Информационная безопасность
[RU] switch to English


Утечка информации в Mozilla Firefox и Microsoft Internet Explorer
Опубликовано:16 октября 2014 г.
Источник:
SecurityVulns ID:14033
Тип:клиент
Уровень опасности:
5/10
Описание:Возможна утечка содержимого памяти при разборе изображений.
CVE:CVE-2014-1580 (Mozilla Firefox before 33.0 does not properly initialize memory for GIF images, which allows remote attackers to obtain sensitive information from process memory via a crafted web page that triggers a sequence of rendering operations for truncated GIF data within a CANVAS element.)
Оригинальный текстdocumentMichal Zalewski, two browser mem disclosure bugs (CVE-2014-1580 and CVE-something-or-other) (16.10.2014)

Выполнение кода в LPAR2RRD
Опубликовано:16 октября 2014 г.
Источник:
SecurityVulns ID:14034
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:LPAR2RRD : LPAR2RRD 4.53
CVE:CVE-2014-4982
 CVE-2014-4981
Оригинальный текстdocumentDaniele Bianco, [oCERT-2014-005] LPAR2RRD input sanitization errors (16.10.2014)

Брутфорс-атаки против Symantec Endpoint Protection Manager
Опубликовано:16 октября 2014 г.
Источник:
SecurityVulns ID:14035
Тип:удаленная
Уровень опасности:
5/10
Описание:Не лимитировано количество попыток ввода пароля.
Затронутые продукты:SYMANTEC : Endpoint Protection Manager 12.1
Оригинальный текстdocumentaudit1_(at)_a2secure.com, Web Login Bruteforce in Symantec Endpoint Protection Manager 12.1.4023.4080 (16.10.2014)

Уязвимости безопасности в Ansible
Опубликовано:16 октября 2014 г.
Источник:
SecurityVulns ID:14036
Тип:удаленная
Уровень опасности:
5/10
Описание:Повышение привилегий, выполнение кода.
Затронутые продукты:ANSIBLE : Ansible 1.6
CVE:CVE-2014-4967
 CVE-2014-4966
Оригинальный текстdocumentAndrea Barisani, [oCERT-2014-004] Ansible input sanitization errors (16.10.2014)

Уязвимости беопасности в HP Release Control
Опубликовано:16 октября 2014 г.
Источник:
SecurityVulns ID:14037
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка информации, повышение привилегий.
Затронутые продукты:HP : HP Release Control 9.21
CVE:CVE-2014-2613 (Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privileges via unknown vectors.)
 CVE-2014-2612 (Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sensitive information via unknown vectors.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU03061 rev.1 - HP Release Control, Disclosure of Privileged Information and Elevation of Privilege (16.10.2014)

Многочисленные уязвимости безопасности в IBM Algorithmics RICOS
Опубликовано:16 октября 2014 г.
Источник:
SecurityVulns ID:14038
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка инфофрмации, межсайтовый скриптинг, повышение привилегий, несанкционированный доступ, CSRF.
Затронутые продукты:IBM : Algo Credit Limits 4.7
CVE:CVE-2014-0894 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows context-dependent attackers to discover database credentials by reading the DbUser and DbPass fields in an XML document.)
 CVE-2014-0871 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character.)
 CVE-2014-0870 (Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to inject arbitrary web script or HTML via (1) the Message parameter to rcore6/main/showerror.jsp, (2) the ButtonsetClass parameter to rcore6/main/buttonset.jsp, (3) the MBName parameter to rcore6/frameset.jsp, (4) the Init parameter to algopds/rcore6/main/browse.jsp, or the (5) Name, (6) StoreName, or (7) STYLESHEET parameter to algopds/rcore6/main/ibrowseheader.jsp.)
 CVE-2014-0869 (The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics does not require a key, which makes it easier for remote attackers to obtain cleartext passwords by sniffing the network and then providing a string argument to this function.)
 CVE-2014-0868 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via a crafted XML document, as demonstrated by manipulation of read-only limit data.)
 CVE-2014-0867 (rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to create or modify cookies via the query string.)
 CVE-2014-0866 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics sends cleartext credentials over HTTP, which allows remote attackers to obtain sensitive information by sniffing the network.)
 CVE-2014-0865 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics relies on client-side input validation, which allows remote authenticated users to bypass intended dual-control restrictions and modify data via crafted serialized objects, as demonstrated by limit manipulations.)
 CVE-2014-0864 (Multiple cross-site request forgery (CSRF) vulnerabilities in Executer in RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allow remote attackers to hijack the authentication of arbitrary users for requests that change (1) a deal's currency or (2) a limit via a crafted XML document.)
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140630-0 :: Multiple vulnerabilities in IBM Algorithmics RICOS (16.10.2014)

Инъекция SQL в Kerio Control
Опубликовано:16 октября 2014 г.
Источник:
SecurityVulns ID:14039
Тип:удаленная
Уровень опасности:
5/10
Описание:SQL инъекция в Web интерфейсе.
Затронутые продукты:KERIO : Kerio Control 8.3
CVE:CVE-2014-3857 (Multiple SQL injection vulnerabilities in Kerio Control Statistics in Kerio Control (formerly WinRoute Firewall) before 8.3.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) x_16 or (2) x_17 parameter to print.php.)
Оригинальный текстdocumentinfo_(at)_fereidani.com, Kerio Control <= 8.3.1 Boolean-based blind SQL Injection (16.10.2014)

Обход аутентификации в HP SiteScope
Опубликовано:16 октября 2014 г.
Источник:
SecurityVulns ID:14040
Тип:удаленная
Уровень опасности:
5/10
Затронутые продукты:HP : HP SiteScope 11.24
CVE:CVE-2014-2614 (Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU03059 rev.1 - HP SiteScope, Remote Authentication Bypass (16.10.2014)

Уязвимости безопасности в HP Universal CMDB
Опубликовано:16 октября 2014 г.
Источник:
SecurityVulns ID:14041
Тип:удаленная
Уровень опасности:
5/10
Описание:Утечка информации, выполнение кода.
Затронутые продукты:HP : Universal CMDB 10.10
CVE:CVE-2014-2617 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104.)
 CVE-2014-2616 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2091.)
 CVE-2014-2615 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2083.)
Оригинальный текстdocumentHP, [security bulletin] HPSBMU03064 rev.1 - HP Universal CMDB, Remote Information Disclosure, Execution of Code (16.10.2014)

Закладка в устройствах Techboard/Syac
Опубликовано:16 октября 2014 г.
Источник:
SecurityVulns ID:14042
Тип:удаленная
Уровень опасности:
5/10
Описание:Программная закладка доступна по порту TCP/7339.
Затронутые продукты:TECHBOARD : DigiEye 3G
Оригинальный текстdocumentroberto.paleari_(at)_emaze.net, Backdoor access to Techboard/Syac devices (16.10.2014)

Многочисленные уязвимости безопасности в Schrack MICROCONTROL
Опубликовано:16 октября 2014 г.
Источник:
SecurityVulns ID:14043
Тип:удаленная
Уровень опасности:
5/10
Описание:Многочисленные ошибки в Web-интерфейсе.
Затронутые продукты:SCHRACK : Schrack MICROCONTROL
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140710-2 :: Multiple critical vulnerabilites in Schrack MICROCONTROL emergency light system (16.10.2014)

Утечка информации в WAGO-I/O-SYSTEM WebVisu
Опубликовано:16 октября 2014 г.
Источник:
SecurityVulns ID:14044
Тип:удаленная
Уровень опасности:
5/10
Описание:Возможно получить пароли пользователей.
Оригинальный текстdocumentSEC Consult Vulnerability Lab, SEC Consult SA-20140710-3 :: Design Issue / Password Disclosure in WAGO-I/O-SYSTEM with CODESYS V2.3 WebVisu (16.10.2014)

Cводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)
дополнено с 16 октября 2014 г.
Опубликовано:17 октября 2014 г.
Источник:
SecurityVulns ID:14032
Тип:удаленная
Уровень опасности:
5/10
Описание:Инъекции PHP, инъекции SQL, обратный путь в каталогах, межсайтовый скриптинг, модификация файлов, утечка информации и т.д.
Затронутые продукты:OPENCART : OpenCart 1.5
 APACHE : Syncope 1.1
 DRUPAL : Drupal 7.31
 WORDPRESS : MaxButtons 1.26
 WORDPRESS : WP Google Maps 6.0
 LIVEZILLA : LiveZilla 5.3
 JOOMLA : Kunena 3.0
 WEE : Web Encryption Extension 2.0
 MANAGEENGINE : EVENTLOG ANALYZER 9.0
 DRUPAL : Drupal 7.29
 RUBY : ruby-activerecord 3.2
 ELASTIC : Logstash 1.4
 INVISIONPOWER : IP.Board 3.4
 ALFRESCO : Alfresco Community Edition 4.2
 INFOBLOX : Network Automation 6.8
 JOOMLA : JChatSocial 2.2
 LIMESURVAY : Lime Survey 2.05
CVE:CVE-2014-7182 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in an (1) edit_poly, (2) edit_polyline, or (3) edit_marker action in the wp-google-maps-menu page to wp-admin/admin.php.)
 CVE-2014-7181 (Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page.)
 CVE-2014-4331 (Cross-site scripting (XSS) vulnerability in admin/viewer.php in OctavoCMS allows remote attackers to inject arbitrary web script or HTML via the src parameter.)
 CVE-2014-4326 (Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.)
 CVE-2014-3990
 CVE-2014-3863 (Cross-site scripting (XSS) vulnerability in the JChatSocial component before 2.3 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the filename parameter in a file upload in an active JChat chat window.)
 CVE-2014-3704 (The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys.)
 CVE-2014-3503 (Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.)
 CVE-2014-3483 (SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before 4.1.3 allows remote attackers to execute arbitrary SQL commands by leveraging improper range quoting.)
 CVE-2014-3482 (SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows remote attackers to execute arbitrary SQL commands by leveraging improper bitstring quoting.)
 CVE-2014-3419 (Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors.)
 CVE-2014-3418 (config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.)
 CVE-2014-3149 (Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as downloaded before 20140424, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.)
Оригинальный текстdocumentMustLive, XSS vulnerabilities in Megapolis.Portal Manager (17.10.2014)
 documentStefan Horst, Advisory 01/2014: Drupal7 - pre Auth SQL Injection Vulnerability (17.10.2014)
 documentChristian Schneider, CVE-2014-3149 - Reflected Cross-Site Scripting (XSS) in "Invision Power IP.Board" (16.10.2014)
 documentg-damore_(at)_outlook.com, Lime Survey 2-05+ Multiple Vulnerabilities (16.10.2014)
 documentTeodor Lupan, CVE-2014-3863 - Stored XSS in JChatSocial (16.10.2014)
 documentAPACHE, [SECURITY] CVE-2014-3503 Apache Syncope (16.10.2014)
 documentandreu.antonio_(at)_gmail.com, CVE-2014-4331 OctavoCMS reflected XSS vulnerability (16.10.2014)
 documentnate_(at)_depthsecurity.com, Weak Local Database Credentials in Infoblox Network Automation (16.10.2014)
 documentnate_(at)_depthsecurity.com, OS Command Injection Infoblox Network Automation (16.10.2014)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20140710-0 :: Multiple critical vulnerabilities in Shopizer webshop (16.10.2014)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20140710-1 :: Multiple high risk vulnerabilities in Shopizer webshop (16.10.2014)
 documentEgidio Romano, [KIS-2014-08] OpenCart <= 1.5.6.4 (cart.php) PHP Object Injection Vulnerability (16.10.2014)
 documentresearch_(at)_sec-consult.com., SEC Consult SA-20140716-0 :: Multiple SSRF vulnerabilities in Alfresco Community Edition (16.10.2014)
 documentstormhacker_(at)_hotmail.com, IP.Board 3.4 cross-site scripting in Referer header (16.10.2014)
 documentJordan Sissel, CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs. (16.10.2014)
 documentDEBIAN, [SECURITY] [DSA 2982-1] ruby-activerecord-3.2 security update (16.10.2014)
 documentDEBIAN, [SECURITY] [DSA 2983-1] drupal7 security update (16.10.2014)
 documentAndrea Barisani, [oCERT-2014-004] Ansible input sanitization errors (16.10.2014)
 documentaudit1_(at)_a2secure.com, Cross-site Scripting in EventLog Analyzer 9.0 build #9000 (16.10.2014)
 documentcseye_ut_(at)_yahoo.com, Multiple Vulnerabilities in Parallels® Plesk Sitebuilder (16.10.2014)
 documentjoseph.giron13_(at)_gmail.com, Easy file sharing web server - persist XSS in forum msgs (16.10.2014)
 documentSenderek Web Security, Web Encryption Extension security update (16.10.2014)
 documentvulns_(at)_dionach.com, Kunena Forum Extension for Joomla Multiple SQL Injection Vulnerabilities (16.10.2014)
 documentvulns_(at)_dionach.com, Kunena Forum Extension for Joomla Multiple Reflected Cross-Site Scripting Vulnerabilities (16.10.2014)
 documentsourav.infosec_(at)_gmail.com, LiveZilla 5.3.0.7 Security Issue (16.10.2014)
 documentHigh-Tech Bridge Security Research, Reflected Cross-Site Scripting (XSS) in MaxButtons WordPress Plugin (16.10.2014)
 documentHigh-Tech Bridge Security Research, Multiple Cross-Site Scripting (XSS) in WP Google Maps WordPress Plugin (16.10.2014)

Многочисленные уязвимости безопасности в Oracle / Sun / PeopleSoft / MySQL
дополнено с 16 октября 2014 г.
Опубликовано:3 ноября 2014 г.
Источник:
SecurityVulns ID:14031
Тип:библиотека
Уровень опасности:
9/10
Описание:Ежеквартальное обновление закрывает 138 различных уязвимостей.
Затронутые продукты:ORACLE : Solaris 10
 ORACLE : Oracle E-Business Suite 11i
 ORACLE : Solaris 11
 ORACLE : Oracle 11g
 ORACLE : JD Edwards EnterpriseOne Tools 8.98
 ORACLE : Oracle Application Express 4.2
 ORACLE : WebLogic Server 12.1
 ORACLE : Oracle E-Business Suite 12i
 ORACLE : MySQL 5.6
 ORACLE : Oracle Access Manager 11.1
 ORACLE : Oracle 12c
 ORACLE : Fusion Middleware 11g
 ORACLE : Oracle Identity Manager 11.1
 ORACLE : JDeveloper 12.1
 ORACLE : Primavera P6 Enterprise Project Portfolio Management 8.3
 ORACLE : JavaFX 2.2
 ORACLE : Java SE Embedded 7
 ORACLE : Fusion Middleware 12c
 ORACLE : VirtualBox 4.3
 ORACLE : Fusion Applications 11.1
 ORACLE : Java SE 8
 ORACLE : JRockit 28.3
 ORACLE : Oracle Secure Global Desktop 5.1
 ORACLE : Transportation Management 6.3
 ORACLE : Oracle Adaptive Access Manager 11.1
 ORACLE : Endeca Information Discovery Studio 3.1
 ORACLE : Enterprise Data Quality 9.0
 ORACLE : OpenSSO 3.0
 ORACLE : Application Performance Management 12.1
 ORACLE : Enterprise Manager for Oracle Database 10g
 ORACLE : Enterprise Manager for Oracle Database 11g
 ORACLE : Enterprise Manager for Oracle Database 12c
 ORACLE : Agile PLM 9.3
 ORACLE : PeopleSoft Enterprise HRMS 9.2
 ORACLE : PeopleSoft Enterprise PeopleTools 8.54
 ORACLE : Communications MetaSolv Solution 6.2
 ORACLE : Communications Session Border Controller SCX640m5
 ORACLE : Retail Allocation 13.2
 ORACLE : Retail Clearance Optimization Engine 14.0
 ORACLE : Retail Invoice Matching 14.0
 ORACLE : Retail Markdown Optimization 13.4
 ORACLE : Health Sciences Empirica Inspections 1.0
 ORACLE : Health Sciences Empirica Signal 7.3
 ORACLE : Health Sciences Empirica Study 3.1
 ORACLE : Primavera Contract Management 14.0
 ORACLE : Fujitsu server M10-1
 ORACLE : Fujitsu server M10-4
 ORACLE : Fujitsu server M10-4S
CVE:CVE-2014-6564 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB FULLTEXT SEARCH DML.)
 CVE-2014-6563 (Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6538.)
 CVE-2014-6562 (Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.)
 CVE-2014-6561 (Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Separate Remittance Advice.)
 CVE-2014-6560 (Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6545.)
 CVE-2014-6559 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality via vectors related to C API SSL CERTIFICATE HANDLING.)
 CVE-2014-6558 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Security.)
 CVE-2014-6557 (Unspecified vulnerability in the Application Performance Management component in Oracle Enterprise Manager Grid Control before 12.1.0.6.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to End User Experience Management.)
 CVE-2014-6555 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.)
 CVE-2014-6554 (Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Admin Console.)
 CVE-2014-6553 (Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Admin Console.)
 CVE-2014-6552 (Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors related to Admin Console.)
 CVE-2014-6551 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality via vectors related to CLIENT:MYSQLADMIN.)
 CVE-2014-6550 (Unspecified vulnerability in the Oracle Applications Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to iHelp.)
 CVE-2014-6547 (Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4301, and CVE-2014-4310.)
 CVE-2014-6546 (Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2014-6545 (Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6560.)
 CVE-2014-6544 (Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-4289.)
 CVE-2014-6543 (Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to ITEM (Item & BOM).)
 CVE-2014-6542 (Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, and CVE-2014-6454.)
 CVE-2014-6540 (Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.34, before 4.2.26, and before 4.3.14 allows local users to affect availability via vectors related to Graphics driver (WDDM) for Windows guests.)
 CVE-2014-6539 (Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6472.)
 CVE-2014-6538 (Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295, and CVE-2014-6563.)
 CVE-2014-6537 (Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2014-6536 (Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Security.)
 CVE-2014-6535 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote attackers to affect confidentiality and integrity via vectors related to SECURITY.)
 CVE-2014-6534 (Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect integrity via vectors related to WLS Console.)
 CVE-2014-6533 (Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1 and 6.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Security.)
 CVE-2014-6532 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.)
 CVE-2014-6531 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Libraries.)
 CVE-2014-6530 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to CLIENT:MYSQLDUMP.)
 CVE-2014-6529 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hermon HCA PCIe driver.)
 CVE-2014-6527 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476.)
 CVE-2014-6523 (Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality via vectors related to REST Interface.)
 CVE-2014-6522 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7, 11.1.2.4, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect integrity via vectors related to ADF Faces.)
 CVE-2014-6520 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:DDL.)
 CVE-2014-6519 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Hotspot.)
 CVE-2014-6517 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and Jrockit R27.8.3 and R28.3.3 allows remote attackers to affect confidentiality via vectors related to JAXP.)
 CVE-2014-6516 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows local users to affect confidentiality, integrity, and availability via vectors related to Installation SEC.)
 CVE-2014-6515 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment.)
 CVE-2014-6513 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.)
 CVE-2014-6512 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows remote attackers to affect integrity via unknown vectors related to Libraries.)
 CVE-2014-6511 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality via unknown vectors related to 2D.)
 CVE-2014-6508 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to iSCSI Data Mover (IDM).)
 CVE-2014-6507 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SERVER:DML.)
 CVE-2014-6506 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.)
 CVE-2014-6505 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:MEMORY STORAGE ENGINE.)
 CVE-2014-6504 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, and Java SE Embedded 7u60, allows remote attackers to affect confidentiality via unknown vectors related to Hotspot.)
 CVE-2014-6503 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.)
 CVE-2014-6502 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20, and Java SE Embedded 7u60, allows remote attackers to affect integrity via unknown vectors related to Libraries.)
 CVE-2014-6501 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via vectors related to SSH.)
 CVE-2014-6500 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6491.)
 CVE-2014-6499 (Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to WebLogic Tuxedo Connector.)
 CVE-2014-6498 (Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Security.)
 CVE-2014-6497 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Kernel.)
 CVE-2014-6496 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6494.)
 CVE-2014-6495 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect availability via vectors related to SERVER:SSL:yaSSL.)
 CVE-2014-6494 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, and 5.6.20 and earlier, allows remote attackers to affect availability via vectors related to CLIENT:SSL:yaSSL, a different vulnerability than CVE-2014-6496.)
 CVE-2014-6493 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.)
 CVE-2014-6492 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Firefox, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
 CVE-2014-6491 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.)
 CVE-2014-6490 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB server user component.)
 CVE-2014-6489 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect integrity and availability via vectors related to SERVER:SP.)
 CVE-2014-6488 (Unspecified vulnerability in the Enterprise Manager for Oracle Database component in Oracle Enterprise Manager Grid Control EM Base Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3, 11.2.0.4 EM Plugin for DB: 12.1.0.4, 12.1.0.5, and 12.1.0.6 allows remote authenticated users to affect integrity via unknown vectors related to Content Management.)
 CVE-2014-6487 (Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect integrity via unknown vectors related to End User Self Service.)
 CVE-2014-6486 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect integrity via unknown vectors related to Talent Acquisition Manager - Security.)
 CVE-2014-6485 (Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2014-6484 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to SERVER:DML.)
 CVE-2014-6483 (Unspecified vulnerability in the Application Express component in Oracle Database Server before 4.2.6 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2014-6482 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect integrity via unknown vectors related to Updates Change Assistant.)
 CVE-2014-6479 (Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote authenticated users to affect confidentiality via vectors related to OC4J Configuration.)
 CVE-2014-6478 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote attackers to affect integrity via vectors related to SERVER:SSL:yaSSL.)
 CVE-2014-6476 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527.)
 CVE-2014-6475 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.)
 CVE-2014-6474 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:MEMCACHED.)
 CVE-2014-6473 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Zone Framework.)
 CVE-2014-6472 (Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to LOV, a different vulnerability than CVE-2014-6539.)
 CVE-2014-6471 (Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via vectors related to OAM Diagnostics.)
 CVE-2014-6470 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Archive Utility.)
 CVE-2014-6469 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and eariler and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:OPTIMIZER.)
 CVE-2014-6468 (Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.)
 CVE-2014-6467 (Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6545, and CVE-2014-6560.)
 CVE-2014-6466 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when running on Internet Explorer, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
 CVE-2014-6465 (Unspecified vulnerability in the Oracle Communications Session Border Controller component in Oracle Communications Applications SCX640m5 allows remote authenticated users to affect availability via unknown vectors related to Lawful Intercept.)
 CVE-2014-6464 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:INNODB DML FOREIGN KEYS.)
 CVE-2014-6463 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML.)
 CVE-2014-6462 (Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors related to Admin Console.)
 CVE-2014-6461 (Unspecified vulnerability in the Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Roles & Privileges.)
 CVE-2014-6460 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect confidentiality and integrity via vectors related to QUERY.)
 CVE-2014-6459 (Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2474, and CVE-2014-2476.)
 CVE-2014-6458 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.)
 CVE-2014-6457 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and 8u20; Java SE Embedded 7u60; and JRockit R27.8.3, and R28.3.3 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.)
 CVE-2014-6456 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2014-6455 (Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.)
 CVE-2014-6454 (Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, and CVE-2014-6542.)
 CVE-2014-6453 (Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6467, CVE-2014-6545, and CVE-2014-6560.)
 CVE-2014-6452 (Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6454, and CVE-2014-6542.)
 CVE-2014-4310 (Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4301, and CVE-2014-6547.)
 CVE-2014-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page.)
 CVE-2014-4300 (Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542.)
 CVE-2014-4299 (Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542.)
 CVE-2014-4298 (Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542.)
 CVE-2014-4297 (Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4301, CVE-2014-4310, and CVE-2014-6547.)
 CVE-2014-4296 (Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4297, CVE-2014-4301, CVE-2014-4310, and CVE-2014-6547.)
 CVE-2014-4295 (Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4294, CVE-2014-6538, and CVE-2014-6563.)
 CVE-2014-4294 (Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4295, CVE-2014-6538, and CVE-2014-6563.)
 CVE-2014-4293 (Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4296, CVE-2014-4297, CVE-2014-4301, CVE-2014-4310, and CVE-2014-6547.)
 CVE-2014-4292 (Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4301, CVE-2014-4310, and CVE-2014-6547.)
 CVE-2014-4291 (Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4301, CVE-2014-4310, and CVE-2014-6547.)
 CVE-2014-4290 (Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4301, CVE-2014-4310, and CVE-2014-6547.)
 CVE-2014-4289 (Unspecified vulnerability in the JDBC component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2014-6544.)
 CVE-2014-4288 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.)
 CVE-2014-4287 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:CHARACTER SETS.)
 CVE-2014-4285 (Unspecified vulnerability in the Oracle Applications Technology component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Reports Configuration.)
 CVE-2014-4284 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4280.)
 CVE-2014-4283 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4277.)
 CVE-2014-4282 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.)
 CVE-2014-4281 (Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Portal Integration.)
 CVE-2014-4280 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via vectors related to IPS transfer module, a different vulnerability than CVE-2014-4284.)
 CVE-2014-4278 (Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Oracle Forms.)
 CVE-2014-4277 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality via unknown vectors related to Automated Install Engine, a different vulnerability than CVE-2014-4283.)
 CVE-2014-4276 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Common Internet File System (CIFS).)
 CVE-2014-4275 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to SMB server kernel module.)
 CVE-2014-4274 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to SERVER:MyISAM.)
 CVE-2014-2880 (Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin.)
 CVE-2014-2478 (Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.)
 CVE-2014-2476 (Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2474, and CVE-2014-6459.)
 CVE-2014-2475 (Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv).)
 CVE-2014-2474 (Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2472, CVE-2014-2476, and CVE-2014-6459.)
 CVE-2014-2473 (Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv) and SGD SSL Daemon (ttassl).)
 CVE-2014-2472 (Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.0 and 5.1 allows remote attackers to affect availability via vectors related to SGD Proxy Server (ttaauxserv), a different vulnerability than CVE-2014-2474, CVE-2014-2476, and CVE-2014-6459.)
 CVE-2014-0224 (OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability.)
 CVE-2014-0119 (Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 does not properly constrain the class loader that accesses the XML parser used with an XSLT stylesheet, which allows remote attackers to (1) read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, or (2) read files associated with different web applications on a single Tomcat instance via a crafted web application.)
 CVE-2014-0114 (The ActionForm object in Apache Struts 1.x through 1.3.10 allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via the class parameter, which is passed to the getClass method.)
 CVE-2014-0050 (MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions.)
 CVE-2013-1741 (Integer overflow in Mozilla Network Security Services (NSS) 3.15 before 3.15.3 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large size value.)
 CVE-2012-5615 (MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.)
Оригинальный текстdocumentSecurity Explorations, [SE-2014-01] Missing patches / inaccurate information regarding Oracle Oct CPU (03.11.2014)
 documentSecurity Explorations, [SE-2014-01] Breaking Oracle Database through Java exploits (details) (16.10.2014)
 documentSEC Consult Vulnerability Lab, SEC Consult SA-20141015-0 :: Potential Cross-Site Scripting in ADF Faces (16.10.2014)
Файлы:Oracle Critical Patch Update Advisory - October 2014

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород