Weekly Vulnerabilities Reports > January 19 to 25, 2015
Overview
184 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 101 products from 52 vendors including Oracle, Opensuse, Debian, Canonical, and Redhat. Vulnerabilities are notably categorized as "Cross-site Scripting", "Path Traversal", "Information Exposure", "Permissions, Privileges, and Access Controls", and "Resource Management Errors".
- 156 reported vulnerabilities are remotely exploitables.
- 3 reported vulnerabilities have public exploit available.
- 21 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 115 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 116 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 7 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
12 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-01-23 | CVE-2015-0310 | Adobe Linux Apple Microsoft | Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015. | 10.0 |
2015-01-21 | CVE-2015-0408 | Oracle Redhat Canonical Novell Debian Opensuse | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI. | 10.0 |
2015-01-21 | CVE-2014-6601 | Redhat Canonical Novell Debian Opensuse Oracle | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | 10.0 |
2015-01-21 | CVE-2014-6549 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | 10.0 |
2015-01-23 | CVE-2015-0311 | Adobe Suse Microsoft | Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. | 9.8 |
2015-01-21 | CVE-2015-0554 | ADB | Permissions, Privileges, and Access Controls vulnerability in ADB P.Dga4001N Firmware Pdgtefsp4.06L.6 The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html. | 9.4 |
2015-01-21 | CVE-2015-0437 | Oracle Novell | Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | 9.3 |
2015-01-21 | CVE-2015-0395 | Redhat Canonical Novell Debian Opensuse Oracle | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | 9.3 |
2015-01-22 | CVE-2015-0925 | Ipass | Code Injection vulnerability in Ipass Open Mobile 2.4.4 The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname. | 9.0 |
2015-01-21 | CVE-2014-6567 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 9.0 |
2015-01-21 | CVE-2014-3440 | Broadcom Symantec | Improper Input Validation vulnerability in multiple products The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file. | 9.0 |
2015-01-21 | CVE-2014-4259 | Oracle | Remote Security vulnerability in Oracle Solaris Cluster Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to System management. | 9.0 |
15 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-01-21 | CVE-2014-8478 | Siemens | Path Traversal vulnerability in Siemens products The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests. | 7.8 |
2015-01-21 | CVE-2014-6598 | Oracle | Remote Security vulnerability in Oracle Communications Applications 3.0/4.0/5.0 Unspecified vulnerability in the Oracle Communications Diameter Signaling Router component in Oracle Communications Applications 3.x, 4.x, and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Signaling - DPI. | 7.6 |
2015-01-22 | CVE-2015-1346 | Google Chromium Canonical | Security vulnerability in Google Chrome Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 7.5 |
2015-01-22 | CVE-2015-1312 | SAP | Permissions, Privileges, and Access Controls vulnerability in SAP Enterprise Resource Planning The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401. | 7.5 |
2015-01-22 | CVE-2015-1310 | Sybase | SQL Injection vulnerability in Sybase Adaptive Server Enterprise SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333. | 7.5 |
2015-01-21 | CVE-2015-0424 | Oracle | Remote Security vulnerability in Oracle Integrated Lights Out Manager(ILOM) Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM prior to 3.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to IPMI. | 7.5 |
2015-01-21 | CVE-2015-0411 | Redhat Canonical Debian Fedoraproject Oracle Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption. | 7.5 |
2015-01-21 | CVE-2015-0396 | Oracle | Remote Security vulnerability in Oracle GlassFish Server Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Admin Console. | 7.5 |
2015-01-21 | CVE-2014-6565 | Oracle | Remote Security vulnerability in Oracle JD Edwards Enterpriseone Tools 9.1.5 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Portal SEC. | 7.5 |
2015-01-20 | CVE-2014-8386 | Advantech | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Adamview 4.3 Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file. | 7.5 |
2015-01-21 | CVE-2015-0412 | Redhat Canonical Novell Debian Opensuse Oracle | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS. | 7.2 |
2015-01-21 | CVE-2014-9226 | Broadcom Symantec | Permissions, Privileges, and Access Controls vulnerability in multiple products The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors. | 7.2 |
2015-01-21 | CVE-2014-6524 | SUN | Local Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel. | 7.2 |
2015-01-21 | CVE-2014-6521 | SUN | Local Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility. | 7.2 |
2015-01-21 | CVE-2014-6510 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility. | 7.2 |
126 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-01-21 | CVE-2015-0421 | Oracle Novell | Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process. | 6.9 |
2015-01-21 | CVE-2015-0403 | Novell Oracle | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment. | 6.9 |
2015-01-22 | CVE-2014-8008 | Cisco | Information Exposure vulnerability in Cisco Unified Communications Manager Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414. | 6.8 |
2015-01-21 | CVE-2015-0435 | Oracle | Remote vulnerability in Oracle Transportation Management Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated users to affect confidentiality via unknown vectors related to Security. | 6.8 |
2015-01-21 | CVE-2015-0390 | Oracle | Remote Security vulnerability in Oracle MICROS Retail Unspecified vulnerability in the MICROS Retail component in Oracle Retail Applications Xstore: 3.2.1, 3.4.2, 3.5.0, 4.0.1, 4.5.1, 4.8.0, 5.0.3, 5.5.3, 6.0.6, and 6.5.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Xstore Point of Sale. | 6.8 |
2015-01-21 | CVE-2014-9622 | Gentoo | Command Injection vulnerability in Gentoo Xdg-Utils 1.1.0 Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open. | 6.8 |
2015-01-21 | CVE-2014-8479 | Siemens | Improper Input Validation vulnerability in Siemens products The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets. | 6.8 |
2015-01-21 | CVE-2014-6577 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. | 6.8 |
2015-01-21 | CVE-2014-6571 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/12.1.2.0.0/12.1.3.0.0 Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2011-1944. | 6.8 |
2015-01-20 | CVE-2014-8625 | Debian | Use of Externally-Controlled Format String vulnerability in Debian Dpkg Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name. | 6.8 |
2015-01-21 | CVE-2014-6518 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS). | 6.6 |
2015-01-21 | CVE-2015-1195 | Openstack | Path Traversal vulnerability in Openstack Image Registry and Delivery Service (Glance) The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property. | 6.5 |
2015-01-21 | CVE-2015-0373 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 6.5 |
2015-01-21 | CVE-2014-6578 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SDO_TOPO and WMSYS.LT. | 6.5 |
2015-01-21 | CVE-2015-0515 | EMC | Arbitrary File Upload vulnerability in EMC Vipr SRM and Watch4Net Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file. | 6.5 |
2015-01-21 | CVE-2014-7289 | Broadcom Symantec | SQL Injection vulnerability in multiple products SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request. | 6.5 |
2015-01-21 | CVE-2014-6480 | Oracle | Local Security vulnerability in Oracle Solaris Cluster Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to System management. | 6.5 |
2015-01-21 | CVE-2014-6583 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3. | 6.4 |
2015-01-21 | CVE-2014-6581 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Extract/Load Programs. | 6.4 |
2015-01-21 | CVE-2014-6572 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to List of Values. | 6.4 |
2015-01-21 | CVE-2014-6541 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR. | 6.3 |
2015-01-21 | CVE-2015-0393 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to DB Privileges. | 6.0 |
2015-01-21 | CVE-2015-1038 | Fedoraproject Oracle 7 ZIP | Link Following vulnerability in multiple products p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | 5.8 |
2015-01-21 | CVE-2015-0406 | Oracle Novell | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment. | 5.8 |
2015-01-21 | CVE-2014-6586 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 9.1 Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Time and Labor. | 5.5 |
2015-01-21 | CVE-2014-6576 | Oracle | Remote Security vulnerability in Oracle Adaptive Access Manager Unspecified vulnerability in the Oracle Adaptive Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to OAM Integration. | 5.5 |
2015-01-21 | CVE-2015-0383 | Redhat Fedoraproject Canonical Novell Debian Opensuse Oracle | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot. | 5.4 |
2015-01-23 | CVE-2014-9640 | Xiph Opensuse | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file. | 5.0 |
2015-01-23 | CVE-2014-9639 | Xiph Fedoraproject Opensuse | Local Denial of Service vulnerability in Vorbis Tools Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access. | 5.0 |
2015-01-23 | CVE-2014-9638 | Fedoraproject Opensuse Xiph | Local Denial of Service vulnerability in Vorbis Tools oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero. | 5.0 |
2015-01-23 | CVE-2014-8802 | Genetechsolutions | Permissions, Privileges, and Access Controls vulnerability in Genetechsolutions PIE Register The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action. | 5.0 |
2015-01-22 | CVE-2015-1306 | Sympa | Information Exposure vulnerability in Sympa The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors. | 5.0 |
2015-01-21 | CVE-2015-0426 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Base Platform Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.3 and 12.1.0.4 allows remote attackers to affect confidentiality via unknown vectors related to UI Framework. | 5.0 |
2015-01-21 | CVE-2015-1193 | PAX Project | Path Traversal vulnerability in PAX Project PAX 1:20140703 Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. | 5.0 |
2015-01-21 | CVE-2015-1192 | KGB Project | Path Traversal vulnerability in KGB Project KGB 1.0B4 Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive. | 5.0 |
2015-01-21 | CVE-2015-1191 | Zlib | Path Traversal vulnerability in Zlib Pigz 2.3.1 Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. | 5.0 |
2015-01-21 | CVE-2015-0410 | Oracle Redhat Canonical Novell Debian Opensuse | Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security. | 5.0 |
2015-01-21 | CVE-2015-0407 | Redhat Canonical Debian Fedoraproject Oracle | Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing. | 5.0 |
2015-01-21 | CVE-2015-0400 | Canonical Novell Opensuse Oracle | Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries. | 5.0 |
2015-01-21 | CVE-2015-0375 | SUN | Remote Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network. | 5.0 |
2015-01-21 | CVE-2015-0372 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5 Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors. | 5.0 |
2015-01-21 | CVE-2015-0368 | Oracle | Remote vulnerability in Oracle Transportation Management Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to affect availability via unknown vectors related to Security. | 5.0 |
2015-01-21 | CVE-2015-0367 | Oracle | Remote Security vulnerability in Oracle Access Manager Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via vectors related to SSO Engine. | 5.0 |
2015-01-21 | CVE-2015-0366 | Oracle | Remote Siebel Core - EAI vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a different vulnerability than CVE-2014-0369. | 5.0 |
2015-01-21 | CVE-2015-0362 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0 Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to BI Publisher Security. | 5.0 |
2015-01-21 | CVE-2014-9621 | File Project | Resource Management Errors vulnerability in File Project File The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string. | 5.0 |
2015-01-21 | CVE-2014-9620 | File Project | Resource Management Errors vulnerability in File Project File The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. | 5.0 |
2015-01-21 | CVE-2014-6582 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle HCM Configuration Workbench component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Rapid Implementation. | 5.0 |
2015-01-21 | CVE-2014-6575 | SUN | Remote Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230. | 5.0 |
2015-01-21 | CVE-2014-6569 | Oracle | Remote Security vulnerability in Oracle WebLogic Server Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to CIE Related Components. | 5.0 |
2015-01-21 | CVE-2015-0867 | Synck Graphica | Path Traversal vulnerability in Synck Graphica Download LOG CGI 3.0 Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and earlier allows remote attackers to read arbitrary files via a crafted filename. | 5.0 |
2015-01-21 | CVE-2015-0514 | EMC | Information Exposure vulnerability in EMC Vipr SRM and Watch4Net EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack. | 5.0 |
2015-01-21 | CVE-2014-6172 | IBM | Information Exposure vulnerability in IBM API Management IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an encrypted form via unspecified vectors. | 5.0 |
2015-01-20 | CVE-2015-1201 | Privoxy | Remote Denial of Service vulnerability in Privoxy Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors. | 5.0 |
2015-01-20 | CVE-2015-1030 | Privoxy | Resource Management Errors vulnerability in Privoxy Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached. | 5.0 |
2015-01-20 | CVE-2014-9491 | Illumos | Unspecified vulnerability in Illumos The devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors. | 5.0 |
2015-01-20 | CVE-2014-9330 | Libtiff | Numeric Errors vulnerability in Libtiff 4.0.3 Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read. | 5.0 |
2015-01-20 | CVE-2014-8790 | Cagintranetworks GET Simple | XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter. | 5.0 |
2015-01-21 | CVE-2015-0428 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control. | 4.9 |
2015-01-21 | CVE-2015-0371 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity and availability via unknown vectors. | 4.9 |
2015-01-21 | CVE-2014-6600 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2015-0397. | 4.9 |
2015-01-21 | CVE-2014-6570 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397. | 4.9 |
2015-01-21 | CVE-2014-6509 | SUN | Local Security vulnerability in SUN Sunos 5.10 Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel. | 4.9 |
2015-01-21 | CVE-2015-0392 | Oracle | Remote Siebel Core - Server BizLogic Script vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Config - Scripting. | 4.6 |
2015-01-21 | CVE-2014-6556 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AD_DDL. | 4.6 |
2015-01-21 | CVE-2014-6548 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 11.1.1.7 Unspecified vulnerability in the Oracle SOA Suite component in Oracle Fusion Middleware 11.1.1.7 allows local users to affect confidentiality, integrity, and availability via vectors related to B2B Engine. | 4.6 |
2015-01-21 | CVE-2015-0377 | Oracle Debian Opensuse | Local Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418. | 4.4 |
2015-01-23 | CVE-2015-1347 | Osticket | Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 4.3 |
2015-01-23 | CVE-2015-1180 | Eventsentry | Cross-site Scripting vulnerability in Eventsentry 3.1.0 Cross-site scripting (XSS) vulnerability in the Web Reports in EventSentry 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the pageId parameter to networktile/bullet. | 4.3 |
2015-01-23 | CVE-2015-1176 | Osticket | Cross-site Scripting vulnerability in Osticket Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action. | 4.3 |
2015-01-22 | CVE-2015-1175 | Prestashop | Cross-site Scripting vulnerability in Prestashop Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter. | 4.3 |
2015-01-21 | CVE-2015-0436 | Oracle | Remote Security vulnerability in Oracle Ilearning 6.0/6.1 Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Login. | 4.3 |
2015-01-21 | CVE-2015-0434 | Oracle | Remote Security vulnerability in Oracle Access Manager Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect confidentiality via vectors related to Integration with OAM. | 4.3 |
2015-01-21 | CVE-2015-0431 | Oracle | Remote vulnerability in Oracle Transportation Management Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0 6.3.1, 6.3.2, 6.3.4, and 6.3.5 allows remote attackers to affect integrity via unknown vectors related to UI Infrastructure. | 4.3 |
2015-01-21 | CVE-2015-0425 | Oracle | Remote vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Oracle Enterprise Asset Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Siebel Core - Unix/Windows. | 4.3 |
2015-01-21 | CVE-2015-0420 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.2.2.0 Unspecified vulnerability in the Oracle Forms component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Forms Services. | 4.3 |
2015-01-21 | CVE-2015-0419 | Oracle | Remote Siebel UI Framework vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2013-1510. | 4.3 |
2015-01-21 | CVE-2015-1196 | Opensuse Oracle GNU | Link Following vulnerability in multiple products GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. | 4.3 |
2015-01-21 | CVE-2015-1194 | PAX Project | Link Following vulnerability in PAX Project PAX 1:20140703 pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive. | 4.3 |
2015-01-21 | CVE-2015-0404 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Error Messages. | 4.3 |
2015-01-21 | CVE-2015-0402 | Oracle | Remote Siebel Core - Server BizLogic Script vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Integration - COM. | 4.3 |
2015-01-21 | CVE-2015-0386 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/12.1.2.0.0/12.1.3.0.0 Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2013-0338, CVE-2013-2877, and CVE-2014-0191. | 4.3 |
2015-01-21 | CVE-2015-0382 | Oracle Debian Canonical Fedoraproject Mariadb Redhat Suse | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381. | 4.3 |
2015-01-21 | CVE-2015-0381 | Oracle Debian Canonical Fedoraproject Mariadb Redhat Suse | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382. | 4.3 |
2015-01-21 | CVE-2015-0380 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Telecommunications Billing Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to OA Based UI for Bill Summary. | 4.3 |
2015-01-21 | CVE-2015-0379 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.54 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote attackers to affect integrity via vectors related to PIA Core Technology. | 4.3 |
2015-01-21 | CVE-2015-0376 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.8.0 Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Content Server. | 4.3 |
2015-01-21 | CVE-2015-0369 | Oracle | Remote Siebel UI Framework vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to AX/HI Web UI. | 4.3 |
2015-01-21 | CVE-2015-0365 | Oracle | Remote Siebel Core - Server Infrastructure vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - Server Infrastructure component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Security. | 4.3 |
2015-01-21 | CVE-2015-1048 | Siemens | Open Redirection vulnerability in Siemens Simatic S7 1200 CPU Firmware 4.0 Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. | 4.3 |
2015-01-21 | CVE-2015-1204 | Getusedtoit | Cross-site Scripting vulnerability in Getusedtoit WP Slimstat 3.5.5/3.9.1 Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-admin/admin.php. | 4.3 |
2015-01-21 | CVE-2015-1164 | Serve Static Project | Unspecified vulnerability in Serve-Static Project Serve-Static 1.7.1 Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI. | 4.3 |
2015-01-21 | CVE-2015-1032 | Kiwix | Cross-site Scripting vulnerability in Kiwix 0.9 Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when using kiwix-serve, allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to /search. | 4.3 |
2015-01-21 | CVE-2015-0553 | Websitebaker | Cross-site Scripting vulnerability in Websitebaker 2.8.3 Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter. | 4.3 |
2015-01-21 | CVE-2014-6596 | Oracle | Remote Siebel UI Framework vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework. | 4.3 |
2015-01-21 | CVE-2014-6594 | Oracle | Remote Security vulnerability in Oracle Ilearning 6.0/6.1 Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Learner Pages. | 4.3 |
2015-01-21 | CVE-2014-6587 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | 4.3 |
2015-01-21 | CVE-2014-6580 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.2.2.0 Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
2015-01-21 | CVE-2014-6574 | Oracle | Remote Oracle Agile PLM for Process vulnerability in Oracle Supply Chain products Suite 6.1.0.3 Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 6.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Testing Protocol Library. | 4.3 |
2015-01-21 | CVE-2014-6573 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1.3/12.1.4 Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 11.1.3 and 12.1.4 allows remote attackers to affect integrity via unknown vectors related to User Interface Framework. | 4.3 |
2015-01-21 | CVE-2014-6526 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 7.0 Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 allows remote attackers to affect integrity via unknown vectors related to Admin Console. | 4.3 |
2015-01-21 | CVE-2014-6481 | SUN | Remote Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL. | 4.3 |
2015-01-21 | CVE-2014-0191 | Oracle | Denial of Service vulnerability in Oracle Fusion Middleware 11.1.1.7.0/12.1.2.0.0/12.1.3.0.0 The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document. | 4.3 |
2015-01-23 | CVE-2014-9623 | Redhat Openstack | Resource Management Errors vulnerability in multiple products OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state. | 4.0 |
2015-01-21 | CVE-2015-0432 | Oracle Debian Canonical Redhat Fedoraproject Suse Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key. | 4.0 |
2015-01-21 | CVE-2015-0422 | Oracle | Remote vulnerability in Oracle Transportation Management Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure. | 4.0 |
2015-01-21 | CVE-2015-0417 | Oracle | Remote Siebel UI Framework vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0388. | 4.0 |
2015-01-21 | CVE-2015-0415 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 12.1.3 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Session Management. | 4.0 |
2015-01-21 | CVE-2015-0409 | Oracle | Remote Security vulnerability in Oracle Communications Policy Management and Mysql Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | 4.0 |
2015-01-21 | CVE-2015-0401 | Oracle | Remote Security vulnerability in Oracle Directory Server Enterprise Edition Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 and 11.1.1.7 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console. | 4.0 |
2015-01-21 | CVE-2015-0399 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.4.2/11.1.1.7.0 Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.2 and 11.1.1.7 allows remote authenticated users to affect confidentiality via unknown vectors related to Analytics Web General. | 4.0 |
2015-01-21 | CVE-2015-0398 | Oracle | Remote Siebel Life Sciences vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Clinical Trip Report. | 4.0 |
2015-01-21 | CVE-2015-0394 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Report Distribution. | 4.0 |
2015-01-21 | CVE-2015-0391 | Oracle Redhat Suse Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL. | 4.0 |
2015-01-21 | CVE-2015-0388 | Oracle | Remote Siebel UI Framework vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0417. | 4.0 |
2015-01-21 | CVE-2015-0387 | Oracle | Remote Siebel Core - Server OM Services vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Security - LDAP Security Adapter. | 4.0 |
2015-01-21 | CVE-2015-0363 | Oracle | Remote Siebel Core EAI vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration Business Services. | 4.0 |
2015-01-21 | CVE-2014-6597 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53/8.54 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology. | 4.0 |
2015-01-21 | CVE-2014-6593 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE. | 4.0 |
2015-01-21 | CVE-2014-6584 | Oracle | Remote Security vulnerability in Oracle Integrated Lights Out Manager (ILOM) Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM before 3.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Backup Restore. | 4.0 |
2015-01-21 | CVE-2014-6579 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Integration Broker. | 4.0 |
2015-01-21 | CVE-2014-6566 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Portal. | 4.0 |
2015-01-21 | CVE-2015-0516 | EMC | Path Traversal vulnerability in EMC Vipr SRM and Watch4Net Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL. | 4.0 |
2015-01-21 | CVE-2014-9225 | Broadcom Symantec | Information Exposure vulnerability in multiple products The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors. | 4.0 |
2015-01-21 | CVE-2014-6528 | Oracle | Remote Siebel Core - System Management vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - System Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Server Infrastructure. | 4.0 |
2015-01-21 | CVE-2014-6514 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the PL/SQL component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. | 4.0 |
31 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2015-01-21 | CVE-2015-0416 | Oracle | Remote Oracle Agile PLM vulnerability in Oracle Supply Chain products Suite 9.3.3 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Roles & Privileges. | 3.5 |
2015-01-21 | CVE-2015-0414 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/12.1.3.0.0 Unspecified vulnerability in the Oracle SOA Suite component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Fabric Layer. | 3.5 |
2015-01-21 | CVE-2015-0389 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 8.0 Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2014-6592. | 3.5 |
2015-01-21 | CVE-2015-0385 | Oracle | Remote Security vulnerability in Oracle MySQL Server Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth. | 3.5 |
2015-01-21 | CVE-2015-0384 | Oracle | Remote Siebel Public Sector vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Public Sector component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect integrity via unknown vectors related to Public Sector Portal. | 3.5 |
2015-01-21 | CVE-2015-0374 | Debian Canonical Fedoraproject Oracle Suse Redhat Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key. | 3.5 |
2015-01-21 | CVE-2015-0370 | Oracle | Remote Security vulnerability in Oracle Database Server Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2013-5858. | 3.5 |
2015-01-21 | CVE-2015-0364 | Oracle | Remote Siebel Core - EAI vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration Business Services. | 3.5 |
2015-01-21 | CVE-2014-6599 | Oracle | Remote Siebel Core - Common Components vulnerability in Oracle Siebel CRM 8.1.1/8.2.2 Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Email. | 3.5 |
2015-01-21 | CVE-2013-6892 | Websvn Debian | Information Exposure vulnerability in multiple products WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit. | 3.5 |
2015-01-21 | CVE-2014-6592 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 8.0 Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2015-0389. | 3.5 |
2015-01-21 | CVE-2014-6568 | Canonical Redhat Debian Fedoraproject Oracle Suse Mariadb | Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML. | 3.5 |
2015-01-21 | CVE-2015-0513 | EMC | Cross-site Scripting vulnerability in EMC Vipr SRM and Watch4Net Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields. | 3.5 |
2015-01-21 | CVE-2014-9224 | Broadcom Symantec | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
2015-01-21 | CVE-2014-8914 | IBM | Cross-site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8913. | 3.5 |
2015-01-21 | CVE-2014-8913 | IBM | Cross-site Scripting vulnerability in IBM Business Process Manager Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914. | 3.5 |
2015-01-21 | CVE-2014-6525 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Templates. | 3.5 |
2015-01-21 | CVE-2014-4279 | Oracle | Remote Security vulnerability in Oracle Peoplesoft products 8.53 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology. | 3.5 |
2015-01-21 | CVE-2015-0429 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility. | 3.3 |
2015-01-21 | CVE-2015-0427 | Oracle Opensuse | Local Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595. | 3.2 |
2015-01-21 | CVE-2014-6595 | Opensuse Oracle | Local Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427. | 3.2 |
2015-01-21 | CVE-2014-6590 | Opensuse Oracle | Local Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427. | 3.2 |
2015-01-21 | CVE-2014-6589 | Opensuse Oracle | Local Oracle Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427. | 3.2 |
2015-01-21 | CVE-2014-6588 | Opensuse Oracle | Local Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427. | 3.2 |
2015-01-21 | CVE-2014-6591 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585. | 2.6 |
2015-01-21 | CVE-2014-6585 | Oracle | Unspecified vulnerability in Oracle JDK and JRE Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591. | 2.6 |
2015-01-21 | CVE-2015-0418 | Debian Opensuse Oracle | Local Security vulnerability in Oracle VM VirtualBox Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377. | 2.1 |
2015-01-21 | CVE-2015-0397 | SUN | Local Security vulnerability in SUN Sunos 5.11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600. | 2.1 |
2015-01-21 | CVE-2015-0378 | Oracle | Local Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc. | 2.1 |
2015-01-21 | CVE-2015-0430 | SUN | Local Security vulnerability in Oracle Solaris Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility. | 1.9 |
2015-01-21 | CVE-2015-0413 | Oracle Suse Canonical | Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability. | 1.9 |