CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2012

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2012-0544 2012-05-03 2016-11-23
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Software 10.0.0 through 10.5.0 and 11.0.0 through 11.4.0 allows remote authenticated users to affect integrity via unknown vectors related to Core, a different vulnerability than CVE-2012-0571.
252 CVE-2012-0543 2012-05-03 2017-12-07
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 10.1.3.4.1 and 10.1.3.4.2 allows remote attackers to affect integrity via unknown vectors related to Administration.
253 CVE-2012-0542 2012-05-03 2017-12-07
2.6
None Remote High Not required None Partial None
Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Runtime Catalog.
254 CVE-2012-0541 2012-05-03 2013-10-11
3.5
None Remote Medium ??? Partial None None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2, 5.3.0 through 5.3.4, 6.0.1, and 6.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Core-My Services.
255 CVE-2012-0539 2012-05-03 2017-12-07
6.2
None Local High Not required Complete Complete Complete
Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to (1) bsmconv and (2) bsmunconv.
256 CVE-2012-0538 2012-05-03 2017-12-07
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Search.
257 CVE-2012-0537 2012-05-03 2017-12-07
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity, related to HTML pages.
258 CVE-2012-0536 2012-05-03 2017-12-07
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 8.9 through Bundle #26 allows remote authenticated users to affect confidentiality via unknown vectors related to eCompensation.
259 CVE-2012-0535 2012-05-03 2017-12-07
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Change Password Page.
260 CVE-2012-0534 2012-05-03 2013-10-11
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to affect integrity via unknown vectors related to Create Session.
261 CVE-2012-0533 2012-05-03 2017-12-13
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise FCSM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Receivables.
262 CVE-2012-0532 2012-05-03 2017-12-07
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Identity Manager component in Oracle Fusion Middleware 11.1.1.3 and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to User Config Management.
263 CVE-2012-0531 2012-05-03 2017-12-13
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise Portal component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect integrity via unknown vectors related to Enterprise Portal.
264 CVE-2012-0530 2012-05-03 2017-12-13
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.0 and 9.1 allows remote authenticated users to affect integrity via unknown vectors related to eProcurement.
265 CVE-2012-0529 2012-05-03 2017-12-07
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51 allows remote authenticated users to affect integrity via unknown vectors related to core.
266 CVE-2012-0528 2012-05-03 2013-10-11
5.8
None Remote Medium Not required Partial Partial None
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7, and Oracle Enterprise Manager Grid Control, allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security Framework.
267 CVE-2012-0527 2012-05-03 2016-11-28
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5, allows remote attackers to affect integrity via unknown vectors related to Schema Management, a different vulnerability than CVE-2012-0526.
268 CVE-2012-0526 2012-05-03 2016-11-28
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5, allows remote attackers to affect integrity via unknown vectors related to Schema Management, a different vulnerability than CVE-2012-0527.
269 CVE-2012-0525 2012-05-03 2013-10-11
4.9
None Remote Medium ??? Partial Partial None
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3, and Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config Management.
270 CVE-2012-0524 2012-05-03 2017-12-07
3.2
None Local Low ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows local users to affect confidentiality and integrity via unknown vectors related to File Processing.
271 CVE-2012-0523 2012-05-03 2013-10-11
7.2
None Local Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Grid Engine component in Oracle Sun Products Suite 6.1 and 6.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to sgepasswd.
272 CVE-2012-0522 2012-05-03 2017-12-13
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect integrity via unknown vectors related to Java Business Objects.
273 CVE-2012-0521 2012-05-03 2017-12-07
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 Bundle #9 allows remote authenticated users to affect confidentiality via unknown vectors related to Human Resources.
274 CVE-2012-0520 2012-05-03 2013-10-11
4.3
None Remote Medium Not required None Partial None
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, and 11.2.0.2, and in Oracle Enterprise Manager Grid Control 10.2.0.5 and 11.1.0.1, allows remote attackers to affect integrity via unknown vectors related to Security Framework.
275 CVE-2012-0519 2012-05-03 2017-09-09
7.1
None Remote High ??? Complete Complete Complete
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.2.0.2, when running on Windows, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
276 CVE-2012-0517 2012-05-03 2017-12-07
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to eCompensation Manager Desktop.
277 CVE-2012-0516 2012-05-03 2017-12-13
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the Oracle iPlanet Web Server component in Oracle Sun Products Suite 7.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Administration Console.
278 CVE-2012-0515 2012-05-03 2017-12-07
4.0
None Remote Low ??? None Partial None
Unspecified vulnerability in the Identity Manager Connector component in Oracle Fusion Middleware 9.1.0.4 allows remote authenticated users to affect integrity via unknown vectors.
279 CVE-2012-0514 2012-05-03 2017-12-07
4.0
None Remote Low ??? Partial None None
Unspecified vulnerability in the PeopleSoft Enterprise CRM component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality, related to SEC.
280 CVE-2012-0513 2012-05-03 2017-12-07
2.6
None Remote High Not required None Partial None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote attackers to affect integrity, related to REST Services.
281 CVE-2012-0512 2012-05-03 2013-10-11
5.5
None Remote Low ??? Partial Partial None
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Database Server 11.1.0.7 and 11.2.0.2 and Oracle Enterprise Manager Grid Control allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Enterprise Config Management.
282 CVE-2012-0511 2012-05-03 2013-10-11
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the OCI component in Oracle Database Server 10.2.0.3, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality and integrity via unknown vectors.
283 CVE-2012-0510 2012-05-03 2013-10-11
6.4
None Remote Low Not required None Partial Partial
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, and 11.1.0.7 allows remote attackers to affect integrity and availability via unknown vectors.
284 CVE-2012-0509 2012-05-03 2013-10-11
3.5
None Remote Medium ??? None Partial None
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 5.0.2 and 5.3.0 through 5.3.4 allows remote authenticated users to affect integrity via unknown vectors related to Core-Base.
285 CVE-2012-0378 189 DoS 2012-05-03 2012-05-10
7.8
None Remote Low Not required None None Complete
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 8.0 through 8.4 allow remote attackers to cause a denial of service (connection limit exceeded) by triggering a large number of stale connections that result in an incorrect value for an MPF connection count, aka Bug ID CSCtv19854.
286 CVE-2012-0376 DoS 2012-05-03 2012-05-10
5.0
None Remote Low Not required None None Partial
The voice-sipstack component in Cisco Unified Communications Manager (CUCM) 8.5 allows remote attackers to cause a denial of service (core dump) via vectors involving SIP messages that arrive after an upgrade, aka Bug ID CSCtj87367.
287 CVE-2012-0362 264 Bypass 2012-05-02 2012-10-30
4.3
None Remote Medium Not required None Partial None
The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE discards all lines that end with a log or time keyword, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending network traffic, aka Bug ID CSCts01106.
288 CVE-2012-0361 264 DoS 2012-05-02 2012-10-30
5.0
None Remote Low Not required None None Partial
The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 through 8.6 does not limit the rate of SCCP messages to Cisco Unified Communications Manager (CUCM), which allows remote attackers to cause a denial of service via vectors that trigger (1) on hook and (2) off hook messages, as demonstrated by a Plantronics headset, aka Bug ID CSCti40315.
289 CVE-2012-0339 20 2012-05-02 2012-10-30
5.0
None Remote Low Not required None Partial None
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish TELNET connections from arbitrary source IP addresses via a standard TELNET client, aka Bug ID CSCsi77774.
290 CVE-2012-0338 20 2012-05-02 2012-10-30
5.0
None Remote Low Not required None Partial None
Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also keyword during enforcement of access-class commands, which allows remote attackers to establish SSH connections from arbitrary source IP addresses via a standard SSH client, aka Bug ID CSCsv86113.
291 CVE-2012-0337 89 Exec Code Sql 2012-05-02 2012-05-11
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the web component in Cisco Unified MeetingPlace 7.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtx08939.
292 CVE-2012-0335 287 +Info 2012-05-02 2012-11-06
5.0
None Remote Low Not required Partial None None
Cisco Adaptive Security Appliances (ASA) 5500 series devices with software 7.2 through 8.4 do not properly perform proxy authentication during attempts to cut through a firewall, which allows remote attackers to obtain sensitive information via a connection attempt, aka Bug ID CSCtx42746.
293 CVE-2012-0333 287 2012-05-02 2012-10-30
5.0
None Remote Low Not required None Partial None
Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and earlier do not require authentication for Push XML requests, which allows remote attackers to make telephone calls via an XML document, aka Bug ID CSCts08768.
294 CVE-2012-0299 264 Exec Code 2012-05-21 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.
295 CVE-2012-0298 264 2012-05-21 2017-12-05
6.4
None Remote Low Not required Partial None Partial
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to (1) read or (2) delete arbitrary files via unspecified vectors.
296 CVE-2012-0297 264 Exec Code 2012-05-21 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
297 CVE-2012-0296 79 XSS 2012-05-21 2012-05-22
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
298 CVE-2012-0295 94 Exec Code 2012-05-23 2013-01-04
9.3
None Remote Medium Not required Complete Complete Complete
The Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to conduct file-insertion attacks and execute arbitrary code by leveraging exploitation of CVE-2012-0294.
299 CVE-2012-0294 22 Dir. Trav. 2012-05-23 2012-10-30
5.8
None Remote Medium Not required None Partial Partial
Directory traversal vulnerability in the Manager service in the management console in Symantec Endpoint Protection (SEP) 12.1 before 12.1 RU1-MP1 allows remote attackers to delete files via unspecified vectors.
300 CVE-2012-0289 119 DoS Overflow +Priv 2012-05-23 2012-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x through 11.0.710x and Symantec Network Access Control (SNAC) 11.0.600x through 11.0.710x allows local users to gain privileges, and modify data or cause a denial of service, via a crafted script.
Total number of vulnerabilities : 426   Page : 1 2 3 4 5 6 (This Page)7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.