Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-01-21 | CVE-2014-6548 | Local Security vulnerability in Oracle Fusion Middleware 11.1.1.7 Unspecified vulnerability in the Oracle SOA Suite component in Oracle Fusion Middleware 11.1.1.7 allows local users to affect confidentiality, integrity, and availability via vectors related to B2B Engine. | 4.6 |
| 2015-01-21 | CVE-2014-6541 | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR. network oracle | 6.3 |
| 2015-01-21 | CVE-2014-6528 | Remote Siebel Core - System Management vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - System Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Server Infrastructure. | 4.0 |
| 2015-01-21 | CVE-2014-6526 | Remote Security vulnerability in Oracle Fusion Middleware 7.0 Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 allows remote attackers to affect integrity via unknown vectors related to Admin Console. network oracle | 4.3 |
| 2015-01-21 | CVE-2014-6514 | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the PL/SQL component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. | 4.0 |
| 2015-01-21 | CVE-2014-6480 | Local Security vulnerability in Oracle Solaris Cluster Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to System management. | 6.5 |
| 2015-01-21 | CVE-2014-0191 | Denial of Service vulnerability in Oracle Fusion Middleware 11.1.1.7.0/12.1.2.0.0/12.1.3.0.0 The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document. network oracle | 4.3 |
| 2015-01-16 | CVE-2014-9601 | Improper Input Validation vulnerability in multiple products Pillow before 2.7.0 allows remote attackers to cause a denial of service via a compressed text chunk in a PNG image that has a large size when it is decompressed. | 5.0 |
| 2014-12-16 | CVE-2014-8964 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats. | 5.0 |
| 2014-11-26 | CVE-2014-7142 | Improper Input Validation vulnerability in multiple products The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (crash) via a crafted (1) ICMP or (2) ICMP6 packet size. | 6.4 |