You are here

Home » Office of the Chief Information Officer » JC3 Medium Impact Assessment Bulletins

JC3 Medium Impact Assessment Bulletins

October 2, 2012
U-272: IBM WebSphere Commerce User Information Disclosure Vulnerability

A vulnerability in WebSphere Commerce could allow disclosure of user personal data.

October 1, 2012
U-271: Google Android Dialer TEL URL Handling Flaw Lets Remote Users Deny Service

A vulnerability was reported in Google Android

September 28, 2012
U-270:Trend Micro Control Manager Input Validation Flaw in Ad Hoc Query Module Lets Remote Users Inject SQL Commands

Trend Micro has been notified of a potential product vulnerability in Control Manager.

September 27, 2012
U-269: Cisco IOS Intrusion Prevention System DNS Processing Bug Lets Remote Users Deny Service

A vulnerability was reported in Cisco IOS.

September 26, 2012
U-268: Oracle Database Authentication Protocol Discloses Session Key Information to Remote Users

A vulnerability was reported in Oracle Database.

September 25, 2012
U-267: RSA® Authentication Agent 7.1 for Microsoft Windows® and RSA® Authentication Client 3.5 Access Control Vulnerability

Multiple RSA Products Authentication Bypass Vulnerability

September 21, 2012
U-265: HP SiteScope Bugs in SiteScope SOAP Feature Let Remote Users Obtain Information and Execute Arbitrary Code

A vulnerability was reported in HP SiteScope.

September 20, 2012
U-264: Apple OS X Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges

Several vulnerabilities were reported in Apple OS X. A remote user can execute arbitrary code on the target system. A remote user can obtain a password hash in certain cases. A local user can obtain elevated privileges on the target system. A local user can obtain password keystrokes.

September 19, 2012
U-263: Trend Micro InterScan Messaging Security Flaws Permit Cross-Site Scripting and Cross-Site Request Forgery Attacks

A vulnerability was reported in Trend Micro InterScan Messaging Security.

September 17, 2012
U-261: Novell GroupWise Internet Agent "Content-Length" Integer Overflow Vulnerability

A vulnerability was reported in Novell GroupWise Internet Agent