Design/Logic Flaw

The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client...

CVE-2012-2603

The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client...

DEBIAN-CVE-2012-1012

server/serverstubs.c in the kadmin protocol implementation in MIT Kerberos 5 aka krb5 1.10 before 1.10.1 does not properly restrict access to 1 SETSTRING and 2 GETSTRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global...

Privilege escalation

server/serverstubs.c in the kadmin protocol implementation in MIT Kerberos 5 aka krb5 1.10 before 1.10.1 does not properly restrict access to 1 SETSTRING and 2 GETSTRINGS operations, which might allow remote authenticated administrators to modify or read string attributes by leveraging the global...

Design/Logic Flaw

Use-after-free vulnerability in Dropbear SSH Server 0.52 through 2012.54, when command restriction and public key authentication are enabled, allows remote authenticated users to execute arbitrary code and bypass command restrictions via multiple crafted command requests, related to "channels...

CVE-2012-2655

PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before 9.0.8, and 9.1.x before 9.1.4 allows remote authenticated users to cause a denial of service server crash by adding the 1 SECURITY DEFINER or 2 SET attributes to a procedural language's call handler...

DEBIAN-CVE-2011-4459

Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 does not properly disable groups, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by leveraging a group membership...

CVE-2011-2084

The CVE-2011-2084 entry concerns Best Practical Solutions RT 3.x < 3.8.12 and RT 4.x

PT-2012-3508 · Oracle +1 · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: Oracle MySQL Server versions 5.5.23 and earlier Description: The issue affects availability and can be exploited by remote authenticated users via unknown vectors related to InnoDB. Recommendations: For Oracle MySQL Server versions 5.5.23 and...

Medium: puppet

Issue Overview: Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise PE Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and certain permissions on the puppet master to read arbitrary files via a symlink attack ...

CVE-2012-1697

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition...

CVE-2012-1696

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer...

CVE-2012-1674

The CVE-2012-1674 entry concerns the Siebel Clinical component of Oracle Industry Applications (versions 7.7, 7.8, 8.0.0.x, 8.1.1.x, 8.2.2.x). The vulnerability is described as an unspecified issue that allows remote authenticated users to affect integrity via Web UI, with vectors not disclosed i...

CVE-2012-1696

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer...

CVE-2012-0544

Technical details for CVE-2012-0544 are not publicly provided in the supplied documents. The available sources describe an unspecified vulnerability in Oracle FLEXCUBE with limited impact information. Monitor for updates from Oracle and vulnerability databases.

CVE-2012-0552

CVE-2012-0552 affects the Oracle Spatial component in Oracle Database Server versions (10.2.0.3–11.2.0.3). A root cause described in one connected document is a stack-based buffer overflow that can allow a remote attacker with valid authentication to compromise confidentiality, integrity, and ava...

CVE-2012-0208

Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to qrsh...

CVE-2012-0515

Unspecified vulnerability in the Identity Manager Connector component in Oracle Fusion Middleware 9.1.0.4 allows remote authenticated users to affect integrity via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7 and 11.2.0.2 and Oracle Enterprise Manager Grid Control allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config...

UBUNTU-CVE-2012-0208

Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to qrsh...