebel CRM component of Oracle Siebel CRM (subcomponent: Siebel Calendar). Supported versions that are affected are 8.1.1 and 8.2.2. Difficult to exploit vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Siebel CRM accessible data. CVSS Base Score 4.3 (Integrity impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Sun Products Suite.
CVE Identifier | Description |
---|---|
CVE-2012-0569 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Install/smpatch). The supported version that is affected is 10. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data as well as read access to a subset of Solaris accessible data. CVSS Base Score 3.3 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2012-3178 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 2.1 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2013-0399 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Utility/Umount). Supported versions that are affected are 9 and 10. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2013-0400 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Filesystem/Cachefs). Supported versions that are affected are 9 and 10. Difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2013-0407 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Kernel/DTrace Framework). Supported versions that are affected are 10 and 11. Easily exploitable vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 4.6 (Availability impacts). CVSS V2 Vector: (AV:L/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2013-0414 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Utility/ksh93). The supported version that is affected is 11. Difficult to exploit vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to some Solaris accessible data and ability to cause a partial denial of service (partial DOS) of Solaris. CVSS Base Score 3.3 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:M/Au:N/C:N/I:P/A:P). (legend) [Advisory] |
CVE-2013-0415 | Vulnerability in the Solaris component of Oracle Sun Products Suite (subcomponent: Bind/Postinstall script for Bind package). The supported version that is affected is 10. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized Operating System takeover including arbitrary code execution. CVSS Base Score 6.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2013-0417 | Vulnerability in the Sun Storage Common Array Manager (CAM) component of Oracle Sun Products Suite (subcomponent: Fault Management System (FMS)). The supported version that is affected is 6.9.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized read access to a subset of Sun Storage Common Array Manager (CAM) accessible data. CVSS Base Score 5.0 (Confidentiality impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle Virtualization.
CVE Identifier | Description |
---|---|
CVE-2013-0420 | Vulnerability in the VirtualBox component of Oracle Virtualization (subcomponent: Core). Supported versions that are affected are 4.0, 4.1 and 4.2. Very difficult to exploit vulnerability requiring logon to Operating System plus additional login/authentication to component or subcomponent. Successful attack of this vulnerability can escalate attacker privileges resulting in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of VirtualBox as well as update, insert or delete access to some VirtualBox accessible data. CVSS Base Score 2.4 (Integrity and Availability impacts). CVSS V2 Vector: (AV:L/AC:H/Au:S/C:N/I:P/A:P). (legend) [Advisory] |
This table provides the text form of the Risk Matrix for Oracle MySQL.
CVE Identifier | Description |
---|---|
CVE-2012-0572 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-0574 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-0578 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1702 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-1705 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-5060 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: GIS Extension). Supported versions that are affected are 5.1.65 and earlier and 5.5.27 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2012-5096 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.5.28 and earlier. Difficult to exploit vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 3.5 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2012-5611 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Privileges). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS Base Score is 9.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial+. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2012-5612 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Parser). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System takeover including arbitrary code execution. Note: The CVSS Base Score is 9.0 only for Windows. For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial+. CVSS Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:C/I:C/A:C). (legend) [Advisory] |
CVE-2013-0367 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Partition). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2013-0368 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: InnoDB). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2013-0371 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: MyISAM). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS Base Score 4.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2013-0375 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.1.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized update, insert or delete access to all MySQL Server accessible data as well as read access to all MySQL Server accessible data. CVSS Base Score 5.5 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N). (legend) [Advisory] |
CVE-2013-0383 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Locking). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Difficult to exploit vulnerability allows successful unauthenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS Base Score 4.3 (Availability impacts). CVSS V2 Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P). (legend) [Advisory] |
CVE-2013-0384 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Information Schema). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2013-0385 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Replication). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized write access to any arbitrary Operating System location as well as read access to any arbitrary Operating System location. CVSS Base Score 6.6 (Confidentiality and Integrity impacts). CVSS V2 Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:N). (legend) [Advisory] |
CVE-2013-0386 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Stored Procedure). Supported versions that are affected are 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory] |
CVE-2013-0389 | Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Optimizer). Supported versions that are affected are 5.1.66 and earlier and 5.5.28 and earlier. Easily exploitable vulnerability allows successful authenticated network attacks via multiple protocols. Successful attack of this vulnerability can result in unauthorized Operating System hang or frequently repeatable crash (complete DOS). CVSS Base Score 6.8 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:C). (legend) [Advisory] |