Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-07-17 | CVE-2014-0436 | Remote Security vulnerability in Oracle Hyperion 11.1.2.2/11.1.2.3 Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to Web Analysis. network oracle | 4.3 |
| 2014-07-17 | CVE-2013-5855 | Cross-Site Scripting vulnerability in Oracle Mojarra Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows remote attackers to conduct cross-site scripting (XSS) attacks via application-specific vectors. | 4.3 |
| 2014-06-23 | CVE-2014-0203 | Use After Free vulnerability in multiple products The __do_follow_link function in fs/namei.c in the Linux kernel before 2.6.33 does not properly handle the last pathname component during use of certain filesystems, which allows local users to cause a denial of service (incorrect free operations and system crash) via an open system call. | 5.5 |
| 2014-06-11 | CVE-2014-1542 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the Speex resampler in the Web Audio subsystem in Mozilla Firefox before 30.0 allows remote attackers to execute arbitrary code via vectors related to a crafted AudioBuffer channel count and sample rate. | 6.8 |
| 2014-04-30 | CVE-2014-1527 | Security vulnerability in Mozilla Firefox for Android Mozilla Firefox before 29.0 on Android allows remote attackers to spoof the address bar via crafted JavaScript code that uses DOM events to prevent the reemergence of the actual address bar after scrolling has taken it off of the screen. | 5.0 |
| 2014-04-17 | CVE-2014-2880 | Improper Input Validation vulnerability in Oracle Identity Manager 11.1.2.1.0 Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the backUrl parameter in a changepwd action to identity/faces/firstlogin. | 5.8 |
| 2014-04-17 | CVE-2014-2469 | Remote Denial of Service vulnerability in Oracle Sunos 5.11.1 Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows attackers to cause a denial of service via unknown vectors. | 5.0 |
| 2014-04-16 | CVE-2014-2471 | Remote Security vulnerability in Oracle Ilearning 6.0/6.1 Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect integrity via unknown vectors related to Learner Pages. network oracle | 4.3 |
| 2014-04-16 | CVE-2014-2468 | Remote Security vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Open_UI, a different vulnerability than CVE-2014-4230. network oracle | 4.3 |
| 2014-04-16 | CVE-2014-2465 | Remote Security vulnerability in Oracle Supply Chain products Suite 9.3.3 Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.3 allows remote attackers to affect integrity via unknown vectors related to Security. network oracle | 4.3 |