In addition to its RDBMS, Oracle Corporation has released several related suites of tools and applications relating to implementations of Oracle da.

Oracle Critical Patch Update Advisory - January 2013 Description A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory.

Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: for information about Oracle Security Advisories. Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 86 new security fixes across the product families listed below.

This Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at:. Affected Products and Components Security vulnerabilities addressed by this Critical Patch Update affect the products listed in the categories below. The product area of the patches for the listed versions is shown in the Patch Availability column corresponding to the specified Products and Versions column. Please click on the link in the Patch Availability column below or in the to access the documentation for those patches. CVE-2012-3220 Spatial Oracle Net Create Session No 9.0 Network Low Single Complete Complete Complete 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3 See Note 1 Notes: • The CVSS Base Score is 9.0 only for Windows.

For Linux, Unix and other platforms, the CVSS Base Score is 6.5, and the impacts for Confidentiality, Integrity and Availability are Partial+ Oracle Database Mobile/Lite Server Executive Summary This Critical Patch Update contains 5 new security fixes for the Oracle Database Mobile/Lite Server. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found. Oracle Database Mobile/Lite Server Risk Matrix CVE# Component Protocol Package and/or Privilege Required Remote Exploit without Auth.? CVSS VERSION 2.0 RISK (see ) Supported Versions Affected Notes Base Score Access Vector Access Complexity Authen- tication Confiden- tiality Integrity Avail- ability. CVE-2013-0364 Mobile Server HTTP None Yes 7.8 Network Low None Complete None None 10.3.0.3, 11.1.0.0 See Note 1 Notes: • Oracle Database Mobile Server was formerly known as Oracle Database Lite for 10g.

Appendix - Oracle Fusion Middleware Oracle Fusion Middleware Executive Summary This Critical Patch Update contains 7 new security fixes for Oracle Fusion Middleware. 5 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found. Oracle Fusion Middleware products include Oracle Database components that are affected by the vulnerabilities listed in the section. The exposure of Oracle Fusion Middleware products is dependent on the Oracle Database version being used.

Oracle Database security fixes are not listed in the Oracle Fusion Middleware risk matrix. However, since vulnerabilities affecting Oracle Database versions may affect Oracle Fusion Middleware products, Oracle recommends that customers apply the January 2013 Critical Patch Update to the Oracle Database components of Oracle Fusion Middleware products. For information on what patches need to be applied to your environments, refer to Critical Patch Update January 2013 Patch Availability Document for Oracle Products,. Oracle Fusion Middleware Risk Matrix CVE# Component Protocol Sub- component Remote Exploit without Auth.? CVSS VERSION 2. A Cure For Wellness Film Online 1080p. 0 RISK (see ) Supported Versions Affected Notes Base Score Access Vector Access Complexity Authen- tication Confiden- tiality Integrity Avail- ability.

CVE-2013-0418 Oracle Outside In Technology None Outside In Filters No 2.1 Local Low None None None Partial 8.3.7, 8.4 See Note 2 Notes: • Fixed in all supported releases and patchsets. • Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. If the hosting software passes data received over the network to Outside In Technology code, the CVSS score would increase to 6.8.

Appendix - Oracle Enterprise Manager Grid Control Oracle Enterprise Manager Grid Control Executive Summary This Critical Patch Update contains 13 new security fixes for Oracle Enterprise Manager Grid Control. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. None of these fixes are applicable to client-only installations, i.e., installations that do not have Oracle Enterprise Manager Grid Control installed.