Weekly Vulnerabilities Reports > January 19 to 25, 2015

Overview

184 new vulnerabilities reported during this period, including 12 critical vulnerabilities and 15 high severity vulnerabilities. This weekly summary report vulnerabilities in 101 products from 52 vendors including Oracle, Opensuse, Debian, Canonical, and Redhat. Vulnerabilities are notably categorized as "Cross-site Scripting", "Path Traversal", "Information Exposure", "Permissions, Privileges, and Access Controls", and "Resource Management Errors".

  • 156 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 21 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 115 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 116 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

12 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-01-23 CVE-2015-0310 Adobe
Linux
Apple
Microsoft
Permissions, Privileges, and Access Controls vulnerability in Adobe Flash Player

Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before 16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does not properly restrict discovery of memory addresses, which allows attackers to bypass the ASLR protection mechanism on Windows, and have an unspecified impact on other platforms, via unknown vectors, as exploited in the wild in January 2015.

10.0
2015-01-21 CVE-2015-0408 Oracle
Redhat
Canonical
Novell
Debian
Opensuse
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.
10.0
2015-01-21 CVE-2014-6601 Redhat
Canonical
Novell
Debian
Opensuse
Oracle
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
10.0
2015-01-21 CVE-2014-6549 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

10.0
2015-01-23 CVE-2015-0311 Adobe
Suse
Microsoft
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015.
9.8
2015-01-21 CVE-2015-0554 ADB Permissions, Privileges, and Access Controls vulnerability in ADB P.Dga4001N Firmware Pdgtefsp4.06L.6

The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.

9.4
2015-01-21 CVE-2015-0437 Oracle
Novell
Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
9.3
2015-01-21 CVE-2015-0395 Redhat
Canonical
Novell
Debian
Opensuse
Oracle
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.
9.3
2015-01-22 CVE-2015-0925 Ipass Code Injection vulnerability in Ipass Open Mobile 2.4.4

The client in iPass Open Mobile before 2.4.5 on Windows allows remote authenticated users to execute arbitrary code via a DLL pathname in a crafted Unicode string that is improperly handled by a subprocess reached through a named pipe, as demonstrated by a UNC share pathname.

9.0
2015-01-21 CVE-2014-6567 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

9.0
2015-01-21 CVE-2014-3440 Broadcom
Symantec
Improper Input Validation vulnerability in multiple products

The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary commands by leveraging client-system access to upload a log file.

9.0
2015-01-21 CVE-2014-4259 Oracle Remote Security vulnerability in Oracle Solaris Cluster

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to System management.

9.0

15 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-01-21 CVE-2014-8478 Siemens Path Traversal vulnerability in Siemens products

The web server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote attackers to cause a denial of service (reboot) via malformed HTTP requests.

7.8
2015-01-21 CVE-2014-6598 Oracle Remote Security vulnerability in Oracle Communications Applications 3.0/4.0/5.0

Unspecified vulnerability in the Oracle Communications Diameter Signaling Router component in Oracle Communications Applications 3.x, 4.x, and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Signaling - DPI.

7.6
2015-01-22 CVE-2015-1346 Google
Chromium
Canonical
Security vulnerability in Google Chrome

Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5
2015-01-22 CVE-2015-1312 SAP Permissions, Privileges, and Access Controls vulnerability in SAP Enterprise Resource Planning

The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown vectors, aka SAP Note 2000401.

7.5
2015-01-22 CVE-2015-1310 Sybase SQL Injection vulnerability in Sybase Adaptive Server Enterprise

SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ASE) allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Note 2113333.

7.5
2015-01-21 CVE-2015-0424 Oracle Remote Security vulnerability in Oracle Integrated Lights Out Manager(ILOM)

Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM prior to 3.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to IPMI.

7.5
2015-01-21 CVE-2015-0411 Redhat
Canonical
Debian
Fedoraproject
Oracle
Mariadb
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Server : Security : Encryption.
7.5
2015-01-21 CVE-2015-0396 Oracle Remote Security vulnerability in Oracle GlassFish Server

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Admin Console.

7.5
2015-01-21 CVE-2014-6565 Oracle Remote Security vulnerability in Oracle JD Edwards Enterpriseone Tools 9.1.5

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Portal SEC.

7.5
2015-01-20 CVE-2014-8386 Advantech Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Advantech Adamview 4.3

Multiple stack-based buffer overflows in Advantech AdamView 4.3 and earlier allow remote attackers to execute arbitrary code via a crafted (1) display properties or (2) conditional bitmap parameter in a GNI file.

7.5
2015-01-21 CVE-2015-0412 Redhat
Canonical
Novell
Debian
Opensuse
Oracle
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.
7.2
2015-01-21 CVE-2014-9226 Broadcom
Symantec
Permissions, Privileges, and Access Controls vulnerability in multiple products

The management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows local users to bypass intended Protection Policies via unspecified vectors.

7.2
2015-01-21 CVE-2014-6524 SUN Local Security vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel.

7.2
2015-01-21 CVE-2014-6521 SUN Local Security vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect confidentiality, integrity, and availability via vectors related to CDE - Power Management Utility.

7.2
2015-01-21 CVE-2014-6510 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management Utility.

7.2

126 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-01-21 CVE-2015-0421 Oracle
Novell
Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process.
6.9
2015-01-21 CVE-2015-0403 Novell
Oracle
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.
6.9
2015-01-22 CVE-2014-8008 Cisco Information Exposure vulnerability in Cisco Unified Communications Manager

Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.

6.8
2015-01-21 CVE-2015-0435 Oracle Remote vulnerability in Oracle Transportation Management

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated users to affect confidentiality via unknown vectors related to Security.

6.8
2015-01-21 CVE-2015-0390 Oracle Remote Security vulnerability in Oracle MICROS Retail

Unspecified vulnerability in the MICROS Retail component in Oracle Retail Applications Xstore: 3.2.1, 3.4.2, 3.5.0, 4.0.1, 4.5.1, 4.8.0, 5.0.3, 5.5.3, 6.0.6, and 6.5.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Xstore Point of Sale.

6.8
2015-01-21 CVE-2014-9622 Gentoo Command Injection vulnerability in Gentoo Xdg-Utils 1.1.0

Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported desktop environment is identified, allows context-dependent attackers to execute arbitrary code via the URL argument to xdg-open.

6.8
2015-01-21 CVE-2014-8479 Siemens Improper Input Validation vulnerability in Siemens products

The FTP server on Siemens SCALANCE X-300 switches with firmware before 4.0 and SCALANCE X 408 switches with firmware before 4.0 allows remote authenticated users to cause a denial of service (reboot) via crafted FTP packets.

6.8
2015-01-21 CVE-2014-6577 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors.

6.8
2015-01-21 CVE-2014-6571 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/12.1.2.0.0/12.1.3.0.0

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2011-1944.

6.8
2015-01-20 CVE-2014-8625 Debian Use of Externally-Controlled Format String vulnerability in Debian Dpkg

Multiple format string vulnerabilities in the parse_error_msg function in parsehelp.c in dpkg before 1.17.22 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the (1) package or (2) architecture name.

6.8
2015-01-21 CVE-2014-6518 SUN Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to Unix File System (UFS).

6.6
2015-01-21 CVE-2015-1195 Openstack Path Traversal vulnerability in Openstack Image Registry and Delivery Service (Glance)

The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.1.4 and 2014.2.x before 2014.2.2 allows remote authenticated users to read or delete arbitrary files via a full pathname in a filesystem: URL in the image location property.

6.5
2015-01-21 CVE-2015-0373 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.5
2015-01-21 CVE-2014-6578 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SDO_TOPO and WMSYS.LT.

6.5
2015-01-21 CVE-2015-0515 EMC Arbitrary File Upload vulnerability in EMC Vipr SRM and Watch4Net

Unrestricted file upload vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to execute arbitrary code by uploading and then accessing an executable file.

6.5
2015-01-21 CVE-2014-7289 Broadcom
Symantec
SQL Injection vulnerability in multiple products

SQL injection vulnerability in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 allows remote authenticated users to execute arbitrary SQL commands via a crafted HTTP request.

6.5
2015-01-21 CVE-2014-6480 Oracle Local Security vulnerability in Oracle Solaris Cluster

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to System management.

6.5
2015-01-21 CVE-2014-6583 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, and 12.1.3.

6.4
2015-01-21 CVE-2014-6581 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Extract/Load Programs.

6.4
2015-01-21 CVE-2014-6572 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors related to List of Values.

6.4
2015-01-21 CVE-2014-6541 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR.

6.3
2015-01-21 CVE-2015-0393 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to DB Privileges.

6.0
2015-01-21 CVE-2015-1038 Fedoraproject
Oracle
7 ZIP
Link Following vulnerability in multiple products

p7zip 9.20.1 allows remote attackers to write to arbitrary files via a symlink attack in an archive.

5.8
2015-01-21 CVE-2015-0406 Oracle
Novell
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.
5.8
2015-01-21 CVE-2014-6586 Oracle Remote Security vulnerability in Oracle Peoplesoft products 9.1

Unspecified vulnerability in the PeopleSoft Enterprise HRMS component in Oracle PeopleSoft Products 9.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Time and Labor.

5.5
2015-01-21 CVE-2014-6576 Oracle Remote Security vulnerability in Oracle Adaptive Access Manager

Unspecified vulnerability in the Oracle Adaptive Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to OAM Integration.

5.5
2015-01-21 CVE-2015-0383 Redhat
Fedoraproject
Canonical
Novell
Debian
Opensuse
Oracle
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via unknown vectors related to Hotspot.
5.4
2015-01-23 CVE-2014-9640 Xiph
Opensuse
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted raw file.

5.0
2015-01-23 CVE-2014-9639 Xiph
Fedoraproject
Opensuse
Local Denial of Service vulnerability in Vorbis Tools

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory access.

5.0
2015-01-23 CVE-2014-9638 Fedoraproject
Opensuse
Xiph
Local Denial of Service vulnerability in Vorbis Tools

oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

5.0
2015-01-23 CVE-2014-8802 Genetechsolutions Permissions, Privileges, and Access Controls vulnerability in Genetechsolutions PIE Register

The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.

5.0
2015-01-22 CVE-2015-1306 Sympa Information Exposure vulnerability in Sympa

The newsletter posting area in the web interface in Sympa 6.0.x before 6.0.10 and 6.1.x before 6.1.24 allows remote attackers to read arbitrary files via unspecified vectors.

5.0
2015-01-21 CVE-2015-0426 Oracle Remote Security vulnerability in Oracle Enterprise Manager Base Platform

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.3 and 12.1.0.4 allows remote attackers to affect confidentiality via unknown vectors related to UI Framework.

5.0
2015-01-21 CVE-2015-1193 PAX Project Path Traversal vulnerability in PAX Project PAX 1:20140703

Multiple directory traversal vulnerabilities in pax 1:20140703 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) ..

5.0
2015-01-21 CVE-2015-1192 KGB Project Path Traversal vulnerability in KGB Project KGB 1.0B4

Absolute path traversal vulnerability in kgb 1.0b4 allows remote attackers to write to arbitrary files via a full pathname in a crafted archive.

5.0
2015-01-21 CVE-2015-1191 Zlib Path Traversal vulnerability in Zlib Pigz 2.3.1

Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) ..

5.0
2015-01-21 CVE-2015-0410 Oracle
Redhat
Canonical
Novell
Debian
Opensuse
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote attackers to affect availability via unknown vectors related to Security.
5.0
2015-01-21 CVE-2015-0407 Redhat
Canonical
Debian
Fedoraproject
Oracle
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.
5.0
2015-01-21 CVE-2015-0400 Canonical
Novell
Opensuse
Oracle
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.
5.0
2015-01-21 CVE-2015-0375 SUN Remote Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network.

5.0
2015-01-21 CVE-2015-0372 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.5

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors.

5.0
2015-01-21 CVE-2015-0368 Oracle Remote vulnerability in Oracle Transportation Management

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to affect availability via unknown vectors related to Security.

5.0
2015-01-21 CVE-2015-0367 Oracle Remote Security vulnerability in Oracle Access Manager

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via vectors related to SSO Engine.

5.0
2015-01-21 CVE-2015-0366 Oracle Remote Siebel Core - EAI vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a different vulnerability than CVE-2014-0369.

5.0
2015-01-21 CVE-2015-0362 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0

Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to BI Publisher Security.

5.0
2015-01-21 CVE-2014-9621 File Project Resource Management Errors vulnerability in File Project File

The ELF parser in file 5.16 through 5.21 allows remote attackers to cause a denial of service via a long string.

5.0
2015-01-21 CVE-2014-9620 File Project Resource Management Errors vulnerability in File Project File

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes.

5.0
2015-01-21 CVE-2014-6582 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle HCM Configuration Workbench component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors related to Rapid Implementation.

5.0
2015-01-21 CVE-2014-6575 SUN Remote Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via unknown vectors related to Network, a different vulnerability than CVE-2004-0230.

5.0
2015-01-21 CVE-2014-6569 Oracle Remote Security vulnerability in Oracle WebLogic Server

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to CIE Related Components.

5.0
2015-01-21 CVE-2015-0867 Synck Graphica Path Traversal vulnerability in Synck Graphica Download LOG CGI 3.0

Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI 3.0 and earlier allows remote attackers to read arbitrary files via a crafted filename.

5.0
2015-01-21 CVE-2015-0514 EMC Information Exposure vulnerability in EMC Vipr SRM and Watch4Net

EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.

5.0
2015-01-21 CVE-2014-6172 IBM Information Exposure vulnerability in IBM API Management

IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to obtain sensitive analytics information in an encrypted form via unspecified vectors.

5.0
2015-01-20 CVE-2015-1201 Privoxy Remote Denial of Service vulnerability in Privoxy

Privoxy before 3.0.22 allows remote attackers to cause a denial of service (file descriptor consumption) via unspecified vectors.

5.0
2015-01-20 CVE-2015-1030 Privoxy Resource Management Errors vulnerability in Privoxy

Memory leak in the rfc2553_connect_to function in jbsocket.c in Privoxy before 3.0.22 allows remote attackers to cause a denial of service (memory consumption) via a large number of requests that are rejected because the socket limit is reached.

5.0
2015-01-20 CVE-2014-9491 Illumos Unspecified vulnerability in Illumos

The devzvol_readdir function in illumos does not check the return value of a strchr call, which allows remote attackers to cause a denial of service (NULL pointer dereference and panic) via unspecified vectors.

5.0
2015-01-20 CVE-2014-9330 Libtiff Numeric Errors vulnerability in Libtiff 4.0.3

Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows remote attackers to cause a denial of service (crash) via crafted BMP image, related to dimensions, which triggers an out-of-bounds read.

5.0
2015-01-20 CVE-2014-8790 Cagintranetworks
GET Simple
XML external entity (XXE) vulnerability in admin/api.php in GetSimple CMS 3.1.1 through 3.3.x before 3.3.5 Beta 1, when in certain configurations, allows remote attackers to read arbitrary files via the data parameter.
5.0
2015-01-21 CVE-2015-0428 SUN Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control.

4.9
2015-01-21 CVE-2015-0371 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity and availability via unknown vectors.

4.9
2015-01-21 CVE-2014-6600 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2015-0397.

4.9
2015-01-21 CVE-2014-6570 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6600 and CVE-2015-0397.

4.9
2015-01-21 CVE-2014-6509 SUN Local Security vulnerability in SUN Sunos 5.10

Unspecified vulnerability in Oracle Solaris 10 allows local users to affect availability via unknown vectors related to Kernel.

4.9
2015-01-21 CVE-2015-0392 Oracle Remote Siebel Core - Server BizLogic Script vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Config - Scripting.

4.6
2015-01-21 CVE-2014-6556 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AD_DDL.

4.6
2015-01-21 CVE-2014-6548 Oracle Local Security vulnerability in Oracle Fusion Middleware 11.1.1.7

Unspecified vulnerability in the Oracle SOA Suite component in Oracle Fusion Middleware 11.1.1.7 allows local users to affect confidentiality, integrity, and availability via vectors related to B2B Engine.

4.6
2015-01-21 CVE-2015-0377 Oracle
Debian
Opensuse
Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0418.

4.4
2015-01-23 CVE-2015-1347 Osticket Cross-site Scripting vulnerability in Osticket

Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket before 1.9.5.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

4.3
2015-01-23 CVE-2015-1180 Eventsentry Cross-site Scripting vulnerability in Eventsentry 3.1.0

Cross-site scripting (XSS) vulnerability in the Web Reports in EventSentry 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the pageId parameter to networktile/bullet.

4.3
2015-01-23 CVE-2015-1176 Osticket Cross-site Scripting vulnerability in Osticket

Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in osTicket before 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the status parameter in a search action.

4.3
2015-01-22 CVE-2015-1175 Prestashop Cross-site Scripting vulnerability in Prestashop

Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in the blocklayered module in PrestaShop 1.6.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the layered_price_slider parameter.

4.3
2015-01-21 CVE-2015-0436 Oracle Remote Security vulnerability in Oracle Ilearning 6.0/6.1

Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Login.

4.3
2015-01-21 CVE-2015-0434 Oracle Remote Security vulnerability in Oracle Access Manager

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect confidentiality via vectors related to Integration with OAM.

4.3
2015-01-21 CVE-2015-0431 Oracle Remote vulnerability in Oracle Transportation Management

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0 6.3.1, 6.3.2, 6.3.4, and 6.3.5 allows remote attackers to affect integrity via unknown vectors related to UI Infrastructure.

4.3
2015-01-21 CVE-2015-0425 Oracle Remote vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Oracle Enterprise Asset Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Siebel Core - Unix/Windows.

4.3
2015-01-21 CVE-2015-0420 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.2.2.0

Unspecified vulnerability in the Oracle Forms component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Forms Services.

4.3
2015-01-21 CVE-2015-0419 Oracle Remote Siebel UI Framework vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2013-1510.

4.3
2015-01-21 CVE-2015-1196 Opensuse
Oracle
GNU
Link Following vulnerability in multiple products

GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.

4.3
2015-01-21 CVE-2015-1194 PAX Project Link Following vulnerability in PAX Project PAX 1:20140703

pax 1:20140703 allows remote attackers to write to arbitrary files via a symlink attack in an archive.

4.3
2015-01-21 CVE-2015-0404 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Error Messages.

4.3
2015-01-21 CVE-2015-0402 Oracle Remote Siebel Core - Server BizLogic Script vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Integration - COM.

4.3
2015-01-21 CVE-2015-0386 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/12.1.2.0.0/12.1.3.0.0

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener, a different vulnerability than CVE-2013-0338, CVE-2013-2877, and CVE-2014-0191.

4.3
2015-01-21 CVE-2015-0382 Oracle
Debian
Canonical
Fedoraproject
Mariadb
Redhat
Suse
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0381.
4.3
2015-01-21 CVE-2015-0381 Oracle
Debian
Canonical
Fedoraproject
Mariadb
Redhat
Suse
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a different vulnerability than CVE-2015-0382.
4.3
2015-01-21 CVE-2015-0380 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Telecommunications Billing Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to OA Based UI for Bill Summary.

4.3
2015-01-21 CVE-2015-0379 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.54

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote attackers to affect integrity via vectors related to PIA Core Technology.

4.3
2015-01-21 CVE-2015-0376 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.8.0

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Content Server.

4.3
2015-01-21 CVE-2015-0369 Oracle Remote Siebel UI Framework vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to AX/HI Web UI.

4.3
2015-01-21 CVE-2015-0365 Oracle Remote Siebel Core - Server Infrastructure vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core - Server Infrastructure component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Security.

4.3
2015-01-21 CVE-2015-1048 Siemens Open Redirection vulnerability in Siemens Simatic S7 1200 CPU Firmware 4.0

Open redirect vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

4.3
2015-01-21 CVE-2015-1204 Getusedtoit Cross-site Scripting vulnerability in Getusedtoit WP Slimstat 3.5.5/3.9.1

Cross-site scripting (XSS) vulnerability in the Save Filters functionality in the WP Slimstat plugin before 3.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fs[resource] parameter in the wp-slim-view-2 page to wp-admin/admin.php.

4.3
2015-01-21 CVE-2015-1164 Serve Static Project Unspecified vulnerability in Serve-Static Project Serve-Static 1.7.1

Open redirect vulnerability in the serve-static plugin before 1.7.2 for Node.js, when mounted at the root, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a // (slash slash) followed by a domain in the PATH_INFO to the default URI.

4.3
2015-01-21 CVE-2015-1032 Kiwix Cross-site Scripting vulnerability in Kiwix 0.9

Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when using kiwix-serve, allows remote attackers to inject arbitrary web script or HTML via the pattern parameter to /search.

4.3
2015-01-21 CVE-2015-0553 Websitebaker Cross-site Scripting vulnerability in Websitebaker 2.8.3

Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 SP3 allows remote attackers to inject arbitrary web script or HTML via the page_id parameter.

4.3
2015-01-21 CVE-2014-6596 Oracle Remote Siebel UI Framework vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via unknown vectors related to Portal Framework.

4.3
2015-01-21 CVE-2014-6594 Oracle Remote Security vulnerability in Oracle Ilearning 6.0/6.1

Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Learner Pages.

4.3
2015-01-21 CVE-2014-6587 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Libraries.

4.3
2015-01-21 CVE-2014-6580 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.2.2.0

Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect integrity via unknown vectors.

4.3
2015-01-21 CVE-2014-6574 Oracle Remote Oracle Agile PLM for Process vulnerability in Oracle Supply Chain products Suite 6.1.0.3

Unspecified vulnerability in the Oracle Agile PLM for Process component in Oracle Supply Chain Products Suite 6.1.0.3 allows remote attackers to affect integrity via unknown vectors related to Testing Protocol Library.

4.3
2015-01-21 CVE-2014-6573 Oracle Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1.3/12.1.4

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 11.1.3 and 12.1.4 allows remote attackers to affect integrity via unknown vectors related to User Interface Framework.

4.3
2015-01-21 CVE-2014-6526 Oracle Remote Security vulnerability in Oracle Fusion Middleware 7.0

Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 allows remote attackers to affect integrity via unknown vectors related to Admin Console.

4.3
2015-01-21 CVE-2014-6481 SUN Remote Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote attackers to affect confidentiality via vectors related to KSSL.

4.3
2015-01-21 CVE-2014-0191 Oracle Denial of Service vulnerability in Oracle Fusion Middleware 11.1.1.7.0/12.1.2.0.0/12.1.3.0.0

The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document.

4.3
2015-01-23 CVE-2014-9623 Redhat
Openstack
Resource Management Errors vulnerability in multiple products

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image in the saving state.

4.0
2015-01-21 CVE-2015-0432 Oracle
Debian
Canonical
Redhat
Fedoraproject
Suse
Mariadb
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.
4.0
2015-01-21 CVE-2015-0422 Oracle Remote vulnerability in Oracle Transportation Management

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Infrastructure.

4.0
2015-01-21 CVE-2015-0417 Oracle Remote Siebel UI Framework vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0388.

4.0
2015-01-21 CVE-2015-0415 Oracle Remote Security vulnerability in Oracle E-Business Suite 12.1.3

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Session Management.

4.0
2015-01-21 CVE-2015-0409 Oracle Remote Security vulnerability in Oracle Communications Policy Management and Mysql

Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4.0
2015-01-21 CVE-2015-0401 Oracle Remote Security vulnerability in Oracle Directory Server Enterprise Edition

Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 and 11.1.1.7 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console.

4.0
2015-01-21 CVE-2015-0399 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.1.3.4.2/11.1.1.7.0

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.2 and 11.1.1.7 allows remote authenticated users to affect confidentiality via unknown vectors related to Analytics Web General.

4.0
2015-01-21 CVE-2015-0398 Oracle Remote Siebel Life Sciences vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Clinical Trip Report.

4.0
2015-01-21 CVE-2015-0394 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Report Distribution.

4.0
2015-01-21 CVE-2015-0391 Oracle
Redhat
Suse
Mariadb
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.
4.0
2015-01-21 CVE-2015-0388 Oracle Remote Siebel UI Framework vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal Framework, a different vulnerability than CVE-2015-0417.

4.0
2015-01-21 CVE-2015-0387 Oracle Remote Siebel Core - Server OM Services vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Security - LDAP Security Adapter.

4.0
2015-01-21 CVE-2015-0363 Oracle Remote Siebel Core EAI vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration Business Services.

4.0
2015-01-21 CVE-2014-6597 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53/8.54

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology.

4.0
2015-01-21 CVE-2014-6593 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.

4.0
2015-01-21 CVE-2014-6584 Oracle Remote Security vulnerability in Oracle Integrated Lights Out Manager (ILOM)

Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM before 3.2.4 allows remote authenticated users to affect confidentiality via unknown vectors related to Backup Restore.

4.0
2015-01-21 CVE-2014-6579 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.52/8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vectors related to Integration Broker.

4.0
2015-01-21 CVE-2014-6566 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via unknown vectors related to Portal.

4.0
2015-01-21 CVE-2015-0516 EMC Path Traversal vulnerability in EMC Vipr SRM and Watch4Net

Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.

4.0
2015-01-21 CVE-2014-9225 Broadcom
Symantec
Information Exposure vulnerability in multiple products

The ajaxswing webui in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to obtain sensitive server information via unspecified vectors.

4.0
2015-01-21 CVE-2014-6528 Oracle Remote Siebel Core - System Management vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core - System Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Server Infrastructure.

4.0
2015-01-21 CVE-2014-6514 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the PL/SQL component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors.

4.0

31 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2015-01-21 CVE-2015-0416 Oracle Remote Oracle Agile PLM vulnerability in Oracle Supply Chain products Suite 9.3.3

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Roles & Privileges.

3.5
2015-01-21 CVE-2015-0414 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/12.1.3.0.0

Unspecified vulnerability in the Oracle SOA Suite component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Fabric Layer.

3.5
2015-01-21 CVE-2015-0389 Oracle Remote Security vulnerability in Oracle Fusion Middleware 8.0

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2014-6592.

3.5
2015-01-21 CVE-2015-0385 Oracle Remote Security vulnerability in Oracle MySQL Server

Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.

3.5
2015-01-21 CVE-2015-0384 Oracle Remote Siebel Public Sector vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Public Sector component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect integrity via unknown vectors related to Public Sector Portal.

3.5
2015-01-21 CVE-2015-0374 Debian
Canonical
Fedoraproject
Oracle
Suse
Redhat
Mariadb
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security : Privileges : Foreign Key.
3.5
2015-01-21 CVE-2015-0370 Oracle Remote Security vulnerability in Oracle Database Server

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2013-5858.

3.5
2015-01-21 CVE-2015-0364 Oracle Remote Siebel Core - EAI vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect availability via unknown vectors related to Integration Business Services.

3.5
2015-01-21 CVE-2014-6599 Oracle Remote Siebel Core - Common Components vulnerability in Oracle Siebel CRM 8.1.1/8.2.2

Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Email.

3.5
2015-01-21 CVE-2013-6892 Websvn
Debian
Information Exposure vulnerability in multiple products

WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.

3.5
2015-01-21 CVE-2014-6592 Oracle Remote Security vulnerability in Oracle Fusion Middleware 8.0

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2015-0389.

3.5
2015-01-21 CVE-2014-6568 Canonical
Redhat
Debian
Fedoraproject
Oracle
Suse
Mariadb
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DML.
3.5
2015-01-21 CVE-2015-0513 EMC Cross-site Scripting vulnerability in EMC Vipr SRM and Watch4Net

Multiple cross-site scripting (XSS) vulnerabilities in the administrative user interface in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging privileged access to set crafted values of unspecified fields.

3.5
2015-01-21 CVE-2014-9224 Broadcom
Symantec
Cross-site Scripting vulnerability in multiple products

Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2015-01-21 CVE-2014-8914 IBM Cross-site Scripting vulnerability in IBM Business Process Manager

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8913.

3.5
2015-01-21 CVE-2014-8913 IBM Cross-site Scripting vulnerability in IBM Business Process Manager

Cross-site scripting (XSS) vulnerability in the Process Portal in IBM Business Process Manager 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.1, and 8.5.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2014-8914.

3.5
2015-01-21 CVE-2014-6525 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect integrity via unknown vectors related to Templates.

3.5
2015-01-21 CVE-2014-4279 Oracle Remote Security vulnerability in Oracle Peoplesoft products 8.53

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology.

3.5
2015-01-21 CVE-2015-0429 SUN Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility.

3.3
2015-01-21 CVE-2015-0427 Oracle
Opensuse
Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2014-6595.

3.2
2015-01-21 CVE-2014-6595 Opensuse
Oracle
Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6590, and CVE-2015-0427.

3.2
2015-01-21 CVE-2014-6590 Opensuse
Oracle
Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6589, CVE-2014-6595, and CVE-2015-0427.

3.2
2015-01-21 CVE-2014-6589 Opensuse
Oracle
Local Oracle Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6588, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.

3.2
2015-01-21 CVE-2014-6588 Opensuse
Oracle
Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than CVE-2014-6589, CVE-2014-6590, CVE-2014-6595, and CVE-2015-0427.

3.2
2015-01-21 CVE-2014-6591 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6585.

2.6
2015-01-21 CVE-2014-6585 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to 2D, a different vulnerability than CVE-2014-6591.

2.6
2015-01-21 CVE-2015-0418 Debian
Opensuse
Oracle
Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown vectors related to Core, a different vulnerability than CVE-2015-0377.

2.1
2015-01-21 CVE-2015-0397 SUN Local Security vulnerability in SUN Sunos 5.11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600.

2.1
2015-01-21 CVE-2015-0378 Oracle Local Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc.

2.1
2015-01-21 CVE-2015-0430 SUN Local Security vulnerability in Oracle Solaris

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility.

1.9
2015-01-21 CVE-2015-0413 Oracle
Suse
Canonical
Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.
1.9