Vulnerability-Lookup

CVE-2011-0794 (GCVE-0-2011-0794)

Vulnerability from cvelistv5 – Published: 2011-04-20 03:09 – Updated: 2024-08-06 22:05

Summary

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK. NOTE: the previous information was obtained from the April 2011 CPU. Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats.

Severity

No CVSS data available.

CWE

Assigner

oracle

References

7 references

URL	Tags
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://tools.cisco.com/security/center/content/Ci…	vendor-advisoryx_refsource_CISCO
http://www-01.ibm.com/support/docview.wss?uid=swg…	x_refsource_CONFIRM
http://www.novell.com/support/search.do?cmd=displ…	x_refsource_CONFIRM
http://secunia.com/advisories/44295	third-party-advisoryx_refsource_SECUNIA
http://www.securityfocus.com/bid/47437	vdb-entryx_refsource_BID
http://www.kb.cert.org/vuls/id/520721	third-party-advisoryx_refsource_CERT-VN

Date Public

2011-04-19 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T22:05:53.574Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
          },
          {
            "name": "20111026 Cisco Security Agent Remote Code Execution Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=7009213\u0026sliceId=1\u0026docTypeID=DT_TID_1_1\u0026dialogID=268451045\u0026stateId=0%200%20268449309"
          },
          {
            "name": "44295",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/44295"
          },
          {
            "name": "47437",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/47437"
          },
          {
            "name": "VU#520721",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/520721"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-04-19T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK.  NOTE: the previous information was obtained from the April 2011 CPU.  Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-04-28T18:57:01.000Z",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
        },
        {
          "name": "20111026 Cisco Security Agent Remote Code Execution Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=7009213\u0026sliceId=1\u0026docTypeID=DT_TID_1_1\u0026dialogID=268451045\u0026stateId=0%200%20268449309"
        },
        {
          "name": "44295",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/44295"
        },
        {
          "name": "47437",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/47437"
        },
        {
          "name": "VU#520721",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/520721"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2011-0794",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK.  NOTE: the previous information was obtained from the April 2011 CPU.  Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
            },
            {
              "name": "20111026 Cisco Security Agent Remote Code Execution Vulnerabilities",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa"
            },
            {
              "name": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640",
              "refsource": "CONFIRM",
              "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
            },
            {
              "name": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=7009213\u0026sliceId=1\u0026docTypeID=DT_TID_1_1\u0026dialogID=268451045\u0026stateId=0%200%20268449309",
              "refsource": "CONFIRM",
              "url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=7009213\u0026sliceId=1\u0026docTypeID=DT_TID_1_1\u0026dialogID=268451045\u0026stateId=0%200%20268449309"
            },
            {
              "name": "44295",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/44295"
            },
            {
              "name": "47437",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/47437"
            },
            {
              "name": "VU#520721",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/520721"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2011-0794",
    "datePublished": "2011-04-20T03:09:00.000Z",
    "dateReserved": "2011-02-04T00:00:00.000Z",
    "dateUpdated": "2024-08-06T22:05:53.574Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2011-0794",
      "date": "2026-05-27",
      "epss": "0.0015",
      "percentile": "0.35175"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:fusion_middleware:8.3.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA5EE411-1F96-4BAC-931B-50A214E57D04\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK.  NOTE: the previous information was obtained from the April 2011 CPU.  Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad no especificada en el componente Oracle Outside In Technology en Oracle Fusion Middleware 8.3.5.0 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad, relacionado con File ID SDK. NOTA: la informaci\\u00f3n anterior fue obtenida de la CPU de Abril de 2011. Oracle no ha comentado sobre alegaciones de un tercero confiable que este problema est\\u00e1 en (a) sccut.dll o (b) libsc_ut.so en Outside In 8.3.5.x hasta la versi\\u00f3n 8.3.5.5684, seg\\u00fan se usa cuando se utiliza la funcionalidad de identificaci\\u00f3n de archivo CAB para interpretar archivos OneNote (.onepkg) y otros formatos.\"}]",
      "id": "CVE-2011-0794",
      "lastModified": "2024-11-21T01:24:52.567",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2011-04-20T03:14:05.270",
      "references": "[{\"url\": \"http://secunia.com/advisories/44295\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21660640\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/520721\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=7009213\u0026sliceId=1\u0026docTypeID=DT_TID_1_1\u0026dialogID=268451045\u0026stateId=0%200%20268449309\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html\", \"source\": \"secalert_us@oracle.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/47437\", \"source\": \"secalert_us@oracle.com\"}, {\"url\": \"http://secunia.com/advisories/44295\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www-01.ibm.com/support/docview.wss?uid=swg21660640\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.kb.cert.org/vuls/id/520721\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"US Government Resource\"]}, {\"url\": \"http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=7009213\u0026sliceId=1\u0026docTypeID=DT_TID_1_1\u0026dialogID=268451045\u0026stateId=0%200%20268449309\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/47437\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert_us@oracle.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2011-0794\",\"sourceIdentifier\":\"secalert_us@oracle.com\",\"published\":\"2011-04-20T03:14:05.270\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK.  NOTE: the previous information was obtained from the April 2011 CPU.  Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad no especificada en el componente Oracle Outside In Technology en Oracle Fusion Middleware 8.3.5.0 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad, relacionado con File ID SDK. NOTA: la informaci\u00f3n anterior fue obtenida de la CPU de Abril de 2011. Oracle no ha comentado sobre alegaciones de un tercero confiable que este problema est\u00e1 en (a) sccut.dll o (b) libsc_ut.so en Outside In 8.3.5.x hasta la versi\u00f3n 8.3.5.5684, seg\u00fan se usa cuando se utiliza la funcionalidad de identificaci\u00f3n de archivo CAB para interpretar archivos OneNote (.onepkg) y otros formatos.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:fusion_middleware:8.3.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA5EE411-1F96-4BAC-931B-50A214E57D04\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/44295\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21660640\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/520721\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=7009213\u0026sliceId=1\u0026docTypeID=DT_TID_1_1\u0026dialogID=268451045\u0026stateId=0%200%20268449309\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html\",\"source\":\"secalert_us@oracle.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/47437\",\"source\":\"secalert_us@oracle.com\"},{\"url\":\"http://secunia.com/advisories/44295\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www-01.ibm.com/support/docview.wss?uid=swg21660640\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/520721\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=7009213\u0026sliceId=1\u0026docTypeID=DT_TID_1_1\u0026dialogID=268451045\u0026stateId=0%200%20268449309\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/47437\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2011-AVI-238

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités présentes dans les produits Oracle ont été corrigées.

Description

De multiples vulnérabilités présentes dans les produits Oracle ont été corrigées. Les détails de ces vulnérabilités n'ont pas été divulgués mais l'une d'entre elles à un niveau de criticité maximal dans l'échelle de l'éditeur (10).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0 ;
Oracle	N/A	Oracle Siebel CRM Core, versions 7.8.2, 8.0.0, 8.1.1 ;
Oracle	N/A	Oracle Application Server 10g Release 3, version 10.1.3.5.0 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise Portal, versions 8.8, 8.9, 9.0, 9.1 ;
Oracle	N/A	Oracle Database 11g Release 2, version 11.2.0.2 ;
Oracle	N/A	Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;
Oracle	N/A	Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise HRMS, versions 9.0, 9.1 ;
Oracle	N/A	Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;
Oracle	Weblogic	Oracle WebLogic Server, versions 8.1.6, 9.2.3, 9.2.4, 10.0.2, 11gR1 (10.3.2, 10.3.3, 10.3.4) ;
Oracle	N/A	Oracle E-Business Suite Release 11i, version 11.5.10.2 ;
Oracle	N/A	Oracle JRockit versions, R27.6.8 et antérieures (JDK/JRE 1.4.2, 5, 6), R28.1.1 et antérieures (JDK/JRE 5, 6) ;
Oracle	N/A	Oracle Agile Technology platform, versions 9.3.0.2, 9.3.1 ;
Oracle	N/A	Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;
Oracle	N/A	Oracle Database 10g Release 1, version 10.1.0.5 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise CRM, versions 8.9 ;
Oracle	N/A	Oracle Identity Management 10g, version 10.1.4.0.1, 10.1.4.3 ;
Oracle	N/A	Oracle JD Edwards OneWorld Tools, versions 24.1.x ;
Oracle	N/A	Oracle InForm, versions 4.5, 4.6, 5.0.
Oracle	N/A	Oracle JD Edwards EnterpriseOne Tools, versions 8.98.x ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise ELS, versions 9.0, 9.1 ;
Oracle	N/A	Oracle Database 11g Release 1, version 11.1.0.7 ;
Oracle	N/A	Oracle Outside In Technology, version 8.3.2.0, 8.3.5.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle d'avril 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Siebel CRM Core, versions 7.8.2, 8.0.0, 8.1.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g Release 3, version 10.1.3.5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise Portal, versions 8.8, 8.9, 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 2, version 11.2.0.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise HRMS, versions 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server, versions 8.1.6, 9.2.3, 9.2.4, 10.0.2, 11gR1 (10.3.2, 10.3.3, 10.3.4) ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JRockit versions, R27.6.8 et ant\u00e9rieures (JDK/JRE 1.4.2, 5, 6), R28.1.1 et ant\u00e9rieures (JDK/JRE 5, 6) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Agile Technology platform, versions 9.3.0.2, 9.3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 1, version 10.1.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise CRM, versions 8.9 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Identity Management 10g, version 10.1.4.0.1, 10.1.4.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JD Edwards OneWorld Tools, versions 24.1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle InForm, versions 4.5, 4.6, 5.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JD Edwards EnterpriseOne Tools, versions 8.98.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise ELS, versions 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 1, version 11.1.0.7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Outside In Technology, version 8.3.2.0, 8.3.5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle ont \u00e9t\u00e9\ncorrig\u00e9es. Les d\u00e9tails de ces vuln\u00e9rabilit\u00e9s n\u0027ont pas \u00e9t\u00e9 divulgu\u00e9s\nmais l\u0027une d\u0027entre elles \u00e0 un niveau de criticit\u00e9 maximal dans l\u0027\u00e9chelle\nde l\u0027\u00e9diteur (10).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0810"
    },
    {
      "name": "CVE-2011-0828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0828"
    },
    {
      "name": "CVE-2011-0857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0857"
    },
    {
      "name": "CVE-2011-0859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0859"
    },
    {
      "name": "CVE-2011-0805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0805"
    },
    {
      "name": "CVE-2011-0851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0851"
    },
    {
      "name": "CVE-2011-0824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0824"
    },
    {
      "name": "CVE-2010-4452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4452"
    },
    {
      "name": "CVE-2011-0854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0854"
    },
    {
      "name": "CVE-2011-0819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0819"
    },
    {
      "name": "CVE-2011-0803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0803"
    },
    {
      "name": "CVE-2011-0853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0853"
    },
    {
      "name": "CVE-2011-0861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0861"
    },
    {
      "name": "CVE-2011-0796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0796"
    },
    {
      "name": "CVE-2011-0818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0818"
    },
    {
      "name": "CVE-2011-0826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0826"
    },
    {
      "name": "CVE-2011-0833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0833"
    },
    {
      "name": "CVE-2011-0787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0787"
    },
    {
      "name": "CVE-2011-0804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0804"
    },
    {
      "name": "CVE-2011-0856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0856"
    },
    {
      "name": "CVE-2011-0850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0850"
    },
    {
      "name": "CVE-2011-0855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0855"
    },
    {
      "name": "CVE-2011-0827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0827"
    },
    {
      "name": "CVE-2011-0795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0795"
    },
    {
      "name": "CVE-2011-0834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0834"
    },
    {
      "name": "CVE-2011-0785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0785"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2011-0808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0808"
    },
    {
      "name": "CVE-2011-0843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0843"
    },
    {
      "name": "CVE-2011-0792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0792"
    },
    {
      "name": "CVE-2011-0791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0791"
    },
    {
      "name": "CVE-2011-0836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0836"
    },
    {
      "name": "CVE-2011-0797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0797"
    },
    {
      "name": "CVE-2011-0860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0860"
    },
    {
      "name": "CVE-2011-0809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0809"
    },
    {
      "name": "CVE-2011-0806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0806"
    },
    {
      "name": "CVE-2011-0823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0823"
    },
    {
      "name": "CVE-2011-0798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0798"
    },
    {
      "name": "CVE-2011-0858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0858"
    },
    {
      "name": "CVE-2011-0825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0825"
    },
    {
      "name": "CVE-2011-0840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0840"
    },
    {
      "name": "CVE-2011-0799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0799"
    },
    {
      "name": "CVE-2011-0794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0794"
    },
    {
      "name": "CVE-2011-0837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0837"
    },
    {
      "name": "CVE-2011-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0789"
    },
    {
      "name": "CVE-2011-0793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0793"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-238",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle ont \u00e9t\u00e9\ncorrig\u00e9es.\n",
  "title": "Multiples Vuln\u00e9rabilit\u00e9s dans les produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle d\u0027avril 2011",
      "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2011-301950.html"
    }
  ]
}

CERTA-2011-AVI-492

Vulnerability from certfr_avis - Published: - Updated:

Des vulnérabilités dans Symantec Enterprise Vault permettent l'exécution de code arbitraire ou un déni de service à distance.

Description

Des vulnérabilités ont été découvertes dans le composant Oracle Outside In intégré dans Symantec Enterprise Vault. L'exploitation de ces vulnérabilités, par l'intermédiaire d'un message électronique contenant une pièce jointe malveillante soumis à l'outil d'archivage, permet de réaliser un déni de service ou d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Symantec Enterprise Vault versions 8.0, 9.0 et 10.0.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Symantec SYM11-011 du 01 septembre 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eSymantec Enterprise Vault\u003c/SPAN\u003e versions  8.0, 9.0 et 10.0.\u003c/P\u003e",
  "content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le composant Oracle Outside\nIn int\u00e9gr\u00e9 dans Symantec Enterprise Vault. L\u0027exploitation de ces\nvuln\u00e9rabilit\u00e9s, par l\u0027interm\u00e9diaire d\u0027un message \u00e9lectronique contenant\nune pi\u00e8ce jointe malveillante soumis \u00e0 l\u0027outil d\u0027archivage, permet de\nr\u00e9aliser un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2267"
    },
    {
      "name": "CVE-2011-0808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0808"
    },
    {
      "name": "CVE-2011-2264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2264"
    },
    {
      "name": "CVE-2011-0794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0794"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-492",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eSymantec Enterprise\nVault\u003c/span\u003e permettent l\u0027ex\u00e9cution de code arbitraire ou un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Symantec Enterprise Vault",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Symantec SYM11-011 du 01 septembre 2011",
      "url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026suid=20110901_00"
    }
  ]
}

CERTA-2011-AVI-603

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Cisco Security Agent permettent à une personne distante malintentionnée d'exécuter du code arbitraire.

Description

Deux vulnérabilités dans la bibliothèque tiers Oracle Outside In incluse dans Cisco Security Agent permettent à une personne distante malintentionnée d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco Security Agent versions 6.x pour Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco 20111026-csa du 26 octobre 2011	None	vendor-advisory
Note de vulnérabilité de l'US-CERT VU#520721 du 19 avril 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCisco Security Agent versions 6.x pour Windows.\u003c/P\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s dans la biblioth\u00e8que tiers Oracle Outside In incluse\ndans Cisco Security Agent permettent \u00e0 une personne distante\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0808"
    },
    {
      "name": "CVE-2011-0794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0794"
    }
  ],
  "links": [
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#520721 du 19 avril    2011 :",
      "url": "http://www.kb.cert.org/vuls/id/520721"
    }
  ],
  "reference": "CERTA-2011-AVI-603",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-10-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Cisco Security Agent permettent \u00e0 une\npersonne distante malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Cisco Security Agent",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20111026-csa du 26 octobre 2011",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa"
    }
  ]
}

CERTA-2012-AVI-041

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités permettant d'exécuter du code arbitraire à distance sont présentes dans IBM DB2 Accessories Suite.

Description

Plusieurs vulnérabilités existent dans IBM DB2 Accessories Suite. Elles concernent le module Oracle Outside In Technology, qui ne gère pas correctement certains types de fichiers et permettent à une personne malintentionnée d'exécuter du code arbitraire à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IBM DB2 Accessories Suite 9.7.0.4.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 1578978 du 24 janvier 2012	None	vendor-advisory
Bulletin de sécurité IBM swg21578978 du 24 janvier 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eIBM DB2 Accessories Suite 9.7.0.4.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s existent dans IBM DB2 Accessories Suite. Elles\nconcernent le module Oracle Outside In Technology, qui ne g\u00e8re pas\ncorrectement certains types de fichiers et permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0808"
    },
    {
      "name": "CVE-2011-2264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2264"
    },
    {
      "name": "CVE-2011-0794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0794"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21578978 du 24 janvier 2012 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21578978"
    }
  ],
  "reference": "CERTA-2012-AVI-041",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-01-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance sont pr\u00e9sentes dans \u003cspan class=\"textit\"\u003eIBM DB2 Accessories\nSuite\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans IBM DB2 Accessories Suite",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 1578978 du 24 janvier 2012",
      "url": null
    }
  ]
}

CERTA-2011-AVI-238

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités présentes dans les produits Oracle ont été corrigées.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0 ;
Oracle	N/A	Oracle Siebel CRM Core, versions 7.8.2, 8.0.0, 8.1.1 ;
Oracle	N/A	Oracle Application Server 10g Release 3, version 10.1.3.5.0 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise Portal, versions 8.8, 8.9, 9.0, 9.1 ;
Oracle	N/A	Oracle Database 11g Release 2, version 11.2.0.2 ;
Oracle	N/A	Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;
Oracle	N/A	Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise HRMS, versions 9.0, 9.1 ;
Oracle	N/A	Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;
Oracle	Weblogic	Oracle WebLogic Server, versions 8.1.6, 9.2.3, 9.2.4, 10.0.2, 11gR1 (10.3.2, 10.3.3, 10.3.4) ;
Oracle	N/A	Oracle E-Business Suite Release 11i, version 11.5.10.2 ;
Oracle	N/A	Oracle JRockit versions, R27.6.8 et antérieures (JDK/JRE 1.4.2, 5, 6), R28.1.1 et antérieures (JDK/JRE 5, 6) ;
Oracle	N/A	Oracle Agile Technology platform, versions 9.3.0.2, 9.3.1 ;
Oracle	N/A	Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;
Oracle	N/A	Oracle Database 10g Release 1, version 10.1.0.5 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise CRM, versions 8.9 ;
Oracle	N/A	Oracle Identity Management 10g, version 10.1.4.0.1, 10.1.4.3 ;
Oracle	N/A	Oracle JD Edwards OneWorld Tools, versions 24.1.x ;
Oracle	N/A	Oracle InForm, versions 4.5, 4.6, 5.0.
Oracle	N/A	Oracle JD Edwards EnterpriseOne Tools, versions 8.98.x ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;
Oracle	PeopleSoft	Oracle PeopleSoft Enterprise ELS, versions 9.0, 9.1 ;
Oracle	N/A	Oracle Database 11g Release 1, version 11.1.0.7 ;
Oracle	N/A	Oracle Outside In Technology, version 8.3.2.0, 8.3.5.0 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Oracle d'avril 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Fusion Middleware, 11g Release 1, versions 11.1.1.2.0, 11.1.1.3.0, 11.1.1.4.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Siebel CRM Core, versions 7.8.2, 8.0.0, 8.1.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g Release 3, version 10.1.3.5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise Portal, versions 8.8, 8.9, 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 2, version 11.2.0.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Application Server 10g Release 2, version 10.1.2.3.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 12, versions 12.0.6, 12.1.1, 12.1.2, 12.1.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise HRMS, versions 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 2, versions 10.2.0.3, 10.2.0.4, 10.2.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle WebLogic Server, versions 8.1.6, 9.2.3, 9.2.4, 10.0.2, 11gR1 (10.3.2, 10.3.3, 10.3.4) ;",
      "product": {
        "name": "Weblogic",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-Business Suite Release 11i, version 11.5.10.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JRockit versions, R27.6.8 et ant\u00e9rieures (JDK/JRE 1.4.2, 5, 6), R28.1.1 et ant\u00e9rieures (JDK/JRE 5, 6) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Agile Technology platform, versions 9.3.0.2, 9.3.1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Audit Vault 10g Release 2, version 10.2.3.2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 10g Release 1, version 10.1.0.5 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise CRM, versions 8.9 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Identity Management 10g, version 10.1.4.0.1, 10.1.4.3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JD Edwards OneWorld Tools, versions 24.1.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle InForm, versions 4.5, 4.6, 5.0.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle JD Edwards EnterpriseOne Tools, versions 8.98.x ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise PeopleTools, versions 8.49, 8.50, 8.51 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle PeopleSoft Enterprise ELS, versions 9.0, 9.1 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 11g Release 1, version 11.1.0.7 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Outside In Technology, version 8.3.2.0, 8.3.5.0 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle ont \u00e9t\u00e9\ncorrig\u00e9es. Les d\u00e9tails de ces vuln\u00e9rabilit\u00e9s n\u0027ont pas \u00e9t\u00e9 divulgu\u00e9s\nmais l\u0027une d\u0027entre elles \u00e0 un niveau de criticit\u00e9 maximal dans l\u0027\u00e9chelle\nde l\u0027\u00e9diteur (10).\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0810"
    },
    {
      "name": "CVE-2011-0828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0828"
    },
    {
      "name": "CVE-2011-0857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0857"
    },
    {
      "name": "CVE-2011-0859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0859"
    },
    {
      "name": "CVE-2011-0805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0805"
    },
    {
      "name": "CVE-2011-0851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0851"
    },
    {
      "name": "CVE-2011-0824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0824"
    },
    {
      "name": "CVE-2010-4452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4452"
    },
    {
      "name": "CVE-2011-0854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0854"
    },
    {
      "name": "CVE-2011-0819",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0819"
    },
    {
      "name": "CVE-2011-0803",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0803"
    },
    {
      "name": "CVE-2011-0853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0853"
    },
    {
      "name": "CVE-2011-0861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0861"
    },
    {
      "name": "CVE-2011-0796",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0796"
    },
    {
      "name": "CVE-2011-0818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0818"
    },
    {
      "name": "CVE-2011-0826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0826"
    },
    {
      "name": "CVE-2011-0833",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0833"
    },
    {
      "name": "CVE-2011-0787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0787"
    },
    {
      "name": "CVE-2011-0804",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0804"
    },
    {
      "name": "CVE-2011-0856",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0856"
    },
    {
      "name": "CVE-2011-0850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0850"
    },
    {
      "name": "CVE-2011-0855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0855"
    },
    {
      "name": "CVE-2011-0827",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0827"
    },
    {
      "name": "CVE-2011-0795",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0795"
    },
    {
      "name": "CVE-2011-0834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0834"
    },
    {
      "name": "CVE-2011-0785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0785"
    },
    {
      "name": "CVE-2009-3555",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3555"
    },
    {
      "name": "CVE-2011-0808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0808"
    },
    {
      "name": "CVE-2011-0843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0843"
    },
    {
      "name": "CVE-2011-0792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0792"
    },
    {
      "name": "CVE-2011-0791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0791"
    },
    {
      "name": "CVE-2011-0836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0836"
    },
    {
      "name": "CVE-2011-0797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0797"
    },
    {
      "name": "CVE-2011-0860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0860"
    },
    {
      "name": "CVE-2011-0809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0809"
    },
    {
      "name": "CVE-2011-0806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0806"
    },
    {
      "name": "CVE-2011-0823",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0823"
    },
    {
      "name": "CVE-2011-0798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0798"
    },
    {
      "name": "CVE-2011-0858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0858"
    },
    {
      "name": "CVE-2011-0825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0825"
    },
    {
      "name": "CVE-2011-0840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0840"
    },
    {
      "name": "CVE-2011-0799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0799"
    },
    {
      "name": "CVE-2011-0794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0794"
    },
    {
      "name": "CVE-2011-0837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0837"
    },
    {
      "name": "CVE-2011-0789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0789"
    },
    {
      "name": "CVE-2011-0793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0793"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-238",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-04-20T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s pr\u00e9sentes dans les produits Oracle ont \u00e9t\u00e9\ncorrig\u00e9es.\n",
  "title": "Multiples Vuln\u00e9rabilit\u00e9s dans les produits Oracle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Oracle d\u0027avril 2011",
      "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2011-301950.html"
    }
  ]
}

CERTA-2011-AVI-492

Vulnerability from certfr_avis - Published: - Updated:

Des vulnérabilités dans Symantec Enterprise Vault permettent l'exécution de code arbitraire ou un déni de service à distance.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Symantec Enterprise Vault versions 8.0, 9.0 et 10.0.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Symantec SYM11-011 du 01 septembre 2011

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003e\u003cSPAN class=\"textit\"\u003eSymantec Enterprise Vault\u003c/SPAN\u003e versions  8.0, 9.0 et 10.0.\u003c/P\u003e",
  "content": "## Description\n\nDes vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans le composant Oracle Outside\nIn int\u00e9gr\u00e9 dans Symantec Enterprise Vault. L\u0027exploitation de ces\nvuln\u00e9rabilit\u00e9s, par l\u0027interm\u00e9diaire d\u0027un message \u00e9lectronique contenant\nune pi\u00e8ce jointe malveillante soumis \u00e0 l\u0027outil d\u0027archivage, permet de\nr\u00e9aliser un d\u00e9ni de service ou d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-2267",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2267"
    },
    {
      "name": "CVE-2011-0808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0808"
    },
    {
      "name": "CVE-2011-2264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2264"
    },
    {
      "name": "CVE-2011-0794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0794"
    }
  ],
  "links": [],
  "reference": "CERTA-2011-AVI-492",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-09-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Des vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eSymantec Enterprise\nVault\u003c/span\u003e permettent l\u0027ex\u00e9cution de code arbitraire ou un d\u00e9ni de\nservice \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Symantec Enterprise Vault",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Symantec SYM11-011 du 01 septembre 2011",
      "url": "http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory\u0026pvid=security_advisory\u0026suid=20110901_00"
    }
  ]
}

CERTA-2011-AVI-603

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités dans Cisco Security Agent permettent à une personne distante malintentionnée d'exécuter du code arbitraire.

Description

Deux vulnérabilités dans la bibliothèque tiers Oracle Outside In incluse dans Cisco Security Agent permettent à une personne distante malintentionnée d'exécuter du code arbitraire.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Cisco Security Agent versions 6.x pour Windows.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Cisco 20111026-csa du 26 octobre 2011	None	vendor-advisory
Note de vulnérabilité de l'US-CERT VU#520721 du 19 avril 2011 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eCisco Security Agent versions 6.x pour Windows.\u003c/P\u003e",
  "content": "## Description\n\nDeux vuln\u00e9rabilit\u00e9s dans la biblioth\u00e8que tiers Oracle Outside In incluse\ndans Cisco Security Agent permettent \u00e0 une personne distante\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0808"
    },
    {
      "name": "CVE-2011-0794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0794"
    }
  ],
  "links": [
    {
      "title": "Note de vuln\u00e9rabilit\u00e9 de l\u0027US-CERT VU#520721 du 19 avril    2011 :",
      "url": "http://www.kb.cert.org/vuls/id/520721"
    }
  ],
  "reference": "CERTA-2011-AVI-603",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2011-10-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s dans Cisco Security Agent permettent \u00e0 une\npersonne distante malintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans Cisco Security Agent",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco 20111026-csa du 26 octobre 2011",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa"
    }
  ]
}

CERTA-2012-AVI-041

Vulnerability from certfr_avis - Published: - Updated:

Plusieurs vulnérabilités permettant d'exécuter du code arbitraire à distance sont présentes dans IBM DB2 Accessories Suite.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

IBM DB2 Accessories Suite 9.7.0.4.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 1578978 du 24 janvier 2012	None	vendor-advisory
Bulletin de sécurité IBM swg21578978 du 24 janvier 2012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003eIBM DB2 Accessories Suite 9.7.0.4.\u003c/p\u003e",
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s existent dans IBM DB2 Accessories Suite. Elles\nconcernent le module Oracle Outside In Technology, qui ne g\u00e8re pas\ncorrectement certains types de fichiers et permettent \u00e0 une personne\nmalintentionn\u00e9e d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2011-0808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0808"
    },
    {
      "name": "CVE-2011-2264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2264"
    },
    {
      "name": "CVE-2011-0794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0794"
    }
  ],
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 IBM swg21578978 du 24 janvier 2012 :",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21578978"
    }
  ],
  "reference": "CERTA-2012-AVI-041",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-01-31T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s permettant d\u0027ex\u00e9cuter du code arbitraire \u00e0\ndistance sont pr\u00e9sentes dans \u003cspan class=\"textit\"\u003eIBM DB2 Accessories\nSuite\u003c/span\u003e.\n",
  "title": "Vuln\u00e9rabilit\u00e9s dans IBM DB2 Accessories Suite",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 1578978 du 24 janvier 2012",
      "url": null
    }
  ]
}

FKIE_CVE-2011-0794

Vulnerability from fkie_nvd - Published: 2011-04-20 03:14 - Updated: 2026-04-29 01:13

Severity

Summary

References

URL	Tags
secalert_us@oracle.com	http://secunia.com/advisories/44295	Vendor Advisory
secalert_us@oracle.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa
secalert_us@oracle.com	http://www-01.ibm.com/support/docview.wss?uid=swg21660640
secalert_us@oracle.com	http://www.kb.cert.org/vuls/id/520721	US Government Resource
secalert_us@oracle.com	http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309
secalert_us@oracle.com	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html	Patch, Vendor Advisory
secalert_us@oracle.com	http://www.securityfocus.com/bid/47437
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/44295	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa
af854a3a-2127-422b-91ae-364da2661108	http://www-01.ibm.com/support/docview.wss?uid=swg21660640
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/520721	US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.novell.com/support/search.do?cmd=displayKC&docType=kc&externalId=7009213&sliceId=1&docTypeID=DT_TID_1_1&dialogID=268451045&stateId=0%200%20268449309
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/47437

Impacted products

	Vendor	Product	Version
	oracle	fusion_middleware	8.3.5.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware:8.3.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA5EE411-1F96-4BAC-931B-50A214E57D04",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK.  NOTE: the previous information was obtained from the April 2011 CPU.  Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad no especificada en el componente Oracle Outside In Technology en Oracle Fusion Middleware 8.3.5.0 permite a usuarios locales afectar a la confidencialidad, integridad y disponibilidad, relacionado con File ID SDK. NOTA: la informaci\u00f3n anterior fue obtenida de la CPU de Abril de 2011. Oracle no ha comentado sobre alegaciones de un tercero confiable que este problema est\u00e1 en (a) sccut.dll o (b) libsc_ut.so en Outside In 8.3.5.x hasta la versi\u00f3n 8.3.5.5684, seg\u00fan se usa cuando se utiliza la funcionalidad de identificaci\u00f3n de archivo CAB para interpretar archivos OneNote (.onepkg) y otros formatos."
    }
  ],
  "id": "CVE-2011-0794",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2011-04-20T03:14:05.270",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44295"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/520721"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=7009213\u0026sliceId=1\u0026docTypeID=DT_TID_1_1\u0026dialogID=268451045\u0026stateId=0%200%20268449309"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "url": "http://www.securityfocus.com/bid/47437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/44295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/520721"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=7009213\u0026sliceId=1\u0026docTypeID=DT_TID_1_1\u0026dialogID=268451045\u0026stateId=0%200%20268449309"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/47437"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-8XMP-XR2X-XPVP

Vulnerability from github – Published: 2022-05-17 03:54 – Updated: 2022-05-17 03:54

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2011-0794"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2011-04-20T03:14:00Z",
    "severity": "MODERATE"
  },
  "details": "Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5.0 allows local users to affect confidentiality, integrity, and availability, related to File ID SDK.  NOTE: the previous information was obtained from the April 2011 CPU.  Oracle has not commented on claims from a reliable third party that this issue is in (a) sccut.dll or (b) libsc_ut.so in Outside In 8.3.5.x through 8.3.5.5684, as used when using the CAB file identification functionality to parse OneNote (.onepkg) files and other formats.",
  "id": "GHSA-8xmp-xr2x-xpvp",
  "modified": "2022-05-17T03:54:53Z",
  "published": "2022-05-17T03:54:53Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0794"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/44295"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-csa"
    },
    {
      "type": "WEB",
      "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21660640"
    },
    {
      "type": "WEB",
      "url": "http://www.kb.cert.org/vuls/id/520721"
    },
    {
      "type": "WEB",
      "url": "http://www.novell.com/support/search.do?cmd=displayKC\u0026docType=kc\u0026externalId=7009213\u0026sliceId=1\u0026docTypeID=DT_TID_1_1\u0026dialogID=268451045\u0026stateId=0%200%20268449309"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/47437"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2011-0794 (GCVE-0-2011-0794)

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Description

Solution

Tags

Sightings

Nomenclature