Name |
Description |
CVE-2018-5379 |
The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free
memory when processing certain forms of UPDATE message, containing
cluster-list and/or unknown attributes. A successful attack could
cause a denial of service or potentially allow an attacker to execute
arbitrary code.
|
CVE-2018-1227 |
Pivotal Concourse after 2018-03-05 might allow remote attackers to
have an unspecified impact, if a customer obtained the Concourse
software from a DNS domain that is no longer controlled by Pivotal.
The original domain for the Concourse CI (concourse-dot-ci) open
source project has been registered by an unknown actor, and is
therefore no longer the official website for Concourse CI. The new
official domain is concourse-ci.org. At approximately 4 am EDT on
March 7, 2018 the Concourse OSS team began receiving reports that the
Concourse domain was not responding. The Concourse OSS team
discovered, upon investigation with both the original and the new
domain registrars, that the originating domain registrar had made the
domain available for purchase. This was done despite the domain being
renewed by the Concourse OSS team through August 2018. For a customer
to be affected, they would have needed to access a download from a
"concourse-dot-ci" domain web site after March 6, 2018 18:00:00 EST.
Accessing that domain is NOT recommended by Pivotal. Anyone who had
been using that domain should immediately begin using the
concourse-ci.org domain instead. Customers can also safely access
Concourse software from the traditionally available locations on the
Pivotal Network or GitHub.
|
CVE-2017-9779 |
OCaml compiler allows attackers to have unspecified impact via unknown
vectors, a similar issue to CVE-2017-9772 "but with much less impact."
|
CVE-2017-8380 |
Buffer overflow in the "megasas_mmio_write" function in Qemu 2.9.0
allows remote attackers to have unspecified impact via unknown
vectors.
|
CVE-2017-8072 |
The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c
in the Linux kernel 4.9.x before 4.9.9 does not have the expected EIO
error status for a zero-length report, which allows local users to
have an unspecified impact via unknown vectors.
|
CVE-2017-7278 |
Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort
4400 before A2 has unknown impact and attack vectors.
|
CVE-2017-6821 |
Directory traversal vulnerability in Zimbra Collaboration Suite (aka
ZCS) before 8.7.6 allows attackers to have unspecified impact via
unknown vectors.
|
CVE-2017-6507 |
An issue was discovered in AppArmor before 2.12. Incorrect handling of
unknown AppArmor profiles in AppArmor init scripts, upstart jobs,
and/or systemd unit files allows an attacker to possibly have increased
attack surfaces of processes that were intended to be confined by
AppArmor. This is due to the common logic to handle 'restart'
operations removing AppArmor profiles that aren't found in the typical
filesystem locations, such as /etc/apparmor.d/. Userspace projects that
manage their own AppArmor profiles in atypical directories, such as
what's done by LXD and Docker, are affected by this flaw in the
AppArmor init script logic.
|
CVE-2017-6356 |
Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0
before 8.0.1 uses weak permissions for unspecified resources, which
allows attackers to obtain sensitive session information via unknown
vectors.
|
CVE-2017-5999 |
An issue was discovered in sysPass 2.x before 2.1, in which an
algorithm was never sufficiently reviewed by cryptographers. The fact
that inc/SP/Core/Crypt.class is using the MCRYPT_RIJNDAEL_256()
function (the 256-bit block version of Rijndael, not AES) instead of
MCRYPT_RIJNDAEL_128 (real AES) could help an attacker to create unknown
havoc in the remote system.
|
CVE-2017-5641 |
Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not
restrict which types were allowed for AMF(X) object deserialization by
default. During the deserialization process code is executed that for
several known types has undesired side-effects. Other, unknown types
may also exhibit such behaviors. One vector in the Java standard
library exists that allows an attacker to trigger possibly further
exploitable Java deserialization of untrusted data. Other known
vectors in third party libraries can be used to trigger remote code
execution.
|
CVE-2017-5538 |
The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c
in the GPU driver on Samsung devices with M(6.0) and N(7.0) software
and Exynos AP chipsets allows attackers to have unspecified impact via
unknown vectors, which trigger an out-of-bounds read, aka
SVE-2016-6362.
|
CVE-2017-4995 |
An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE
through 4.2.2.RELEASE, and Spring Security 5.0.0.M1. When configured to
enable default typing, Jackson contained a deserialization
vulnerability that could lead to arbitrary code execution. Jackson
fixed this vulnerability by blacklisting known "deserialization
gadgets." Spring Security configures Jackson with global default typing
enabled, which means that (through the previous exploit) arbitrary code
could be executed if all of the following is true: (1) Spring
Security's Jackson support is being leveraged by invoking
SecurityJackson2Modules.getModules(ClassLoader) or
SecurityJackson2Modules.enableDefaultTyping(ObjectMapper); (2) Jackson
is used to deserialize data that is not trusted (Spring Security does
not perform deserialization using Jackson, so this is an explicit
choice of the user); and (3) there is an unknown (Jackson is not
blacklisting it already) "deserialization gadget" that allows code
execution present on the classpath. Jackson provides a blacklisting
approach to protecting against this type of attack, but Spring Security
should be proactive against blocking unknown "deserialization gadgets"
when Spring Security enables default typing.
|
CVE-2017-2477 |
An issue was discovered in certain Apple products. macOS before
10.12.4 is affected. The issue involves the "libxslt" component. It
allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown
vectors.
|
CVE-2017-2428 |
An issue was discovered in certain Apple products. iOS before 10.3 is
affected. macOS before 10.12.4 is affected. tvOS before 10.2 is
affected. watchOS before 3.2 is affected. The issue involves nghttp2
before 1.17.0 in the "HTTPProtocol" component. It allows remote HTTP/2
servers to have an unspecified impact via unknown vectors.
|
CVE-2017-17810 |
In Netwide Assembler (NASM) 2.14rc0, there is a "SEGV on unknown
address" that will cause a remote denial of service attack, because
asm/preproc.c mishandles macro calls that have the wrong number of
arguments.
|
CVE-2017-17457 |
The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead
to a remote DoS attack (SEGV on unknown address 0x000000000000), a
different vulnerability than CVE-2017-14246.
|
CVE-2017-17456 |
The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead
to a remote DoS attack (SEGV on unknown address 0x000000000000), a
different vulnerability than CVE-2017-14245.
|
CVE-2017-1699 |
IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure
permissions on certain files it creates. A local attacker could
exploit this vulnerability to modify or delete data contained in the
files with an unknown impact. IBM X-Force ID: 134391.
|
CVE-2017-15785 |
XnView Classic for Windows Version 2.43 allows attackers to execute
arbitrary code or cause a denial of service via a crafted .dwg file,
related to a "Data Execution Prevention Violation near NULL starting at
Unknown Symbol @ 0x0000000000000000 called from
CADImage+0x0000000000286a79."
|
CVE-2017-15747 |
IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows
attackers to execute arbitrary code or cause a denial of service via a
crafted .dwg file, related to a "Data Execution Prevention Violation
starting at Unknown Symbol @ 0x0000700b00260112 called from
CADIMAGE+0x00000000003d35ad."
|
CVE-2017-14752 |
Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before
16.10.6, and 17.04 before 17.04.4 are vulnerable to a user submitting
a potential dangerous payload, e.g., XSS code, to be saved as their
first name, last name, or display name in the profile fields that can
cause issues such as escalation of privileges or unknown execution of
malicious code when replying to messages in Mahara.
|
CVE-2017-14577 |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause
a denial of service via a crafted .xps file, related to a "Read Access
Violation on Control Flow starting at Unknown Symbol @
0x0000000003aa7cef called from Unknown Symbol @ 0x0000000004aa024d."
|
CVE-2017-14576 |
STDU Viewer 1.6.375 allows attackers to cause a denial of service or
possibly have unspecified other impact via a crafted .xps file, related
to a "Possible Stack Corruption starting at Unknown Symbol @
0x00000000049f0281."
|
CVE-2017-14575 |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause
a denial of service via a crafted .xps file, related to an "Illegal
Instruction Violation starting at Unknown Symbol @ 0x0000000002d8024c
called from STDUXPSFile!DllUnregisterServer+0x000000000002566c."
|
CVE-2017-14574 |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause
a denial of service via a crafted .xps file, related to a "User Mode
Write AV starting at Unknown Symbol @ 0x0000000004940490."
|
CVE-2017-14573 |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause
a denial of service via a crafted .xps file, related to an "Illegal
Instruction Violation starting at Unknown Symbol @ 0x00000000030c024c
called from STDUXPSFile!DllUnregisterServer+0x000000000002566a."
|
CVE-2017-14572 |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause
a denial of service via a crafted .xps file, related to a "User Mode
Write AV starting at Unknown Symbol @ 0x000000000479049b called from
Unknown Symbol @ 0x000000000d89645b."
|
CVE-2017-14571 |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause
a denial of service via a crafted .xps file, related to an "Illegal
Instruction Violation starting at Unknown Symbol @ 0x00000000049c024c
called from STDUXPSFile!DllUnregisterServer+0x0000000000025706."
|
CVE-2017-14568 |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause
a denial of service via a crafted .xps file, related to an "Illegal
Instruction Violation starting at Unknown Symbol @ 0x000000000297024c
called from STDUXPSFile!DllUnregisterServer+0x0000000000025630."
|
CVE-2017-14567 |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause
a denial of service via a crafted .xps file, related to an "Illegal
Instruction Violation starting at Unknown Symbol @ 0x00000000028c024d
called from STDUXPSFile!DllUnregisterServer+0x000000000002e77b."
|
CVE-2017-14566 |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause
a denial of service via a crafted .xps file, related to a "User Mode
Write AV starting at Unknown Symbol @ 0x00000000039d76c4 called from
Unknown Symbol @ 0x0000000000049d2c."
|
CVE-2017-14565 |
STDU Viewer 1.6.375 allows attackers to cause a denial of service or
possibly have unspecified other impact via a crafted .xps file, related
to a "Possible Stack Corruption starting at Unknown Symbol @
0x00000000038f2fbf called from
image00000000_00400000+0x0000000000240065."
|
CVE-2017-14561 |
STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause
a denial of service via a crafted .xps file, related to an "Illegal
Instruction Violation starting at Unknown Symbol @ 0x00000000048c024d
called from STDUXPSFile!DllUnregisterServer+0x0000000000025638."
|
CVE-2017-14181 |
DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5
allows remote attackers to cause a denial of service (invalid memory
write, SEGV on unknown address 0x000000000030, and application crash)
or possibly have unspecified other impact via a crafted .wav file, aka
a NULL pointer dereference.
|
CVE-2017-1382 |
IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create
files using the default permissions instead of the customized
permissions when custom startup scripts are used. A local attacker
could exploit this to gain access to files with an unknown impact. IBM
X-Force ID: 127153.
|
CVE-2017-12858 |
Double free vulnerability in the _zip_dirent_read function in
zip_dirent.c in libzip allows attackers to have unspecified impact via
unknown vectors.
|
CVE-2017-12463 |
Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite
before 2.00 allows context-dependent attackers to cause a denial of
service (memory consumption) via vectors involving an envelope_s
structure pointer when the packet format is unknown.
|
CVE-2017-10742 |
XnView Classic for Windows Version 2.40 allows attackers to execute
arbitrary code or cause a denial of service via a crafted .rle file,
related to a "Data Execution Prevention Violation starting at Unknown
Symbol @ 0x00000000380a0500 called from
ntdll_77df0000!LdrxCallInitRoutine+0x0000000000000016."
|
CVE-2017-10739 |
XnView Classic for Windows Version 2.40 allows attackers to execute
arbitrary code or cause a denial of service via a crafted .rle file,
related to a "Data Execution Prevention Violation starting at Unknown
Symbol @ 0x000000000c1b541c called from xnview+0x00000000003826ec."
|
CVE-2017-10738 |
XnView Classic for Windows Version 2.40 allows attackers to execute
arbitrary code or cause a denial of service via a crafted .rle file,
related to a "Data Execution Prevention Violation starting at Unknown
Symbol @ 0x000000002f32332f called from
KERNELBASE!CompareStringW+0x0000000000000082."
|
CVE-2016-9085 |
Multiple integer overflows in libwebp allows attackers to have
unspecified impact via unknown vectors.
|
CVE-2016-8295 |
Unspecified vulnerability in the PeopleSoft Enterprise HCM component
in Oracle PeopleSoft Products 9.2 allows remote authenticated users to
affect confidentiality via unknown vectors.
|
CVE-2016-8294 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote
authenticated users to affect confidentiality via unknown vectors.
|
CVE-2016-8281 |
Unspecified vulnerability in the Oracle Platform Security for Java
component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and
12.2.1.1.0 allows remote authenticated users to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than CVE-2016-5536.
|
CVE-2016-7447 |
Heap-based buffer overflow in the EscapeParenthesis function in
GraphicsMagick before 1.3.25 allows remote attackers to have
unspecified impact via unknown vectors.
|
CVE-2016-7446 |
Buffer overflow in the MVG and SVG rendering code in GraphicsMagick
1.3.24 allows remote attackers to have unspecified impact via unknown
vectors. Note: This vulnerability exists due to an incomplete patch
for CVE-2016-2317.
|
CVE-2016-7433 |
NTP before 4.2.8p9 does not properly perform the initial sync
calculations, which allows remote attackers to unspecified impact via
unknown vectors, related to a "root distance that did not include the
peer dispersion."
|
CVE-2016-7254 |
Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a
cast of an unspecified pointer, which allows remote authenticated
users to gain privileges via unknown vectors, aka "SQL RDBMS Engine
Elevation of Privilege Vulnerability."
|
CVE-2016-7250 |
Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly
perform a cast of an unspecified pointer, which allows remote
authenticated users to gain privileges via unknown vectors, aka "SQL
RDBMS Engine Elevation of Privilege Vulnerability."
|
CVE-2016-7249 |
Microsoft SQL Server 2016 does not properly perform a cast of an
unspecified pointer, which allows remote authenticated users to gain
privileges via unknown vectors, aka "SQL RDBMS Engine Elevation of
Privilege Vulnerability."
|
CVE-2016-7139 |
Cross-site scripting (XSS) vulnerability in an unspecified page
template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x
through 3.3.6 allows remote attackers to inject arbitrary web script
or HTML via unknown vectors.
|
CVE-2016-6875 |
Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows
attackers to have unspecified impact via unknown vectors.
|
CVE-2016-6874 |
The array_*_recursive functions in Facebook HHVM before 3.15.0 allows
attackers to have unspecified impact via unknown vectors, related to
recursion.
|
CVE-2016-6873 |
Self recursion in compact in Facebook HHVM before 3.15.0 allows
attackers to have unspecified impact via unknown vectors.
|
CVE-2016-6872 |
Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0
allows attackers to have unspecified impact via unknown vectors.
|
CVE-2016-6871 |
Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows
attackers to have unspecified impact via unknown vectors, which
triggers a buffer overflow.
|
CVE-2016-6870 |
Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail,
and (3) mb_detect_order functions in Facebook HHVM before 3.15.0
allows attackers to have unspecified impact via unknown vectors.
|
CVE-2016-6692 |
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in
Android before 2016-10-05 allows attackers to cause a denial of
service (invalid pointer access) or possibly have unspecified other
impact via unknown vectors, aka Qualcomm internal bug CR 1004933.
|
CVE-2016-6604 |
NULL pointer dereference in Samsung Exynos fimg2d driver for Android
L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via
unknown vectors.
|
CVE-2016-6303 |
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c
in OpenSSL before 1.1.0 allows remote attackers to cause a denial of
service (out-of-bounds write and application crash) or possibly have
unspecified other impact via unknown vectors.
|
CVE-2016-6150 |
The multi-tenant database container feature in SAP HANA does not
properly encrypt communications, which allows remote attackers to
bypass intended access restrictions and possibly have unspecified
other impact via unknown vectors, aka SAP Security Note 2233550.
|
CVE-2016-6137 |
An unspecified function in SAP TREX 7.10 Revision 63 allows remote
attackers to execute arbitrary OS commands via unknown vectors, aka
SAP Security Note 2203591.
|
CVE-2016-5827 |
The icaltime_from_string function in libical 0.47 and 1.0 allows
remote attackers to cause a denial of service (out-of-bounds heap
read) via a crafted string to the icalparser_parse_string function.
|
CVE-2016-5826 |
The parser_get_next_char function in libical 0.47 and 1.0 allows
remote attackers to cause a denial of service (out-of-bounds heap
read) by crafting a string to the icalparser_parse_string function.
|
CVE-2016-5825 |
The icalparser_parse_string function in libical 0.47 and 1.0 allows
remote attackers to cause a denial of service (out-of-bounds heap
read) via a crafted ics file.
|
CVE-2016-5824 |
libical 1.0 allows remote attackers to cause a denial of service
(use-after-free) via a crafted ics file.
|
CVE-2016-5823 |
The icalproperty_new_clone function in libical 0.47 and 1.0 allows
remote attackers to cause a denial of service (use-after-free) via a
crafted ics file.
|
CVE-2016-5600 |
Unspecified vulnerability in the PeopleSoft Enterprise SCM Services
Procurement component in Oracle PeopleSoft Products 9.1 and 9.2 allows
remote authenticated users to affect confidentiality and integrity via
unknown vectors.
|
CVE-2016-5596 |
Unspecified vulnerability in the Oracle CRM Technical Foundation
component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3
through 12.2.6 allows remote authenticated users to affect
confidentiality via unknown vectors.
|
CVE-2016-5595 |
Unspecified vulnerability in the Oracle Customer Interaction History
component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3,
and 12.2.4 allows remote attackers to affect confidentiality and
integrity via unknown vectors, a different vulnerability than
CVE-2016-5592.
|
CVE-2016-5593 |
Unspecified vulnerability in the Oracle Customer Interaction History
component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3,
and 12.2.4 allows remote attackers to affect confidentiality and
integrity via unknown vectors, a different vulnerability than
CVE-2016-5587 and CVE-2016-5591.
|
CVE-2016-5592 |
Unspecified vulnerability in the Oracle Customer Interaction History
component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3,
and 12.2.4 allows remote attackers to affect confidentiality and
integrity via unknown vectors, a different vulnerability than
CVE-2016-5595.
|
CVE-2016-5591 |
Unspecified vulnerability in the Oracle Customer Interaction History
component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3,
and 12.2.4 allows remote attackers to affect confidentiality and
integrity via unknown vectors, a different vulnerability than
CVE-2016-5587 and CVE-2016-5593.
|
CVE-2016-5589 |
Unspecified vulnerability in the Oracle CRM Technical Foundation
component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3
through 12.2.6 allows remote attackers to affect confidentiality and
integrity via unknown vectors.
|
CVE-2016-5587 |
Unspecified vulnerability in the Oracle Customer Interaction History
component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3,
and 12.2.4 allows remote attackers to affect confidentiality and
integrity via unknown vectors, a different vulnerability than
CVE-2016-5591 and CVE-2016-5593.
|
CVE-2016-5586 |
Unspecified vulnerability in the Oracle Email Center component in
Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through
12.2.6 allows remote attackers to affect confidentiality and integrity
via unknown vectors.
|
CVE-2016-5585 |
Unspecified vulnerability in the Oracle Interaction Center
Intelligence component in Oracle E-Business Suite 12.1.1 through
12.1.3 allows remote attackers to affect confidentiality and integrity
via unknown vectors.
|
CVE-2016-5583 |
Unspecified vulnerability in the Oracle One-to-One Fulfillment
component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3
through 12.2.6 allows remote attackers to affect integrity via unknown
vectors.
|
CVE-2016-5581 |
Unspecified vulnerability in the Oracle iRecruitment component in
Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through
12.2.6 allows local users to affect confidentiality, integrity, and
availability via unknown vectors.
|
CVE-2016-5572 |
Unspecified vulnerability in the Kernel PDB component in Oracle
Database Server 12.1.0.2 allows local users to affect confidentiality,
integrity, and availability via unknown vectors.
|
CVE-2016-5569 |
Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and
Collateral Management component in Oracle Financial Services
Applications 12.0.0 and 12.1.0 allows remote authenticated users to
affect confidentiality and integrity via unknown vectors.
|
CVE-2016-5566 |
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote
attackers to affect confidentiality via unknown vectors.
|
CVE-2016-5562 |
Unspecified vulnerability in the Oracle iProcurement component in
Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through
12.2.6 allows remote authenticated users to affect confidentiality and
integrity via unknown vectors.
|
CVE-2016-5557 |
Unspecified vulnerability in the Oracle Advanced Pricing component in
Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through
12.2.6 allows remote attackers to affect confidentiality and integrity
via unknown vectors.
|
CVE-2016-5555 |
Unspecified vulnerability in the OJVM component in Oracle Database
Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect
confidentiality, integrity, and availability via unknown vectors.
|
CVE-2016-5553 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows
local users to affect availability via unknown vectors.
|
CVE-2016-5540 |
Unspecified vulnerability in the Oracle Retail Xstore Payment
component in Oracle Retail Applications 1.x allows local users to
affect confidentiality and integrity via unknown vectors.
|
CVE-2016-5539 |
Unspecified vulnerability in the Oracle Retail Xstore Payment
component in Oracle Retail Applications 1.x allows local users to
affect confidentiality, integrity, and availability via unknown
vectors.
|
CVE-2016-5537 |
Unspecified vulnerability in the NetBeans component in Oracle Fusion
Middleware 8.1 allows local users to affect confidentiality,
integrity, and availability via unknown vectors. NOTE: the previous
information is from the October 2016 CPU. Oracle has not commented on
third-party claims that this issue is a directory traversal
vulnerability which allows local users with certain permissions to
write to arbitrary files and consequently gain privileges via a ..
(dot dot) in a archive entry in a ZIP file imported as a project.
|
CVE-2016-5536 |
Unspecified vulnerability in the Oracle Platform Security for Java
component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and
12.2.1.1.0 allows remote authenticated users to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than CVE-2016-8281.
|
CVE-2016-5535 |
Unspecified vulnerability in the Oracle WebLogic Server component in
Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors.
|
CVE-2016-5534 |
Unspecified vulnerability in the Siebel Apps - Customer Order
Management component in Oracle Siebel CRM 16.1 allows remote
authenticated users to affect confidentiality via unknown vectors.
|
CVE-2016-5533 |
Unspecified vulnerability in the Primavera P6 Enterprise Project
Portfolio Management component in Oracle Primavera Products Suite 8.4,
15.x, and 16.x allows remote authenticated users to affect
confidentiality and integrity via unknown vectors.
|
CVE-2016-5527 |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle
Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to
affect confidentiality via unknown vectors, a different vulnerability
than CVE-2016-5524.
|
CVE-2016-5524 |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle
Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to
affect confidentiality via unknown vectors, a different vulnerability
than CVE-2016-5527.
|
CVE-2016-5522 |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle
Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote
authenticated users to affect confidentiality via unknown vectors.
|
CVE-2016-5521 |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle
Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to
affect confidentiality and integrity via unknown vectors, a different
vulnerability than CVE-2016-5512.
|
CVE-2016-5516 |
Unspecified vulnerability in the Kernel PDB component in Oracle
Database Server 12.1.0.2 allows local users to affect availability via
unknown vectors.
|
CVE-2016-5512 |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle
Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to
affect confidentiality and integrity via unknown vectors, a different
vulnerability than CVE-2016-5521.
|
CVE-2016-5511 |
Unspecified vulnerability in the Oracle WebCenter Sites component in
Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows
remote attackers to affect integrity via unknown vectors.
|
CVE-2016-5510 |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle
Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to
affect confidentiality via unknown vectors.
|
CVE-2016-5505 |
Unspecified vulnerability in the RDBMS Programmable Interface
component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local
users to affect confidentiality via unknown vectors.
|
CVE-2016-5499 |
Unspecified vulnerability in the RDBMS Security component in Oracle
Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect
confidentiality via unknown vectors, a different vulnerability than
CVE-2016-5498.
|
CVE-2016-5498 |
Unspecified vulnerability in the RDBMS Security component in Oracle
Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect
confidentiality via unknown vectors, a different vulnerability than
CVE-2016-5499.
|
CVE-2016-5497 |
Unspecified vulnerability in the RDBMS Security component in Oracle
Database Server 12.1.0.2 allows local users to affect confidentiality,
integrity, and availability via unknown vectors.
|
CVE-2016-5493 |
Unspecified vulnerability in the Oracle FLEXCUBE Private Banking
component in Oracle Financial Services Applications 12.0.1 through
12.0.3 allows remote authenticated users to affect confidentiality and
integrity via unknown vectors.
|
CVE-2016-5491 |
Unspecified vulnerability in the Oracle Commerce Service Center
component in Oracle Commerce 10.0.3.5 and 10.2.0.5 allows remote
attackers to affect confidentiality and integrity via unknown vectors.
|
CVE-2016-5487 |
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local
users to affect confidentiality, integrity, and availability via
unknown vectors.
|
CVE-2016-5482 |
Unspecified vulnerability in the Oracle Commerce Guided Search
component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through
6.5.2 allows remote attackers to affect confidentiality and integrity
via unknown vectors.
|
CVE-2016-5447 |
Unspecified vulnerability in the ILOM component in Oracle Sun Systems
Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to
affect confidentiality, integrity, and availability via unknown
vectors.
|
CVE-2016-5445 |
Unspecified vulnerability in the ILOM component in Oracle Sun Systems
Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors.
|
CVE-2016-5421 |
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers
to control which connection is used or possibly have unspecified other
impact via unknown vectors.
|
CVE-2016-5372 |
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator
Framework before 4.3.0P1 allows remote attackers to hijack the
authentication of users for requests that have unspecified impact via
unknown vectors.
|
CVE-2016-5360 |
HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule,
allows remote attackers to cause a denial of service (uninitialized
memory access and crash) or possibly have unspecified other impact via
unknown vectors.
|
CVE-2016-5257 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 49.0 and Firefox ESR 45.x before 45.4 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
|
CVE-2016-5256 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 49.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2016-5178 |
Multiple unspecified vulnerabilities in Google Chrome before
53.0.2785.143 allow remote attackers to cause a denial of service or
possibly have other impact via unknown vectors.
|
CVE-2016-5177 |
Use-after-free vulnerability in V8 in Google Chrome before
53.0.2785.143 allows remote attackers to cause a denial of service
(crash) or possibly have unspecified other impact via unknown vectors.
|
CVE-2016-5175 |
Multiple unspecified vulnerabilities in Google Chrome before
53.0.2785.113 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2016-5169 |
Format string vulnerability in Google Chrome OS before 53.0.2785.103
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.
|
CVE-2016-5167 |
Multiple unspecified vulnerabilities in Google Chrome before
53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux
allow attackers to cause a denial of service or possibly have other
impact via unknown vectors.
|
CVE-2016-5156 |
extensions/renderer/event_bindings.cc in the event bindings in Google
Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92
on Linux attempts to process filtered events after failure to add an
event matcher, which allows remote attackers to cause a denial of
service (use-after-free) or possibly have unspecified other impact via
unknown vectors.
|
CVE-2016-5146 |
Multiple unspecified vulnerabilities in Google Chrome before
52.0.2743.116 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2016-4889 |
ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote
authenticated guest users to have unspecified impact by leveraging
failure to restrict access to unknown functions.
|
CVE-2016-4788 |
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0
before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read
an unspecified system file via unknown vectors.
|
CVE-2016-4787 |
Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0
before 8.0r10, and 7.4 before 7.4r13.4 allow remote attackers to read
sensitive system authentication files in an unspecified directory via
unknown vectors.
|
CVE-2016-4616 |
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before
12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2,
and watchOS before 2.2.2 allows remote attackers to cause a denial of
service (memory corruption) or possibly have unspecified other impact
via unknown vectors, a different vulnerability than CVE-2016-4614,
CVE-2016-4615, and CVE-2016-4619.
|
CVE-2016-4615 |
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before
12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2,
and watchOS before 2.2.2 allows remote attackers to cause a denial of
service (memory corruption) or possibly have unspecified other impact
via unknown vectors, a different vulnerability than CVE-2016-4614,
CVE-2016-4616, and CVE-2016-4619.
|
CVE-2016-4614 |
libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before
12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2,
and watchOS before 2.2.2 allows remote attackers to cause a denial of
service (memory corruption) or possibly have unspecified other impact
via unknown vectors, a different vulnerability than CVE-2016-4615,
CVE-2016-4616, and CVE-2016-4619.
|
CVE-2016-4610 |
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before
12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2,
and watchOS before 2.2.2 allows remote attackers to cause a denial of
service (memory corruption) or possibly have unspecified other impact
via unknown vectors, a different vulnerability than CVE-2016-4607,
CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.
|
CVE-2016-4609 |
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before
12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2,
and watchOS before 2.2.2 allows remote attackers to cause a denial of
service (memory corruption) or possibly have unspecified other impact
via unknown vectors, a different vulnerability than CVE-2016-4607,
CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.
|
CVE-2016-4608 |
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before
12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2,
and watchOS before 2.2.2 allows remote attackers to cause a denial of
service (memory corruption) or possibly have unspecified other impact
via unknown vectors, a different vulnerability than CVE-2016-4607,
CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
|
CVE-2016-4607 |
libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before
12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2,
and watchOS before 2.2.2 allows remote attackers to cause a denial of
service (memory corruption) or possibly have unspecified other impact
via unknown vectors, a different vulnerability than CVE-2016-4608,
CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.
|
CVE-2016-4529 |
An unspecified ActiveX control in Schneider Electric SoMachine HVAC
Programming Software for M171/M172 Controllers before 2.1.0 allows
remote attackers to execute arbitrary code via unknown vectors,
related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for
scripting) flag.
|
CVE-2016-4525 |
Unspecified ActiveX controls in Advantech WebAccess before
8.1_20160519 allow remote authenticated users to obtain sensitive
information or modify data via unknown vectors, related to the
INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.
|
CVE-2016-4524 |
ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords
in unspecified temporary circumstances, which allows local users to
obtain sensitive information via unknown vectors.
|
CVE-2016-4498 |
Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an
uninitialized pointer, which allows local users to cause a denial of
service or possibly have unspecified other impact via unknown vectors.
|
CVE-2016-4448 |
Format string vulnerability in libxml2 before 2.9.4 allows attackers
to have unspecified impact via format string specifiers in unknown
vectors.
|
CVE-2016-4396 |
HPE System Management Homepage before v7.6 allows remote attackers to
have an unspecified impact via unknown vectors, related to a "Buffer
Overflow" issue.
|
CVE-2016-4395 |
HPE System Management Homepage before v7.6 allows remote attackers to
have an unspecified impact via unknown vectors, related to a "Buffer
Overflow" issue.
|
CVE-2016-4375 |
Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3
(aka iLO 3) firmware before 1.88, Integrated Lights-Out 4 (aka iLO 4)
firmware before 2.44, and Integrated Lights-Out 4 (aka iLO 4) mRCA
firmware before 2.32 allow remote attackers to obtain sensitive
information, modify data, or cause a denial of service via unknown
vectors.
|
CVE-2016-4171 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier
allows remote attackers to execute arbitrary code via unknown vectors,
as exploited in the wild in June 2016.
|
CVE-2016-4166 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4156 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4155 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4154 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4153 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4152 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4151 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4150 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4149 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4148 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4147 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4146 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4145 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4144 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4143 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4142 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4141 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4140 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4139 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4138 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4137 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4136 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4135 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4134 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4133 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4132 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4131 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4130 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4129 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4128 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4127 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4126 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4125 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4124 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4123 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4122 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-083.
|
CVE-2016-4116 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-4115 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-4114 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-4113 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-4112 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-4111 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-4110 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-4109 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-4108 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-4019 |
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows
remote attackers to affect integrity via unknown vectors, aka bug
104477.
|
CVE-2016-4005 |
The Huawei Hilink App application before 3.19.2 for Android does not
validate SSL certificates, which allows local users to have
unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.
|
CVE-2016-3929 |
Unspecified vulnerability in a Qualcomm component in Android before
2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack
vectors, aka internal bug 28823675.
|
CVE-2016-3927 |
Unspecified vulnerability in a Qualcomm component in Android before
2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack
vectors, aka internal bug 28823244.
|
CVE-2016-3926 |
Unspecified vulnerability in a Qualcomm component in Android before
2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and
attack vectors, aka internal bug 28823953.
|
CVE-2016-3877 |
Unspecified vulnerability in Android before 2016-09-01 has unknown
impact and attack vectors.
|
CVE-2016-3720 |
XML external entity (XXE) vulnerability in XmlMapper in the Data
format extension for Jackson (aka jackson-dataformat-xml) allows
attackers to have unspecified impact via unknown vectors.
|
CVE-2016-3679 |
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33,
as used in Google Chrome before 49.0.2623.108, allow attackers to
cause a denial of service or possibly have other impact via unknown
vectors.
|
CVE-2016-3677 |
The Huawei Wear App application before 15.0.0.307 for Android does not
validate SSL certificates, which allows local users to have
unspecified impact via unknown vectors, aka HWPSIRT-2016-03008.
|
CVE-2016-3609 |
Unspecified vulnerability in the OJVM component in Oracle Database
Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated
users to affect confidentiality, integrity, and availability via
unknown vectors.
|
CVE-2016-3589 |
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking
component in Oracle Financial Services Applications 12.0.1, 12.0.2,
and 12.0.3 allows remote attackers to affect confidentiality and
integrity via unknown vectors.
|
CVE-2016-3542 |
Unspecified vulnerability in the Oracle Knowledge Management component
in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and
12.2.5 allows remote administrators to affect confidentiality and
integrity via unknown vectors.
|
CVE-2016-3515 |
Unspecified vulnerability in the Oracle Enterprise Communications
Broker component in Oracle Communications Applications before PCz
2.0.0m4p1 allows remote attackers to affect confidentiality via
unknown vectors.
|
CVE-2016-3506 |
Unspecified vulnerability in the JDBC component in Oracle Database
Server 11.2.0.4, 12.1.0.1, and 12.1.0.2; the Oracle Retail Xstore
Point of Service 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, and 16.0; the Oracle
Retail Warehouse Management System 14.04, 14.1.3, and 15.0.1; the
Oracle Retail Workforce Management 1.60.7, and 1.64.0; the Oracle
Retail Clearance Optimization Engine 13.4; the Oracle Retail Markdown
Optimization 13.4 and 14.0; and Oracle Retail Merchandising System
16.0 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors.
|
CVE-2016-3502 |
Unspecified vulnerability in the Oracle WebCenter Sites component in
Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote
authenticated users to affect confidentiality, integrity, and
availability via unknown vectors.
|
CVE-2016-3489 |
Unspecified vulnerability in the Data Pump Import component in Oracle
Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to
affect confidentiality, integrity, and availability via unknown
vectors.
|
CVE-2016-3488 |
Unspecified vulnerability in the DB Sharding component in Oracle
Database Server 12.1.0.2 allows local users to affect integrity via
unknown vectors.
|
CVE-2016-3487 |
Unspecified vulnerability in the Oracle WebCenter Sites component in
Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors.
|
CVE-2016-3484 |
Unspecified vulnerability in the Database Vault component in Oracle
Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to
affect confidentiality and integrity via unknown vectors.
|
CVE-2016-3479 |
Unspecified vulnerability in the Portable Clusterware component in
Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers
to affect availability via unknown vectors.
|
CVE-2016-3473 |
Unspecified vulnerability in the BI Publisher (formerly XML Publisher)
component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and
12.2.1.0.0 allows remote authenticated users to affect confidentiality
via unknown vectors.
|
CVE-2016-3467 |
Unspecified vulnerability in the Application Express component in
Oracle Database Server before 5.0.4 allows remote attackers to affect
availability via unknown vectors.
|
CVE-2016-3454 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to
affect confidentiality, integrity, and availability via unknown
vectors.
|
CVE-2016-3448 |
Unspecified vulnerability in the Application Express component in
Oracle Database Server before 5.0.4 allows remote attackers to affect
confidentiality and integrity via unknown vectors.
|
CVE-2016-3438 |
Unspecified vulnerability in the Oracle Configurator component in
Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows
remote attackers to affect confidentiality and integrity via vectors
related to JRAD Heartbeat. NOTE: the previous information is from the
April 2016 CPU. Oracle has not commented on third-party claims that
that this issue involves multiple cross-site scripting (XSS)
vulnerabilities, which allow remote attackers to inject arbitrary web
script or HTML via three unspecified parameters in an unknown JSP
file.
|
CVE-2016-3418 |
Unspecified vulnerability in the DataStore component in Oracle
Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28,
12.1.6.0.35, and 12.1.6.1.26 allows local users to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than CVE-2016-0682, CVE-2016-0689,
CVE-2016-0692, and CVE-2016-0694.
|
CVE-2016-3414 |
Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7
allows remote authenticated users to affect availability via unknown
vectors, aka bug 102029.
|
CVE-2016-3413 |
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows
remote attackers to affect integrity via unknown vectors, aka bug
103996.
|
CVE-2016-3405 |
Multiple unspecified vulnerabilities in Zimbra Collaboration before
8.7.0 allow remote attackers to affect integrity via unknown vectors,
aka bugs 103961 and 104828.
|
CVE-2016-3404 |
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows
remote attackers to affect integrity via unknown vectors, aka bug
103959.
|
CVE-2016-3402 |
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows
remote attackers to affect confidentiality via unknown vectors, aka
bug 99167.
|
CVE-2016-3401 |
Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows
remote authenticated users to affect integrity via unknown vectors,
aka bug 99810.
|
CVE-2016-3125 |
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2
does not properly handle the TLSDHParamFile directive, which might
cause a weaker than intended Diffie-Hellman (DH) key to be used and
consequently allow attackers to have unspecified impact via unknown
vectors.
|
CVE-2016-3118 |
CRLF injection vulnerability in CA API Gateway (formerly Layer7 API
Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4
before 8.4.01 allows remote attackers to have an unspecified impact
via unknown vectors.
|
CVE-2016-2940 |
Multiple unspecified vulnerabilities in IBM BigFix Remote Control
before 9.1.3 allow remote attackers to obtain sensitive information
via unknown vectors.
|
CVE-2016-2936 |
IBM BigFix Remote Control before 9.1.3 uses cleartext storage for
unspecified passwords, which allows local users to obtain sensitive
information via unknown vectors.
|
CVE-2016-2843 |
Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26,
as used in Google Chrome before 49.0.2623.75, allow attackers to cause
a denial of service or possibly have other impact via unknown vectors.
|
CVE-2016-2835 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 48.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2016-2834 |
Mozilla Network Security Services (NSS) before 3.23, as used in
Mozilla Firefox before 47.0, allows remote attackers to cause a denial
of service (memory corruption and application crash) or possibly have
unspecified other impact via unknown vectors.
|
CVE-2016-2818 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
|
CVE-2016-2815 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 47.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2016-2807 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 46.0, Firefox ESR 38.x before 38.8, and Firefox ESR
45.x before 45.1 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2016-2806 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 46.0 and Firefox ESR 45.x before 45.1 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
|
CVE-2016-2805 |
Unspecified vulnerability in the browser engine in Mozilla Firefox ESR
38.x before 38.8 allows remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2016-2804 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 46.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2016-2795 |
The graphite2::FileFace::get_table_fn function in Graphite 2 before
1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x
before 38.7, does not initialize memory for an unspecified data
structure, which allows remote attackers to cause a denial of service
or possibly have unknown other impact via a crafted Graphite smart
font.
|
CVE-2016-2790 |
The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before
1.3.6, as used in Mozilla Firefox before 45.0 and Firefox ESR 38.x
before 38.7, does not initialize memory for an unspecified data
structure, which allows remote attackers to cause a denial of service
or possibly have unknown other impact via a crafted Graphite smart
font.
|
CVE-2016-2408 |
An unspecified client-side component in Pulse Secure Desktop Client
before 5.0r15.1, 5.1rX before 5.1r9.1, and 5.2rX before 5.2r4.1;
Installer Service (formerly Juniper Installer Service) and
Collaboration (formerly Secure Meeting) before 8.0r15.1, 8.1rX before
8.1r9.1, and 8.2rX before 8.2r4.1; and Odyssey Access Client before
5.6r18 on Windows allows local users to gain administrative privileges
via unknown vectors.
|
CVE-2016-2300 |
Ecava IntegraXor before 5.0 build 4522 allows remote attackers to
bypass authentication and access unspecified web pages via unknown
vectors.
|
CVE-2016-2214 |
Cross-site scripting (XSS) vulnerability in an unspecified portal
authentication page in Huawei Agile Controller-Campus with software
before V100R001C00SPC319 allows remote attackers to inject arbitrary
web script or HTML via unknown vectors.
|
CVE-2016-2205 |
Directory traversal vulnerability in the file-download configuration
file in the management console in Symantec Workspace Streaming (SWS)
7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec
Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0
before 7.6 HF5 allows remote authenticated users to read unspecified
application files via unknown vectors.
|
CVE-2016-2199 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the
Organizations and Remediation management page in Enterprise Manager in
McAfee Vulnerability Manager (MVM) before 7.5.10 allow remote
attackers to hijack the authentication of administrators for requests
that have unspecified impact via unknown vectors.
|
CVE-2016-2182 |
The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0
does not properly validate division results, which allows remote
attackers to cause a denial of service (out-of-bounds write and
application crash) or possibly have unspecified other impact via
unknown vectors.
|
CVE-2016-2090 |
Off-by-one vulnerability in the fgetwln function in libbsd before
0.8.2 allows attackers to have unspecified impact via unknown vectors,
which trigger a heap-based buffer overflow.
|
CVE-2016-2082 |
Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log
Insight 2.x and 3.x before 3.3.2 allows remote attackers to hijack the
authentication of unspecified victims via unknown vectors.
|
CVE-2016-2051 |
Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17,
as used in Google Chrome before 48.0.2564.82, allow attackers to cause
a denial of service or possibly have other impact via unknown vectors.
|
CVE-2016-1991 |
HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2,
and 6.8c before P1, and ArcSight ESM Express before 6.9.1, allows
remote authenticated users to conduct unspecified "file download"
attacks via unknown vectors.
|
CVE-2016-1976 |
Use-after-free vulnerability in the DesktopDisplayDevice class in the
WebRTC implementation in Mozilla Firefox before 45.0 on Windows might
allow remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.
|
CVE-2016-1975 |
Multiple race conditions in dom/media/systemservices/CamerasChild.cpp
in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows
might allow remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown
vectors.
|
CVE-2016-1972 |
Race condition in libvpx in Mozilla Firefox before 45.0 on Windows
might allow remote attackers to cause a denial of service
(use-after-free) or possibly have unspecified other impact via unknown
vectors.
|
CVE-2016-1971 |
The I420VideoFrame::CreateFrame function in the WebRTC implementation
in Mozilla Firefox before 45.0 on Windows omits an unspecified status
check, which might allow remote attackers to cause a denial of service
(memory corruption) or possibly have other impact via unknown vectors.
|
CVE-2016-1970 |
Integer underflow in the srtp_unprotect function in the WebRTC
implementation in Mozilla Firefox before 45.0 on Windows might allow
remote attackers to cause a denial of service (memory corruption) or
possibly have unspecified other impact via unknown vectors.
|
CVE-2016-1953 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 45.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via vectors related to
js/src/jit/arm/Assembler-arm.cpp, and unknown other vectors.
|
CVE-2016-1952 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 45.0 and Firefox ESR 38.x before 38.7 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
|
CVE-2016-1944 |
The Buffer11::NativeBuffer11::map function in ANGLE, as used in
Mozilla Firefox before 44.0, might allow remote attackers to cause a
denial of service (memory corruption) or possibly have unspecified
other impact via unknown vectors.
|
CVE-2016-1930 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 44.0 and Firefox ESR 38.x before 38.6 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
|
CVE-2016-1910 |
The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers
to decrypt unspecified data via unknown vectors, aka SAP Security Note
2191290.
|
CVE-2016-1705 |
Multiple unspecified vulnerabilities in Google Chrome before
52.0.2743.82 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2016-1704 |
Multiple unspecified vulnerabilities in Google Chrome before
51.0.2704.103 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2016-1703 |
Multiple unspecified vulnerabilities in Google Chrome before
51.0.2704.79 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2016-1695 |
Multiple unspecified vulnerabilities in Google Chrome before
51.0.2704.63 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2016-1680 |
Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia,
as used in Google Chrome before 51.0.2704.63, allows remote attackers
to cause a denial of service (heap memory corruption) or possibly have
unspecified other impact via unknown vectors.
|
CVE-2016-1666 |
Multiple unspecified vulnerabilities in Google Chrome before
50.0.2661.94 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2016-1662 |
extensions/renderer/gc_callback.cc in Google Chrome before
50.0.2661.94 does not prevent fallback execution once the Garbage
Collection callback has started, which allows remote attackers to
cause a denial of service (use-after-free) or possibly have
unspecified other impact via unknown vectors.
|
CVE-2016-1659 |
Multiple unspecified vulnerabilities in Google Chrome before
50.0.2661.75 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2016-1654 |
The media subsystem in Google Chrome before 50.0.2661.75 does not
initialize an unspecified data structure, which allows remote
attackers to cause a denial of service (invalid read operation) via
unknown vectors.
|
CVE-2016-1647 |
Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy
function in content/browser/renderer_host/render_widget_host_impl.cc
in the Navigation implementation in Google Chrome before 49.0.2623.108
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.
|
CVE-2016-1642 |
Multiple unspecified vulnerabilities in Google Chrome before
49.0.2623.75 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2016-1635 |
extensions/renderer/render_frame_observer_natives.cc in Google Chrome
before 49.0.2623.75 does not properly consider object lifetimes and
re-entrancy issues during OnDocumentElementCreated handling, which
allows remote attackers to cause a denial of service (use-after-free)
or possibly have unspecified other impact via unknown vectors.
|
CVE-2016-1633 |
Use-after-free vulnerability in Blink, as used in Google Chrome before
49.0.2623.75, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via unknown vectors.
|
CVE-2016-1620 |
Multiple unspecified vulnerabilities in Google Chrome before
48.0.2564.82 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2016-1612 |
The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in
Google Chrome before 48.0.2564.82, does not ensure receiver
compatibility before performing a cast of an unspecified variable,
which allows remote attackers to cause a denial of service or possibly
have unknown other impact via crafted JavaScript code.
|
CVE-2016-1601 |
yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1,
does not properly set empty password fields in /etc/shadow during an
AutoYaST installation when the profile does not contain inst-sys
users, which might allow attackers to have unspecified impact via
unknown vectors.
|
CVE-2016-1570 |
The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1,
and 4.1.x through 4.6.x allows local PV guests to obtain sensitive
information, cause a denial of service, gain privileges, or have
unspecified other impact via a crafted page identifier (MFN) to the
(1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the
HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page
table updates.
|
CVE-2016-1520 |
The Grandstream Wave app 1.0.1.26 and earlier for Android does not use
HTTPS when retrieving update information, which might allow
man-in-the-middle attackers to execute arbitrary code via a crafted
application.
|
CVE-2016-1357 |
The password-management administration component in Cisco Policy Suite
(CPS) 7.0.1.3, 7.0.2, 7.0.2-att, 7.0.3-att, 7.0.4-att, and 7.5.0
allows remote attackers to bypass intended RBAC restrictions and read
unspecified data via unknown vectors, aka Bug ID CSCut85211.
|
CVE-2016-1139 |
Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE
devices before 2 allows remote attackers to hijack the authentication
of unspecified victims via unknown vectors.
|
CVE-2016-1110 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-1109 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-1108 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-1107 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-1106 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-1105 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-1104 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-1103 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-1102 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-1101 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-1100 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-1099 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-1098 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-1097 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-1096 |
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and
earlier, as used in the Adobe Flash libraries in Microsoft Internet
Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in MS16-064.
|
CVE-2016-10411 |
In Android before 2018-04-05 or earlier security patch level on
Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, SD
430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD
808, SD 810, SD 820, and SD 835, RTP daemon crashes and terminates VT
call when UE receives RTCP unknown APP packet report which caused the
parser to miss an end of RTCP packet length and go on forever looking
for it, even going beyond the limits of the RTCP Packet length.
|
CVE-2016-0948 |
Cross-site request forgery (CSRF) vulnerability in Adobe Connect
before 9.5.2 allows remote attackers to hijack the authentication of
unspecified victims via unknown vectors.
|
CVE-2016-0697 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and
12.2.5 allows local users to affect confidentiality and integrity via
unknown vectors.
|
CVE-2016-0694 |
Unspecified vulnerability in the DataStore component in Oracle
Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28,
12.1.6.0.35, and 12.1.6.1.26 allows local users to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than CVE-2016-0682, CVE-2016-0689,
CVE-2016-0692, and CVE-2016-3418.
|
CVE-2016-0692 |
Unspecified vulnerability in the DataStore component in Oracle
Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28,
12.1.6.0.35, and 12.1.6.1.26 allows local users to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than CVE-2016-0682, CVE-2016-0689,
CVE-2016-0694, and CVE-2016-3418.
|
CVE-2016-0691 |
Unspecified vulnerability in the RDBMS Security component in Oracle
Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to
affect integrity via unknown vectors, a different vulnerability than
CVE-2016-0690.
|
CVE-2016-0690 |
Unspecified vulnerability in the RDBMS Security component in Oracle
Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to
affect integrity via unknown vectors, a different vulnerability than
CVE-2016-0691.
|
CVE-2016-0689 |
Unspecified vulnerability in the DataStore component in Oracle
Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28,
12.1.6.0.35, and 12.1.6.1.26 allows local users to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than CVE-2016-0682, CVE-2016-0692,
CVE-2016-0694, and CVE-2016-3418.
|
CVE-2016-0682 |
Unspecified vulnerability in the DataStore component in Oracle
Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28,
12.1.6.0.35, and 12.1.6.1.26 allows local users to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than CVE-2016-0689, CVE-2016-0692,
CVE-2016-0694, and CVE-2016-3418.
|
CVE-2016-0677 |
Unspecified vulnerability in the RDBMS Security component in Oracle
Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to
affect availability via unknown vectors.
|
CVE-2016-0636 |
Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to the Hotspot sub-component.
|
CVE-2016-0635 |
Unspecified vulnerability in the Enterprise Manager Ops Center
component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2,
and 12.3.2; the Oracle Health Sciences Information Manager component
in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0;
the Oracle Healthcare Master Person Index component in Oracle Health
Sciences Applications 2.0.12, 3.0.0, and 4.0.1; the Oracle Documaker
component in Oracle Insurance Applications before 12.5; the Oracle
Insurance Calculation Engine component in Oracle Insurance
Applications 9.7.1, 10.1.2, and 10.2.2; the Oracle Insurance Policy
Administration J2EE and Oracle Insurance Rules Palette components in
Oracle Insurance Applications 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0,
and 10.2.2; the Oracle Retail Integration Bus component in Oracle
Retail Applications 15.0; the Oracle Retail Order Broker component in
Oracle Retail Applications 5.1, 5.2, and 15.0; the Primavera Contract
Management component in Oracle Primavera Products Suite 14.2; the
Primavera P6 Enterprise Project Portfolio Management component in
Oracle Primavera Products Suite 8.2, 8.3, 8.4, 15.1, 15.2, and 16.1;
the Oracle Financial Services Analytical Applications Infrastructure
component in Oracle Financial Services Applications 8.0.0, 8.0.1,
8.0.2, and 8.0.3; the Oracle Commerce Guided Search / Oracle Commerce
Experience Manager component in Oracle Commerce 3.1.1, 3.1.2, 11.0,
11.1, and 11.2; the Oracle Agile PLM component in Oracle Supply Chain
Products Suite 9.3.4 and 9.3.5; the Oracle Communications BRM -
Elastic Charging Engine 11.2.0.0.0 and 11.3.0.0.0; the Oracle
Enterprise Repository Enterprise Repository 12.1.3.0.0; the Oracle
Financial Services Behavior Detection Platform 8.0.1 and 8.0.2; the
Oracle Hyperion Essbase 12.2.1.1; the Oracle Tuxedo System and
Applications Monitor (TSAM) 11.1.1.2.0, 11.1.1.2.1, 11.1.1.2.1,
12.1.1.1.0, 12.1.3.0.0, and 12.2.2.0.0; the Oracle Communications
WebRTC Session Controller component of Oracle Communications
Applications (subcomponent: Security (Spring)) 7.0, 7.1 and 7.2; the
Oracle Endeca Information Discovery Integrator 3.2; the Converged
Commerce component of Oracle Retail Applications 16.0.1; the Oracle
Identity Manager 11.1.2.3.0; Oracle Enterprise Manager for MySQL
Database 12.1.0.4 and Oracle Retail Invoice Matching 12.0, 13.0, 13.1,
13.2, 14.0, and 14.1 allows remote authenticated users to affect
confidentiality, integrity, and availability via unknown vectors.
|
CVE-2016-0618 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect confidentiality via unknown vectors related to Zones.
|
CVE-2016-0617 |
Unspecified vulnerability in the kernel-uek component in Oracle Linux
6 allows local users to affect availability via unknown vectors.
|
CVE-2016-0616 |
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and
MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before
10.1.10 allows remote authenticated users to affect availability via
unknown vectors related to Optimizer.
|
CVE-2016-0614 |
Unspecified vulnerability in the Oracle BI Publisher component in
Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows
remote authenticated users to affect confidentiality via unknown
vectors.
|
CVE-2016-0611 |
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer.
|
CVE-2016-0610 |
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and
MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote
authenticated users to affect availability via unknown vectors related
to InnoDB.
|
CVE-2016-0609 |
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
to affect availability via unknown vectors related to privileges.
|
CVE-2016-0607 |
Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9
allows remote authenticated users to affect availability via unknown
vectors related to replication.
|
CVE-2016-0606 |
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
to affect integrity via unknown vectors related to encryption.
|
CVE-2016-0605 |
Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows
remote authenticated users to affect availability via unknown vectors.
|
CVE-2016-0603 |
Unspecified vulnerability in the Java SE component in Oracle Java SE
6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Install. NOTE: the previous information is
from Oracle's Security Alert for CVE-2016-0603. Oracle has not
commented on third-party claims that this is an untrusted search path
issue that allows local users to gain privileges via a Trojan horse
dll in the "application directory."
|
CVE-2016-0602 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 5.0.14 allows local users to
affect confidentiality, integrity, and availability via unknown
vectors related to Windows Installer. NOTE: the previous information
is from the January 2016 CPU. Oracle has not commented on third-party
claims that this is an untrusted search path issue that allows local
users to gain privileges via a Trojan horse dll in the "application
directory."
|
CVE-2016-0601 |
Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote
authenticated users to affect availability via unknown vectors related
to Partition.
|
CVE-2016-0600 |
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
to affect availability via unknown vectors related to InnoDB.
|
CVE-2016-0599 |
Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote
authenticated users to affect availability via unknown vectors related
to Optimizer.
|
CVE-2016-0597 |
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
to affect availability via unknown vectors related to Optimizer.
|
CVE-2016-0592 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14
allows local users to affect availability via unknown vectors related
to Core.
|
CVE-2016-0591 |
Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing
component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote
authenticated users to affect confidentiality and integrity via
unknown vectors related to Supplier Change.
|
CVE-2016-0590 |
Unspecified vulnerability in the PeopleSoft Enterprise SCM Order
Management component in Oracle PeopleSoft Products 9.1 and 9.2 allows
remote attackers to affect integrity via unknown vectors.
|
CVE-2016-0589 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 11.5.10.2 allows remote attackers
to affect confidentiality and integrity via unknown vectors.
|
CVE-2016-0588 |
Unspecified vulnerability in the Oracle General Ledger component in
Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect
integrity via unknown vectors related to Consolidation Hierarchy
Viewer.
|
CVE-2016-0587 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows
remote authenticated users to affect confidentiality via unknown
vectors related to File Processing.
|
CVE-2016-0586 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 11.5.10.2 allows remote attackers
to affect integrity via unknown vectors related to iHelp.
|
CVE-2016-0580 |
Unspecified vulnerability in the Oracle Report Manager component in
Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect
availability via unknown vectors.
|
CVE-2016-0572 |
Unspecified vulnerability in the Oracle WebLogic Server component in
Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Coherence Container.
|
CVE-2016-0571 |
Unspecified vulnerability in the Oracle Balanced Scorecard component
in Oracle E-Business Suite 11.5.10.2 and 12.1 allows remote attackers
to affect confidentiality via unknown vectors.
|
CVE-2016-0570 |
Unspecified vulnerability in the Oracle HCM Configuration Workbench
component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows
remote attackers to affect confidentiality via unknown vectors.
|
CVE-2016-0569 |
Unspecified vulnerability in the Oracle E-Business Intelligence
component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and
12.1.3 allows remote attackers to affect confidentiality via unknown
vectors.
|
CVE-2016-0568 |
Unspecified vulnerability in the Oracle Email Center component in
Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote
attackers to affect confidentiality via unknown vectors related to
Server Components.
|
CVE-2016-0567 |
Unspecified vulnerability in the Oracle E-Business Intelligence
component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and
12.1.3 allows remote attackers to affect confidentiality via unknown
vectors related to Embedded Data Warehouse.
|
CVE-2016-0566 |
Unspecified vulnerability in the Oracle Marketing component in Oracle
E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4,
and 12.2.5 allows remote attackers to affect confidentiality via
unknown vectors related to Deliverables.
|
CVE-2016-0565 |
Unspecified vulnerability in the Oracle Marketing component in Oracle
E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote
attackers to affect integrity via unknown vectors.
|
CVE-2016-0564 |
Unspecified vulnerability in the Oracle E-Business Intelligence
component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and
12.1.3 allows remote authenticated users to affect confidentiality and
integrity via unknown vectors, a different vulnerability than
CVE-2016-0561.
|
CVE-2016-0563 |
Unspecified vulnerability in the Oracle CRM Technical Foundation
component in Oracle E-Business Suite 11.5.10.2 and 12.1.3 allows
remote attackers to affect confidentiality and integrity via unknown
vectors related to Common Techstack.
|
CVE-2016-0561 |
Unspecified vulnerability in the Oracle E-Business Intelligence
component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and
12.1.3 allows remote authenticated users to affect confidentiality and
integrity via unknown vectors, a different vulnerability than
CVE-2016-0564.
|
CVE-2016-0560 |
Unspecified vulnerability in the Oracle Customer Intelligence
component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2,
12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect
confidentiality and integrity via unknown vectors, a different
vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0552, and
CVE-2016-0559.
|
CVE-2016-0559 |
Unspecified vulnerability in the Oracle Customer Intelligence
component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2,
12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect
confidentiality and integrity via unknown vectors, a different
vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0552, and
CVE-2016-0560.
|
CVE-2016-0558 |
Unspecified vulnerability in the Oracle Service Contracts component in
Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows
remote attackers to affect integrity via unknown vectors related to
Renewals.
|
CVE-2016-0557 |
Unspecified vulnerability in the Oracle Advanced Collections component
in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3
allows remote authenticated users to affect confidentiality and
integrity via unknown vectors related to Administration, a different
vulnerability than CVE-2016-0556.
|
CVE-2016-0556 |
Unspecified vulnerability in the Oracle Advanced Collections component
in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3
allows remote authenticated users to affect confidentiality and
integrity via unknown vectors related to Administration, a different
vulnerability than CVE-2016-0557.
|
CVE-2016-0555 |
Unspecified vulnerability in the Oracle CADView-3D component in Oracle
E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote
attackers to affect integrity via unknown vectors related to Studio.
|
CVE-2016-0554 |
Unspecified vulnerability in the Oracle Interaction Center
Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1,
12.1.2, and 12.1.3 allows remote attackers to affect confidentiality
and integrity via unknown vectors related to Business Intelligence.
|
CVE-2016-0553 |
Unspecified vulnerability in the Oracle E-Business Intelligence
component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and
12.1.3 allows remote attackers to affect confidentiality and integrity
via unknown vectors.
|
CVE-2016-0552 |
Unspecified vulnerability in the Oracle Customer Intelligence
component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2,
12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect
confidentiality and integrity via unknown vectors, a different
vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0559, and
CVE-2016-0560.
|
CVE-2016-0551 |
Unspecified vulnerability in the Oracle Customer Intelligence
component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2,
12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect
confidentiality and integrity via unknown vectors, a different
vulnerability than CVE-2016-0545, CVE-2016-0552, CVE-2016-0559, and
CVE-2016-0560.
|
CVE-2016-0549 |
Unspecified vulnerability in the Oracle E-Business Intelligence
component in Oracle E-Business Suite 11.5.10.2 allows remote attackers
to affect confidentiality and integrity via unknown vectors related to
Common Components, a different vulnerability than CVE-2016-0511,
CVE-2016-0547, and CVE-2016-0548.
|
CVE-2016-0548 |
Unspecified vulnerability in the Oracle E-Business Intelligence
component in Oracle E-Business Suite 11.5.10.2 allows remote attackers
to affect confidentiality and integrity via unknown vectors related to
Common Components, a different vulnerability than CVE-2016-0511,
CVE-2016-0547, and CVE-2016-0549.
|
CVE-2016-0547 |
Unspecified vulnerability in the Oracle E-Business Intelligence
component in Oracle E-Business Suite 11.5.10.2 allows remote attackers
to affect confidentiality and integrity via unknown vectors related to
Common Components, a different vulnerability than CVE-2016-0511,
CVE-2016-0548, and CVE-2016-0549.
|
CVE-2016-0546 |
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
10.0.23, and 10.1.x before 10.1.10 allows local users to affect
confidentiality, integrity, and availability via unknown vectors
related to Client. NOTE: the previous information is from the January
2016 CPU. Oracle has not commented on third-party claims that these
are multiple buffer overflows in the mysqlshow tool that allow remote
database servers to have unspecified impact via a long table or
database name.
|
CVE-2016-0545 |
Unspecified vulnerability in the Oracle Customer Intelligence
component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2,
12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect
confidentiality and integrity via unknown vectors, a different
vulnerability than CVE-2016-0551, CVE-2016-0552, CVE-2016-0559, and
CVE-2016-0560.
|
CVE-2016-0544 |
Unspecified vulnerability in the Oracle Marketing component in Oracle
E-Business Suite 11.5.10.2 allows remote attackers to affect
confidentiality and integrity via unknown vectors related to
Architecture.
|
CVE-2016-0543 |
Unspecified vulnerability in the Oracle Marketing component in Oracle
E-Business Suite 11.5.10.2 allows remote attackers to affect
confidentiality and integrity via unknown vectors related to Preview.
|
CVE-2016-0542 |
Unspecified vulnerability in the Oracle Field Service component in
Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and
12.2.5 allows remote attackers to affect integrity via unknown vectors
related to Field Service Map.
|
CVE-2016-0541 |
Unspecified vulnerability in the Oracle Configurator component in
Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows
remote attackers to affect confidentiality via unknown vectors related
to UI Servlet, a different vulnerability than CVE-2016-0540.
|
CVE-2016-0540 |
Unspecified vulnerability in the Oracle Configurator component in
Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows
remote attackers to affect confidentiality via unknown vectors related
to UI Servlet, a different vulnerability than CVE-2016-0541.
|
CVE-2016-0539 |
Unspecified vulnerability in the Oracle Report Manager component in
Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, and 12.2.4 allows
remote attackers to affect confidentiality via unknown vectors.
|
CVE-2016-0538 |
Unspecified vulnerability in the Oracle Financial Consolidation Hub
component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and
12.1.3 allows remote attackers to affect confidentiality via unknown
vectors related to Business Intelligence.
|
CVE-2016-0537 |
Unspecified vulnerability in the Oracle Human Resources component in
Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect
confidentiality and integrity via unknown vectors related to Person.
|
CVE-2016-0536 |
Unspecified vulnerability in the Oracle Universal Work Queue component
in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect
integrity via unknown vectors related to error messages.
|
CVE-2016-0534 |
Unspecified vulnerability in the Oracle Project Contracts component in
Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote
attackers to affect integrity via unknown vectors related to Printing.
|
CVE-2016-0533 |
Unspecified vulnerability in the Oracle CRM Technical Foundation
component in Oracle E-Business Suite 11.5.10.2 and 12.1.3 allows
remote attackers to affect integrity via unknown vectors related to
Messaging.
|
CVE-2016-0532 |
Unspecified vulnerability in the Oracle CRM Technical Foundation
component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3,
12.2.4, and 12.2.5 allows remote attackers to affect confidentiality
and integrity via unknown vectors related to Security Assignments.
|
CVE-2016-0531 |
Unspecified vulnerability in the Oracle Applications Manager component
in Oracle E-Business Suite 12.1.3 allows remote authenticated users to
affect integrity via unknown vectors related to Oracle Diagnostics
Interfaces.
|
CVE-2016-0526 |
Unspecified vulnerability in the Oracle CRM Technical Foundation
component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3,
12.2.4, and 12.2.5 allows remote attackers to affect integrity via
unknown vectors related to Wireless Framework.
|
CVE-2016-0525 |
Unspecified vulnerability in the Oracle Universal Work Queue component
in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3
allows remote attackers to affect confidentiality and integrity via
unknown vectors related to Work Provider Administration.
|
CVE-2016-0524 |
Unspecified vulnerability in the Oracle Universal Work Queue component
in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect
confidentiality and integrity via unknown vectors related to Work
Provider Administration.
|
CVE-2016-0523 |
Unspecified vulnerability in the Oracle Interaction Blending component
in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3,
12.2.4, and 12.2.5 allows remote authenticated users to affect
confidentiality and integrity via unknown vectors related to Blending
Administration.
|
CVE-2016-0522 |
Unspecified vulnerability in the Oracle Retail Open Commerce Platform
Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7,
and 5.0 allows remote attackers to affect confidentiality, integrity,
and availability via unknown vectors related to Framework.
|
CVE-2016-0521 |
Unspecified vulnerability in the Oracle iProcurement component in
Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect
integrity via unknown vectors related to Redirection.
|
CVE-2016-0519 |
Unspecified vulnerability in the Oracle iReceivables component in
Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect
integrity via unknown vectors related to AR Web Utilities, a different
vulnerability than CVE-2016-0507.
|
CVE-2016-0518 |
Unspecified vulnerability in the Oracle Human Resources component in
Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect
confidentiality and integrity via unknown vectors related to General
utilities, a different vulnerability than CVE-2016-0517.
|
CVE-2016-0517 |
Unspecified vulnerability in the Oracle Human Resources component in
Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect
confidentiality and integrity via unknown vectors related to General
utilities, a different vulnerability than CVE-2016-0518.
|
CVE-2016-0516 |
Unspecified vulnerability in the Oracle Quality component in Oracle
E-Business Suite 11.5.10.2 allows remote attackers to affect
confidentiality and integrity via unknown vectors related to QA /
Order Management Integration.
|
CVE-2016-0512 |
Unspecified vulnerability in the Oracle Human Resources component in
Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect
confidentiality and integrity via unknown vectors related to Self
Service - Common Modules.
|
CVE-2016-0511 |
Unspecified vulnerability in the Oracle E-Business Intelligence
component in Oracle E-Business Suite 11.5.10.2 allows remote attackers
to affect confidentiality and integrity via unknown vectors related to
Common Components, a different vulnerability than CVE-2016-0547,
CVE-2016-0548, and CVE-2016-0549.
|
CVE-2016-0510 |
Unspecified vulnerability in the Oracle E-Business Intelligence
component in Oracle E-Business Suite 11.5.10.2 allows remote attackers
to affect confidentiality and integrity via unknown vectors related to
Business Views Catalog.
|
CVE-2016-0509 |
Unspecified vulnerability in the Oracle Internet Expenses component in
Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect
integrity via unknown vectors related to AP Web Utilities.
|
CVE-2016-0508 |
Unspecified vulnerability in the Oracle iLearning component in Oracle
iLearning 6.0 and 6.1 allows remote attackers to affect integrity via
unknown vectors related to Learner Administration.
|
CVE-2016-0507 |
Unspecified vulnerability in the Oracle iReceivables component in
Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect
integrity via unknown vectors related to AR Web Utilities, a different
vulnerability than CVE-2016-0519.
|
CVE-2016-0506 |
Unspecified vulnerability in the Oracle Retail Order Management System
Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7,
5.0, and 15.0 allows remote attackers to affect confidentiality via
unknown vectors related to Order Entry.
|
CVE-2016-0505 |
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27
and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before
10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users
to affect availability via unknown vectors related to Options.
|
CVE-2016-0502 |
Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and
5.6.11 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Optimizer.
|
CVE-2016-0500 |
Unspecified vulnerability in the Oracle Retail Order Broker Cloud
Service component in Oracle Retail Applications 4.0 and 4.1 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to System Administration.
|
CVE-2016-0499 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated
users to affect confidentiality, integrity, and availability via
unknown vectors, a different vulnerability than CVE-2015-4794.
|
CVE-2016-0498 |
Unspecified vulnerability in the Oracle Agile Engineering Data
Management component in Oracle Supply Chain Products Suite 6.1.2.2,
6.1.3.0, and 6.2.0.0 allows local users to affect confidentiality via
unknown vectors related to Install.
|
CVE-2016-0497 |
Unspecified vulnerability in the Oracle Agile Engineering Data
Management component in Oracle Supply Chain Products Suite 6.1.2.2,
6.1.3.0, and 6.2.0.0 allows remote attackers to affect integrity via
unknown vectors related to Web Client.
|
CVE-2016-0496 |
Unspecified vulnerability in the MICROS CWDirect component in Oracle
Retail Applications 12.5, 13.0, 14.0, 15.0, 16.0, 17.0, and 18.0
allows remote attackers to affect confidentiality via unknown vectors
related to Order Entry.
|
CVE-2016-0495 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows
remote attackers to affect availability via unknown vectors related to
Core.
|
CVE-2016-0494 |
Unspecified vulnerability in the Java SE and Java SE Embedded
components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE
Embedded 8u65 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to 2D.
|
CVE-2016-0493 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect integrity and availability via unknown vectors related to
Kernel Cryptography.
|
CVE-2016-0492 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect confidentiality and
integrity via unknown vectors related to Load Testing for Web Apps, a
different vulnerability than CVE-2016-0488. NOTE: the previous
information is from the January 2016 CPU. Oracle has not commented on
third-party claims that this is a directory traversal vulnerability in
the isAllowedUrl function, which allows remote attackers to bypass
authentication via directory traversal sequences following a URI entry
that does not require authentication, as demonstrated by
olt/Login.do/../../olt/UploadFileUpload.do.
|
CVE-2016-0491 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect integrity and availability
via unknown vectors related to Load Testing for Web Apps. NOTE: the
previous information is from the January 2016 CPU. Oracle has not
commented on third-party claims that the UploadFileAction servlet
allows remote authenticated users to upload and execute arbitrary
files via an * (asterisk) character in the fileType parameter.
|
CVE-2016-0490 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect confidentiality and
integrity via unknown vectors related to Test Manager for Web Apps, a
different vulnerability than CVE-2016-0487. NOTE: the previous
information is from the January 2016 CPU. Oracle has not commented on
third-party claims that this is a directory traversal vulnerability in
the UploadServlet servlet, which allows remote attackers to upload and
execute arbitrary files via directory traversal sequences in a
filename header.
|
CVE-2016-0489 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote authenticated users to affect confidentiality,
integrity, and availability via unknown vectors related to Test
Manager for Web Apps. NOTE: the previous information is from the
January 2016 CPU. Oracle has not commented on third-party claims that
this is a directory traversal vulnerability in the ActionServlet
servlet, which allows remote authenticated users to upload and execute
arbitrary files via directory traversal sequences in the tempfilename
parameter in a ReportImage action.
|
CVE-2016-0488 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect confidentiality and
integrity via unknown vectors related to Load Testing for Web Apps, a
different vulnerability than CVE-2016-0492. NOTE: the previous
information is from the January 2016 CPU. Oracle has not commented on
third-party claims that this is a directory traversal vulnerability in
the isAllowedUrl function in the admin pages, which allows remote
attackers to bypass authentication and gain administrator access via
directory traversal sequences following a URI entry that does not
require authentication.
|
CVE-2016-0487 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect confidentiality and
integrity via unknown vectors related to Test Manager for Web Apps, a
different vulnerability than CVE-2016-0490. NOTE: the previous
information is from the January 2016 CPU. Oracle has not commented on
third-party claims that this is a directory traversal vulnerability in
the process method in the ActionServlet servlet, which allows remote
attackers to bypass authentication via directory traversal sequences
following an unspecified URI string.
|
CVE-2016-0486 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect confidentiality via unknown
vectors related to Test Manager for Web Apps, a different
vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0482, and
CVE-2016-0485. NOTE: the previous information is from the January 2016
CPU. Oracle has not commented on third-party claims that this is a
directory traversal vulnerability in the DownloadServlet servlet,
which allows remote attackers to read arbitrary files via directory
traversal sequences in the exportFileName parameter.
|
CVE-2016-0485 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect confidentiality via unknown
vectors related to Test Manager for Web Apps, a different
vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0482, and
CVE-2016-0486. NOTE: the previous information is from the January 2016
CPU. Oracle has not commented on third-party claims that this is a
directory traversal vulnerability in the DownloadServlet servlet,
which allows remote attackers to read arbitrary files via directory
traversal sequences in the reportName parameter.
|
CVE-2016-0484 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect confidentiality via unknown
vectors related to Test Manager for Web Apps. NOTE: the previous
information is from the January 2016 CPU. Oracle has not commented on
third-party claims that this is a directory traversal vulnerability in
the DownloadServlet servlet, which allows remote attackers to read
arbitrary files via directory traversal sequences in the scriptPath
parameter.
|
CVE-2016-0482 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect confidentiality via unknown
vectors related to Test Manager for Web Apps, a different
vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0485, and
CVE-2016-0486. NOTE: the previous information is from the January 2016
CPU. Oracle has not commented on third-party claims that this is a
directory traversal vulnerability in the DownloadServlet servlet,
which allows remote attackers to read arbitrary files via directory
traversal sequences in the file parameter.
|
CVE-2016-0481 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect confidentiality via unknown
vectors related to Test Manager for Web Apps, a different
vulnerability than CVE-2016-0480, CVE-2016-0482, CVE-2016-0485, and
CVE-2016-0486. NOTE: the previous information is from the January 2016
CPU. Oracle has not commented on third-party claims that this is a
directory traversal vulnerability in the DownloadServlet servlet,
which allows remote attackers to read arbitrary files via directory
traversal sequences in the scheduleReportName parameter.
|
CVE-2016-0480 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect confidentiality via unknown
vectors related to Test Manager for Web Apps, a different
vulnerability than CVE-2016-0481, CVE-2016-0482, CVE-2016-0485, and
CVE-2016-0486. NOTE: the previous information is from the January 2016
CPU. Oracle has not commented on third-party claims that this is a
directory traversal vulnerability in the DownloadServlet servlet,
which allows remote attackers to read arbitrary files via directory
traversal sequences in the TMAPReportImage parameter.
|
CVE-2016-0478 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect confidentiality via unknown
vectors related to Load Testing for Web Apps, a different
vulnerability than CVE-2016-0476 and CVE-2016-0477. NOTE: the previous
information is from the January 2016 CPU. Oracle has not commented on
third-party claims that this is a directory traversal vulnerability in
the DownloadServlet servlet, which allows remote attackers to read
arbitrary files via directory traversal sequences in the scriptName
parameter.
|
CVE-2016-0477 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect confidentiality via unknown
vectors related to Load Testing for Web Apps, a different
vulnerability than CVE-2016-0476 and CVE-2016-0478. NOTE: the previous
information is from the January 2016 CPU. Oracle has not commented on
third-party claims that this is a directory traversal vulnerability in
the DownloadServlet servlet, which allows remote attackers to read
arbitrary files via directory traversal sequences in the (1)
repository, (2) workspace, or (3) scenario parameter.
|
CVE-2016-0476 |
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect confidentiality via unknown
vectors related to Load Testing for Web Apps, a different
vulnerability than CVE-2016-0477 and CVE-2016-0478. NOTE: the previous
information is from the January 2016 CPU. Oracle has not commented on
third-party claims that this is a directory traversal vulnerability in
the DownloadServlet servlet, which allows remote attackers to read
arbitrary files via directory traversal sequences in the reportName
parameter.
|
CVE-2016-0475 |
Unspecified vulnerability in the Java SE, Java SE Embedded, and
JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and
JRockit R28.3.8 allows remote attackers to affect confidentiality and
integrity via unknown vectors related to Libraries.
|
CVE-2016-0473 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote
authenticated users to affect integrity via unknown vectors related to
Fluid Core.
|
CVE-2016-0472 |
Unspecified vulnerability in the XDB - XML Database component in
Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote
authenticated users to affect confidentiality and availability via
unknown vectors.
|
CVE-2016-0471 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote
attackers to affect confidentiality via unknown vectors related to
Multichannel Framework.
|
CVE-2016-0470 |
Unspecified vulnerability in the Oracle BI Publisher component in
Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows
remote authenticated users to affect confidentiality and integrity via
unknown vectors related to BI Publisher Security.
|
CVE-2016-0467 |
Unspecified vulnerability in the Security component in Oracle Database
Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated
users to affect integrity via unknown vectors.
|
CVE-2016-0465 |
Unspecified vulnerability in the Solaris Cluster component in Oracle
Sun Systems Products Suite 3.3 and 4 allows local users to affect
availability via unknown vectors related to Resource Group Manager.
|
CVE-2016-0463 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows
remote attackers to affect confidentiality via unknown vectors related
to Portal.
|
CVE-2016-0462 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Multichannel Framework, a different vulnerability than
CVE-2015-2650.
|
CVE-2016-0461 |
Unspecified vulnerability in the XDB - XML Database component in
Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote
authenticated users to affect availability via unknown vectors.
|
CVE-2016-0460 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.55 allows remote attackers
to affect integrity via unknown vectors related to Fluid Homepage and
NavBar.
|
CVE-2016-0459 |
Unspecified vulnerability in the Oracle Applications Framework
component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3,
12.2.4, and 12.2.5 allows remote authenticated users to affect
integrity via unknown vectors related to Popup Windows.
|
CVE-2016-0455 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control 11.1.0.1,
11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect
confidentiality and availability via unknown vectors related to Agent
Next Gen.
|
CVE-2016-0453 |
Unspecified vulnerability in the Oracle GlassFish Server component in
Oracle Fusion Middleware 3.1.2 allows remote attackers to affect
integrity via unknown vectors related to Embedded Server.
|
CVE-2016-0452 |
Unspecified vulnerability in the Oracle GoldenGate component in Oracle
GoldenGate 11.2 and 12.1.2 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than CVE-2016-0451.
|
CVE-2016-0451 |
Unspecified vulnerability in the Oracle GoldenGate component in Oracle
GoldenGate 11.2 and 12.1.2 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than CVE-2016-0452.
|
CVE-2016-0450 |
Unspecified vulnerability in the Oracle GoldenGate component in Oracle
GoldenGate 11.2 and 12.1.2 allows remote attackers to affect
availability via unknown vectors.
|
CVE-2016-0449 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control 11.1.0.1,
11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect
confidentiality, integrity, and availability via unknown vectors
related to Agent Next Gen, a different vulnerability than
CVE-2016-0444 and CVE-2016-0447.
|
CVE-2016-0447 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control 11.1.0.1,
11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect
confidentiality, integrity, and availability via unknown vectors
related to Agent Next Gen, a different vulnerability than
CVE-2016-0444 and CVE-2016-0449.
|
CVE-2016-0446 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control 11.1.0.1,
11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect
confidentiality via unknown vectors related to Agent Next Gen.
|
CVE-2016-0445 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control 11.1.0.1,
11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect
confidentiality, integrity, and availability via unknown vectors
related to Agent Next Gen.
|
CVE-2016-0444 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control 11.1.0.1,
11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect
confidentiality, integrity, and availability via unknown vectors
related to Agent Next Gen, a different vulnerability than
CVE-2016-0447 and CVE-2016-0449.
|
CVE-2016-0443 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control 11.1.0.1,
12.1.0.4, and 12.1.0.5 allows remote attackers to affect
confidentiality via unknown vectors related to Agent Next Gen.
|
CVE-2016-0442 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control 12.1.0.4 and
12.1.0.5 allows remote authenticated users to affect confidentiality,
integrity, and availability via unknown vectors related to Loader
Service.
|
CVE-2016-0441 |
Unspecified vulnerability in the Oracle GlassFish Server component in
Oracle Fusion Middleware 3.1.2 allows remote authenticated users to
affect confidentiality, integrity, and availability via unknown
vectors related to Embedded Server.
|
CVE-2016-0432 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows
local users to affect availability via unknown vectors related to
Outside In Filters, a different vulnerability than CVE-2015-4808,
CVE-2015-6013, CVE-2015-6014, and CVE-2015-6015.
|
CVE-2016-0431 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect availability via unknown vectors related to Solaris Kernel
Zones, a different vulnerability than CVE-2016-0419.
|
CVE-2016-0429 |
Unspecified vulnerability in the Oracle BI Publisher component in
Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote
attackers to affect integrity via unknown vectors related to
Scheduler, a different vulnerability than CVE-2016-0401.
|
CVE-2016-0428 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect availability via unknown vectors related to Verified Boot.
|
CVE-2016-0427 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control 11.1.0.1,
11.2.0.4, 12.1.0.4, and 12.1.0.5 allows remote authenticated users to
affect confidentiality via unknown vectors related to UI Framework.
|
CVE-2016-0426 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect confidentiality and availability via unknown vectors related
to Solaris Kernel Zones.
|
CVE-2016-0425 |
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools
component in Oracle JD Edwards Products 9.1 and 9.2 allows remote
authenticated users to affect confidentiality, integrity, and
availability via unknown vectors related to Monitoring and
Diagnostics.
|
CVE-2016-0420 |
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools
component in Oracle JD Edwards Products 9.1 and 9.2 allows remote
attackers to affect availability via unknown vectors related to
Monitoring and Diagnostics.
|
CVE-2016-0419 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect availability via unknown vectors related to Solaris Kernel
Zones, a different vulnerability than CVE-2016-0431.
|
CVE-2016-0418 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect confidentiality, integrity, and availability via unknown
vectors related to Solaris Kernel Zones, a different vulnerability
than CVE-2016-0414.
|
CVE-2016-0416 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote
attackers to affect integrity via unknown vectors related to System
Archive Utility.
|
CVE-2016-0415 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control 11.1.0.1,
12.1.0.4, and 12.1.0.5 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to UI Framework.
|
CVE-2016-0414 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect confidentiality, integrity, and availability via unknown
vectors related to Solaris Kernel Zones, a different vulnerability
than CVE-2016-0418.
|
CVE-2016-0412 |
Unspecified vulnerability in the PeopleSoft Enterprise SCM
eProcurement component in Oracle PeopleSoft Products 9.1 and 9.2
allows remote authenticated users to affect integrity via unknown
vectors related to Manage Requisition Status.
|
CVE-2016-0402 |
Unspecified vulnerability in the Java SE and Java SE Embedded
components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE
Embedded 8u65 allows remote attackers to affect integrity via unknown
vectors related to Networking.
|
CVE-2016-0401 |
Unspecified vulnerability in the Oracle BI Publisher component in
Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote
attackers to affect integrity via unknown vectors related to
Scheduler, a different vulnerability than CVE-2016-0429.
|
CVE-2016-0335 |
Cross-site request forgery (CSRF) vulnerability in IBM Security
Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0
before 7.0.1-ISS-SIM-FP0001 allows remote attackers to hijack the
authentication of users for requests that have unspecified impact via
unknown vectors. IBM X-Force ID: 111736.
|
CVE-2015-8871 |
Use-after-free vulnerability in the opj_j2k_write_mco function in
j2k.c in OpenJPEG before 2.1.1 allows remote attackers to have
unspecified impact via unknown vectors.
|
CVE-2015-8805 |
The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not
properly handle carry propagation and produces incorrect output in its
implementation of the P-256 NIST elliptic curve, which allows
attackers to have unspecified impact via unknown vectors, a different
vulnerability than CVE-2015-8803.
|
CVE-2015-8804 |
x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle
carry propagation and produces incorrect output in its implementation
of the P-384 NIST elliptic curve, which allows attackers to have
unspecified impact via unknown vectors.
|
CVE-2015-8803 |
The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not
properly handle carry propagation and produces incorrect output in its
implementation of the P-256 NIST elliptic curve, which allows
attackers to have unspecified impact via unknown vectors, a different
vulnerability than CVE-2015-8805.
|
CVE-2015-8758 |
Multiple cross-site scripting (XSS) vulnerabilities in unspecified
frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1
allow remote authenticated editors to inject arbitrary web script or
HTML via unknown vectors.
|
CVE-2015-8755 |
Multiple cross-site scripting (XSS) vulnerabilities in unspecified
backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1
allow remote authenticated editors to inject arbitrary web script or
HTML via unknown vectors.
|
CVE-2015-8731 |
The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c
in the RSL dissector in Wireshark 1.12.x before 1.12.9 and 2.0.x
before 2.0.1 does not reject unknown TLV types, which allows remote
attackers to cause a denial of service (out-of-bounds read and
application crash) via a crafted packet.
|
CVE-2015-8659 |
The idle stream handling in nghttp2 before 1.6.0 allows attackers to
have unspecified impact via unknown vectors, aka a heap-use-after-free
bug.
|
CVE-2015-8600 |
The SysAdminWebTool servlets in SAP Mobile Platform allow remote
attackers to bypass authentication and obtain sensitive information,
gain privileges, or have unspecified other impact via unknown vectors,
aka SAP Security Note 2227855.
|
CVE-2015-8565 |
Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and
3.4.x before 3.4.6 allows remote attackers to have unspecified impact
via unknown vectors.
|
CVE-2015-8563 |
Cross-site request forgery (CSRF) vulnerability in the com_templates
component in Joomla! 3.2.0 through 3.3.x and 3.4.x before 3.4.6 allows
remote attackers to hijack the authentication of unspecified victims
via unknown vectors.
|
CVE-2015-8548 |
Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as
used in Google Chrome before 47.0.2526.80, allow attackers to cause a
denial of service or possibly have other impact via unknown vectors, a
different issue than CVE-2015-8478.
|
CVE-2015-8478 |
Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as
used in Google Chrome before 47.0.2526.73, allow attackers to cause a
denial of service or possibly have other impact via unknown vectors.
|
CVE-2015-8361 |
Multiple unspecified services in Atlassian Bamboo before 5.9.9 and
5.10.x before 5.10.0 do not require authentication, which allows
remote attackers to obtain sensitive information, modify settings, or
manage build agents via unknown vectors involving the JMS port.
|
CVE-2015-8338 |
Xen 4.6.x and earlier does not properly enforce limits on page order
inputs for the (1) XENMEM_increase_reservation, (2)
XENMEM_populate_physmap, (3) XENMEM_exchange, and possibly other
HYPERVISOR_memory_op suboperations, which allows ARM guest OS
administrators to cause a denial of service (CPU consumption, guest
reboot, or watchdog timeout and host reboot) and possibly have
unspecified other impact via unknown vectors.
|
CVE-2015-8328 |
Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU
graphics driver R340 before 341.92, R352 before 354.35, and R358
before 358.87 on Windows allows local users to obtain sensitive
information, cause a denial of service (crash), or possibly gain
privileges via unknown vectors. NOTE: this identifier was SPLIT from
CVE-2015-7869 per ADT2 and ADT3 due to different vulnerability types
and affected versions.
|
CVE-2015-8131 |
Cross-site request forgery (CSRF) vulnerability in Elasticsearch
Kibana before 4.1.3 and 4.2.x before 4.2.1 allows remote attackers to
hijack the authentication of unspecified victims via unknown vectors.
|
CVE-2015-8083 |
An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960,
U1980, and U1981 unified gateways with software before
V200R003C00SPC300 does not properly initialize memory when processing
timeout messages, which allows remote attackers to cause a denial of
service (out-of-bounds memory access and device restart) via unknown
vectors.
|
CVE-2015-8074 |
mediaserver in Android before 5.1.1 LMY48X allows remote attackers to
obtain sensitive information, and consequently bypass an unspecified
protection mechanism, via unknown vectors, aka internal bugs 23540907
and 23515142, a different vulnerability than CVE-2015-6611.
|
CVE-2015-8051 |
The Adobe Premiere Clip app before 1.2.1 for iOS mishandles
unspecified input, which has unknown impact and attack vectors.
|
CVE-2015-7905 |
Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to
execute unspecified code via unknown vectors.
|
CVE-2015-7869 |
Multiple integer overflows in the kernel mode driver for the NVIDIA
GPU graphics driver R340 before 341.92, R352 before 354.35, and R358
before 358.87 on Windows and R304 before 304.131, R340 before 340.96,
R352 before 352.63, and R358 before 358.16 on Linux allow local users
to obtain sensitive information, cause a denial of service (crash), or
possibly gain privileges via unknown vectors, which trigger
uninitialized or out of bounds memory access. NOTE: this identifier
has been SPLIT per ADT2 and ADT3 due to different vulnerability type
and affected versions. See CVE-2015-8328 for the vulnerability in the
NVAPI support layer in NVIDIA drivers for Windows.
|
CVE-2015-7834 |
Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as
used in Google Chrome before 46.0.2490.71, allow attackers to cause a
denial of service or possibly have other impact via unknown vectors.
|
CVE-2015-7700 |
Double-free vulnerability in the sPLT chunk structure and png.c in
pngcrush before 1.7.87 allows attackers to have unspecified impact via
unknown vectors.
|
CVE-2015-7678 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch
MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack
the authentication of unspecified victims via unknown vectors.
|
CVE-2015-7612 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the
Organizations page in Enterprise Manager in McAfee Vulnerability
Manager (MVM) 7.5.9 and earlier allow remote attackers to hijack the
authentication of administrators for requests that have unspecified
impact via unknown vectors.
|
CVE-2015-7545 |
The (1) git-remote-ext and (2) unspecified other remote helper
programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before
2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed
protocols, which might allow remote attackers to execute arbitrary
code via a URL in a (a) .gitmodules file or (b) unknown other sources
in a submodule.
|
CVE-2015-7421 |
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before
8.0.0.4 allows remote attackers to obtain sensitive information via
unknown vectors, a different vulnerability than CVE-2015-7420.
|
CVE-2015-7420 |
Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before
8.0.0.4 allows remote attackers to obtain sensitive information via
unknown vectors, a different vulnerability than CVE-2015-7421.
|
CVE-2015-7366 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Revive
Adserver before 3.2.2 allow remote attackers to hijack the
authentication of users for requests that (1) perform certain plugin
actions and possibly cause a denial of service (disabled core plugins)
via unknown vectors or (2) change the contact name and language or
possibly have unspecified other impact via a crafted POST request to
an account-user-*.php script.
|
CVE-2015-7202 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 43.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2015-7201 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
|
CVE-2015-7180 |
The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before
41.0 and Firefox ESR 38.x before 38.3 misinterprets the return value
of a function call, which might allow remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly have unspecified other impact via unknown vectors.
|
CVE-2015-7177 |
The InitTextures function in Mozilla Firefox before 41.0 and Firefox
ESR 38.x before 38.3 might allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly have
unspecified other impact via unknown vectors.
|
CVE-2015-7176 |
The AnimationThread function in Mozilla Firefox before 41.0 and
Firefox ESR 38.x before 38.3 uses an incorrect argument to the sscanf
function, which might allow remote attackers to cause a denial of
service (stack-based buffer overflow and application crash) or
possibly have unspecified other impact via unknown vectors.
|
CVE-2015-7175 |
The XULContentSinkImpl::AddText function in Mozilla Firefox before
41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to
cause a denial of service (memory corruption and application crash) or
possibly have unspecified other impact via unknown vectors, related to
an "overflow."
|
CVE-2015-7174 |
The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before
41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to
cause a denial of service (memory corruption and application crash) or
possibly have unspecified other impact via unknown vectors, related to
an "overflow."
|
CVE-2015-7082 |
Multiple unspecified vulnerabilities in Git before 2.5.4, as used in
Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE:
this CVE is associated only with Xcode use cases.
|
CVE-2015-7031 |
The Web Service component in Apple OS X Server before 5.0.15 omits an
unspecified HTTP header configuration, which allows remote attackers
to bypass intended access restrictions via unknown vectors.
|
CVE-2015-6988 |
The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not
initialize an unspecified data structure, which allows remote
attackers to execute arbitrary code via vectors involving an unknown
network-connectivity requirement.
|
CVE-2015-6857 |
Unspecified vulnerability in Virtual Table Server (VTS) in HP
LoadRunner 11.52, 12.00, 12.01, 12.02, and 12.50 allows remote
attackers to execute arbitrary code via unknown vectors, aka
ZDI-CAN-3138.
|
CVE-2015-6817 |
PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows
remote attackers to gain login access as auth_user via an unknown
username.
|
CVE-2015-6791 |
Multiple unspecified vulnerabilities in Google Chrome before
47.0.2526.80 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2015-6787 |
Multiple unspecified vulnerabilities in Google Chrome before
47.0.2526.73 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2015-6763 |
Multiple unspecified vulnerabilities in Google Chrome before
46.0.2490.71 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2015-6642 |
The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01
allows attackers to obtain sensitive information, and consequently
bypass an unspecified protection mechanism, via unknown vectors, as
demonstrated by obtaining Signature or SignatureOrSystem access, aka
internal bug 24157888.
|
CVE-2015-6632 |
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before
2015-12-01 allows remote attackers to obtain sensitive information,
and consequently bypass an unspecified protection mechanism, via
unknown vectors, as demonstrated by obtaining Signature or
SignatureOrSystem access, aka internal bug 24346430.
|
CVE-2015-6631 |
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before
2015-12-01 allows remote attackers to obtain sensitive information,
and consequently bypass an unspecified protection mechanism, via
unknown vectors, as demonstrated by obtaining Signature or
SignatureOrSystem access, aka internal bug 24623447.
|
CVE-2015-6628 |
Media Framework in Android before 5.1.1 LMY48Z and 6.0 before
2015-12-01 allows attackers to obtain sensitive information, and
consequently bypass an unspecified protection mechanism, via unknown
vectors, as demonstrated by obtaining Signature or SignatureOrSystem
access, aka internal bug 24074485.
|
CVE-2015-6626 |
libstagefright in Android before 5.1.1 LMY48Z and 6.0 before
2015-12-01 allows remote attackers to obtain sensitive information,
and consequently bypass an unspecified protection mechanism, via
unknown vectors, as demonstrated by obtaining Signature or
SignatureOrSystem access, aka internal bug 24310423.
|
CVE-2015-6622 |
The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0
before 2015-12-01 allows attackers to obtain sensitive information,
and consequently bypass an unspecified protection mechanism, via
unknown vectors, as demonstrated by obtaining Signature or
SignatureOrSystem access, aka internal bug 23905002.
|
CVE-2015-6611 |
mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01
allows remote attackers to obtain sensitive information, and
consequently bypass an unspecified protection mechanism, via unknown
vectors, aka internal bugs 23905951, 23912202, 23953967, 23696300,
23600291, 23756261, 23541506, 23284974, 23542351, and 23542352, a
different vulnerability than CVE-2015-8074.
|
CVE-2015-6580 |
Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29,
as used in Google Chrome before 45.0.2454.85, allow attackers to cause
a denial of service or possibly have other impact via unknown vectors.
|
CVE-2015-6507 |
The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows
local users to cause a denial of service (memory corruption) and
possibly have unspecified other impact via unknown vectors, aka SAP
Security Note 2140700.
|
CVE-2015-6493 |
Cross-site request forgery (CSRF) vulnerability in Infinite Automation
Mango Automation 2.5.x and 2.6.x through 2.6.0 build 430 allows remote
authenticated users to hijack the authentication of unspecified
victims via unknown vectors.
|
CVE-2015-6468 |
Cross-site request forgery (CSRF) vulnerability in Resource Data
Management Data Manager before 2.2 allows remote attackers to hijack
the authentication of unspecified victims via unknown vectors.
|
CVE-2015-6254 |
The (1) Service Provider (SP) and (2) Identity Provider (IdP) in
PicketLink before 2.7.0 does not ensure that the Destination attribute
in a Response element in a SAML assertion matches the location from
which the message was received, which allows remote attackers to have
unspecified impact via unknown vectors. NOTE: this identifier was
SPLIT from CVE-2015-0277 per ADT2 due to different vulnerability
types.
|
CVE-2015-6015 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows
local users to affect availability via unknown vectors related to
Outside In Filters, a different vulnerability than CVE-2015-4808,
CVE-2015-6013, CVE-2015-6014, and CVE-2016-0432. NOTE: the previous
information is from the January 2016 CPU. Oracle has not commented on
third-party claims that this issue is a stack-based buffer overflow in
Oracle Outside In 8.5.2 and earlier, which allows remote attackers to
execute arbitrary code via a crafted Paradox DB file.
|
CVE-2015-6014 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows
local users to affect availability via unknown vectors related to
Outside In Filters, a different vulnerability than CVE-2015-4808,
CVE-2015-6013, CVE-2015-6015, and CVE-2016-0432. NOTE: the previous
information is from the January 2016 CPU. Oracle has not commented on
third-party claims that this issue is a stack-based buffer overflow in
Oracle Outside In 8.5.2 and earlier, which allows remote attackers to
execute arbitrary code via a crafted DOC file.
|
CVE-2015-6013 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows
local users to affect availability via unknown vectors related to
Outside In Filters, a different vulnerability than CVE-2015-4808,
CVE-2015-6014, CVE-2015-6015, and CVE-2016-0432. NOTE: the previous
information is from the January 2016 CPU. Oracle has not commented on
third-party claims that this issue is a stack-based buffer overflow in
Oracle Outside In 8.5.2 and earlier, which allows remote attackers to
execute arbitrary code via a crafted WK4 file.
|
CVE-2015-5922 |
Unspecified vulnerability in International Components for Unicode
(ICU) before 53.1.0, as used in Apple OS X before 10.11 and watchOS
before 2, has unknown impact and attack vectors.
|
CVE-2015-5911 |
Multiple unspecified vulnerabilities in Twisted in Wiki Server in
Apple OS X Server before 5.0.3 allow attackers to have an unknown
impact via an XML document.
|
CVE-2015-5895 |
Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as
used in Apple iOS before 9, have unknown impact and attack vectors.
|
CVE-2015-5863 |
IOStorageFamily in Apple iOS before 9 does not properly initialize an
unspecified data structure, which allows local users to obtain
sensitive information from kernel memory via unknown vectors.
|
CVE-2015-5842 |
XNU in the kernel in Apple iOS before 9 does not properly initialize
an unspecified data structure, which allows local users to obtain
sensitive memory-layout information via unknown vectors.
|
CVE-2015-5698 |
Cross-site request forgery (CSRF) vulnerability in the web server on
Siemens SIMATIC S7-1200 CPU devices with firmware before 4.1.3 allows
remote attackers to hijack the authentication of unspecified victims
via unknown vectors.
|
CVE-2015-5568 |
Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on
Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before
19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK &
Compiler before 19.0.0.190 allow attackers to cause a denial of
service (vector-length corruption) or possibly have unspecified other
impact via unknown vectors.
|
CVE-2015-5538 |
Multiple unspecified vulnerabilities in Citrix NetScaler Application
Delivery Controller (ADC) and NetScaler Gateway before 10.1 Build
132.8, 10.5 before Build 57.7, and 10.5e before Build 56.1505.e allow
remote attackers to gain privileges via unknown vectors, related to
the (1) Command Line Interface (CLI) and the (2) Web User Interface
(UI).
|
CVE-2015-5505 |
The HTTP Strict Transport Security (HSTS) module 6.x-1.x before
6.x-1.1 and 7.x-1.x before 7.x-1.2 for Drupal does not properly
implement the "include subdomains" directive, which causes the HSTS
policy to not be applied to subdomains and allows man-in-the-middle
attackers to have unspecified impact via unknown vectors.
|
CVE-2015-5502 |
The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not
properly restrict access to Storage API fields attached to entities
that are not nodes, which allows remote attackers to have unspecified
impact via unknown vectors.
|
CVE-2015-5451 |
Cross-site request forgery (CSRF) vulnerability in HP Operations
Orchestration Central 10.x before 10.22.001 allows remote attackers to
hijack the authentication of unspecified victims via unknown vectors.
|
CVE-2015-5445 |
Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup
system software before 3.13.1 allows remote authenticated users to
hijack the authentication of unspecified victims via unknown vectors.
|
CVE-2015-5442 |
Unspecified vulnerability in HP Software Update before 5.005.002.002
allows local users to gain privileges via unknown vectors.
|
CVE-2015-5435 |
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3
before 1.85 and 4 before 2.22 allows remote authenticated users to
cause a denial of service via unknown vectors.
|
CVE-2015-5426 |
Unspecified vulnerability in HP LoadRunner Controller before 12.50
allows local users to gain privileges via unknown vectors, aka
ZDI-CAN-2756.
|
CVE-2015-5424 |
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x
before 10.24.0.1 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-2885.
|
CVE-2015-5423 |
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x
before 10.24.0.1 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-2884.
|
CVE-2015-5422 |
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x
before 10.24.0.1 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-2883.
|
CVE-2015-5421 |
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x
before 10.24.0.1 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-2881.
|
CVE-2015-5420 |
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x
before 10.24.0.1 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-2880.
|
CVE-2015-5419 |
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x
before 10.24.0.1 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-2879.
|
CVE-2015-5418 |
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x
before 10.24.0.1 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-2877.
|
CVE-2015-5417 |
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x
before 10.24.0.1 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-2876.
|
CVE-2015-5416 |
Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x
before 10.24.0.1 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-2875.
|
CVE-2015-5412 |
Cross-site request forgery (CSRF) vulnerability in HP Version Control
Repository Manager (VCRM) before 7.5.0 allows remote authenticated
users to hijack the authentication of unspecified victims via unknown
vectors.
|
CVE-2015-5397 |
Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0
through 3.3.x and 3.4.x before 3.4.2 allows remote attackers to hijack
the authentication of unspecified victims for requests that upload
code via unknown vectors.
|
CVE-2015-5375 |
Cross-site scripting (XSS) vulnerability in unspecified dialogs for
printing content in the Front End in Open-Xchange Server 6 and OX App
Suite before 6.22.8-rev8, 6.22.9 before 6.22.9-rev15m, 7.x before
7.6.1-rev25, and 7.6.2 before 7.6.2-rev20 allows remote attackers to
inject arbitrary web script or HTML via unknown vectors related to
object properties.
|
CVE-2015-5206 |
Unspecified vulnerability in the HTTP/2 experimental feature in Apache
Traffic Server before 5.3.x before 5.3.2 has unknown impact and attack
vectors, a different vulnerability than CVE-2015-5168.
|
CVE-2015-5168 |
Unspecified vulnerability in the HTTP/2 experimental feature in Apache
Traffic Server 5.3.x before 5.3.2 has unknown impact and attack
vectors, a different vulnerability than CVE-2015-5206.
|
CVE-2015-5125 |
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before
11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK
before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199
allow attackers to cause a denial of service (vector-length
corruption) or possibly have unspecified other impact via unknown
vectors.
|
CVE-2015-5081 |
Cross-site request forgery (CSRF) vulnerability in django CMS before
3.0.14, 3.1.x before 3.1.1 allows remote attackers to manipulate
privileged users into performing unknown actions via unspecified
vectors.
|
CVE-2015-5053 |
The host memory mapping path feature in the NVIDIA GPU graphics driver
R346 before 346.87 and R352 before 352.41 for Linux and R352 before
352.46 for GRID vGPU and vSGA does not properly restrict access to
third-party device IO memory, which allows attackers to gain
privileges, cause a denial of service (resource consumption), or
possibly have unspecified other impact via unknown vectors related to
the follow_pfn kernel-mode API call.
|
CVE-2015-4980 |
Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through
7.0.0.9 allows remote authenticated users to obtain sensitive personal
information via unknown vectors.
|
CVE-2015-4962 |
Jazz Team Server in Jazz Foundation in IBM Rational Collaborative
Lifecycle Management (CLM) 3.x and 4.x before 4.0.7 IF9, 5.x before
5.0.2 IF9, and 6.x before 6.0.1; Rational Quality Manager (RQM) 3.x
before 3.0.1.6 IF7, 4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and
6.x before 6.0.1; Rational Team Concert (RTC) 3.x before 3.0.1.6 IF7,
4.x before 4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1;
Rational Requirements Composer (RRC) 3.x before 3.0.1.6 IF7 and 4.x
before 4.0.7 IF9; Rational DOORS Next Generation (RDNG) 4.x before
4.0.7 IF9, 5.x before 5.0.2 IF9, and 6.x before 6.0.1; Rational
Engineering Lifecycle Manager (RELM) 4.x through 4.0.7, 5.x through
5.0.2, and 6.x before 6.0.1; Rational Rhapsody Design Manager (DM) 4.x
through 4.0.7, 5.x through 5.0.2, and 6.x before 6.0.1; and Rational
Software Architect Design Manager (DM) 4.x through 4.0.7, 5.x through
5.0.2, and 6.x before 6.0.1 uses weak permissions for unspecified
project areas, which allows remote authenticated users to obtain
sensitive information via unknown vectors.
|
CVE-2015-4956 |
The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12
allows remote authenticated users to execute unspecified OS commands
via unknown vectors.
|
CVE-2015-4936 |
Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through
8.6.0.8 allows remote attackers to cause a denial of service via
unknown vectors.
|
CVE-2015-4925 |
Unspecified vulnerability in the Workspace Manager component in Oracle
Database Server 11.2.0.4 allows remote authenticated users to affect
confidentiality, integrity, and availability via unknown vectors.
|
CVE-2015-4923 |
Unspecified vulnerability in the XML Developer's Kit for C component
in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect availability via unknown vectors.
|
CVE-2015-4921 |
Unspecified vulnerability in the Database Vault component in Oracle
Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote
authenticated users to affect integrity via unknown vectors.
|
CVE-2015-4917 |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle
Supply Chain Products Suite 9.3.4 allows remote authenticated users to
affect integrity via unknown vectors related to Security, a different
vulnerability than CVE-2015-4892.
|
CVE-2015-4916 |
Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85
allows remote attackers to affect confidentiality via unknown vectors,
a different vulnerability than CVE-2015-4906 and CVE-2015-4908.
|
CVE-2015-4915 |
Unspecified vulnerability in the Integrated Lights Out Manager (ILOM)
component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to System Management.
|
CVE-2015-4914 |
Unspecified vulnerability in the Oracle HTTP Server component in
Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and
12.1.3.0 allows remote authenticated users to affect confidentiality
via unknown vectors related to Web Listener.
|
CVE-2015-4910 |
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : Memcached.
|
CVE-2015-4908 |
Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85
allows remote attackers to affect confidentiality via unknown vectors,
a different vulnerability than CVE-2015-4906 and CVE-2015-4916.
|
CVE-2015-4907 |
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Solaris Kernel Zones, a different
vulnerability than CVE-2015-4820.
|
CVE-2015-4906 |
Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85
allows remote attackers to affect confidentiality via unknown vectors
related to JavaFX, a different vulnerability than CVE-2015-4908 and
CVE-2015-4916.
|
CVE-2015-4904 |
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to libmysqld.
|
CVE-2015-4902 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60
allows remote attackers to affect integrity via unknown vectors
related to Deployment.
|
CVE-2015-4901 |
Unspecified vulnerability in Oracle Java SE 8u60 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to JavaFX.
|
CVE-2015-4900 |
Unspecified vulnerability in the XDB - XML Database component in
Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote
authenticated users to affect confidentiality, integrity, and
availability via unknown vectors.
|
CVE-2015-4899 |
Unspecified vulnerability in the Oracle GlassFish Server component in
Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to
affect confidentiality via unknown vectors related to Security.
|
CVE-2015-4896 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 4.0.34, 4.1.42, 4.2.34,
4.3.32, and 5.0.8, when a VM has the Remote Display feature (RDP)
enabled, allows remote attackers to affect availability via unknown
vectors related to Core.
|
CVE-2015-4895 |
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : InnoDB.
|
CVE-2015-4894 |
Unspecified vulnerability in the Mobile Server component in Oracle
Database Mobile/Lite Server 10.3.0.3, 11.3.0.2, and 12.1.0.0 allows
remote authenticated users to affect integrity and availability via
unknown vectors.
|
CVE-2015-4892 |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle
Supply Chain Products Suite 9.3.4 allows remote authenticated users to
affect integrity via unknown vectors related to Security, a different
vulnerability than CVE-2015-4917.
|
CVE-2015-4890 |
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : Replication.
|
CVE-2015-4888 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated
users to affect confidentiality, integrity, and availability via
unknown vectors, a different vulnerability than CVE-2015-4796.
|
CVE-2015-4887 |
Unspecified vulnerability in the PeopleSoft Enterprise HCM component
in Oracle PeopleSoft Products 9.2 allows remote authenticated users to
affect confidentiality, integrity, and availability via unknown
vectors related to ePerformance.
|
CVE-2015-4886 |
Unspecified vulnerability in the Oracle Report Manager component in
Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4
allows remote attackers to affect confidentiality and integrity via
unknown vectors related to Reports Security. NOTE: the previous
information is from the October 2015 CPU. Oracle has not commented on
third-party claims that this issue is an XML External Entity (XXE)
vulnerability, which allows remote attackers to read arbitrary files,
cause a denial of service, or conduct SMB Relay attacks via a crafted
DTD in an XML request involving the OA_HTML/copxml servlet.
|
CVE-2015-4884 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3,
12.2.3, and 12.2.4 allows remote attackers to affect confidentiality
via unknown vectors related to Single Signon.
|
CVE-2015-4880 |
Unspecified vulnerability in the Oracle WebCenter Content component in
Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect
integrity via unknown vectors related to Content Server, a different
vulnerability than CVE-2015-4867.
|
CVE-2015-4878 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows
local users to affect availability via unknown vectors related to
Outside In Filters, a different vulnerability than CVE-2015-4877.
|
CVE-2015-4877 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows
local users to affect availability via unknown vectors related to
Outside In Filters, a different vulnerability than CVE-2015-4878.
|
CVE-2015-4876 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote
authenticated users to affect integrity via unknown vectors related to
Pivot Grid.
|
CVE-2015-4875 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control 12.1.0.4 and
12.1.0.5 allows remote attackers to affect availability via unknown
vectors related to Agent Next Gen.
|
CVE-2015-4874 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control 12.1.0.4 and
12.1.0.5 allows local users to affect confidentiality, integrity, and
availability via unknown vectors related to Agent Next Gen.
|
CVE-2015-4873 |
Unspecified vulnerability in the Database Scheduler component in
Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local
users to affect confidentiality, integrity, and availability via
unknown vectors.
|
CVE-2015-4872 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60;
Java SE Embedded 8u51; and JRockit R28.3.7 allows remote attackers to
affect integrity via unknown vectors related to Security.
|
CVE-2015-4871 |
Unspecified vulnerability in Oracle Java SE 7u85 allows remote
attackers to affect confidentiality and integrity via unknown vectors
related to Libraries.
|
CVE-2015-4870 |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,
and 5.6.26 and earlier, allows remote authenticated users to affect
availability via unknown vectors related to Server : Parser.
|
CVE-2015-4869 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows
local users to affect availability via unknown vectors related to
Kernel.
|
CVE-2015-4868 |
Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded
8u51 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Libraries.
|
CVE-2015-4867 |
Unspecified vulnerability in the Oracle WebCenter Content component in
Oracle Fusion Middleware 10.1.3.5.1 allows remote attackers to affect
integrity via unknown vectors related to Content Server, a different
vulnerability than CVE-2015-4880.
|
CVE-2015-4866 |
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : InnoDB.
|
CVE-2015-4864 |
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier
and 5.6.24 and earlier allows remote authenticated users to affect
integrity via unknown vectors related to Server : Security :
Privileges.
|
CVE-2015-4863 |
Unspecified vulnerability in the Portable Clusterware component in
Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors.
|
CVE-2015-4861 |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,
and 5.6.26 and earlier, allows remote authenticated users to affect
availability via unknown vectors related to Server : InnoDB.
|
CVE-2015-4859 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control 12.1.0.4 and
12.1.0.5 allows remote attackers to affect confidentiality and
integrity via unknown vectors related to Agent Next Gen.
|
CVE-2015-4857 |
Unspecified vulnerability in the RDBMS component in Oracle Database
Server 12.1.0.1 and 12.1.0.2 allows remote authenticated users to
affect confidentiality and integrity via unknown vectors.
|
CVE-2015-4856 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 4.0.30, 4.1.38, 4.2.30,
4.3.26, and 5.0.0 allows local users to affect availability via
unknown vectors related to Core.
|
CVE-2015-4854 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and
12.2.4 allows remote attackers to affect integrity via unknown vectors
related to Single Signon. NOTE: the previous information is from the
October 2015 CPU. Oracle has not commented on third-party claims that
this issue is a cross-site scripting (XSS) vulnerability, which allows
remote attackers to inject arbitrary web script or HTML via the Domain
parameter in the CfgOCIReturn servlet.
|
CVE-2015-4850 |
Unspecified vulnerability in the PeopleSoft Enterprise HCM component
in Oracle PeopleSoft Products 9.2 allows remote authenticated users to
affect confidentiality and integrity via unknown vectors related to
Talent Acquisition Management.
|
CVE-2015-4849 |
Unspecified vulnerability in the Oracle Payments component in Oracle
E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Punch-in. NOTE: the
previous information is from the October 2015 CPU. Oracle has not
commented on third-party claims that this issue is an XML External
Entity (XXE) vulnerability, which allows remote attackers to cause a
denial of service or conduct SMB Relay attacks via a crafted DTD in an
XML request to OA_HTML/IspPunchInServlet.
|
CVE-2015-4848 |
Unspecified vulnerability in the Oracle Configurator component in
Oracle Supply Chain Products Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4
allows remote attackers to affect confidentiality via unknown vectors
related to Integration with Peoplesoft.
|
CVE-2015-4844 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
Java SE Embedded 8u51, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to 2D.
|
CVE-2015-4843 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
Java SE Embedded 8u51, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Libraries.
|
CVE-2015-4841 |
Unspecified vulnerability in the Siebel Core - Server Framework
component in Oracle Siebel CRM IP2014 and IP2015 allows remote
attackers to affect confidentiality via unknown vectors related to
Services.
|
CVE-2015-4840 |
Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE
Embedded 8u51, allows remote attackers to affect confidentiality via
unknown vectors related to 2D.
|
CVE-2015-4839 |
Unspecified vulnerability in the Oracle Applications Technology Stack
component in Oracle E-Business Suite 11.5.10.2 allows remote attackers
to affect confidentiality, integrity, and availability via unknown
vectors related to DB Listener, a different vulnerability than
CVE-2015-4798.
|
CVE-2015-4837 |
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Utility/Security.
|
CVE-2015-4836 |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier,
and 5.6.26 and earlier, allows remote authenticated users to affect
availability via unknown vectors related to Server : SP.
|
CVE-2015-4834 |
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Utility/Zones.
|
CVE-2015-4833 |
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : Partition.
|
CVE-2015-4831 |
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local
users to affect availability via unknown vectors related to Solaris
Kernel Zones, a different vulnerability than CVE-2015-4822.
|
CVE-2015-4830 |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
and 5.6.26 and earlier allows remote authenticated users to affect
integrity via unknown vectors related to Server : Security :
Privileges.
|
CVE-2015-4827 |
Unspecified vulnerability in the Oracle Retail Open Commerce Platform
component in Oracle Retail Applications 3.0 allows remote attackers to
affect confidentiality and integrity via unknown vectors related to
Framework.
|
CVE-2015-4826 |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
and 5.6.26 and earlier allows remote authenticated users to affect
confidentiality via unknown vectors related to Server : Types.
|
CVE-2015-4825 |
Unspecified vulnerability in the PeopleSoft Enterprise FIN Expenses
component in Oracle PeopleSoft Products 9.2 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Expense Report General.
|
CVE-2015-4824 |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle
Supply Chain Products Suite 9.3.4 allows remote authenticated users to
affect confidentiality via unknown vectors related to Security.
|
CVE-2015-4823 |
Unspecified vulnerability in the Hyperion Installation Technology
component in Oracle Hyperion 11.1.2.3 allows local users to affect
confidentiality via unknown vectors related to Essbase Rapid Deploy.
|
CVE-2015-4822 |
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local
users to affect availability via unknown vectors related to Solaris
Kernel Zones, a different vulnerability than CVE-2015-4831.
|
CVE-2015-4821 |
Unspecified vulnerability in the Integrated Lights Out Manager (ILOM)
component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Web.
|
CVE-2015-4820 |
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Solaris Kernel Zones, a different
vulnerability than CVE-2015-4907.
|
CVE-2015-4819 |
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier,
and 5.6.25 and earlier, allows local users to affect confidentiality,
integrity, and availability via unknown vectors related to Client
programs.
|
CVE-2015-4816 |
Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : InnoDB.
|
CVE-2015-4813 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox prior to 4.0.34, 4.1.42, 4.2.34,
4.3.32, and 5.0.8, when using a Windows guest, allows local users to
affect availability via unknown vectors related to Core.
|
CVE-2015-4810 |
Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Deployment.
|
CVE-2015-4807 |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
and 5.6.26 and earlier, when running on Windows, allows remote
authenticated users to affect availability via unknown vectors related
to Server : Query Cache.
|
CVE-2015-4806 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
Java SE Embedded 8u51, allows remote attackers to affect
confidentiality and integrity via unknown vectors related to
Libraries.
|
CVE-2015-4805 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and
Java SE Embedded 8u51, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Serialization.
|
CVE-2015-4804 |
Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent
Acquisition Management component in Oracle PeopleSoft Products 9.2
allows remote authenticated users to affect confidentiality via unknown
vectors related to Security.
|
CVE-2015-4802 |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
and 5.6.26 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Server : Partition, a
different vulnerability than CVE-2015-4792.
|
CVE-2015-4801 |
Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local
users to affect confidentiality via unknown vectors related to Solaris
Kernel Zones.
|
CVE-2015-4800 |
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : Optimizer.
|
CVE-2015-4799 |
Unspecified vulnerability in the Oracle WebCenter Sites component in
Oracle Fusion Middleware 7.6.2, 11.1.1.6.1, and 11.1.1.8.0 allows
remote attackers to affect integrity via unknown vectors related to
Security.
|
CVE-2015-4798 |
Unspecified vulnerability in the Oracle Applications Technology Stack
component in Oracle E-Business Suite 11.5.10.2 allows remote attackers
to affect confidentiality, integrity, and availability via unknown
vectors related to DB Listener, a different vulnerability than
CVE-2015-4839.
|
CVE-2015-4797 |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle
Supply Chain Products Suite 9.3.3 allows remote authenticated users to
affect integrity via unknown vectors related to Security.
|
CVE-2015-4796 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows,
allows remote authenticated users to affect confidentiality,
integrity, and availability via unknown vectors, a different
vulnerability than CVE-2015-4888.
|
CVE-2015-4795 |
Unspecified vulnerability in the Oracle Utilities Work and Asset
Management component in Oracle Industry Applications 1.9.1.1.2 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Add-On Applications.
|
CVE-2015-4794 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated
users to affect confidentiality, integrity, and availability via
unknown vectors.
|
CVE-2015-4793 |
Unspecified vulnerability in the Oracle Communications Convergence
component in Oracle Communications Applications 2.0 and 3.0.1 allows
remote attackers to affect confidentiality via unknown vectors related
to Mail Proxy.
|
CVE-2015-4792 |
Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier
and 5.6.26 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Server : Partition, a
different vulnerability than CVE-2015-4802.
|
CVE-2015-4791 |
Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : Security : Privileges.
|
CVE-2015-4790 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764,
CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778,
CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783,
CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, and
CVE-2015-4789.
|
CVE-2015-4789 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764,
CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778,
CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783,
CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, and
CVE-2015-4790.
|
CVE-2015-4788 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect integrity and availability via unknown
vectors, a different vulnerability than CVE-2015-4774 and
CVE-2015-4779.
|
CVE-2015-4787 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764,
CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778,
CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783,
CVE-2015-4784, CVE-2015-4785, CVE-2015-4786, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-4786 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764,
CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778,
CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783,
CVE-2015-4784, CVE-2015-4785, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-4785 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764,
CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778,
CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783,
CVE-2015-4784, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-4784 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764,
CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778,
CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4783,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-4783 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764,
CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778,
CVE-2015-4780, CVE-2015-4781, CVE-2015-4782, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-4782 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764,
CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778,
CVE-2015-4780, CVE-2015-4781, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-4781 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764,
CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778,
CVE-2015-4780, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-4780 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764,
CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4778,
CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-4779 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect integrity and availability via unknown
vectors, a different vulnerability than CVE-2015-4774 and
CVE-2015-4788.
|
CVE-2015-4778 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764,
CVE-2015-4775, CVE-2015-4776, CVE-2015-4777, CVE-2015-4780,
CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-4777 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764,
CVE-2015-4775, CVE-2015-4776, CVE-2015-4778, CVE-2015-4780,
CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-4776 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764,
CVE-2015-4775, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780,
CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-4775 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4764,
CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780,
CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-4774 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect integrity and availability via unknown
vectors, a different vulnerability than CVE-2015-4779 and
CVE-2015-4788.
|
CVE-2015-4773 |
Unspecified vulnerability in the Hyperion Common Security component in
Oracle Hyperion 11.1.2.2, 11.1.2.3, and 11.1.2.4 allows remote
authenticated users to affect availability via unknown vectors related
to User Account Update.
|
CVE-2015-4772 |
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : Partition.
|
CVE-2015-4769 |
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : Security : Firewall, a different
vulnerability than CVE-2015-4767.
|
CVE-2015-4768 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0,
6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, and 6.3.7 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Diagnostics.
|
CVE-2015-4767 |
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : Security : Firewall, a different
vulnerability than CVE-2015-4769.
|
CVE-2015-4766 |
Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier
allows local users to affect availability via unknown vectors related
to Server : Security : Firewall.
|
CVE-2015-4764 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4754, CVE-2015-4775,
CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780,
CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-4763 |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle
Supply Chain Products Suite 9.3.4 allows remote authenticated users to
affect confidentiality and integrity via unknown vectors related to
Security.
|
CVE-2015-4762 |
Unspecified vulnerability in the Oracle Applications DBA component in
Oracle E-Business Suite 12.2.3 and 12.2.4 allows remote authenticated
users to affect confidentiality via unknown vectors related to Online
patching.
|
CVE-2015-4761 |
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : Memcached.
|
CVE-2015-4760 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to 2D.
|
CVE-2015-4759 |
Unspecified vulnerability in the Oracle Data Integrator component in
Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Data Quality based on Trillium, a different vulnerability
than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446,
CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, and CVE-2015-4758.
|
CVE-2015-4758 |
Unspecified vulnerability in the Oracle Data Integrator component in
Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Data Quality based on Trillium, a different vulnerability
than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446,
CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, and CVE-2015-4759.
|
CVE-2015-4757 |
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier
and 5.6.23 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Server : Optimizer.
|
CVE-2015-4756 |
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : InnoDB, a different vulnerability than
CVE-2015-0439.
|
CVE-2015-4755 |
Unspecified vulnerability in the RDBMS Security component in Oracle
Database Server 12.1.0.2 allows remote attackers to affect
confidentiality via unknown vectors.
|
CVE-2015-4754 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-2656, CVE-2015-4764, CVE-2015-4775,
CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780,
CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-4753 |
Unspecified vulnerability in the RDBMS Support Tools component in
Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows local users to affect confidentiality via unknown vectors.
|
CVE-2015-4751 |
Unspecified vulnerability in the Oracle Access Manager component in
Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers
to affect availability via unknown vectors related to Authentication
Engine.
|
CVE-2015-4748 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45;
JRockit R28.3.6; and Java SE Embedded 7u75 and Embedded 8u33 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Security.
|
CVE-2015-4746 |
Unspecified vulnerability in the Oracle Agile Product Lifecycle
Management for Process component in Oracle Supply Chain Products Suite
6.0.0.7, 6.1.0.3, 6.1.1.5, and 6.2.0.0 allows remote authenticated
users to affect confidentiality via unknown vectors related to Global
Spec Management.
|
CVE-2015-4745 |
Unspecified vulnerability in the Oracle Endeca Information Discovery
Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and
3.1 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Integrator, a different
vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604,
CVE-2015-2605, and CVE-2015-2606.
|
CVE-2015-4744 |
Unspecified vulnerability in the Oracle GlassFish Server component in
Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; and the Oracle
WebLogic Server component in Oracle Fusion Middleware 10.3.6.0,
12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect
integrity via unknown vectors related to Java Server Faces.
|
CVE-2015-4743 |
Unspecified vulnerability in the Oracle Applications DBA component in
Oracle E-Business Suite 12.2.3 allows remote authenticated users to
affect confidentiality via unknown vectors related to AD Utilities.
|
CVE-2015-4741 |
Unspecified vulnerability in the Oracle Applications Framework
component in Oracle E-Business Suite 12.2.4 allows remote
authenticated users to affect integrity via unknown vectors related to
Dialog popup.
|
CVE-2015-4740 |
Unspecified vulnerability in the RDBMS Partitioning component in
Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and
12.1.0.2 allows remote authenticated users to affect confidentiality,
integrity, and availability via unknown vectors.
|
CVE-2015-4739 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 11.5.10.2 allows remote
authenticated users to affect integrity via unknown vectors related to
Help screens.
|
CVE-2015-4738 |
Unspecified vulnerability in the PeopleSoft Enterprise HCM Candidate
Gateway component in Oracle PeopleSoft Products 9.1 and 9.2 allows
remote authenticated users to affect confidentiality via unknown
vectors related to Security.
|
CVE-2015-4737 |
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier,
and 5.6.23 and earlier, allows remote authenticated users to affect
confidentiality via unknown vectors related to Server : Pluggable
Auth.
|
CVE-2015-4736 |
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment.
|
CVE-2015-4732 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and
Java SE Embedded 7u75 and 8u33 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Libraries, a different vulnerability than CVE-2015-2590.
|
CVE-2015-4730 |
Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows
remote authenticated users to affect availability via unknown vectors
related to Types.
|
CVE-2015-4729 |
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows
remote attackers to affect confidentiality and integrity via unknown
vectors related to Deployment.
|
CVE-2015-4728 |
Unspecified vulnerability in the Oracle Sourcing component in Oracle
E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, and 12.2.4 allows
remote authenticated users to affect confidentiality via unknown
vectors related to Bid/Quote creation.
|
CVE-2015-4727 |
Unspecified vulnerability in Oracle Virtualization Sun Ray Software
before 5.4.4 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Web
Console.
|
CVE-2015-4554 |
Multiple unspecified vulnerabilities in TIBCO Spotfire Client and
Spotfire Web Player Client in Spotfire Analyst before 5.5.2, 6.0.x
before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1; Spotfire
Analytics Platform for AWS 6.5 and 7.0.x before 7.0.1; Spotfire
Automation Services before 5.5.2, 6.0.x before 6.0.3, 6.5.x before
6.5.3, and 7.0.x before 7.0.1; Spotfire Deployment Kit before 5.5.2,
6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1;
Spotfire Desktop before 6.5.2 and 7.0.x before 7.0.1; Spotfire Desktop
Language Packs 7.0.x before 7.0.1; Spotfire Professional before 5.5.2,
6.0.x before 6.0.3, 6.5.x before 6.5.3, and 7.0.x before 7.0.1;
Spotfire Web Player before 5.5.2, 6.0.x before 6.0.3, 6.5.x before
6.5.3, and 7.0.x before 7.0.1; and Silver Fabric Enabler for Spotfire
Web Player before 2.1.1 allow remote attackers to execute arbitrary
code or obtain sensitive information via unknown vectors.
|
CVE-2015-4522 |
The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before
41.0 and Firefox ESR 38.x before 38.3 might allow remote attackers to
cause a denial of service (memory corruption and application crash) or
possibly have unspecified other impact via unknown vectors, related to
an "overflow."
|
CVE-2015-4521 |
The ConvertDialogOptions function in Mozilla Firefox before 41.0 and
Firefox ESR 38.x before 38.3 might allow remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly have unspecified other impact via unknown vectors.
|
CVE-2015-4517 |
NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x
before 38.3 might allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly have unspecified
other impact via unknown vectors.
|
CVE-2015-4514 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 42.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2015-4513 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
|
CVE-2015-4501 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 41.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2015-4500 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
|
CVE-2015-4487 |
The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0,
Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow
remote attackers to cause a denial of service (memory corruption) or
possibly have unspecified other impact via unknown vectors, related to
an "overflow."
|
CVE-2015-4474 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 40.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2015-4473 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 40.0 and Firefox ESR 38.x before 38.2 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
|
CVE-2015-4429 |
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before
18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe
AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR
SDK & Compiler before 18.0.0.180 allow attackers to cause a denial of
service (NULL pointer dereference) or possibly have unspecified other
impact via unknown vectors, a different vulnerability than
CVE-2015-3126.
|
CVE-2015-4386 |
Multiple cross-site scripting (XSS) vulnerabilities in unspecified
administration pages in the EntityBulkDelete module 7.x-1.0 for Drupal
allow remote attackers to inject arbitrary web script or HTML via
unknown vectors involving creating or editing (1) comments, (2)
taxonomy terms, or (3) nodes.
|
CVE-2015-4377 |
Cross-site scripting (XSS) vulnerability in unspecified administration
pages in the Petition module 6.x-1.x before 6.x-1.3 for Drupal allows
remote authenticated users with the "create petition" permission to
inject arbitrary web script or HTML via unknown vectors.
|
CVE-2015-4181 |
Directory traversal vulnerability in get_file.php in phpMyBackupPro
2.1 through 2.5 allows remote attackers to read arbitrary files via a
.. (dot dot) in the view parameter. NOTE: the provenance of this
information is unknown; the details are obtained solely from third
party information. NOTE: this vulnerability exists due to an
incomplete fix to CVE-2015-4180.
|
CVE-2015-4180 |
Directory traversal vulnerability in get_file.php in phpMyBackupPro
2.1 through 2.4 allows remote attackers to read arbitrary files via a
.. (dot dot) in the view parameter. NOTE: the provenance of this
information is unknown; the details are obtained solely from third
party information. NOTE: this vulnerability exists due to an
incomplete fix to CVE-2009-4050.
|
CVE-2015-4161 |
SAP Afaria does not properly restrict access to unspecified
functionality, which allows remote attackers to obtain sensitive
information, gain privileges, or have other unspecified impact via
unknown vectors, SAP Security Note 2155690.
|
CVE-2015-4106 |
QEMU does not properly restrict write access to the PCI config space
for certain PCI pass-through devices, which might allow local x86 HVM
guests to gain privileges, cause a denial of service (host crash),
obtain sensitive information, or possibly have other unspecified
impact via unknown vectors.
|
CVE-2015-3979 |
Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF)
in SAP CRM allows attackers to execute arbitrary code via unknown
vectors, aka SAP Security Note 2097534.
|
CVE-2015-3946 |
Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess
before 8.1 allows remote attackers to hijack the authentication of
unspecified victims via unknown vectors.
|
CVE-2015-3910 |
Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as
used in Google Chrome before 43.0.2357.65, allow attackers to cause a
denial of service or possibly have other impact via unknown vectors.
|
CVE-2015-3886 |
libinfinity before 0.6.6-1 does not validate expired SSL certificates,
which allows remote attackers to have unspecified impact via unknown
vectors.
|
CVE-2015-3347 |
Cross-site request forgery (CSRF) vulnerability in the Cloudwords for
Multilingual Drupal module before 7.x-2.3 for Drupal allows remote
attackers to hijack the authentication of unspecified victims via an
unknown menu callback.
|
CVE-2015-3343 |
Cross-site request forgery (CSRF) vulnerability in the OPAC module
before 7.x-2.3 for Drupal allows remote attackers to hijack the
authentication of unspecified victims for requests that remove a
mapping via unknown vectors.
|
CVE-2015-3333 |
Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as
used in Google Chrome before 42.0.2311.90, allow attackers to cause a
denial of service or possibly have other impact via unknown vectors.
|
CVE-2015-3318 |
CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8,
and r12.9; CA Network and Systems Management r11.0, r11.1, and r11.2;
CA NSM Job Management Option r11.0, r11.1, and r11.2; CA Universal Job
Management Agent; CA Virtual Assurance for Infrastructure Managers
(aka SystemEDGE) 12.6, 12.7, 12.8, and 12.9; and CA Workload
Automation AE r11, r11.3, r11.3.5, and r11.3.6 on UNIX, does not
properly validate an unspecified variable, which allows local users to
gain privileges via unknown vectors.
|
CVE-2015-3278 |
The cipherstring parsing code in nss_compat_ossl while in
multi-keyword mode does not match the expected set of ciphers for a
given cipher combination, which allows attackers to have unspecified
impact via unknown vectors.
|
CVE-2015-3276 |
The nss_parse_ciphers function in libraries/libldap/tls_m.c in
OpenLDAP does not properly parse OpenSSL-style multi-keyword mode
cipher strings, which might cause a weaker than intended cipher to be
used and allow remote attackers to have unspecified impact via unknown
vectors.
|
CVE-2015-3208 |
XML external entity (XXE) vulnerability in the XPath selector
component in Artemis ActiveMQ before commit
48d9951d879e0c8cbb59d4b64ab59d53ef88310d allows remote attackers to
have unspecified impact via unknown vectors.
|
CVE-2015-3126 |
Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before
18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe
AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR
SDK & Compiler before 18.0.0.180 allow attackers to cause a denial of
service (NULL pointer dereference) or possibly have unspecified other
impact via unknown vectors, a different vulnerability than
CVE-2015-4429.
|
CVE-2015-3048 |
Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and
11.x before 11.0.11 on Windows and OS X allows attackers to execute
arbitrary code via unknown vectors.
|
CVE-2015-2975 |
Research Artisan Lite before 1.18 does not ensure that a user has
authenticated, which allows remote attackers to perform unspecified
actions via unknown vectors.
|
CVE-2015-2806 |
Stack-based buffer overflow in asn1_der_decoding in libtasn1 before
4.4 allows remote attackers to have unspecified impact via unknown
vectors.
|
CVE-2015-2788 |
Multiple stack-based buffer overflows in the ib_fill_isqlda function
in dbdimp.c in DBD-Firebird before 1.19 allow remote attackers to have
unspecified impact via unknown vectors that trigger an error
condition, related to binding octets to columns.
|
CVE-2015-2786 |
Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4
has unknown attack vectors related to "Group join request
notifications sent to wrong group leaders."
|
CVE-2015-2770 |
Cross-site request forgery (CSRF) vulnerability in the command line
page in Websense TRITON V-Series appliances before 8.0.0 allows remote
attackers to hijack the authentication of unspecified victims via
unknown vectors.
|
CVE-2015-2769 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the
Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before 8.0.0
allow remote attackers to hijack the authentication of unspecified
victims via unknown vectors.
|
CVE-2015-2767 |
Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has
unknown impact and attack vectors, related to "Autocomplete Enabled."
|
CVE-2015-2763 |
Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has
unknown impact and attack vectors, related to port 17703.
|
CVE-2015-2740 |
Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function
in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x
before 38.1, and Thunderbird before 38.1 might allow remote attackers
to cause a denial of service or have unspecified other impact via
unknown vectors.
|
CVE-2015-2726 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 39.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2015-2725 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 39.0, Firefox ESR 38.x before 38.1, and Thunderbird
before 38.1 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2015-2724 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before
38.1, and Thunderbird before 38.1 allow remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors.
|
CVE-2015-2709 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 38.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2015-2708 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 38.0, Firefox ESR 31.x before 31.7, and Thunderbird
before 31.7 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2015-2664 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45
allows local users to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment.
|
CVE-2015-2663 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.1, 6.2, and 6.3.0
through 6.3.7 allows remote authenticated users to affect
confidentiality and integrity via unknown vectors related to Business
Process Automation.
|
CVE-2015-2661 |
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier
allows local users to affect availability via unknown vectors related
to Client.
|
CVE-2015-2659 |
Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded
8u33 allows remote attackers to affect availability via unknown
vectors related to Security.
|
CVE-2015-2657 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.1, 6.2, and 6.3.0
through 6.3.7 allows remote authenticated users to affect
confidentiality via unknown vectors related to Business Process
Automation.
|
CVE-2015-2656 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2654, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775,
CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780,
CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-2655 |
Unspecified vulnerability in the Application Express component in
Oracle Database Server before 4.2.3.00.08 allows remote authenticated
users to affect confidentiality and integrity via unknown vectors.
|
CVE-2015-2654 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2640,
CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775,
CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780,
CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-2653 |
Unspecified vulnerability in the Oracle Commerce Guided Search /
Oracle Commerce Experience Manager component in Oracle Commerce
Platform 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers to
affect confidentiality and integrity via unknown vectors related to
Content Acquisition System.
|
CVE-2015-2652 |
Unspecified vulnerability in the Oracle Marketing component in Oracle
E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.3,
and 12.2.4 allows remote attackers to affect integrity via unknown
vectors related to Web Management.
|
CVE-2015-2650 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Multichannel Framework.
|
CVE-2015-2647 |
Unspecified vulnerability in the Enterprise Manager for Oracle
Database component in Oracle Enterprise Manager Grid Control EM Base
Platform 11.1.0.1; EM Plugin for DB 12.1.0.5, 12.1.0.6, 12.1.0.7; and
EM DB Control 11.1.0.7, 11.2.0.3, and 11.2.0.4 allows remote
authenticated users to affect confidentiality and integrity via
unknown vectors related to Content Management.
|
CVE-2015-2646 |
Unspecified vulnerability in the Enterprise Manager for Oracle
Database component in Oracle Enterprise Manager Grid Control EM Base
Platform: 11.1.0.1; EM Plugin for DB: 12.1.0.5, 12.1.0.6, 12.1.0.7; EM
DB Control: 11.1.0.7, 11.2.0.3, and 11.2.0.4 allows remote attackers
to affect integrity via unknown vectors related to Content Management.
|
CVE-2015-2645 |
Unspecified vulnerability in the Oracle Web Applications Desktop
Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6,
12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect
integrity via unknown vectors.
|
CVE-2015-2644 |
Unspecified vulnerability in the Oracle Agile PLM Framework component
in Oracle Supply Chain Products Suite 9.3.3 allows remote attackers to
affect confidentiality via unknown vectors related to Security.
|
CVE-2015-2643 |
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier
and 5.6.24 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Server : Optimizer.
|
CVE-2015-2642 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows
local users to affect confidentiality, integrity, and availability via
unknown vectors related to Gzip.
|
CVE-2015-2641 |
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : Security : Privileges.
|
CVE-2015-2640 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2626, CVE-2015-2654,
CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775,
CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780,
CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-2639 |
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier
allows remote authenticated users to affect integrity via unknown
vectors related to Server : Security : Firewall.
|
CVE-2015-2638 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45;
JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to 2D.
|
CVE-2015-2637 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45;
JavaFX 2.2.80; and Java SE Embedded 7u75 and 8u33 allows remote
attackers to affect confidentiality via unknown vectors related to 2D.
|
CVE-2015-2636 |
Unspecified vulnerability in the Oracle Data Integrator component in
Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Data Quality based on Trillium, a different vulnerability
than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446,
CVE-2015-2634, CVE-2015-2635, CVE-2015-4758, and CVE-2015-4759.
|
CVE-2015-2635 |
Unspecified vulnerability in the Oracle Data Integrator component in
Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Data Quality based on Trillium, a different vulnerability
than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446,
CVE-2015-2634, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759.
|
CVE-2015-2634 |
Unspecified vulnerability in the Oracle Data Integrator component in
Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Data Quality based on Trillium, a different vulnerability
than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446,
CVE-2015-2635, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759.
|
CVE-2015-2633 |
Unspecified vulnerability in the Enterprise Manager Ops Center
component in Oracle Enterprise Manager Grid Control 12.1.0.1 and
12.2.2 allows remote authenticated users to affect confidentiality and
integrity via unknown vectors related to Ops Center.
|
CVE-2015-2632 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45
allows remote attackers to affect confidentiality via unknown vectors
related to 2D.
|
CVE-2015-2631 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows
local users to affect confidentiality, integrity, and availability via
unknown vectors related to rmformat.
|
CVE-2015-2630 |
Unspecified vulnerability in the Technology stack component in Oracle
E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers
to affect integrity via unknown vectors related to Applet startup.
|
CVE-2015-2629 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-0457.
|
CVE-2015-2627 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45
allows remote attackers to affect confidentiality via unknown vectors
related to installation.
|
CVE-2015-2626 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2624, CVE-2015-2640, CVE-2015-2654,
CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775,
CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780,
CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-2624 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2583, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654,
CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775,
CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780,
CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-2623 |
Unspecified vulnerability in the Oracle GlassFish Server component in
Oracle Fusion Middleware 3.0.1 and 3.1.2, and the Oracle WebLogic
Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0,
12.1.2.0, and 12.1.3.0, allows remote attackers to affect integrity
via unknown vectors related to Java Server Faces.
|
CVE-2015-2622 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.54 allows remote attackers
to affect integrity via unknown vectors related to Fluid Core.
|
CVE-2015-2620 |
Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier
and 5.6.23 and earlier allows remote authenticated users to affect
confidentiality via unknown vectors related to Server : Security :
Privileges.
|
CVE-2015-2619 |
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX
2.2.80, and Java SE Embedded 7u75 and 8u33 allows remote attackers to
affect confidentiality via unknown vectors related to 2D.
|
CVE-2015-2618 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3,
12.2.3, and 12.2.4 allows remote authenticated users to affect
integrity via unknown vectors related to Input validation.
|
CVE-2015-2617 |
Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier
allows remote authenticated users to affect confidentiality,
integrity, and availability via unknown vectors related to Partition.
|
CVE-2015-2616 |
Unspecified vulnerability in Oracle Sun Solaris 3.3 and 4.2 allows
local users to affect availability via unknown vectors related to
DevFS.
|
CVE-2015-2615 |
Unspecified vulnerability in the Oracle Applications Framework
component in Oracle E-Business Suite 12.0.6, 12.1.3, and 12.2.3 allows
remote attackers to affect confidentiality via unknown vectors related
to Portal.
|
CVE-2015-2610 |
Unspecified vulnerability in the Oracle Applications Framework
component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and
12.2.4 allows remote attackers to affect integrity via unknown vectors
related to Popup windows.
|
CVE-2015-2607 |
Unspecified vulnerability in the Oracle Commerce Guided Search /
Oracle Commerce Experience Manager component in Oracle Commerce
Platform 3.0.2, 3.1.1, 3.1.2, 11.0, and 11.1 allows remote attackers
to affect confidentiality via unknown vectors related to Content
Acquisition System.
|
CVE-2015-2606 |
Unspecified vulnerability in the Oracle Endeca Information Discovery
Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and
3.1 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Integrator, a different
vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604,
CVE-2015-2605, and CVE-2015-4745.
|
CVE-2015-2605 |
Unspecified vulnerability in the Oracle Endeca Information Discovery
Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and
3.1 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Integrator, a different
vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604,
CVE-2015-2606, and CVE-2015-4745.
|
CVE-2015-2604 |
Unspecified vulnerability in the Oracle Endeca Information Discovery
Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and
3.1 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Integrator, a different
vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2605,
CVE-2015-2606, and CVE-2015-4745.
|
CVE-2015-2603 |
Unspecified vulnerability in the Oracle Endeca Information Discovery
Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and
3.1 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Integrator, a different
vulnerability than CVE-2015-2602, CVE-2015-2604, CVE-2015-2605,
CVE-2015-2606, and CVE-2015-4745.
|
CVE-2015-2602 |
Unspecified vulnerability in the Oracle Endeca Information Discovery
Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and
3.1 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Integrator, a different
vulnerability than CVE-2015-2603, CVE-2015-2604, CVE-2015-2605,
CVE-2015-2606, and CVE-2015-4745.
|
CVE-2015-2600 |
Unspecified vulnerability in the Siebel Core - Server OM Svcs
component in Oracle Siebel CRM 8.1.1, 8.2.2, and 15.0 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Security.
|
CVE-2015-2599 |
Unspecified vulnerability in the RDBMS Scheduler component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect confidentiality via
unknown vectors.
|
CVE-2015-2598 |
Unspecified vulnerability in the mobile app in Oracle Business
Intelligence Enterprise Edition in Oracle Fusion Middleware before
11.1.1.7.0 (11.6.39) allows remote authenticated users to affect
integrity via unknown vectors related to Mobile - iPad.
|
CVE-2015-2597 |
Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Install.
|
CVE-2015-2596 |
Unspecified vulnerability in Oracle Java SE 7u80 allows remote
attackers to affect integrity via unknown vectors related to Hotspot.
|
CVE-2015-2595 |
Unspecified vulnerability in the Oracle OLAP component in Oracle
Database Server 12.1.0.1 and 12.1.0.2 allows remote authenticated
users to affect confidentiality, integrity, and availability via
unknown vectors.
|
CVE-2015-2594 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox prior to 4.0.32, 4.1.40, 4.2.32, and
4.3.30 allows local users to affect confidentiality, integrity, and
availability via unknown vectors related to Core.
|
CVE-2015-2593 |
Unspecified vulnerability in the Oracle Access Manager component in
Oracle Fusion Middleware 11.1.2.2 allows remote authenticated users to
affect confidentiality and integrity via unknown vectors related to
Configuration Service.
|
CVE-2015-2592 |
Unspecified vulnerability in the Hyperion Enterprise Performance
Management Architect component in Oracle Hyperion 11.1.2.2 and
11.1.2.3 allows remote authenticated users to affect integrity via
unknown vectors related to Security, a different vulnerability than
CVE-2015-2584.
|
CVE-2015-2591 |
Unspecified vulnerability in the PeopleSoft Enterprise Portal -
Interaction Hub component in Oracle PeopleSoft Products 9.1.00 allows
remote authenticated users to affect integrity via unknown vectors
related to Enterprise Portal.
|
CVE-2015-2590 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and
Java SE Embedded 7u75 and 8u33 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Libraries, a different vulnerability than CVE-2015-4732.
|
CVE-2015-2586 |
Unspecified vulnerability in the Application Express component in
Oracle Database Server before 4.2.1 allows remote attackers to affect
availability via unknown vectors.
|
CVE-2015-2585 |
Unspecified vulnerability in the Application Express component in
Oracle Database Server before 5.0 allows remote authenticated users to
affect availability via unknown vectors.
|
CVE-2015-2584 |
Unspecified vulnerability in the Hyperion Enterprise Performance
Management Architect component in Oracle Hyperion 11.1.2.2 and
11.1.2.3 allows remote authenticated users to affect integrity via
unknown vectors related to Security, a different vulnerability than
CVE-2015-2592.
|
CVE-2015-2583 |
Unspecified vulnerability in the Data Store component in Oracle
Berkeley DB 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, and 12.1.6.0.35
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2624, CVE-2015-2626, CVE-2015-2640, CVE-2015-2654,
CVE-2015-2656, CVE-2015-4754, CVE-2015-4764, CVE-2015-4775,
CVE-2015-4776, CVE-2015-4777, CVE-2015-4778, CVE-2015-4780,
CVE-2015-4781, CVE-2015-4782, CVE-2015-4783, CVE-2015-4784,
CVE-2015-4785, CVE-2015-4786, CVE-2015-4787, CVE-2015-4789, and
CVE-2015-4790.
|
CVE-2015-2581 |
Unspecified vulnerability in the Oracle Secure Global Desktop
component in Oracle Virtualization 5.1 and 5.2 allows remote attackers
to affect confidentiality and availability via unknown vectors related
to JServer.
|
CVE-2015-2577 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users
to affect confidentiality, integrity, and availability via unknown
vectors related to Accounting commands.
|
CVE-2015-2576 |
Unspecified vulnerability in the MySQL Utilities component in Oracle
MySQL 1.5.1 and earlier, when running on Windows, allows local users
to affect integrity via unknown vectors related to Installation.
|
CVE-2015-2575 |
Unspecified vulnerability in the MySQL Connectors component in Oracle
MySQL 5.1.34 and earlier allows remote authenticated users to affect
confidentiality and integrity via unknown vectors related to
Connector/J.
|
CVE-2015-2574 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users
to affect confidentiality via unknown vectors related to Text
Utilities.
|
CVE-2015-2572 |
Unspecified vulnerability in the Oracle Hyperion Smart View for Office
component in Oracle Hyperion 11.1.2.5.216 and earlier, when running on
Windows, allows local users to affect confidentiality, integrity, and
availability via unknown vectors related to Core.
|
CVE-2015-2571 |
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier,
and 5.6.23 and earlier, allows remote authenticated users to affect
availability via unknown vectors related to Server : Optimizer.
|
CVE-2015-2570 |
Unspecified vulnerability in the Oracle Demand Planning component in
Oracle Supply Chain Products Suite 11.5.10, 12.0, 12.1, and 12.2
allows remote authenticated users to affect confidentiality,
integrity, and availability via unknown vectors related to Security.
|
CVE-2015-2568 |
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier,
and 5.6.22 and earlier, allows remote attackers to affect availability
via unknown vectors related to Server : Security : Privileges.
|
CVE-2015-2567 |
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : Security : Privileges.
|
CVE-2015-2565 |
Unspecified vulnerability in the Oracle Installed Base component in
Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and
12.1.3 allows remote attackers to affect integrity via unknown vectors
related to Create Item Instance.
|
CVE-2015-2352 |
The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not
properly check the encoding of input to the var_export function, which
allows attackers to have an unspecified impact via unknown vectors.
|
CVE-2015-2335 |
A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows
remote attackers to obtain the installation path via unknown vectors.
|
CVE-2015-2334 |
Cross-site request forgery (CSRF) vulnerability in the Admin Control
Panel (ACP) login in MyBB (aka MyBulletinBoard) before 1.8.4 allows
remote attackers to hijack the authentication of unspecified victims
via unknown vectors.
|
CVE-2015-2238 |
Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as
used in Google Chrome before 41.0.2272.76, allow attackers to cause a
denial of service or possibly have other impact via unknown vectors.
|
CVE-2015-2143 |
Multiple cross-site request forgery (CSRF) vulnerabilities in
Issuetracker phpBugTracker before 1.7.0 allow remote attackers to
hijack the authentication of users for requests that cause an
unspecified impact via unknown parameters.
|
CVE-2015-2137 |
Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23,
9.24, 9.25, 10.00, and 10.01 allows remote attackers to execute
arbitrary code via unknown vectors.
|
CVE-2015-2135 |
Unspecified vulnerability in HP Intelligent Provisioning 1.00 through
1.62(a), 2.00, and 2.10 allows remote attackers to execute arbitrary
code via unknown vectors.
|
CVE-2015-2134 |
Cross-site request forgery (CSRF) vulnerability in HP System
Management Homepage (SMH) before 7.5.0 allows remote authenticated
users to hijack the authentication of unspecified victims via unknown
vectors.
|
CVE-2015-2132 |
Unspecified vulnerability in the execve system-call implementation in
HP HP-UX B.11.11, B.11.23, and B.11.31 allows local users to gain
privileges via unknown vectors.
|
CVE-2015-2125 |
Unspecified vulnerability in HP WebInspect 7.x through 10.4 before
10.4 update 1 allows remote authenticated users to bypass intended
access restrictions via unknown vectors.
|
CVE-2015-2124 |
Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1
through 5.1 and Smart Zero Core 4.3 and 4.4 allows local users to
bypass intended access restrictions and gain privileges via unknown
vectors.
|
CVE-2015-2120 |
Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x
before 11.24.391, and 11.3x before 11.30.521 allows remote
authenticated users to gain privileges via unknown vectors, aka
ZDI-CAN-2567.
|
CVE-2015-2118 |
Unspecified vulnerability in the Secure Pull Print and Security Pull
Print components in HP Access Control (AC) Software 12.x through 14.x
before 14.1.2 allows remote authenticated users to obtain sensitive
information via unknown vectors.
|
CVE-2015-2116 |
Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03
build 107 allows remote authenticated users to execute arbitrary code
or cause a denial of service via unknown vectors.
|
CVE-2015-2115 |
Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3
before Patch 7, 1.3 FP1 before Patch 1, and 1.4 before Patch 1 allows
remote authenticated users to obtain sensitive information via unknown
vectors.
|
CVE-2015-2113 |
Unspecified vulnerability in HP Easy Deploy, as distributed standalone
and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540,
t5740, and t5740e devices and HP Flexible Thin Client t510, t520,
t610, t620, and t820 devices allows remote attackers to execute
arbitrary code via unknown vectors.
|
CVE-2015-2112 |
Unspecified vulnerability in HP Easy Deploy, as distributed standalone
and in HP Easy Tools before 3.0.1.1650, on HP Thin Client t5540,
t5740, and t5740e devices and HP Flexible Thin Client t510, t520,
t610, t620, and t820 devices allows remote authenticated users to
execute arbitrary code via unknown vectors.
|
CVE-2015-2111 |
Unspecified vulnerability in HP Intelligent Provisioning 1.40 through
1.60 on Windows Server 2008 R2 and 2012 allows local users to obtain
sensitive information via unknown vectors.
|
CVE-2015-2109 |
Unspecified vulnerability in HP Operations Orchestration 10.x allows
remote attackers to bypass authentication, and obtain sensitive
information or modify data, via unknown vectors.
|
CVE-2015-2108 |
Unspecified vulnerability in Powershell Operations in HP Operations
Orchestration 9.x and 10.x allows remote authenticated users to obtain
sensitive information via unknown vectors.
|
CVE-2015-2106 |
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2
before 2.27, 3 before 1.82, and 4 before 2.10 allows remote attackers
to bypass intended access restrictions or cause a denial of service
via unknown vectors.
|
CVE-2015-2088 |
Cross-site scripting (XSS) vulnerability in unspecified administration
pages in the Term Queue module before 6.x-1.1 for Drupal allows remote
attackers to inject arbitrary web script or HTML via unknown vectors.
|
CVE-2015-2048 |
Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L
with firmware 1.04 and earlier allows remote attackers to hijack the
authentication of unspecified victims via unknown vectors.
|
CVE-2015-2016 |
Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11
IF02 and 7.2.x before 7.2.5 Patch 4 allows remote authenticated users
to execute arbitrary commands with root privileges via unknown
vectors.
|
CVE-2015-1971 |
Unspecified vulnerability in Jazz Team Server in Jazz Foundation in
IBM Rational Collaborative Lifecycle Management (CLM) 3.x and 4.x
before 4.0.7 IF8 and 5.x before 5.0.2 IF10; Rational Quality Manager
(RQM) 2.x and 3.x before 3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x
before 5.0.2 IF10; Rational Team Concert (RTC) 2.x and 3.x before
3.0.1.6 IF7, 4.x before 4.0.7 IF8, and 5.x before 5.0.2 IF10; Rational
Requirements Composer (RRC) 2.x and 3.x before 3.0.1.6 IF7 and 4.0
through 4.0.7; Rational DOORS Next Generation (RDNG) 4.x before 4.0.7
IF8 and 5.x before 5.0.2 IF10; Rational Engineering Lifecycle Manager
(RELM) 1.0 through 1.0.0.1, 4.0.3 through 4.0.7, and 5.0 through
5.0.2; Rational Rhapsody Design Manager (DM) 3.0 through 3.0.1, 4.0
through 4.0.7, 5.0 through 5.0.2, and 6.0; and Rational Software
Architect Design Manager (DM) 3.0 through 3.0.1, 4.0 through 4.0.7,
and 5.0 through 5.0.2 allows remote attackers to cause a denial of
service via unknown vectors.
|
CVE-2015-1945 |
Unspecified vulnerability in the Reference Data Management component
in IBM InfoSphere Master Data Management 10.1, 11.0, 11.3 before FP3,
and 11.4 allows remote authenticated users to gain privileges via
unknown vectors.
|
CVE-2015-1926 |
Unspecified vulnerability in the Oracle WebCenter Portal component in
Oracle Fusion Middleware 11.1.1.8.0 and 11.1.1.9.0, and the Oracle
Applications Framework component in Oracle E-Business Suite 12.2.3 and
12.2.4, allows remote authenticated users to affect confidentiality
and integrity via unknown vectors related to Portal.
|
CVE-2015-1916 |
Unspecified vulnerability in IBM Java 8 before SR1 allows remote
attackers to cause a denial of service via unknown vectors related to
SSL/TLS and the Secure Socket Extension provider.
|
CVE-2015-1829 |
Unspecified vulnerability in the Oracle HTTP Server component in
Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and
12.1.3.0 allows remote attackers to affect availability via unknown
vectors related to Web Listener.
|
CVE-2015-1817 |
Stack-based buffer overflow in the inet_pton function in
network/inet_pton.c in musl libc 0.9.15 through 1.0.4, and 1.1.0
through 1.1.7 allows attackers to have unspecified impact via unknown
vectors.
|
CVE-2015-1488 |
An unspecified action handler in the management console in Symantec
Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP1 allows
remote authenticated users to read arbitrary files via unknown
vectors.
|
CVE-2015-1419 |
Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote
attackers to bypass access restrictions via unknown vectors, related
to deny_file parsing.
|
CVE-2015-1351 |
Use-after-free vulnerability in the _zend_shared_memdup function in
zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.
|
CVE-2015-1346 |
Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15,
as used in Google Chrome before 40.0.2214.91, allow attackers to cause
a denial of service or possibly have other impact via unknown vectors.
|
CVE-2015-1312 |
The Dealer Portal in SAP ERP does not properly restrict access, which
allows remote attackers to obtain sensitive information, gain
privileges, and possibly have other unspecified impact via unknown
vectors, aka SAP Note 2000401. NOTE: the provenance of this
information is unknown; the details are obtained solely from third
party information.
|
CVE-2015-1311 |
The Extended Application Services (XS) in SAP HANA allows remote
attackers to inject arbitrary ABAP code via unspecified vectors, aka
SAP Note 2098906. NOTE: the provenance of this information is unknown;
the details are obtained solely from third party information.
|
CVE-2015-1310 |
SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase
ASE) allows remote attackers to execute arbitrary SQL commands via
unspecified vectors, aka SAP Note 2113333. NOTE: the provenance of
this information is unknown; the details are obtained solely from
third party information.
|
CVE-2015-1301 |
Multiple unspecified vulnerabilities in Google Chrome before
45.0.2454.85 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2015-1289 |
Multiple unspecified vulnerabilities in Google Chrome before
44.0.2403.89 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2015-1265 |
Multiple unspecified vulnerabilities in Google Chrome before
43.0.2357.65 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2015-1259 |
PDFium, as used in Google Chrome before 43.0.2357.65, does not
properly initialize memory, which allows remote attackers to cause a
denial of service or possibly have unspecified other impact via
unknown vectors.
|
CVE-2015-1250 |
Multiple unspecified vulnerabilities in Google Chrome before
42.0.2311.135 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2015-1249 |
Multiple unspecified vulnerabilities in Google Chrome before
42.0.2311.90 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2015-1238 |
Skia, as used in Google Chrome before 42.0.2311.90, allows remote
attackers to cause a denial of service (out-of-bounds write) or
possibly have unspecified other impact via unknown vectors.
|
CVE-2015-1231 |
Multiple unspecified vulnerabilities in Google Chrome before
41.0.2272.76 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2015-1212 |
Multiple unspecified vulnerabilities in Google Chrome before
40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on
Android allow attackers to cause a denial of service or possibly have
other impact via unknown vectors.
|
CVE-2015-1205 |
Multiple unspecified vulnerabilities in Google Chrome before
40.0.2214.91 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2015-1201 |
Privoxy before 3.0.22 allows remote attackers to cause a denial of
service (file descriptor consumption) via unspecified vectors. NOTE:
the provenance of this information is unknown; the details are
obtained solely from third party information.
|
CVE-2015-1188 |
The certificate verification functions in the HNDS service in Swisscom
Centro Grande (ADB) DSL routers with firmware before 6.14.00 allows
remote attackers to access the management functions via unknown
vectors.
|
CVE-2015-0836 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird
before 31.5 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2015-0835 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 36.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2015-0815 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird
before 31.6 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2015-0814 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 37.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2015-0530 |
Buffer overflow in an unspecified function in nsr_render_log in EMC
NetWorker before 8.0.4.3, 8.1.x before 8.1.2.6, and 8.2.x before
8.2.1.2 allows local users to gain privileges via unknown vectors.
|
CVE-2015-0511 |
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : SP.
|
CVE-2015-0509 |
Unspecified vulnerability in the Oracle Hyperion BI+ component in
Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to
affect integrity via unknown vectors related to Reporting and
Analysis.
|
CVE-2015-0508 |
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : InnoDB, a different vulnerability than
CVE-2015-0506.
|
CVE-2015-0507 |
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : Memcached.
|
CVE-2015-0506 |
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to InnoDB, a different vulnerability than
CVE-2015-0508.
|
CVE-2015-0504 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote
attackers to affect integrity via unknown vectors related to Error
Messages.
|
CVE-2015-0503 |
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : Partition.
|
CVE-2015-0502 |
Unspecified vulnerability in the Siebel UI Framework component in
Oracle Siebel CRM 8.1 and 8.2 allows remote attackers to affect
integrity via unknown vectors related to Portal Framework.
|
CVE-2015-0501 |
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier,
and 5.6.23 and earlier, allows remote authenticated users to affect
availability via unknown vectors related to Server : Compiling.
|
CVE-2015-0500 |
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier
allows remote authenticated users to affect availability via unknown
vectors.
|
CVE-2015-0499 |
Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier,
and 5.6.23 and earlier, allows remote authenticated users to affect
availability via unknown vectors related to Server : Federated.
|
CVE-2015-0498 |
Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Replication.
|
CVE-2015-0497 |
Unspecified vulnerability in the PeopleSoft Enterprise Portal
Interaction Hub component in Oracle PeopleSoft Products 9.1.00 allows
remote attackers to affect integrity via unknown vectors related to
Enterprise Portal.
|
CVE-2015-0495 |
Unspecified vulnerability in the Oracle Commerce Guided Search /
Oracle Commerce Experience Manager component in Oracle Commerce
Platform 3.x and 11.x allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Workbench.
|
CVE-2015-0494 |
Unspecified vulnerability in the Oracle Retail Central Office
component in Oracle Retail Applications 13.1, 13.2, 13.3, 13.4, 14.0,
and 14.1 allows remote attackers to affect integrity via unknown
vectors.
|
CVE-2015-0493 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows
local users to affect availability via unknown vectors related to
Outside In Filters, a different vulnerability than CVE-2015-0474.
|
CVE-2015-0492 |
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX
2.2.76, allows remote attackers to affect confidentiality, integrity,
and availability via unknown vectors, a different vulnerability than
CVE-2015-0484.
|
CVE-2015-0491 |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and
8u40, and Java FX 2.2.76, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to 2D, a different vulnerability than CVE-2015-0459.
|
CVE-2015-0486 |
Unspecified vulnerability in Oracle Java SE 8u40 allows remote
attackers to affect confidentiality via unknown vectors related to
Deployment.
|
CVE-2015-0485 |
Unspecified vulnerability in the PeopleSoft Enterprise SCM Strategic
Sourcing component in Oracle PeopleSoft Products 9.1 and 9.2 allows
remote authenticated users to affect confidentiality via unknown
vectors related to Security.
|
CVE-2015-0484 |
Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX
2.2.76, allows remote attackers to affect confidentiality, integrity,
and availability via unknown vectors, a different vulnerability than
CVE-2015-0492.
|
CVE-2015-0483 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect integrity via unknown
vectors.
|
CVE-2015-0480 |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and
8u40 allows remote attackers to affect integrity and availability via
unknown vectors related to Tools.
|
CVE-2015-0479 |
Unspecified vulnerability in the XDK and XDB - XML Database component
in Oracle Database Server 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows
remote authenticated users to affect availability via unknown vectors.
|
CVE-2015-0477 |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and
8u40 allows remote attackers to affect integrity via unknown vectors
related to Beans.
|
CVE-2015-0476 |
Unspecified vulnerability in the SQL Trace Analyzer component in
Oracle Support Tools before 12.1.11 allows remote authenticated users
to affect confidentiality and integrity via unknown vectors.
|
CVE-2015-0475 |
Unspecified vulnerability in the JD Edwards EnterpriseOne Technology
component in Oracle JD Edwards Products 9.1 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Web Runtime Security.
|
CVE-2015-0474 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows
local users to affect availability via unknown vectors related to
Outside In Filters, a different vulnerability than CVE-2015-0493.
|
CVE-2015-0473 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control MOS 12.1.0.5 and
12.1.0.6 allows remote attackers to affect integrity via unknown
vectors related to My Oracle Support Plugin.
|
CVE-2015-0471 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows
local users to affect confidentiality, integrity, and availability via
unknown vectors related to libelfsign.
|
CVE-2015-0470 |
Unspecified vulnerability in Oracle Java SE 8u40 allows remote
attackers to affect integrity via unknown vectors related to Hotspot.
|
CVE-2015-0469 |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and
8u40 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to 2D.
|
CVE-2015-0468 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote
authenticated users to affect confidentiality, integrity, and
availability via unknown vectors.
|
CVE-2015-0467 |
Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent
Acquisition Manager component in Oracle PeopleSoft Products 9.1 and
9.2 allows remote attackers to affect integrity via unknown vectors
related to Security.
|
CVE-2015-0466 |
Unspecified vulnerability in the Oracle Retail Back Office component
in Oracle Retail Applications 12.0, 12.0IN, 13.0, 13.1, 13.2, 13.3,
13.4, 14.0, and 14.1 allows remote attackers to affect integrity via
unknown vectors.
|
CVE-2015-0465 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0,
6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote
authenticated users to affect confidentiality via unknown vectors
related to UI Infrastructure.
|
CVE-2015-0464 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0,
6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote attackers
to affect confidentiality via unknown vectors related to Security.
|
CVE-2015-0463 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.2, 6.3.0, 6.3.1,
6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote authenticated
users to affect confidentiality via unknown vectors related to
Security.
|
CVE-2015-0462 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0,
6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, and 6.3.6 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Security.
|
CVE-2015-0461 |
Unspecified vulnerability in the Oracle Access Manager component in
Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote
authenticated users to affect confidentiality and integrity via
unknown vectors related to Authentication Engine.
|
CVE-2015-0460 |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and
8u40 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Hotspot.
|
CVE-2015-0459 |
Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and
8u40, and JavaFX 2.2.76, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to 2D, a different vulnerability than CVE-2015-0491.
|
CVE-2015-0458 |
Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment.
|
CVE-2015-0457 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2015-2629.
|
CVE-2015-0456 |
Unspecified vulnerability in the Oracle WebCenter Portal component in
Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect
integrity via unknown vectors related to Portlet Services.
|
CVE-2015-0455 |
Unspecified vulnerability in the XDB - XML Database component in
Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect confidentiality via
unknown vectors.
|
CVE-2015-0452 |
Unspecified vulnerability in the Oracle VM Server for SPARC component
in Oracle Sun Systems Products Suite 3.1 and 3.2 allows remote
attackers to affect confidentiality via unknown vectors related to
Ldom Manager.
|
CVE-2015-0450 |
Unspecified vulnerability in the Oracle WebCenter Portal component in
Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect
integrity via unknown vectors related to WebCenter Spaces Application.
|
CVE-2015-0449 |
Unspecified vulnerability in the Oracle WebLogic Server component in
Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows
remote attackers to affect integrity via unknown vectors related to
Console.
|
CVE-2015-0446 |
Unspecified vulnerability in the Oracle Data Integrator component in
Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Data Quality based on Trillium, a different vulnerability
than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-2634,
CVE-2015-2635, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759.
|
CVE-2015-0445 |
Unspecified vulnerability in the Oracle Data Integrator component in
Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Data Quality based on Trillium, a different vulnerability
than CVE-2015-0443, CVE-2015-0444, CVE-2015-0446, CVE-2015-2634,
CVE-2015-2635, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759.
|
CVE-2015-0444 |
Unspecified vulnerability in the Oracle Data Integrator component in
Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Data Quality based on Trillium, a different vulnerability
than CVE-2015-0443, CVE-2015-0445, CVE-2015-0446, CVE-2015-2634,
CVE-2015-2635, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759.
|
CVE-2015-0443 |
Unspecified vulnerability in the Oracle Data Integrator component in
Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Data Quality based on Trillium, a different vulnerability
than CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-2634,
CVE-2015-2635, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759.
|
CVE-2015-0441 |
Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier,
and 5.6.22 and earlier, allows remote authenticated users to affect
availability via unknown vectors related to Server : Security :
Encryption.
|
CVE-2015-0440 |
Unspecified vulnerability in the Oracle Knowledge component in Oracle
Right Now Service Cloud 8.2.3.10.1 and 8.4.7.2 allows remote attackers
to affect integrity via unknown vectors related to Information Manager
Console.
|
CVE-2015-0439 |
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : InnoDB, a different vulnerability than
CVE-2015-4756.
|
CVE-2015-0438 |
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server : Partition.
|
CVE-2015-0437 |
Unspecified vulnerability in Oracle Java SE 8u25 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Hotspot.
|
CVE-2015-0436 |
Unspecified vulnerability in the Oracle iLearning component in Oracle
iLearning 6.0 and 6.1 allows remote attackers to affect
confidentiality via unknown vectors related to Login.
|
CVE-2015-0435 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0,
6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated
users to affect confidentiality via unknown vectors related to
Security.
|
CVE-2015-0431 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0 6.3.1,
6.3.2, 6.3.4, and 6.3.5 allows remote attackers to affect integrity
via unknown vectors related to UI Infrastructure.
|
CVE-2015-0428 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local
users to affect availability via unknown vectors related to Resource
Control.
|
CVE-2015-0426 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control 12.1.0.3 and
12.1.0.4 allows remote attackers to affect confidentiality via unknown
vectors related to UI Framework.
|
CVE-2015-0425 |
Unspecified vulnerability in the Oracle Enterprise Asset Management
component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers
to affect confidentiality via unknown vectors related to Siebel Core -
Unix/Windows.
|
CVE-2015-0423 |
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer.
|
CVE-2015-0422 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0,
6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated
users to affect confidentiality via unknown vectors related to UI
Infrastructure.
|
CVE-2015-0421 |
Unspecified vulnerability in Oracle Java SE 8u25 allows local users to
affect confidentiality, integrity, and availability via unknown
vectors related to the installation process.
|
CVE-2015-0420 |
Unspecified vulnerability in the Oracle Forms component in Oracle
Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to
affect confidentiality via unknown vectors related to Forms Services.
|
CVE-2015-0419 |
Unspecified vulnerability in the Siebel UI Framework component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect
confidentiality via unknown vectors related to Portal Framework, a
different vulnerability than CVE-2013-1510.
|
CVE-2015-0418 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and
4.2.28 allows local users to affect availability via unknown vectors
related to Core, a different vulnerability than CVE-2015-0377.
|
CVE-2015-0417 |
Unspecified vulnerability in the Siebel UI Framework component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to
affect confidentiality via unknown vectors related to Portal
Framework, a different vulnerability than CVE-2015-0388.
|
CVE-2015-0416 |
Unspecified vulnerability in the Oracle Agile PLM component in Oracle
Supply Chain Products Suite 9.3.3 allows remote authenticated users to
affect integrity via unknown vectors related to Roles & Privileges.
|
CVE-2015-0415 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 12.1.3 allows remote
authenticated users to affect integrity via unknown vectors related to
Session Management.
|
CVE-2015-0414 |
Unspecified vulnerability in the Oracle SOA Suite component in Oracle
Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote authenticated
users to affect confidentiality via unknown vectors related to Fabric
Layer.
|
CVE-2015-0413 |
Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local
users to affect integrity via unknown vectors related to
Serviceability.
|
CVE-2015-0411 |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier,
and 5.6.21 and earlier, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Server : Security : Encryption.
|
CVE-2015-0410 |
Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit
component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE
Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows remote
attackers to affect availability via unknown vectors related to
Security.
|
CVE-2015-0409 |
Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer.
|
CVE-2015-0407 |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and
8u25 allows remote attackers to affect confidentiality via unknown
vectors related to Swing.
|
CVE-2015-0406 |
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25
allows remote attackers to affect confidentiality and availability via
unknown vectors related to Deployment.
|
CVE-2015-0405 |
Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to XA.
|
CVE-2015-0404 |
Unspecified vulnerability in the Oracle Applications Framework
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3,
12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity
via unknown vectors related to Error Messages.
|
CVE-2015-0403 |
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25
allows local users to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment.
|
CVE-2015-0401 |
Unspecified vulnerability in the Oracle Directory Server Enterprise
Edition component in Oracle Fusion Middleware 7.0 and 11.1.1.7 allows
remote authenticated users to affect integrity via unknown vectors
related to Admin Console.
|
CVE-2015-0400 |
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25
allows remote attackers to affect confidentiality via unknown vectors
related to Libraries.
|
CVE-2015-0399 |
Unspecified vulnerability in the Oracle Business Intelligence
Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.2
and 11.1.1.7 allows remote authenticated users to affect
confidentiality via unknown vectors related to Analytics Web General.
|
CVE-2015-0398 |
Unspecified vulnerability in the Siebel Life Sciences component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to
affect confidentiality via unknown vectors related to Clinical Trip
Report.
|
CVE-2015-0397 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect availability via unknown vectors related to File System, a
different vulnerability than CVE-2014-6570 and CVE-2014-6600.
|
CVE-2015-0396 |
Unspecified vulnerability in the Oracle GlassFish Server component in
Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to
affect confidentiality, integrity, and availability via unknown
vectors related to Admin Console.
|
CVE-2015-0395 |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and
8u25 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Hotspot.
|
CVE-2015-0394 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Report Distribution.
|
CVE-2015-0393 |
Unspecified vulnerability in the Oracle Applications DBA component in
Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and
12.2.4 allows remote authenticated users to affect confidentiality,
integrity, and availability via unknown vectors related to DB
Privileges. NOTE: the previous information is from the January 2015
CPU. Oracle has not commented on the researcher's claim that the
PUBLIC role is granted the INDEX privilege for the DUAL table during a
"seeded install," which allows remote authenticated users to gain
SYSDBA privileges and execute arbitrary code.
|
CVE-2015-0392 |
Unspecified vulnerability in the Siebel Core - Server BizLogic Script
component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote
authenticated users to affect confidentiality, integrity, and
availability via unknown vectors related to Config - Scripting.
|
CVE-2015-0390 |
Unspecified vulnerability in the MICROS Retail component in Oracle
Retail Applications Xstore: 3.2.1, 3.4.2, 3.5.0, 4.0.1, 4.5.1, 4.8.0,
5.0.3, 5.5.3, 6.0.6, and 6.5.2 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Xstore Point of Sale.
|
CVE-2015-0388 |
Unspecified vulnerability in the Siebel UI Framework component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to
affect confidentiality via unknown vectors related to Portal
Framework, a different vulnerability than CVE-2015-0417.
|
CVE-2015-0386 |
Unspecified vulnerability in the Oracle HTTP Server component in
Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows
remote attackers to affect availability via unknown vectors related to
Web Listener, a different vulnerability than CVE-2013-0338,
CVE-2013-2877, and CVE-2014-0191.
|
CVE-2015-0385 |
Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Pluggable Auth.
|
CVE-2015-0384 |
Unspecified vulnerability in the Siebel Public Sector component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to
affect integrity via unknown vectors related to Public Sector Portal.
|
CVE-2015-0383 |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and
8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4
allows local users to affect integrity and availability via unknown
vectors related to Hotspot.
|
CVE-2015-0382 |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier
and 5.6.21 and earlier allows remote attackers to affect availability
via unknown vectors related to Server : Replication, a different
vulnerability than CVE-2015-0381.
|
CVE-2015-0381 |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier
and 5.6.21 and earlier allows remote attackers to affect availability
via unknown vectors related to Server : Replication, a different
vulnerability than CVE-2015-0382.
|
CVE-2015-0380 |
Unspecified vulnerability in the Oracle Telecommunications Billing
Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.4,
12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4
allows remote attackers to affect integrity via unknown vectors
related to OA Based UI for Bill Summary.
|
CVE-2015-0378 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect availability via unknown vectors related to Libc.
|
CVE-2015-0377 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and
4.2.28 allows local users to affect availability via unknown vectors
related to Core, a different vulnerability than CVE-2015-0418.
|
CVE-2015-0376 |
Unspecified vulnerability in the Oracle WebCenter Content component in
Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect
integrity via unknown vectors related to Content Server.
|
CVE-2015-0375 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows
remote attackers to affect confidentiality via unknown vectors related
to Network.
|
CVE-2015-0374 |
Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier
and 5.6.21 and earlier allows remote authenticated users to affect
confidentiality via unknown vectors related to Server : Security :
Privileges : Foreign Key.
|
CVE-2015-0373 |
Unspecified vulnerability in the OJVM component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality, integrity, and
availability via unknown vectors.
|
CVE-2015-0372 |
Unspecified vulnerability in the Oracle Containers for J2EE component
in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect
confidentiality via unknown vectors.
|
CVE-2015-0371 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows
remote authenticated users to affect integrity and availability via
unknown vectors.
|
CVE-2015-0370 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows
remote authenticated users to affect integrity via unknown vectors, a
different vulnerability than CVE-2013-5858.
|
CVE-2015-0369 |
Unspecified vulnerability in the Siebel UI Framework component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect
integrity via unknown vectors related to AX/HI Web UI.
|
CVE-2015-0368 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1,
6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to affect
availability via unknown vectors related to Security.
|
CVE-2015-0366 |
Unspecified vulnerability in the Siebel Core - EAI component in Oracle
Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect
confidentiality via unknown vectors related to Java Integration, a
different vulnerability than CVE-2014-0369.
|
CVE-2015-0365 |
Unspecified vulnerability in the Siebel Core - Server Infrastructure
component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers
to affect confidentiality via unknown vectors related to Security.
|
CVE-2015-0364 |
Unspecified vulnerability in the Siebel Core - EAI component in Oracle
Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect
availability via unknown vectors related to Integration Business
Services.
|
CVE-2015-0363 |
Unspecified vulnerability in the Siebel Core EAI component in Oracle
Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect
availability via unknown vectors related to Integration Business
Services.
|
CVE-2015-0362 |
Unspecified vulnerability in the BI Publisher (formerly XML Publisher)
component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers
to affect confidentiality via unknown vectors related to BI Publisher
Security.
|
CVE-2015-0328 |
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before
16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows
attackers to cause a denial of service (NULL pointer dereference) or
possibly have unspecified other impact via unknown vectors, a
different vulnerability than CVE-2015-0325 and CVE-2015-0326.
|
CVE-2015-0326 |
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before
16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows
attackers to cause a denial of service (NULL pointer dereference) or
possibly have unspecified other impact via unknown vectors, a
different vulnerability than CVE-2015-0325 and CVE-2015-0328.
|
CVE-2015-0325 |
Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before
16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows
attackers to cause a denial of service (NULL pointer dereference) or
possibly have unspecified other impact via unknown vectors, a
different vulnerability than CVE-2015-0326 and CVE-2015-0328.
|
CVE-2015-0311 |
Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and
14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and
through 11.2.202.438 on Linux allows remote attackers to execute
arbitrary code via unknown vectors, as exploited in the wild in
January 2015.
|
CVE-2015-0310 |
Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before
16.0.0.287 on Windows and OS X and before 11.2.202.438 on Linux does
not properly restrict discovery of memory addresses, which allows
attackers to bypass the ASLR protection mechanism on Windows, and have
an unspecified impact on other platforms, via unknown vectors, as
exploited in the wild in January 2015.
|
CVE-2015-0223 |
Unspecified vulnerability in Apache Qpid 0.30 and earlier allows
remote attackers to bypass access restrictions on qpidd via unknown
vectors, related to 0-10 connection handling.
|
CVE-2015-0192 |
Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2
FP11, 7 before SR9, 6 R1 before SR8 FP4, 6 before SR16 FP4, and 5.0
before SR16 FP10 allows remote attackers to gain privileges via
unknown vectors related to the Java Virtual Machine.
|
CVE-2015-0172 |
IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote
attackers to bypass intended security restrictions and consequently
execute unspecified commands and obtain sensitive information via
unknown vectors. IBM X-Force ID: 100927.
|
CVE-2014-9843 |
The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9
allows remote attackers to have unspecified impact via unknown
vectors.
|
CVE-2014-9841 |
The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9
allows remote attackers to have unspecified impact via unknown
vectors, related to "throwing of exceptions."
|
CVE-2014-9733 |
nw.js before 0.11.5 can simulate user input events in a normal frame,
which allows remote attackers to have unspecified impact via unknown
vectors.
|
CVE-2014-9688 |
Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for
WordPress has unknown impact and remote attack vectors related to
admin users.
|
CVE-2014-9587 |
Multiple cross-site request forgery (CSRF) vulnerabilities in
Roundcube Webmail before 1.0.4 allow remote attackers to hijack the
authentication of unspecified victims via unknown vectors, related to
(1) address book operations or the (2) ACL or (3) Managesieve plugins.
|
CVE-2014-9508 |
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x
through 6.2.x before 6.2.9, and 7.x before 7.0.2, when
config.prefixLocalAnchors is set and using a homepage with links that
only contain anchors, allows remote attackers to change URLs to
arbitrary domains for those links via unknown vectors.
|
CVE-2014-9502 |
Multiple cross-site request forgery (CSRF) vulnerabilities in
unspecified sub modules in the Open Atrium module 7.x-2.x before
7.x-2.26 for Drupal allow remote attackers to hijack the
authentication of unknown victims via vectors related to menu
callbacks.
|
CVE-2014-9458 |
Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA
Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to
have unspecified impact via unknown vectors.
|
CVE-2014-9426 |
** DISPUTED ** The apprentice_load function in libmagic/apprentice.c
in the Fileinfo component in PHP through 5.6.4 attempts to perform a
free operation on a stack-based character array, which allows remote
attackers to cause a denial of service (memory corruption or
application crash) or possibly have unspecified other impact via
unknown vectors. NOTE: this is disputed by the vendor because the
standard erealloc behavior makes the free operation unreachable.
|
CVE-2014-9425 |
Double free vulnerability in the zend_ts_hash_graceful_destroy
function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20
and 5.6.x through 5.6.4 allows remote attackers to cause a denial of
service or possibly have unspecified other impact via unknown vectors.
|
CVE-2014-9208 |
Multiple stack-based buffer overflows in unspecified DLL files in
Advantech WebAccess before 8.0.1 allow remote attackers to execute
arbitrary code via unknown vectors.
|
CVE-2014-9160 |
Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x
before 10.1.14 and 11.x before 11.0.11 on Windows and OS X allow
attackers to execute arbitrary code via unknown vectors.
|
CVE-2014-9157 |
Format string vulnerability in the yyerror function in
lib/cgraph/scan.l in Graphviz allows remote attackers to have
unspecified impact via format string specifiers in unknown vectors,
which are not properly handled in an error string.
|
CVE-2014-9047 |
Multiple unspecified vulnerabilities in the preview system in ownCloud
6.x before 6.0.6 and 7.x before 7.0.3 allow remote attackers to read
arbitrary files via unknown vectors.
|
CVE-2014-8635 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 35.0 and SeaMonkey before 2.32 allow remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors.
|
CVE-2014-8634 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before
31.4, and SeaMonkey before 2.32 allow remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors.
|
CVE-2014-8591 |
Unspecified vulnerability in SAP Internet Communication Manager (ICM),
as used in SAP NetWeaver 7.02 and 7.3, allows remote attackers to
cause a denial of service (process termination) via unknown vectors.
|
CVE-2014-8580 |
Citrix NetScaler Application Delivery Controller and NetScaler Gateway
10.5.50.10 before 10.5-52.11, 10.1.122.17 before 10.1-129.11, and
10.1-120.1316.e before 10.1-129.1105.e, when using unspecified
configurations, allows remote authenticated users to access "network
resources" of other users via unknown vectors.
|
CVE-2014-8535 |
McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local
users to bypass intended restriction on unspecified functionality via
unknown vectors.
|
CVE-2014-8532 |
Unspecified vulnerability in McAfee Network Data Loss Prevention
before (NDLP) before 9.3 allows local users to obtain sensitive
information and impact integrity via unknown vectors, related to
partition mounting.
|
CVE-2014-8530 |
Unspecified vulnerability in McAfee Network Data Loss Prevention
(NDLP) before 9.3 allows remote attackers to obtain sensitive
information, affect integrity, or cause a denial of service via
unknown vectors, related to simultaneous logins.
|
CVE-2014-8523 |
Cross-site request forgery (CSRF) vulnerability in McAfee Network Data
Loss Prevention (NDLP) before 9.3 allows remote attackers to hijack
the authentication of unspecified victims via unknown vectors.
|
CVE-2014-8519 |
Unspecified vulnerability in McAfee Network Data Loss Prevention
(NDLP) before 9.2.2 allows local users to read arbitrary files via
unknown vectors.
|
CVE-2014-8473 |
Cross-site request forgery (CSRF) vulnerability in CA Cloud Service
Management (CSM) before Summer 2014 allows remote attackers to hijack
the authentication of unspecified victims via unknown vectors.
|
CVE-2014-8451 |
An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before
10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers
to obtain sensitive information via unknown vectors, a different
vulnerability than CVE-2014-8448.
|
CVE-2014-8448 |
An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before
10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers
to obtain sensitive information via unknown vectors, a different
vulnerability than CVE-2014-8451.
|
CVE-2014-8423 |
Unspecified vulnerability in the management portal in ARRIS VAP2500
before FW08.41 allows remote attackers to execute arbitrary commands
via unknown vectors.
|
CVE-2014-8246 |
Cross-site request forgery (CSRF) vulnerability in CA Release
Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448
allows remote attackers to hijack the authentication of unspecified
victims via unknown vectors.
|
CVE-2014-8162 |
XML external entity (XXE) in the RPC interface in Spacewalk and Red
Hat Network (RHN) Satellite 5.7 and earlier allows remote attackers to
read arbitrary files and possibly have other unspecified impact via
unknown vectors.
|
CVE-2014-8144 |
Cross-site request forgery (CSRF) vulnerability in doorkeeper before
1.4.1 allows remote attackers to hijack the authentication of
unspecified victims for requests that read a user OAuth authorization
code via unknown vectors.
|
CVE-2014-8120 |
The agent in Thermostat before 1.0.6, when using unspecified
configurations, allows local users to obtain the JMX management URLs
of all local Java virtual machines and gain privileges via unknown
vectors.
|
CVE-2014-8115 |
The default authorization constrains in KIE Workbench 6.0.x allows
remote authenticated users to read or write to arbitrary files, bypass
intended access restrictions, and possibly have other unspecified
impact via unknown vectors.
|
CVE-2014-7967 |
Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15,
as used in Google Chrome before 38.0.2125.101, allow attackers to
cause a denial of service or possibly have other impact via unknown
vectors.
|
CVE-2014-7942 |
The Fonts implementation in Google Chrome before 40.0.2214.91 does not
initialize memory for a data structure, which allows remote attackers
to cause a denial of service or possibly have unspecified other impact
via unknown vectors.
|
CVE-2014-7938 |
The Fonts implementation in Google Chrome before 40.0.2214.91 allows
remote attackers to cause a denial of service (memory corruption) or
possibly have unspecified other impact via unknown vectors.
|
CVE-2014-7910 |
Multiple unspecified vulnerabilities in Google Chrome before
39.0.2171.65 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2014-7904 |
Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65,
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.
|
CVE-2014-7885 |
Multiple unspecified vulnerabilities in HP ArcSight Enterprise
Security Manager (ESM) before 6.8c have unknown impact and remote
attack vectors.
|
CVE-2014-7884 |
Multiple unspecified vulnerabilities in HP ArcSight Logger before
6.0P1 have unknown impact and remote authenticated attack vectors.
|
CVE-2014-7882 |
Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows
remote authenticated users to gain privileges via unknown vectors.
|
CVE-2014-7877 |
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows
local users to cause a denial of service via unknown vectors.
|
CVE-2014-7876 |
Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2
before 2.27 and 4 before 2.03 and iLO Chassis Management (CM) firmware
before 1.30 allows remote attackers to gain privileges, execute
arbitrary code, or cause a denial of service via unknown vectors.
|
CVE-2014-7875 |
Unspecified vulnerability on the HP LaserJet CM3530 Multifunction
Printer CC519A and CC520A with firmware before 53.236.2 allows remote
attackers to obtain sensitive information, modify data, or cause a
denial of service via unknown vectors.
|
CVE-2014-7874 |
Cross-site request forgery (CSRF) vulnerability in HP System
Management Homepage (SMH) before 3.2.3 on HP-UX B.11.23, and before
3.2.8 on HP-UX B.11.31, allows remote attackers to hijack the
authentication of unspecified victims via unknown vectors.
|
CVE-2014-7297 |
Unspecified vulnerability in the folder framework in the Enfold theme
before 3.0.1 for WordPress has unknown impact and attack vectors.
|
CVE-2014-7254 |
Unspecified vulnerability in ARROWS Me F-11D allows physically
proximate attackers to read or modify flash memory via unknown
vectors.
|
CVE-2014-7252 |
Multiple unspecified vulnerabilities in the Syslink driver for Texas
Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab
LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA
Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets
102SH allow local users to execute arbitrary code or read kernel
memory via unknown vectors related to userland data and "improper data
validation."
|
CVE-2014-7169 |
GNU Bash through 4.3 bash43-025 processes trailing strings after
certain malformed function definitions in the values of environment
variables, which allows remote attackers to write to files or possibly
have unknown other impact via a crafted environment, as demonstrated
by vectors involving the ForceCommand feature in OpenSSH sshd, the
mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts
executed by unspecified DHCP clients, and other situations in which
setting the environment occurs across a privilege boundary from Bash
execution. NOTE: this vulnerability exists because of an incomplete
fix for CVE-2014-6271.
|
CVE-2014-7140 |
Unspecified vulnerability in the management interface in Citrix
NetScaler Application Delivery Controller (ADC) and NetScaler Gateway
10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote
attackers to execute arbitrary code via unknown vectors.
|
CVE-2014-6626 |
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not
properly restrict access to unspecified administrative functions,
which allows remote attackers to bypass authentication and execute
administrative actions via unknown vectors.
|
CVE-2014-6601 |
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Hotspot.
|
CVE-2014-6600 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect availability via unknown vectors related to File System, a
different vulnerability than CVE-2014-6570 and CVE-2015-0397.
|
CVE-2014-6599 |
Unspecified vulnerability in the Siebel Core - Common Components
component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Email.
|
CVE-2014-6596 |
Unspecified vulnerability in the Siebel UI Framework component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect
integrity via unknown vectors related to Portal Framework.
|
CVE-2014-6594 |
Unspecified vulnerability in the Oracle iLearning component in Oracle
iLearning 6.0 and 6.1 allows remote attackers to affect
confidentiality via unknown vectors related to Learner Pages.
|
CVE-2014-6591 |
Unspecified vulnerability in the Java SE component in Oracle Java SE
5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect
confidentiality via unknown vectors related to 2D, a different
vulnerability than CVE-2014-6585.
|
CVE-2014-6587 |
Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25
allows local users to affect confidentiality, integrity, and
availability via unknown vectors related to Libraries.
|
CVE-2014-6586 |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component
in Oracle PeopleSoft Products 9.1 allows remote authenticated users to
affect confidentiality and integrity via unknown vectors related to
Time and Labor.
|
CVE-2014-6585 |
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and
8u25 allows remote attackers to affect confidentiality via unknown
vectors related to 2D, a different vulnerability than CVE-2014-6591.
|
CVE-2014-6584 |
Unspecified vulnerability in the Integrated Lights Out Manager (ILOM)
component in Oracle Sun Systems Products Suite ILOM before 3.2.4
allows remote authenticated users to affect confidentiality via
unknown vectors related to Backup Restore.
|
CVE-2014-6583 |
Unspecified vulnerability in the Oracle Marketing component in Oracle
E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2,
and 12.1.3. allows remote attackers to affect confidentiality and
integrity via unknown vectors related to Audience.
|
CVE-2014-6582 |
Unspecified vulnerability in the Oracle HCM Configuration Workbench
component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5,
12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows
remote attackers to affect confidentiality via unknown vectors related
to Rapid Implementation.
|
CVE-2014-6581 |
Unspecified vulnerability in the Oracle Customer Intelligence
component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5,
12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows
remote attackers to affect confidentiality and integrity via unknown
vectors related to Extract/Load Programs.
|
CVE-2014-6580 |
Unspecified vulnerability in the Oracle Reports Developer component in
Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers
to affect integrity via unknown vectors.
|
CVE-2014-6579 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Integration Broker.
|
CVE-2014-6577 |
Unspecified vulnerability in the XML Developer's Kit for C component
in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect confidentiality via
unknown vectors. NOTE: the previous information is from the January
2015 CPU. Oracle has not commented on the original researcher's claim
that this is an XML external entity (XXE) vulnerability in the XML
parser, which allows attackers to conduct internal port scanning,
perform SSRF attacks, or cause a denial of service via a crafted (1)
http: or (2) ftp: URI.
|
CVE-2014-6575 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows
remote attackers to affect availability via unknown vectors related to
Network, a different vulnerability than CVE-2004-0230.
|
CVE-2014-6574 |
Unspecified vulnerability in the Oracle Agile PLM for Process
component in Oracle Supply Chain Products Suite 6.1.0.3 allows remote
attackers to affect integrity via unknown vectors related to Testing
Protocol Library.
|
CVE-2014-6573 |
Unspecified vulnerability in the Enterprise Manager Ops Center
component in Oracle Enterprise Manager Grid Control 11.1.3 and 12.1.4
allows remote attackers to affect integrity via unknown vectors
related to User Interface Framework.
|
CVE-2014-6572 |
Unspecified vulnerability in the Oracle Customer Interaction History
component in Oracle E-Business Suite 12.0.4, 12.0.5, 12.0.6, 12.1.1,
12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to
affect confidentiality and integrity via unknown vectors related to
List of Values.
|
CVE-2014-6571 |
Unspecified vulnerability in the Oracle HTTP Server component in
Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Web Listener, a different
vulnerability than CVE-2011-1944.
|
CVE-2014-6570 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect availability via unknown vectors related to File System, a
different vulnerability than CVE-2014-6600 and CVE-2015-0397.
|
CVE-2014-6567 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect confidentiality,
integrity, and availability via unknown vectors. NOTE: the previous
information is from the January 2015 CPU. Oracle has not commented on
the researcher's claim that this is a stack-based buffer overflow in
DBMS_AW.EXECUTE, which allows code execution via a long Current
Directory Alias (CDA) command.
|
CVE-2014-6566 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.53 allows remote
authenticated users to affect integrity via unknown vectors related to
Portal.
|
CVE-2014-6563 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality via unknown
vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295,
and CVE-2014-6538.
|
CVE-2014-6562 |
Unspecified vulnerability in Oracle Java SE 8u20 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Libraries.
|
CVE-2014-6561 |
Unspecified vulnerability in the Oracle Payments component in Oracle
E-Business Suite 12.0.4, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2,
12.2.3, and 12.2.4 allows remote attackers to affect confidentiality
via unknown vectors related to Separate Remittance Advice.
|
CVE-2014-6560 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2014-6453, CVE-2014-6467, and CVE-2014-6545.
|
CVE-2014-6558 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and JRockit R28.3.3
allows remote attackers to affect integrity via unknown vectors
related to Security.
|
CVE-2014-6557 |
Unspecified vulnerability in the Application Performance Management
component in Oracle Enterprise Manager Grid Control before 12.1.0.6.2
allows remote authenticated users to affect confidentiality and
integrity via unknown vectors related to End User Experience
Management.
|
CVE-2014-6554 |
Unspecified vulnerability in the Oracle Access Manager component in
Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote
authenticated users to affect confidentiality and integrity via
unknown vectors related to Admin Console.
|
CVE-2014-6553 |
Unspecified vulnerability in the Oracle Access Manager component in
Oracle Fusion Middleware 11.1.1.5 and 11.1.1.7 allows remote attackers
to affect confidentiality and integrity via unknown vectors related to
Admin Console.
|
CVE-2014-6552 |
Unspecified vulnerability in the Oracle Access Manager component in
Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2
allows remote attackers to affect integrity via unknown vectors
related to Admin Console.
|
CVE-2014-6550 |
Unspecified vulnerability in the Oracle Applications Object Library
component in Oracle E-Business Suite 11.5.10.2 allows remote attackers
to affect integrity via unknown vectors related to iHelp.
|
CVE-2014-6549 |
Unspecified vulnerability in Oracle Java SE 8u25 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Libraries.
|
CVE-2014-6547 |
Unspecified vulnerability in the JPublisher component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect confidentiality via
unknown vectors, a different vulnerability than CVE-2014-4290,
CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296,
CVE-2014-4297, CVE-2014-4310, and CVE-2014-6477.
|
CVE-2014-6546 |
Unspecified vulnerability in the JPublisher component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect confidentiality,
integrity, and availability via unknown vectors.
|
CVE-2014-6545 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2014-6453, CVE-2014-6467, and CVE-2014-6560.
|
CVE-2014-6544 |
Unspecified vulnerability in the JDBC component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote
authenticated users to affect confidentiality and integrity via
unknown vectors, a different vulnerability than CVE-2014-4289.
|
CVE-2014-6542 |
Unspecified vulnerability in the SQLJ component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality via unknown
vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299,
CVE-2014-4300, CVE-2014-6452, and CVE-2014-6454.
|
CVE-2014-6538 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality via unknown
vectors, a different vulnerability than CVE-2014-4294, CVE-2014-4295,
and CVE-2014-6563.
|
CVE-2014-6537 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality, integrity, and
availability via unknown vectors.
|
CVE-2014-6536 |
Unspecified vulnerability in the Agile PLM component in Oracle Supply
Chain Products Suite 9.3.3 allows remote authenticated users to affect
integrity via unknown vectors related to Security.
|
CVE-2014-6533 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.1 and 6.2 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Security.
|
CVE-2014-6532 |
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6503.
|
CVE-2014-6531 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20, and Java SE Embedded 7u60, allows remote attackers to affect
confidentiality via unknown vectors related to Libraries.
|
CVE-2014-6528 |
Unspecified vulnerability in the Siebel Core - System Management
component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Server Infrastructure.
|
CVE-2014-6527 |
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows
remote attackers to affect integrity via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-6476.
|
CVE-2014-6526 |
Unspecified vulnerability in the Oracle Directory Server Enterprise
Edition component in Oracle Fusion Middleware 7.0 allows remote
attackers to affect integrity via unknown vectors related to Admin
Console.
|
CVE-2014-6525 |
Unspecified vulnerability in the Oracle Web Applications Desktop
Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.6,
12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users
to affect integrity via unknown vectors related to Templates.
|
CVE-2014-6524 |
Unspecified vulnerability in Oracle Solaris 10 allows local users to
affect confidentiality, integrity, and availability via unknown
vectors related to Kernel.
|
CVE-2014-6519 |
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE
Embedded 7u60, allows remote attackers to affect integrity via unknown
vectors related to Hotspot.
|
CVE-2014-6515 |
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
allows remote attackers to affect integrity via unknown vectors
related to Deployment.
|
CVE-2014-6514 |
Unspecified vulnerability in the PL/SQL component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote
authenticated users to affect confidentiality via unknown vectors.
|
CVE-2014-6512 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20; Java SE Embedded 7u60; and JRockit R27.8.3 and R28.3.3 allows
remote attackers to affect integrity via unknown vectors related to
Libraries.
|
CVE-2014-6511 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20 allows remote attackers to affect confidentiality via unknown
vectors related to 2D.
|
CVE-2014-6510 |
Unspecified vulnerability in Oracle Solaris 11 allows local users to
affect confidentiality, integrity, and availability via unknown
vectors related to Power Management Utility.
|
CVE-2014-6509 |
Unspecified vulnerability in Oracle Solaris 10 allows local users to
affect availability via unknown vectors related to Kernel.
|
CVE-2014-6506 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20, and Java SE Embedded 7u60, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Libraries.
|
CVE-2014-6504 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67,
and Java SE Embedded 7u60, allows remote attackers to affect
confidentiality via unknown vectors related to Hotspot.
|
CVE-2014-6503 |
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than CVE-2014-4288, CVE-2014-6493, and CVE-2014-6532.
|
CVE-2014-6502 |
Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and
8u20, and Java SE Embedded 7u60, allows remote attackers to affect
integrity via unknown vectors related to Libraries.
|
CVE-2014-6499 |
Unspecified vulnerability in the Oracle WebLogic Server component in
Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and
12.1.3.0 allows remote attackers to affect confidentiality, integrity,
and availability via unknown vectors related to WebLogic Tuxedo
Connector.
|
CVE-2014-6498 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1,
6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote attackers to affect
confidentiality via unknown vectors related to Security.
|
CVE-2014-6497 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect availability via unknown vectors related to Kernel.
|
CVE-2014-6493 |
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than CVE-2014-4288, CVE-2014-6503, and CVE-2014-6532.
|
CVE-2014-6492 |
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when
running on Firefox, allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Deployment.
|
CVE-2014-6488 |
Unspecified vulnerability in the Enterprise Manager for Oracle
Database component in Oracle Enterprise Manager Grid Control EM Base
Platform: 10.2.0.5, 11.1.0.1 EM DB Control: 11.1.0.7, 11.2.0.3,
11.2.0.4 EM Plugin for DB: 12.1.0.4, 12.1.0.5, and 12.1.0.6 allows
remote authenticated users to affect integrity via unknown vectors
related to Content Management.
|
CVE-2014-6487 |
Unspecified vulnerability in the Oracle Identity Manager component in
Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2
allows remote authenticated users to affect integrity via unknown
vectors related to End User Self Service.
|
CVE-2014-6486 |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component
in Oracle PeopleSoft Products 9.2 allows remote authenticated users to
affect integrity via unknown vectors related to Talent Acquisition
Manager - Security.
|
CVE-2014-6485 |
Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors.
|
CVE-2014-6483 |
Unspecified vulnerability in the Application Express component in
Oracle Database Server before 4.2.6 allows remote authenticated users
to affect confidentiality, integrity, and availability via unknown
vectors.
|
CVE-2014-6482 |
Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools
component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote
authenticated users to affect integrity via unknown vectors related to
Updates Change Assistant.
|
CVE-2014-6480 |
Unspecified vulnerability in the Solaris Cluster component in Oracle
Sun Systems Products Suite 3.3 and 4.1 allows local users to affect
confidentiality, integrity, and availability via unknown vectors
related to System management.
|
CVE-2014-6477 |
Unspecified vulnerability in the JPublisher component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect confidentiality via
unknown vectors, a different vulnerability than CVE-2014-4290,
CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296,
CVE-2014-4297, CVE-2014-4310, and CVE-2014-6547. NOTE: this issue was
originally mapped to CVE-2014-4301, but CVE-2014-4301 is for an
unrelated vulnerability.
|
CVE-2014-6476 |
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows
remote attackers to affect integrity via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-6527.
|
CVE-2014-6475 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.52, 8.53, and 8.54 allows
remote authenticated users to affect confidentiality via unknown
vectors related to Security.
|
CVE-2014-6473 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Zone Framework.
|
CVE-2014-6470 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect confidentiality, integrity, and availability via unknown
vectors related to Archive Utility.
|
CVE-2014-6468 |
Unspecified vulnerability in Oracle Java SE 8u20 allows local users to
affect confidentiality, integrity, and availability via unknown
vectors related to Hotspot.
|
CVE-2014-6467 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2014-6453, CVE-2014-6545, and CVE-2014-6560.
|
CVE-2014-6466 |
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when
running on Internet Explorer, allows local users to affect
confidentiality, integrity, and availability via unknown vectors
related to Deployment.
|
CVE-2014-6465 |
Unspecified vulnerability in the Oracle Communications Session Border
Controller component in Oracle Communications Applications SCX640m5
allows remote authenticated users to affect availability via unknown
vectors related to Lawful Intercept.
|
CVE-2014-6462 |
Unspecified vulnerability in the Oracle Access Manager component in
Oracle Fusion Middleware 11.1.2.1 and 11.1.2.2 allows remote attackers
to affect integrity via unknown vectors related to Admin Console.
|
CVE-2014-6461 |
Unspecified vulnerability in the Agile PLM component in Oracle Supply
Chain Products Suite 9.3.1.2 allows remote authenticated users to
affect confidentiality and integrity via unknown vectors related to
Roles & Privileges.
|
CVE-2014-6458 |
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
allows local users to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment.
|
CVE-2014-6456 |
Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors.
|
CVE-2014-6455 |
Unspecified vulnerability in the SQLJ component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality, integrity, and
availability via unknown vectors.
|
CVE-2014-6454 |
Unspecified vulnerability in the SQLJ component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality via unknown
vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299,
CVE-2014-4300, CVE-2014-6452, and CVE-2014-6542.
|
CVE-2014-6453 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2014-6467, CVE-2014-6545, and CVE-2014-6560.
|
CVE-2014-6452 |
Unspecified vulnerability in the SQLJ component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality via unknown
vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299,
CVE-2014-4300, CVE-2014-6454, and CVE-2014-6542.
|
CVE-2014-6235 |
Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for
TYPO3 allows remote attackers to execute arbitrary code via unknown
vectors.
|
CVE-2014-6232 |
Unspecified vulnerability in the LDAP (eu_ldap) extension before
2.8.18 for TYPO3 allows remote authenticated users to obtain sensitive
information via unknown vectors.
|
CVE-2014-6231 |
Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit)
extension before 1.2.5 for TYPO3 allows remote authenticated users to
execute arbitrary code via unknown vectors.
|
CVE-2014-6187 |
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM
WebSphere Service Registry and Repository (WSRR) 6.3.x before 6.3.0.5,
7.0.x before 7.0.0.5, 7.5.x before 7.5.0.3, and 8.0.x before 8.0.0.2
allow remote authenticated users to hijack the authentication of
unspecified victims via unknown vectors.
|
CVE-2014-6106 |
Cross-site request forgery (CSRF) vulnerability in IBM Security
Identity Manager 5.1, 6.0, and 7.0 allows remote attackers to hijack
the authentication of users for requests that can cause cross-site
scripting attacks, web cache poisoning, or other unspecified impacts
via unknown vectors.
|
CVE-2014-5395 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei
HiLink E3276 and E3236 TCPU before V200R002B470D13SP00C00 and WebUI
before V100R007B100D03SP01C03, E5180s-22 before 21.270.21.00.00, and
E586Bs-2 before 21.322.10.00.889 allow remote attackers to hijack the
authentication of users for requests that (1) modify configurations,
(2) send SMS messages, or have other unspecified impact via unknown
vectors.
|
CVE-2014-5285 |
Unspecified vulnerability in the Authentication Module in TIBCO
Spotfire Server before 4.5.2, 5.0.x before 5.0.3, 5.5.x before 5.5.2,
6.0.x before 6.0.3, and 6.5.x before 6.5.1 allows remote attackers to
gain privileges, and obtain sensitive information or modify data, via
unknown vectors.
|
CVE-2014-5148 |
Xen 4.4.x, when running on an ARM system and "handling an unknown
system register access from 64-bit userspace," returns to an
instruction of the trap handler for kernel space faults instead of an
instruction that is associated with faults in 64-bit userspace, which
allows local guest users to cause a denial of service (crash) and
possibly gain privileges via a crafted process.
|
CVE-2014-5072 |
Cross-site request forgery (CSRF) vulnerability in WP Security Audit
Log plugin before 1.2.5 for WordPress allows remote attackers to
hijack the authentication of unspecified victims via unknown vectors.
|
CVE-2014-5034 |
Cross-site request forgery (CSRF) vulnerability in the Brute Force
Login Protection module 1.3 for WordPress allows remote attackers to
hijack the authentication of unspecified users for requests that have
unknown impact via a crafted request to the
brute-force-login-protection page to wp-admin/options-general.php.
|
CVE-2014-4808 |
Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through
6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28,
8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 allows remote
authenticated users to execute arbitrary code via unknown vectors.
|
CVE-2014-4648 |
Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact
and attack vectors, related to a "security failure."
|
CVE-2014-4310 |
Unspecified vulnerability in the JPublisher component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect confidentiality via
unknown vectors, a different vulnerability than CVE-2014-4290,
CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296,
CVE-2014-4297, CVE-2014-6547, and CVE-2014-6477.
|
CVE-2014-4300 |
Unspecified vulnerability in the SQLJ component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality via unknown
vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299,
CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542.
|
CVE-2014-4299 |
Unspecified vulnerability in the SQLJ component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality via unknown
vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4300,
CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542.
|
CVE-2014-4298 |
Unspecified vulnerability in the SQLJ component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality via unknown
vectors, a different vulnerability than CVE-2014-4299, CVE-2014-4300,
CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542.
|
CVE-2014-4297 |
Unspecified vulnerability in the JPublisher component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect confidentiality via
unknown vectors, a different vulnerability than CVE-2014-4290,
CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296,
CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477.
|
CVE-2014-4296 |
Unspecified vulnerability in the JPublisher component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect confidentiality via
unknown vectors, a different vulnerability than CVE-2014-4290,
CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4297,
CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477.
|
CVE-2014-4295 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality via unknown
vectors, a different vulnerability than CVE-2014-4294, CVE-2014-6538,
and CVE-2014-6563.
|
CVE-2014-4294 |
Unspecified vulnerability in the Java VM component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows
remote authenticated users to affect confidentiality via unknown
vectors, a different vulnerability than CVE-2014-4295, CVE-2014-6538,
and CVE-2014-6563.
|
CVE-2014-4293 |
Unspecified vulnerability in the JPublisher component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect confidentiality via
unknown vectors, a different vulnerability than CVE-2014-4290,
CVE-2014-4291, CVE-2014-4292, CVE-2014-4296, CVE-2014-4297,
CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477.
|
CVE-2014-4292 |
Unspecified vulnerability in the JPublisher component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect confidentiality via
unknown vectors, a different vulnerability than CVE-2014-4290,
CVE-2014-4291, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297,
CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477.
|
CVE-2014-4291 |
Unspecified vulnerability in the JPublisher component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect confidentiality via
unknown vectors, a different vulnerability than CVE-2014-4290,
CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297,
CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477.
|
CVE-2014-4290 |
Unspecified vulnerability in the JPublisher component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2
allows remote authenticated users to affect confidentiality via
unknown vectors, a different vulnerability than CVE-2014-4291,
CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297,
CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477.
|
CVE-2014-4289 |
Unspecified vulnerability in the JDBC component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote
authenticated users to affect confidentiality and integrity via
unknown vectors, a different vulnerability than CVE-2014-6544.
|
CVE-2014-4288 |
Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than CVE-2014-6493, CVE-2014-6503, and CVE-2014-6532.
|
CVE-2014-4285 |
Unspecified vulnerability in the Oracle Applications Technology
component in Oracle E-Business Suite 11.5.10.2 allows remote attackers
to affect integrity via unknown vectors related to Reports
Configuration.
|
CVE-2014-4283 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote
attackers to affect confidentiality via unknown vectors related to
Automated Install Engine, a different vulnerability than
CVE-2014-4277.
|
CVE-2014-4281 |
Unspecified vulnerability in the Oracle Applications Framework
component in Oracle E-Business Suite 12.1.3, 12.2.2, 12.2.3, and
12.2.4 allows remote attackers to affect integrity via unknown vectors
related to Portal Integration.
|
CVE-2014-4278 |
Unspecified vulnerability in the Oracle Applications Technology Stack
component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, 12.2.3,
and 12.2.4 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Oracle
Forms.
|
CVE-2014-4277 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote
attackers to affect confidentiality via unknown vectors related to
Automated Install Engine, a different vulnerability than
CVE-2014-4283.
|
CVE-2014-4271 |
Unspecified vulnerability in the Hyperion Essbase component in Oracle
Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect
availability via unknown vectors related to Agent.
|
CVE-2014-4270 |
Unspecified vulnerability in the Hyperion Common Admin component in
Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated
users to affect confidentiality via unknown vectors related to User
Interface, a different vulnerability than CVE-2014-4269.
|
CVE-2014-4269 |
Unspecified vulnerability in the Hyperion Common Admin component in
Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated
users to affect confidentiality via unknown vectors related to User
Interface, a different vulnerability than CVE-2014-4270.
|
CVE-2014-4268 |
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and
8u5 allows remote attackers to affect confidentiality via unknown
vectors related to Swing.
|
CVE-2014-4266 |
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote
attackers to affect integrity via unknown vectors related to
Serviceability.
|
CVE-2014-4265 |
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows
remote attackers to affect integrity via unknown vectors related to
Deployment.
|
CVE-2014-4264 |
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote
attackers to affect availability via unknown vectors related to
Security.
|
CVE-2014-4263 |
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and
8u5, and JRockit R27.8.2 and R28.3.2, allows remote attackers to
affect confidentiality and integrity via unknown vectors related to
"Diffie-Hellman key agreement."
|
CVE-2014-4262 |
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and
8u5 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Libraries.
|
CVE-2014-4261 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34,
4.2.26, and 4.3.14 allows local users to affect confidentiality,
integrity, and availability via unknown vectors related to Core, a
different vulnerability than CVE-2014-2487.
|
CVE-2014-4259 |
Unspecified vulnerability in the Solaris Cluster component in Oracle
Sun Systems Products Suite 3.3 and 4.1 allows remote authenticated
users to affect confidentiality, integrity, and availability via
unknown vectors related to System management.
|
CVE-2014-4257 |
Unspecified vulnerability in the Oracle WebCenter Portal component in
Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.8.0 allows remote
attackers to affect confidentiality via unknown vectors related to
Portlet Services.
|
CVE-2014-4252 |
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and
8u5 allows remote attackers to affect confidentiality via unknown
vectors related to Security.
|
CVE-2014-4250 |
Unspecified vulnerability in the Siebel Core - Server OM Frwks
component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Object Manager.
|
CVE-2014-4249 |
Unspecified vulnerability in the BI Publisher component in Oracle
Fusion Middleware 11.1.1.7 allows remote attackers to affect
confidentiality via unknown vectors related to Mobile Service.
|
CVE-2014-4248 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3,
12.2.2, and 12.2.3 allows local users to affect confidentiality via
unknown vectors related to Logging.
|
CVE-2014-4247 |
Unspecified vulnerability in Oracle Java SE 8u5 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to JavaFX.
|
CVE-2014-4245 |
Unspecified vulnerability in the RDBMS Core component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows
remote authenticated users to affect confidentiality via unknown
vectors.
|
CVE-2014-4244 |
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and
8u5, and JRockit R27.8.2 and JRockit R28.3.2, allows remote attackers
to affect confidentiality and integrity via unknown vectors related to
Security.
|
CVE-2014-4242 |
Unspecified vulnerability in the Oracle WebLogic Server component in
Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0
allows remote attackers to affect integrity via unknown vectors
related to Console.
|
CVE-2014-4239 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1
allows remote authenticated users to affect confidentiality via
unknown vectors related to Common Agent Container (Cacao).
|
CVE-2014-4237 |
Unspecified vulnerability in the RDBMS Core component in Oracle
Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated
users to affect confidentiality via unknown vectors.
|
CVE-2014-4236 |
Unspecified vulnerability in the RDBMS Core component in Oracle
Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated
users to affect confidentiality, integrity, and availability via
unknown vectors.
|
CVE-2014-4235 |
Unspecified vulnerability in the Oracle iStore component in Oracle
E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows
remote authenticated users to affect integrity via unknown vectors.
|
CVE-2014-4234 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1,
6.3.2, 6.3.3, and 6.3.4 allows remote attackers to affect
confidentiality via unknown vectors related to Data, Domain & Function
Security.
|
CVE-2014-4232 |
Unspecified vulnerability in the Oracle Secure Global Desktop (SGD)
component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows
remote attackers to affect integrity via unknown vectors related to
Workspace Web Application, a different vulnerability than
CVE-2014-2463.
|
CVE-2014-4231 |
Unspecified vulnerability in the Siebel Travel & Transportation
component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers
to affect integrity via unknown vectors related to Diary.
|
CVE-2014-4229 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1,
6.3.2, 6.3.3, and 6.3.4 allows remote authenticated users to affect
confidentiality and integrity via unknown vectors related to Data,
Domain, and Function Security.
|
CVE-2014-4227 |
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment.
|
CVE-2014-4226 |
Unspecified vulnerability in the PeopleSoft Enterprise FIN Install
component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors.
|
CVE-2014-4225 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users
to affect confidentiality, integrity, and availability via unknown
vectors related to Patch installation scripts.
|
CVE-2014-4224 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1
allows local users to affect availability via unknown vectors related
to sockfs.
|
CVE-2014-4223 |
Unspecified vulnerability in Oracle Java SE 7u60 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Libraries, a different vulnerability than
CVE-2014-2483.
|
CVE-2014-4221 |
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote
attackers to affect confidentiality via unknown vectors related to
Libraries.
|
CVE-2014-4220 |
Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote
attackers to affect integrity via unknown vectors related to
Deployment, a different vulnerability than CVE-2014-4208.
|
CVE-2014-4219 |
Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Hotspot.
|
CVE-2014-4218 |
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and
8u5 allows remote attackers to affect integrity via unknown vectors
related to Libraries.
|
CVE-2014-4216 |
Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and
8u5 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Hotspot.
|
CVE-2014-4213 |
Unspecified vulnerability in the Oracle Applications Manager component
in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows
remote attackers to affect integrity via unknown vectors.
|
CVE-2014-4212 |
Unspecified vulnerability in the Oracle Fusion Middleware component in
Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect
confidentiality via unknown vectors related to Process Mgmt and
Notification.
|
CVE-2014-4211 |
Unspecified vulnerability in the Oracle WebCenter Portal component in
Oracle Fusion Middleware 11.1.1.7 and 11.1.1.8 allows remote attackers
to affect integrity via unknown vectors related to Portlet Services.
|
CVE-2014-4208 |
Unspecified vulnerability in the Java SE component in Oracle Java SE
7u60 and 8u5 allows remote attackers to affect integrity via unknown
vectors related to Deployment, a different vulnerability than
CVE-2014-4220.
|
CVE-2014-4206 |
Unspecified vulnerability in the Hyperion Enterprise Performance
Management Architect component in Oracle Hyperion 11.1.2.2 and
11.1.2.3 allows local users to affect integrity and availability via
unknown vectors related to Data Synchronizer.
|
CVE-2014-4205 |
Unspecified vulnerability in the Siebel UI Framework component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect
integrity via unknown vectors related to Portal Framework, a different
vulnerability than CVE-2014-2491.
|
CVE-2014-4203 |
Unspecified vulnerability in the Hyperion Enterprise Performance
Management Architect component in Oracle Hyperion 11.1.2.2 and
11.1.2.3 allows local users to affect confidentiality, integrity, and
availability via unknown vectors related to Property Editing.
|
CVE-2014-4188 |
Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning
Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance
Management - Manager Web Option 07-00 through 07-54 allows remote
attackers to hijack the authentication of unspecified victims via
unknown vectors.
|
CVE-2014-3984 |
Multiple unspecified vulnerabilities in Libav before 0.8.12 allow
remote attackers to have unknown impact and vectors.
|
CVE-2014-3943 |
Multiple cross-site scripting (XSS) vulnerabilities in unspecified
backend components in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19,
6.0.0 before 6.0.14, 6.1.0 before 6.1.9, and 6.2.0 before 6.2.3 allow
remote authenticated editors to inject arbitrary web script or HTML
via unknown parameters.
|
CVE-2014-3911 |
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to
execute arbitrary code via unspecified values to the (1) Start, (2)
ChangeControlLocalName, (3) DeleteDeviceProfile, (4)
FrameAdvanceReader, or other unknown method in the
XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control.
|
CVE-2014-3845 |
Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color
Picker plugin before 1.2 for WordPress allows remote attackers to
hijack the authentication of unspecified users for requests that
change plugin settings via unknown vectors. NOTE: some of these
details are obtained from third party information.
|
CVE-2014-3843 |
Cross-site request forgery (CSRF) vulnerability in the Search
Everything plugin before 8.1.1 for WordPress allows remote attackers
to hijack the authentication of unspecified victims via unknown
vectors.
|
CVE-2014-3614 |
Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor)
3.6.x before 3.6.1 allows remote attackers to cause a denial of
service (crash) via an unknown sequence of malformed packets.
|
CVE-2014-3525 |
Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5,
4.x before 4.2.1.1, and 5.x before 5.0.1 has unknown impact and attack
vectors, possibly related to health checks.
|
CVE-2014-3485 |
The REST API in the ovirt-engine in oVirt, as used in Red Hat
Enterprise Virtualization (rhevm) 3.4, allows remote authenticated
users to read arbitrary files and have other unspecified impact via
unknown vectors, related to an XML External Entity (XXE) issue.
|
CVE-2014-3305 |
Cross-site request forgery (CSRF) vulnerability in the web framework
in Cisco WebEx Meetings Server 1.5(.1.131) and earlier allows remote
attackers to hijack the authentication of unspecified victims via
unknown vectors, aka Bug ID CSCuj81735.
|
CVE-2014-3200 |
Multiple unspecified vulnerabilities in Google Chrome before
38.0.2125.101 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2014-3194 |
Use-after-free vulnerability in the Web Workers implementation in
Google Chrome before 38.0.2125.101 allows remote attackers to cause a
denial of service or possibly have unspecified other impact via
unknown vectors.
|
CVE-2014-3192 |
Use-after-free vulnerability in the
ProcessingInstruction::setXSLStyleSheet function in
core/dom/ProcessingInstruction.cpp in the DOM implementation in Blink,
as used in Google Chrome before 38.0.2125.101, allows remote attackers
to cause a denial of service or possibly have unspecified other impact
via unknown vectors.
|
CVE-2014-3189 |
The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium
component in Google Chrome before 38.0.2125.101 does not properly
validate image-data dimensions, which allows remote attackers to cause
a denial of service (out-of-bounds read) or possibly have unspecified
other impact via unknown vectors.
|
CVE-2014-3179 |
Multiple unspecified vulnerabilities in Google Chrome before
37.0.2062.120 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2014-3175 |
Multiple unspecified vulnerabilities in Google Chrome before
37.0.2062.94 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors, related to the
load_truetype_glyph function in truetype/ttgload.c in FreeType and
other functions in other components.
|
CVE-2014-3167 |
Multiple unspecified vulnerabilities in Google Chrome before
36.0.1985.143 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2014-3162 |
Multiple unspecified vulnerabilities in Google Chrome before
36.0.1985.125 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2014-3099 |
Unspecified vulnerability in the Security component in IBM Systems
Director 6.3.0 through 6.3.5 allows local users to obtain sensitive
information via unknown vectors.
|
CVE-2014-3073 |
Unspecified vulnerability in IBM Security Access Manager (ISAM) for
Mobile 8.0 and IBM Security Access Manager for Web 7.0 and 8.0 allows
remote attackers to execute arbitrary code via unknown vectors.
|
CVE-2014-3062 |
Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2
MR2 allows remote attackers to execute arbitrary code via unknown
vectors.
|
CVE-2014-3036 |
Unspecified vulnerability in IBM API Management 3.0.0.0, when basic
authentication is used for APIs, allows remote attackers to bypass
intended restrictions on topology access, and obtain sensitive
information, via unknown vectors.
|
CVE-2014-2900 |
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509
certificates with unknown critical extensions, which allows
man-in-the-middle attackers to spoof servers via crafted X.509
certificate.
|
CVE-2014-2881 |
Unspecified vulnerability in the Diffie-Hellman key agreement
implementation in the management GUI Java applet in Citrix NetScaler
Application Delivery Controller (ADC) and NetScaler Gateway before
9.3-66.5 and 10.x before 10.1-122.17 has unknown impact and vectors.
|
CVE-2014-2862 |
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check
authorization in unspecified situations, which allows remote
authenticated users to perform actions via unknown vectors.
|
CVE-2014-2830 |
Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils
before 6.4, as used in pam_cifscreds, allows remote attackers to have
unspecified impact via unknown vectors.
|
CVE-2014-2658 |
Unspecified vulnerability in Papercut MF and NG before 14.1 (Build
26983) allows attacker to cause a denial of service via unknown
vectors.
|
CVE-2014-2657 |
Unspecified vulnerability in the print release functionality in
PaperCut MF before 14.1 (Build 26983) has unknown impact and remote
vectors, related to embedded MFPs.
|
CVE-2014-2649 |
Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows
remote attackers to execute arbitrary code via unknown vectors.
|
CVE-2014-2648 |
Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on
UNIX allows remote attackers to execute arbitrary code via unknown
vectors.
|
CVE-2014-2646 |
Unspecified vulnerability in HP Network Automation 9.10 and 9.20
allows local users to bypass intended access restrictions via unknown
vectors.
|
CVE-2014-2645 |
HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to
conduct clickjacking attacks via unknown vectors.
|
CVE-2014-2644 |
Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager
(SIM) before 7.4 allows remote attackers to inject arbitrary web
script or HTML via unknown vectors.
|
CVE-2014-2643 |
Unspecified vulnerability in HP Systems Insight Manager (SIM) before
7.4 allows remote authenticated users to gain privileges via unknown
vectors.
|
CVE-2014-2641 |
Cross-site request forgery (CSRF) vulnerability in HP System
Management Homepage (SMH) before 7.4 allows remote authenticated users
to hijack the authentication of unspecified victims via unknown
vectors.
|
CVE-2014-2639 |
Unspecified vulnerability in HP MPIO Device Specific Module Manager
before 4.02.00 allows local users to gain privileges via unknown
vectors.
|
CVE-2014-2638 |
Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers
to execute arbitrary code via unknown vectors, aka ZDI-CAN-2344.
|
CVE-2014-2637 |
Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers
to execute arbitrary code via unknown vectors, aka ZDI-CAN-2342.
|
CVE-2014-2636 |
Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers
to execute arbitrary code via unknown vectors, aka ZDI-CAN-2336.
|
CVE-2014-2635 |
Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers
to execute arbitrary code via unknown vectors, aka ZDI-CAN-2343.
|
CVE-2014-2634 |
Unspecified vulnerability in the server in HP Service Manager (SM)
7.21 and 9.x before 9.34 allows remote attackers to bypass intended
access restrictions, and modify data or cause a denial of service, via
unknown vectors.
|
CVE-2014-2633 |
Cross-site request forgery (CSRF) vulnerability in the server in HP
Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers
to hijack the authentication of unspecified victims via unknown
vectors.
|
CVE-2014-2632 |
Unspecified vulnerability in the WebTier component in HP Service
Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to
execute arbitrary code via unknown vectors.
|
CVE-2014-2631 |
Unspecified vulnerability in HP Application Lifecycle Management (aka
Quality Center) 11.5x and 12.0x allows local users to gain privileges
via unknown vectors, aka ZDI-CAN-2138.
|
CVE-2014-2630 |
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is
used, allows local users to gain privileges via unknown vectors.
|
CVE-2014-2628 |
Unspecified vulnerability in HP Enterprise Maps 1 allows remote
authenticated users to obtain sensitive information via unknown
vectors.
|
CVE-2014-2627 |
Unspecified vulnerability in HP NonStop NetBatch G06.14 through
G06.32.01, H06 through H06.28, and J06 through J06.17.01 allows remote
authenticated users to gain privileges for NetBatch job execution via
unknown vectors.
|
CVE-2014-2624 |
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x,
9.1x, and 9.2x allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-2264.
|
CVE-2014-2623 |
Unspecified vulnerability in HP Storage Data Protector 8.x allows
remote attackers to execute arbitrary code via unknown vectors.
|
CVE-2014-2622 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
before 7.0 E02020P03 and Branch Intelligent Management System (BIMS)
before 7.0 E0201P02 allows remote authenticated users to obtain
sensitive information or modify data via unknown vectors, aka
ZDI-CAN-2312.
|
CVE-2014-2621 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
before 7.0 E02020P03 and Branch Intelligent Management System (BIMS)
before 7.0 E0201P02 allows remote attackers to obtain sensitive
information via unknown vectors, aka ZDI-CAN-2090.
|
CVE-2014-2620 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
before 7.0 E02020P03 and Branch Intelligent Management System (BIMS)
before 7.0 E0201P02 allows remote attackers to obtain sensitive
information via unknown vectors, aka ZDI-CAN-2089.
|
CVE-2014-2619 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
before 7.0 E02020P03 and Branch Intelligent Management System (BIMS)
before 7.0 E0201P02 allows remote attackers to obtain sensitive
information via unknown vectors, aka ZDI-CAN-2088.
|
CVE-2014-2618 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
before 7.0 E02020P03 and Branch Intelligent Management System (BIMS)
before 7.0 E0201P02 allows remote attackers to obtain sensitive
information via unknown vectors, aka ZDI-CAN-2080.
|
CVE-2014-2617 |
Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows
remote attackers to execute arbitrary code or obtain sensitive
information via unknown vectors, aka ZDI-CAN-2104.
|
CVE-2014-2616 |
Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows
remote attackers to execute arbitrary code or obtain sensitive
information via unknown vectors, aka ZDI-CAN-2091.
|
CVE-2014-2615 |
Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows
remote attackers to execute arbitrary code or obtain sensitive
information via unknown vectors, aka ZDI-CAN-2083.
|
CVE-2014-2614 |
Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and
11.2x through 11.24 allows remote attackers to bypass authentication
via unknown vectors, aka ZDI-CAN-2140.
|
CVE-2014-2613 |
Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and
9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1
on Linux allows remote authenticated users to gain privileges via
unknown vectors.
|
CVE-2014-2612 |
Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and
9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1
on Linux allows remote authenticated users to obtain sensitive
information via unknown vectors.
|
CVE-2014-2608 |
Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1
on Windows, and 6.2.x through 6.4.x before 6.4.1 on Linux, allows
local users to obtain sensitive information, and consequently gain
privileges, via unknown vectors.
|
CVE-2014-2606 |
Unspecified vulnerability in HP StoreVirtual 4000 Storage and
StoreVirtual VSA 9.5 through 11.0 allows remote authenticated users to
gain privileges via unknown vectors.
|
CVE-2014-2605 |
Unspecified vulnerability in HP StoreVirtual 4000 Storage and
StoreVirtual VSA 9.5 through 11.0 allows remote attackers to obtain
sensitive information via unknown vectors.
|
CVE-2014-2604 |
Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP
2.1 and 3.0 allows remote attackers to cause a denial of service via
unknown vectors.
|
CVE-2014-2603 |
Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and
8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows
remote authenticated users to obtain sensitive information via unknown
vectors.
|
CVE-2014-2602 |
Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote
authenticated users to gain privileges via unknown vectors.
|
CVE-2014-2600 |
Unspecified vulnerability in HP IceWall Identity Manager 4.0 through
SP1 and 5.0 and IceWall SSO 10.0 Password Reset Option, when Apache
Commons FileUpload is used, allows remote authenticated users to cause
a denial of service via unknown vectors.
|
CVE-2014-2544 |
Unspecified vulnerability in Spotfire Web Player Engine, Spotfire
Desktop, and Spotfire Server Authentication Module in TIBCO Spotfire
Server 3.3.x before 3.3.4, 4.5.x before 4.5.1, 5.0.x before 5.0.2,
5.5.x before 5.5.1, and 6.x before 6.0.2; Spotfire Professional 4.0.x
before 4.0.4, 4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before
5.5.1, and 6.x before 6.0.1; Spotfire Web Player 4.0.x before 4.0.4,
4.5.x before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x
before 6.0.1; Spotfire Automation Services 4.0.x before 4.0.4, 4.5.x
before 4.5.2, 5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before
6.0.1; Spotfire Deployment Kit 4.0.x before 4.0.4, 4.5.x before 4.5.2,
5.0.x before 5.0.2, 5.5.x before 5.5.1, and 6.x before 6.0.1; Spotfire
Desktop 6.x before 6.0.1; and Spotfire Analyst 6.x before 6.0.1 allows
remote attackers to execute arbitrary code via unknown vectors.
|
CVE-2014-2536 |
Directory traversal vulnerability in McAfee Cloud Identity Manager
3.0, 3.1, and 3.5.1, McAfee Cloud Single Sign On (MCSSO) before 4.0.1,
and Intel Expressway Cloud Access 360-SSO 2.1 and 2.5 allows remote
authenticated users to read an unspecified file containing a hash of
the administrator password via unknown vectors.
|
CVE-2014-2517 |
Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before
5.5 SP1 allows remote authenticated users to gain privileges via
unknown vectors.
|
CVE-2014-2496 |
Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools
component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote
authenticated users to affect confidentiality and integrity via
unknown vectors related to Test Framework.
|
CVE-2014-2495 |
Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing
component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Purchasing.
|
CVE-2014-2492 |
Unspecified vulnerability in the Oracle Agile Product Collaboration
component in Oracle Supply Chain Products Suite 9.3.3 allows remote
attackers to affect integrity via unknown vectors related to Web
client (PC).
|
CVE-2014-2491 |
Unspecified vulnerability in the Siebel UI Framework component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect
integrity via unknown vectors related to Portal Framework, a different
vulnerability than CVE-2014-4205.
|
CVE-2014-2490 |
Unspecified vulnerability in the Java SE component in Oracle Java SE
7u60 and SE 8u5 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Hotspot.
|
CVE-2014-2489 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34,
4.2.26, and 4.3.12 allows local users to affect confidentiality,
integrity, and availability via unknown vectors related to Core.
|
CVE-2014-2488 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34,
4.2.26, and 4.3.12 allows local users to affect confidentiality via
unknown vectors related to Core.
|
CVE-2014-2487 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34,
4.2.26, and 4.3.14, when running on Windows, allows local users to
affect confidentiality, integrity, and availability via unknown
vectors related to Core, a different vulnerability than CVE-2014-4261.
|
CVE-2014-2486 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34,
4.2.26, and 4.3.12 allows local users to affect integrity and
availability via unknown vectors related to Core, a different
vulnerability than CVE-2014-2477.
|
CVE-2014-2485 |
Unspecified vulnerability in the Siebel Core - EAI component in Oracle
Siebel CRM 8.1.1 and 8.2.2 allows local users to affect
confidentiality via unknown vectors related to Integration Business
Services.
|
CVE-2014-2483 |
Unspecified vulnerability in the Java SE component in Oracle Java SE
Java SE 7u60 and OpenJDK 7 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Libraries, a different vulnerability than CVE-2014-4223.
NOTE: the previous information is from the July 2014 CPU. Oracle has
not commented on another vendor's claim that the issue is related to
improper restriction of the "use of privileged annotations."
|
CVE-2014-2482 |
Unspecified vulnerability in the Oracle Concurrent Processing
component in Oracle E-Business Suite 12.1.3, 12.2.2, and 12.2.3 allows
remote authenticated users to affect confidentiality and integrity via
unknown vectors.
|
CVE-2014-2481 |
Unspecified vulnerability in the Oracle WebLogic Server component in
Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2014-2480.
|
CVE-2014-2480 |
Unspecified vulnerability in the Oracle WebLogic Server component in
Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2014-2481.
|
CVE-2014-2478 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows
remote attackers to affect confidentiality via unknown vectors.
|
CVE-2014-2477 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox before 3.2.24, 4.0.26, 4.1.34,
4.2.26, and 4.3.12 allows local users to affect integrity and
availability via unknown vectors related to Core, a different
vulnerability than CVE-2014-2486.
|
CVE-2014-2471 |
Unspecified vulnerability in the Oracle iLearning component in Oracle
iLearning 6.0 and 6.1 allows remote attackers to affect integrity via
unknown vectors related to Learner Pages.
|
CVE-2014-2469 |
Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows
attackers to cause a denial of service via unknown vectors.
|
CVE-2014-2467 |
Unspecified vulnerability in the Oracle Agile PLM Framework component
in Oracle Supply Chain Products Suite 9.3.3 allows remote
authenticated users to affect integrity via unknown vectors related to
Security, a different vulnerability than CVE-2014-2445.
|
CVE-2014-2466 |
Unspecified vulnerability in the Oracle Agile PLM Framework component
in Oracle Supply Chain Products Suite 9.3.3 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Security.
|
CVE-2014-2465 |
Unspecified vulnerability in the Oracle Agile PLM Framework component
in Oracle Supply Chain Products Suite 9.3.3 allows remote attackers to
affect integrity via unknown vectors related to Security.
|
CVE-2014-2464 |
Unspecified vulnerability in the Oracle Agile PLM Framework component
in Oracle Supply Chain Products Suite 9.3.3.0 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Security.
|
CVE-2014-2463 |
Unspecified vulnerability in the Oracle Secure Global Desktop (SGD)
component in Oracle Virtualization 4.63, 4.71, 5.0, and 5.1 allows
remote attackers to affect integrity via unknown vectors related to
Workspace Web Application, a different vulnerability than
CVE-2014-4232.
|
CVE-2014-2461 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, 6.2,
6.3, 6.3.1, 6.3.2, and 6.3.3 allows remote attackers to affect
confidentiality via unknown vectors related to Security.
|
CVE-2014-2459 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.3.2 and 6.3.3 allows
local users to affect confidentiality, integrity, and availability via
unknown vectors related to Security.
|
CVE-2014-2458 |
Unspecified vulnerability in the Oracle Agile Product Lifecycle
component in Oracle Supply Chain Products Suite 6.1.0.3 and 6.1.1.3
allows remote attackers to affect integrity via unknown vectors
related to Install.
|
CVE-2014-2457 |
Unspecified vulnerability in the Oracle Agile Product Lifecycle
component in Oracle Supply Chain Products Suite 6.0 and 6.1.0 allows
remote attackers to affect integrity via unknown vectors related to
Install.
|
CVE-2014-2456 |
Unspecified vulnerability in the PeopleSoft Enterprise ELS Enterprise
Learning Management component in Oracle PeopleSoft Products 9.1 and
9.2 allows remote authenticated users to affect confidentiality and
integrity via unknown vectors.
|
CVE-2014-2455 |
Unspecified vulnerability in the Hyperion Common Admin component in
Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated
users to affect confidentiality, integrity, and availability via
unknown vectors related to User Interface.
|
CVE-2014-2454 |
Unspecified vulnerability in the Hyperion Common Admin component in
Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to
affect confidentiality via unknown vectors related to User Interface.
|
CVE-2014-2453 |
Unspecified vulnerability in the Hyperion Common Admin component in
Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to
affect integrity via unknown vectors related to User Interface.
|
CVE-2014-2452 |
Unspecified vulnerability in the Oracle Access Manager component in
Oracle Fusion Middleware 11.1.1.5 allows remote authenticated users to
affect availability via unknown vectors related to Webserver Plugin.
|
CVE-2014-2451 |
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Privileges.
|
CVE-2014-2450 |
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer.
|
CVE-2014-2449 |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS Talent
Acquisition Manager component in Oracle PeopleSoft Products 9.0, 9.1,
and 9.2 allows remote authenticated users to affect confidentiality
via unknown vectors related to Security.
|
CVE-2014-2448 |
Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools
component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote
attackers to affect confidentiality via unknown vectors related to
Install and Packaging.
|
CVE-2014-2447 |
Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools
component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote
attackers to affect confidentiality via unknown vectors related to
Integration Broker, a different vulnerability than CVE-2014-2437.
|
CVE-2014-2445 |
Unspecified vulnerability in the Oracle Agile PLM Framework component
in Oracle Supply Chain Products Suite 9.3.3 allows remote
authenticated users to affect integrity via unknown vectors related to
Security, a different vulnerability than CVE-2014-2467.
|
CVE-2014-2444 |
Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier
allows remote authenticated users to affect confidentiality,
integrity, and availability via unknown vectors related to InnoDB.
|
CVE-2014-2440 |
Unspecified vulnerability in the MySQL Client component in Oracle
MySQL 5.5.36 and earlier and 5.6.16 and earlier allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors.
|
CVE-2014-2439 |
Unspecified vulnerability in the Oracle Secure Global Desktop (SGD)
component in Oracle Virtualization 5.0 and 5.1 allows remote attackers
to affect confidentiality and integrity via unknown vectors related to
Workspace Web Application.
|
CVE-2014-2438 |
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier
and 5.6.15 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Replication.
|
CVE-2014-2437 |
Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools
component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote
attackers to affect confidentiality via unknown vectors related to
Integration Broker, a different vulnerability than CVE-2014-2447.
|
CVE-2014-2435 |
Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to InnoDB.
|
CVE-2014-2433 |
Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools
component in Oracle PeopleSoft Products 8.53 allows remote attackers
to affect availability via unknown vectors related to Integration
Broker.
|
CVE-2014-2432 |
Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and
earlier and 5.6.15 and earlier allows remote authenticated users to
affect availability via unknown vectors related to Federated.
|
CVE-2014-2431 |
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier
and 5.6.16 and earlier allows remote attackers to affect availability
via unknown vectors related to Options.
|
CVE-2014-2430 |
Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier
and 5.6.16 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Performance Schema.
|
CVE-2014-2429 |
Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self
Service component in Oracle PeopleSoft Products 9.0 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Campus Mobile.
|
CVE-2014-2428 |
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and
Java SE Embedded 7u51, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Deployment.
|
CVE-2014-2427 |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8,
and Java SE Embedded 7u51, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Sound.
|
CVE-2014-2426 |
Unspecified vulnerability in the Oracle OpenSSO component in Oracle
Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated
users to affect integrity and availability via unknown vectors related
to Admin Console.
|
CVE-2014-2425 |
Unspecified vulnerability in the Oracle OpenSSO component in Oracle
Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated
users to affect confidentiality via unknown vectors.
|
CVE-2014-2422 |
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX
2.2.51, allows remote attackers to affect confidentiality, integrity,
and availability via unknown vectors.
|
CVE-2014-2421 |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8;
JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to
affect confidentiality, integrity, and availability via unknown
vectors related to 2D.
|
CVE-2014-2420 |
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and
Java SE Embedded 7u51, allows remote attackers to affect integrity via
unknown vectors related to Deployment.
|
CVE-2014-2419 |
Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier
and 5.6.15 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Partition.
|
CVE-2014-2418 |
Unspecified vulnerability in the Oracle Data Integrator component in
Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Data Quality, a different vulnerability than CVE-2014-2407,
CVE-2014-2415, CVE-2014-2416, and CVE-2014-2417.
|
CVE-2014-2417 |
Unspecified vulnerability in the Oracle Data Integrator component in
Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Data Quality, a different vulnerability than CVE-2014-2407,
CVE-2014-2415, CVE-2014-2416, and CVE-2014-2418.
|
CVE-2014-2416 |
Unspecified vulnerability in the Oracle Data Integrator component in
Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Data Quality, a different vulnerability than CVE-2014-2407,
CVE-2014-2415, CVE-2014-2417, and CVE-2014-2418.
|
CVE-2014-2415 |
Unspecified vulnerability in the Oracle Data Integrator component in
Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Data Quality, a different vulnerability than CVE-2014-2407,
CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418.
|
CVE-2014-2413 |
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE
Embedded 7u51, allows remote attackers to affect integrity via unknown
vectors related to Libraries.
|
CVE-2014-2411 |
Unspecified vulnerability in the Oracle Identity Analytics component
in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun
Role Manager 5.0 allows remote authenticated users to affect
confidentiality, integrity, and availability via unknown vectors
related to Security.
|
CVE-2014-2410 |
Unspecified vulnerability in Oracle Java SE 8 allows remote attackers
to affect confidentiality, integrity, and availability via unknown
vectors related to JavaFX.
|
CVE-2014-2409 |
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and
Java SE Embedded 7u51, allows remote attackers to affect
confidentiality and integrity via unknown vectors related to
Deployment.
|
CVE-2014-2408 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows
remote authenticated users to affect confidentiality and integrity via
unknown vectors related to the "Grant Any Object Privilege."
|
CVE-2014-2407 |
Unspecified vulnerability in the Oracle Data Integrator component in
Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Data Quality, a different vulnerability than CVE-2014-2415,
CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418.
|
CVE-2014-2406 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows
remote authenticated users to affect confidentiality, integrity, and
availability via unknown vectors related to "Advisor" and "Select Any
Dictionary" privileges.
|
CVE-2014-2405 |
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux
and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack
vectors, a different vulnerability than CVE-2014-0462.
|
CVE-2014-2404 |
Unspecified vulnerability in the Oracle Access Manager component in
Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0,
11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 allows remote authenticated
users to affect confidentiality via unknown vectors related to
WebGate.
|
CVE-2014-2402 |
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE
Embedded 7u51, allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Libraries,
a different vulnerability than CVE-2014-0432 and CVE-2014-0455.
|
CVE-2014-2401 |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8;
JavaFX 2.2.51; and Java SE Embedded 7u51 allows remote attackers to
affect confidentiality via unknown vectors related to 2D.
|
CVE-2014-2400 |
Unspecified vulnerability in the Oracle Endeca Server component in
Oracle Fusion Middleware 2.2.2 allows remote attackers to affect
integrity via unknown vectors related to Oracle Endeca Information
Discovery (Formerly Latitude), a different vulnerability than
CVE-2014-2399.
|
CVE-2014-2399 |
Unspecified vulnerability in the Oracle Endeca Server component in
Oracle Fusion Middleware 2.2.2 allows remote attackers to affect
integrity via unknown vectors related to Oracle Endeca Information
Discovery (Formerly Latitude), a different vulnerability than
CVE-2014-2400.
|
CVE-2014-2398 |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8;
JavaFX 2.2.51; and JRockit R27.8.1 and R28.3.1 allows remote
authenticated users to affect integrity via unknown vectors related to
Javadoc.
|
CVE-2014-2397 |
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE
Embedded 7u51, allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Hotspot.
|
CVE-2014-2369 |
Cross-site request forgery (CSRF) vulnerability in the web application
on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through
8.68x allows remote authenticated users to hijack the authentication
of unspecified victims via unknown vectors.
|
CVE-2014-2365 |
Unspecified vulnerability in Advantech WebAccess before 7.2 allows
remote authenticated users to create or delete arbitrary files via
unknown vectors.
|
CVE-2014-2330 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the
Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to
hijack the authentication of users for requests that (1) upload
arbitrary snapshots, (2) delete arbitrary files, or possibly have
other unspecified impact via unknown vectors.
|
CVE-2014-2249 |
Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC
S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200
CPU PLC devices with firmware before 4.0 allows remote attackers to
hijack the authentication of unspecified victims via unknown vectors.
|
CVE-2014-2034 |
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through
2.7.1 allows attackers to create arbitrary user accounts via unknown
vectors related to "an unauthenticated execution path."
|
CVE-2014-1983 |
Unspecified vulnerability in Cybozu Remote Service Manager through
2.3.0 and 3.x before 3.1.1 allows remote attackers to cause a denial
of service (CPU consumption) via unknown vectors.
|
CVE-2014-1963 |
Unspecified vulnerability in Message Server in SAP NetWeaver 7.20
allows remote attackers to cause a denial of service via unknown
attack vectors.
|
CVE-2014-1961 |
Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver
allows remote attackers to obtain sensitive path information via
unknown attack vectors.
|
CVE-2014-1762 |
Unspecified vulnerability in Microsoft Internet Explorer 6 through 11
allows remote attackers to execute arbitrary code with
medium-integrity privileges and bypass a sandbox protection mechanism
via unknown vectors, as demonstrated by ZDI during a Pwn4Fun
competition at CanSecWest 2014.
|
CVE-2014-1749 |
Multiple unspecified vulnerabilities in Google Chrome before
35.0.1916.114 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2014-1735 |
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33,
as used in Google Chrome before 34.0.1847.131 on Windows and OS X and
before 34.0.1847.132 on Linux, allow attackers to cause a denial of
service or possibly have other impact via unknown vectors.
|
CVE-2014-1734 |
Multiple unspecified vulnerabilities in Google Chrome before
34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux
allow attackers to cause a denial of service or possibly have other
impact via unknown vectors.
|
CVE-2014-1729 |
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22,
as used in Google Chrome before 34.0.1847.116, allow attackers to
cause a denial of service or possibly have other impact via unknown
vectors.
|
CVE-2014-1728 |
Multiple unspecified vulnerabilities in Google Chrome before
34.0.1847.116 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2014-1711 |
The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152
allows remote attackers to cause a denial of service (out-of-bounds
write) or possibly have unspecified other impact via unknown vectors.
|
CVE-2014-1710 |
The AsyncPixelTransfersCompletedQuery::End function in
gpu/command_buffer/service/query_manager.cc in Google Chrome, as used
in Google Chrome OS before 33.0.1750.152, does not check whether a
certain position is within the bounds of a shared-memory segment,
which allows remote attackers to cause a denial of service (GPU
command-buffer memory corruption) or possibly have unspecified other
impact via unknown vectors.
|
CVE-2014-1705 |
Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and
Linux and before 33.0.1750.154 on Windows, allows remote attackers to
cause a denial of service (memory corruption) or possibly have
unspecified other impact via unknown vectors.
|
CVE-2014-1704 |
Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18,
as used in Google Chrome before 33.0.1750.149, allow attackers to
cause a denial of service or possibly have other impact via unknown
vectors.
|
CVE-2014-1681 |
Multiple unspecified vulnerabilities in Google Chrome before
32.0.1700.102 have unknown impact and attack vectors, related to 12
"security fixes [that were not] either contributed by external
researchers or particularly interesting."
|
CVE-2014-1663 |
Unspecified vulnerability in Citrix XenMobile Device Manager server
(formerly Zenprise Device Manager server) 8.5, 8.6, and MDM 8.0.1
allows remote attackers to obtain sensitive information via unknown
vectors.
|
CVE-2014-1588 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 34.0 and SeaMonkey before 2.31 allow remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors.
|
CVE-2014-1587 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird before
31.3, and SeaMonkey before 2.31 allow remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors.
|
CVE-2014-1575 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 33.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via vectors related to improper interaction between
threading and garbage collection in the GCRuntime::triggerGC function
in js/src/jsgc.cpp, and unknown other vectors.
|
CVE-2014-1574 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 33.0, Firefox ESR 31.x before 31.2, and Thunderbird
31.x before 31.2 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2014-1562 |
Unspecified vulnerability in the browser engine in Mozilla Firefox
before 32.0, Firefox ESR 24.x before 24.8 and 31.x before 31.1, and
Thunderbird 24.x before 24.8 and 31.x before 31.1 allows remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
|
CVE-2014-1554 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 32.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2014-1553 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird
31.x before 31.1 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2014-1548 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 31.0 and Thunderbird before 31.0 allow remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors.
|
CVE-2014-1547 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 31.0, Firefox ESR 24.x before 24.7, and Thunderbird
before 24.7 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2014-1534 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 30.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2014-1533 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 30.0, Firefox ESR 24.x before 24.6, and Thunderbird
before 24.6 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2014-1519 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 29.0 and SeaMonkey before 2.26 allow remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors.
|
CVE-2014-1518 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 29.0, Firefox ESR 24.x before 24.5, Thunderbird before
24.5, and SeaMonkey before 2.26 allow remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors.
|
CVE-2014-1494 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 28.0 and SeaMonkey before 2.25 allow remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors.
|
CVE-2014-1493 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before
24.4, and SeaMonkey before 2.25 allow remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors.
|
CVE-2014-1478 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 27.0 and SeaMonkey before 2.24 allow remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via vectors related to the
MPostWriteBarrier class in js/src/jit/MIR.h and stack alignment in
js/src/jit/AsmJS.cpp in OdinMonkey, and unknown other vectors.
|
CVE-2014-1477 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before
24.3, and SeaMonkey before 2.24 allow remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors.
|
CVE-2014-1300 |
Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote
attackers to execute arbitrary code with root privileges via unknown
vectors, as demonstrated by Google during a Pwn4Fun competition at
CanSecWest 2014.
|
CVE-2014-10002 |
Unspecified vulnerability in JetBrains TeamCity before 8.1 allows
remote attackers to obtain sensitive information via unknown vectors.
|
CVE-2014-0885 |
Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in
IBM Lotus Protector for Mail Security 2.8.x before 2.8.1-22905 allows
remote authenticated users to hijack the authentication of unspecified
victims via unknown vectors.
|
CVE-2014-0862 |
Unspecified vulnerability in Jazz Team Server in IBM Rational
Collaborative Lifecycle Management (CLM) 3.x before 3.0.1.6 iFix 2 and
4.x before 4.0.6 allows remote attackers to execute arbitrary code via
unknown vectors.
|
CVE-2014-0844 |
Unspecified vulnerability in IBM Rational Requirements Composer 3.x
before 3.0.1.6 iFix2 and 4.x before 4.0.6, and Rational DOORS Next
Generation 4.x before 4.0.6, allows remote authenticated users to read
arbitrary data via unknown vectors.
|
CVE-2014-0816 |
Unspecified vulnerability in Norman Security Suite 10.1 and earlier
allows local users to gain privileges via unknown vectors.
|
CVE-2014-0612 |
Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before
11.4R11, 12.1X44 before 12.1X44-D26, 12.1X44 before 12.1X44-D30,
12.1X45 before 12.1X45-D20, and 12.1X46 before 12.1X46-D10, when
Dynamic IPsec VPN is configured, allows remote attackers to cause a
denial of service (new Dynamic VPN connection failures and CPU and
disk consumption) via unknown vectors.
|
CVE-2014-0609 |
Unspecified vulnerability in Novell Open Enterprise Server (OES) 11
SP1 before Scheduled Maintenance Update 9415 and 11 SP2 before
Scheduled Maintenance Update 9413 for Linux has unknown impact and
attack vectors.
|
CVE-2014-0570 |
Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion
9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 before Update 7,
10 before Update 14, and 11 before Update 2 allows remote attackers to
hijack the authentication of unspecified victims via unknown vectors.
|
CVE-2014-0491 |
Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before
12.0.0.38 on Windows and Mac OS X and before 11.2.202.335 on Linux,
Adobe AIR before 4.0.0.1390, Adobe AIR SDK before 4.0.0.1390, and
Adobe AIR SDK & Compiler before 4.0.0.1390 allow attackers to bypass
unspecified protection mechanisms via unknown vectors.
|
CVE-2014-0465 |
Unspecified vulnerability in the Oracle OpenSSO component in Oracle
Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated
users to affect integrity via unknown vectors related to Admin
Console.
|
CVE-2014-0464 |
Unspecified vulnerability in Oracle Java SE 8 allows remote attackers
to affect confidentiality via unknown vectors related to Scripting, a
different vulnerability than CVE-2014-0463.
|
CVE-2014-0463 |
Unspecified vulnerability in Oracle Java SE 8 allows remote attackers
to affect confidentiality via unknown vectors related to Scripting, a
different vulnerability than CVE-2014-0464.
|
CVE-2014-0462 |
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux
and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack
vectors, a different vulnerability than CVE-2014-2405.
|
CVE-2014-0461 |
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and
Java SE Embedded 7u51, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Libraries.
|
CVE-2014-0459 |
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE
Embedded 7u51, allows remote attackers to affect availability via
unknown vectors related to 2D.
|
CVE-2014-0457 |
Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and
8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Libraries.
|
CVE-2014-0456 |
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and
Java SE Embedded 7u51, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Hotspot.
|
CVE-2014-0455 |
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE
Embedded 7u51, allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Libraries,
a different vulnerability than CVE-2014-0432 and CVE-2014-2402.
|
CVE-2014-0454 |
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE
Embedded 7u51, allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Security.
|
CVE-2014-0453 |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8;
JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote
attackers to affect confidentiality and integrity via unknown vectors
related to Security.
|
CVE-2014-0450 |
Unspecified vulnerability in the Oracle WebCenter Portal component in
Oracle Fusion Middleware 11.1.1.7 and 11.1.1.8 allows remote attackers
to affect confidentiality via unknown vectors related to People
Connection.
|
CVE-2014-0449 |
Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and
Java SE Embedded 7u51, allows remote attackers to affect
confidentiality via unknown vectors related to Deployment.
|
CVE-2014-0448 |
Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Deployment.
|
CVE-2014-0447 |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local
users to affect availability via unknown vectors related to Kernel, a
different vulnerability than CVE-2013-5876.
|
CVE-2014-0446 |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8,
and Java SE Embedded 7u51, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Libraries.
|
CVE-2014-0444 |
Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical
Professional component in Oracle Supply Chain Products Suite 20.1.1
allows remote authenticated users to affect confidentiality via
unknown vectors related to Web General, a different vulnerability than
CVE-2013-5868 and CVE-2013-5871.
|
CVE-2014-0443 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.52 allows remote attackers
to affect integrity via unknown vectors related to Security.
|
CVE-2014-0442 |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows
local users to affect confidentiality, integrity, and availability via
unknown vectors related to Print Filter Utility.
|
CVE-2014-0441 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote
attackers to affect availability via unknown vectors related to
Integration Broker.
|
CVE-2014-0439 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote
authenticated users to affect integrity via unknown vectors related to
Report Distribution.
|
CVE-2014-0438 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Panel Processor.
|
CVE-2014-0437 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer.
|
CVE-2014-0436 |
Unspecified vulnerability in the Hyperion BI+ component in Oracle
Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect
integrity via unknown vectors related to Web Analysis.
|
CVE-2014-0435 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1,
and 6.3.2 allows remote authenticated users to affect availability via
unknown vectors related to Data, Domain & Function Security.
|
CVE-2014-0434 |
Unspecified vulnerability in the Oracle Agile Product Lifecycle
Management for Process component in Oracle Supply Chain Products Suite
6.0, 6.1, and 6.1.1 allows remote attackers to affect integrity via
unknown vectors related to Installation.
|
CVE-2014-0433 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.13 and earlier allows remote attackers to affect
availability via unknown vectors related to Thread Pooling.
|
CVE-2014-0432 |
Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE
Embedded 7u51, allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Libraries,
a different vulnerability than CVE-2014-0455 and CVE-2014-2402.
|
CVE-2014-0431 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.14 and earlier allows remote authenticated users to affect
availability via unknown vectors related to InnoDB, a different
vulnerability than CVE-2013-5881.
|
CVE-2014-0430 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.13 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Performance Schema.
|
CVE-2014-0429 |
Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8;
JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to 2D.
|
CVE-2014-0425 |
Unspecified vulnerability in the PeopleSoft Enterprise SCM Services
Procurement component in Oracle PeopleSoft Products 9.2 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Security.
|
CVE-2014-0424 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410,
CVE-2014-0415, and CVE-2014-0418.
|
CVE-2014-0423 |
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45;
JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7
allows remote authenticated users to affect confidentiality and
availability via unknown vectors related to Beans. NOTE: the previous
information is from the January 2014 CPU. Oracle has not commented on
third-party claims that this issue is an XML External Entity (XXE)
vulnerability in DocumentHandler.java, related to Beans decoding.
|
CVE-2014-0421 |
Unspecified vulnerability in Oracle Solaris 10, when running on the
SPARC64-X Platform, allows local users to affect confidentiality,
integrity, and availability via unknown vectors.
|
CVE-2014-0420 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.34 and earlier, and 5.6.14 and earlier, allows remote
authenticated users to affect availability via unknown vectors related
to Replication.
|
CVE-2014-0419 |
Unspecified vulnerability in the Oracle Secure Global Desktop (SGD)
component in Oracle Virtualization SGD before 4.63 with December 2013
PSU, 4.71, 5.0 with December 2013 PSU, and 5.10 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Administration Console and Workspace Web
Applications.
|
CVE-2014-0418 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410,
CVE-2014-0415, and CVE-2014-0424.
|
CVE-2014-0417 |
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45;
JavaFX 2.2.45; and Java SE Embedded 7u45 allows remote attackers to
affect confidentiality, integrity, and availability via unknown
vectors related to 2D.
|
CVE-2014-0415 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0410,
CVE-2014-0418, and CVE-2014-0424.
|
CVE-2014-0412 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to InnoDB.
|
CVE-2014-0410 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than CVE-2013-5889, CVE-2013-5902, CVE-2014-0415,
CVE-2014-0418, and CVE-2014-0424.
|
CVE-2014-0408 |
Unspecified vulnerability in Oracle Java SE 7u45, when running on OS
X, allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Hotspot.
|
CVE-2014-0407 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30,
4.2.20, and 4.3.4 allows local users to affect confidentiality,
integrity, and availability via unknown vectors related to Core, a
different vulnerability than CVE-2014-0405.
|
CVE-2014-0406 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30,
4.2.20, and 4.3.4 allows local users to affect integrity and
availability via unknown vectors related to Core, a different
vulnerability than CVE-2014-0404.
|
CVE-2014-0405 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30,
4.2.20, and 4.3.4 allows local users to affect confidentiality,
integrity, and availability via unknown vectors related to Core, a
different vulnerability than CVE-2014-0407.
|
CVE-2014-0404 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30,
4.2.20, and 4.3.4 allows local users to affect integrity and
availability via unknown vectors related to Core, a different
vulnerability than CVE-2014-0406.
|
CVE-2014-0403 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows
remote attackers to affect confidentiality and integrity via unknown
vectors related to Deployment, a different vulnerability than
CVE-2013-5898 and CVE-2014-0375.
|
CVE-2014-0402 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Locking.
|
CVE-2014-0401 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
allows remote authenticated users to affect availability via unknown
vectors.
|
CVE-2014-0399 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.2, 6.3, 6.3.1, and
6.3.2 allows remote authenticated users to affect confidentiality via
unknown vectors related to Data, Domain & Function Security.
|
CVE-2014-0398 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and
12.2.2 allows remote attackers to affect confidentiality via unknown
vectors related to Discoverer.
|
CVE-2014-0396 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote
attackers to affect confidentiality via unknown vectors related to
Portal - Web Services.
|
CVE-2014-0395 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote
attackers to affect confidentiality via unknown vectors related to
Updates Environment Mgmt, a different vulnerability than
CVE-2014-0394.
|
CVE-2014-0394 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote
attackers to affect confidentiality via unknown vectors related to
Updates Environment Mgmt, a different vulnerability than
CVE-2014-0395.
|
CVE-2014-0393 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
allows remote authenticated users to affect integrity via unknown
vectors related to InnoDB.
|
CVE-2014-0392 |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component
in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated
users to affect confidentiality via unknown vectors related to
Security.
|
CVE-2014-0391 |
Unspecified vulnerability in the Oracle Identity Manager component in
Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1
allows remote attackers to affect confidentiality via unknown vectors
related to End User Self Service.
|
CVE-2014-0390 |
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers
to affect integrity via unknown vectors related to Java Web Console.
|
CVE-2014-0389 |
Unspecified vulnerability in Oracle iLearning 6.0 allows remote
attackers to affect integrity via unknown vectors related to Learner
Pages.
|
CVE-2014-0388 |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS Human
Resources component in Oracle PeopleSoft Products 9.1 and 9.2 allows
remote authenticated users to affect confidentiality via unknown
vectors related to Org and Workforce Dev.
|
CVE-2014-0387 |
Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45,
when running on Firefox, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Deployment.
|
CVE-2014-0386 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer.
|
CVE-2014-0385 |
Unspecified vulnerability in Oracle Java SE 7u45, when installing on
OS X, allows remote attackers to affect confidentiality, integrity,
and availability via unknown vectors related to Install.
|
CVE-2014-0383 |
Unspecified vulnerability in the Oracle Identity Manager component in
Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Identity Console.
|
CVE-2014-0382 |
Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45
allows remote attackers to affect availability via unknown vectors
related to JavaFX.
|
CVE-2014-0379 |
Unspecified vulnerability in the Oracle Demantra Demand Management
component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server,
7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote attackers
to affect integrity via unknown vectors related to DM Others.
|
CVE-2014-0378 |
Unspecified vulnerability in the Spatial component in Oracle Database
Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows local users
to affect confidentiality, integrity, and availability via unknown
vectors.
|
CVE-2014-0375 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows
remote attackers to affect confidentiality and integrity via unknown
vectors related to Deployment, a different vulnerability than
CVE-2013-5898 and CVE-2014-0403.
|
CVE-2014-0374 |
Unspecified vulnerability in the Oracle Portal component in Oracle
Fusion Middleware 11.1.1.6 allows remote attackers to affect integrity
via unknown vectors related to Page Parameters and Events.
|
CVE-2014-0373 |
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45,
and OpenJDK 7, allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to
Serviceability. NOTE: the previous information is from the January
2014 CPU. Oracle has not commented on third-party claims that the
issue is related to throwing of an incorrect exception when
SnmpStatusException should have been used in the SNMP implementation,
which allows attackers to escape the sandbox.
|
CVE-2014-0372 |
Unspecified vulnerability in the Oracle Demantra Demand Management
component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server,
7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated users to
affect confidentiality and integrity via unknown vectors related to DM
Others.
|
CVE-2014-0371 |
Unspecified vulnerability in the Oracle Demantra Demand Management
component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server,
7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote
authenticated users to affect integrity via unknown vectors related to
DM Others.
|
CVE-2014-0370 |
Unspecified vulnerability in the Siebel Life Sciences component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to
affect availability via unknown vectors related to Clinical Trip
Report.
|
CVE-2014-0369 |
Unspecified vulnerability in the Siebel Core - EAI component in Oracle
Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect
confidentiality via unknown vectors related to Java Integration, a
different vulnerability than CVE-2015-0366.
|
CVE-2014-0368 |
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45,
and Java SE Embedded 7u45, allows remote attackers to affect
confidentiality via unknown vectors related to Networking. NOTE: the
previous information is from the January 2014 CPU. Oracle has not
commented on third-party claims that the issue is related to incorrect
permission checks when listening on a socket, which allows attackers
to escape the sandbox.
|
CVE-2014-0367 |
Unspecified vulnerability in the Hyperion Essbase Administration
Services component in Oracle Hyperion 11.1.2.1, 11.1.2.2, and 11.1.2.3
allows remote authenticated users to affect confidentiality and
integrity via unknown vectors related to Admin Console.
|
CVE-2014-0366 |
Unspecified vulnerability in the Oracle Applications Framework
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and
12.2.2 allows remote authenticated users to affect confidentiality via
unknown vectors related to Attachments.
|
CVE-2013-7407 |
Cross-site request forgery (CSRF) vulnerability in the MRBS module for
Drupal allows remote attackers to hijack the authentication of
unspecified victims via unknown vectors.
|
CVE-2013-7369 |
SQL injection vulnerability in an unspecified DLL in the FSDBCom
ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server
before HF02, Anti-Virus for Windows Servers 9.00 before HF09,
Anti-Virus for Citrix Servers 9.00 before HF09, and F-Secure Email and
Server Security and F-Secure Server Security 9.20 before HF01 allows
remote attackers to execute arbitrary SQL commands via unknown
vectors, related to GetCommand.
|
CVE-2013-7364 |
An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver
does not properly restrict access, which allows remote attackers to
read and write to arbitrary files via unknown vectors.
|
CVE-2013-7362 |
An unspecified RFC function in SAP CCMS Agent allows remote attackers
to execute arbitrary commands via unknown vectors.
|
CVE-2013-7360 |
Unspecified vulnerability in SAP adminadapter allows remote attackers
to read or write to arbitrary files via unknown vectors.
|
CVE-2013-7359 |
Unspecified vulnerability in SAP Mobile Infrastructure allows remote
attackers to obtain sensitive port information via unknown vectors,
related to an "internal port scanning" issue.
|
CVE-2013-7358 |
Unspecified vulnerability in SAP Guided Procedures Archive Monitor
allows remote attackers to obtain usernames, roles, profiles, and
possibly other identity information via unknown vectors.
|
CVE-2013-7357 |
Unspecified vulnerability in the configuration service in SAP J2EE
Engine allows remote attackers to obtain credential information via
unknown vectors.
|
CVE-2013-7356 |
Unspecified vulnerability in the SAP CCMS / Database Monitors for
Oracle allows attackers to obtain the database password via unknown
vectors.
|
CVE-2013-7350 |
Multiple unspecified vulnerabilities in Check Point Security Gateway
80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and
600 and 1100 appliances R75.20.x before R75.20.42 have unknown impact
and attack vectors related to "important security fixes."
|
CVE-2013-7344 |
Unspecified vulnerability in core/settings.php in ownCloud before
4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to
execute arbitrary PHP code via unknown vectors. NOTE: this issue was
SPLIT from CVE-2013-0303 due to different affected versions.
|
CVE-2013-7256 |
Cross-site request forgery (CSRF) vulnerability in Opsview before
4.4.2 allows remote attackers to hijack the authentication of
unspecified victims via unknown vectors.
|
CVE-2013-7223 |
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free
CRM before 0.12.1 allow remote attackers to hijack the authentication
of unspecified victims via unknown vectors, related to the lack of a
protect_from_forgery line in
app/controllers/application_controller.rb.
|
CVE-2013-7095 |
The XML parser (crm_flex_data) in SAP Customer Relationship Management
(CRM) 7.02 EHP 2 has unknown impact and attack vectors related to an
XML External Entity (XXE) issue.
|
CVE-2013-6969 |
The training-registration page in Cisco WebEx Training Center allows
remote attackers to modify unspecified fields via unknown vectors, aka
Bug ID CSCul35990.
|
CVE-2013-6942 |
Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler
Application Delivery Controller (ADC) 9.3.x before 9.3-64.4, 10.0
before 10.0-77.5, and 10.1 before 10.1-118.7 allows remote attackers
to hijack the authentication of unspecified victims via unknown
vectors.
|
CVE-2013-6941 |
Unspecified vulnerability in Citrix NetScaler Application Delivery
Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and
10.1 before 10.1-118.7 allows users to "breakout" of the shell via
unknown vectors.
|
CVE-2013-6939 |
Unspecified vulnerability in Citrix NetScaler Application Delivery
Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and
10.1 before 10.1-118.7 allows attackers to cause a denial of service
via unknown vectors, related to "RADIUS authentication."
|
CVE-2013-6938 |
Unspecified vulnerability in the Service VM in Citrix NetScaler SDX
9.3 before 9.3-64.4 and 10.0 before 10.0-77.5 and Application Delivery
Controller (ADC) 9.3.x before 9.3-64.4, 10.0 before 10.0-77.5, and
10.1 before 10.1-118.7 allows attackers to cause a denial of service
via unknown vectors, related to the "Virtual Machine Daemon."
|
CVE-2013-6794 |
Cross-site scripting (XSS) vulnerability in the Calendar module in
Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject
arbitrary web script or HTML via the Location field. NOTE: the
provenance of this information is unknown; the details are obtained
solely from third party information.
|
CVE-2013-6710 |
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx
Training Center allows remote attackers to hijack the authentication
of unspecified victims via unknown vectors, aka Bug ID CSCul25567.
|
CVE-2013-6668 |
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10,
as used in Google Chrome before 33.0.1750.146, allow attackers to
cause a denial of service or possibly have other impact via unknown
vectors.
|
CVE-2013-6667 |
Multiple unspecified vulnerabilities in Google Chrome before
33.0.1750.146 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2013-6661 |
Multiple unspecified vulnerabilities in Google Chrome before
33.0.1750.117 allow attackers to bypass the sandbox protection
mechanism after obtaining renderer access, or have other impact, via
unknown vectors.
|
CVE-2013-6654 |
The SVGAnimateElement::calculateAnimatedValue function in
core/svg/SVGAnimateElement.cpp in Blink, as used in Google Chrome
before 33.0.1750.117, does not properly handle unexpected data types,
which allows remote attackers to cause a denial of service (incorrect
cast) or possibly have unspecified other impact via unknown vectors.
|
CVE-2013-6644 |
Multiple unspecified vulnerabilities in Google Chrome before
32.0.1700.76 on Windows and before 32.0.1700.77 on Mac OS X and Linux
allow attackers to cause a denial of service or possibly have other
impact via unknown vectors.
|
CVE-2013-6637 |
Multiple unspecified vulnerabilities in Google Chrome before
31.0.1650.63 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2013-6346 |
Cross-site request forgery (CSRF) vulnerability in the ZCC page in
Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows
remote attackers to hijack the authentication of unspecified victims
via unknown vectors.
|
CVE-2013-6345 |
Unspecified vulnerability in the ZCC page in Novell ZENworks
Configuration Management (ZCM) before 11.2.4 has unknown impact and
attack vectors related to an "Application Exception."
|
CVE-2013-6344 |
The ZCC page in Novell ZENworks Configuration Management (ZCM) before
11.2.4 allows attackers to conduct cross-frame scripting attacks via
unknown vectors.
|
CVE-2013-6312 |
Unspecified vulnerability in IBM Rational Service Tester 8.3.x and
8.5.x before 8.5.1 and Rational Performance Tester 8.3.x and 8.5.x
before 8.5.1 allows remote attackers to read arbitrary files via
unknown vectors.
|
CVE-2013-6306 |
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70
01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30
01Ax770_062 allows local users to gain Service Processor privileges
via unknown vectors.
|
CVE-2013-6288 |
Unspecified vulnerability in the Apache Solr for TYPO3 (solr)
extension before 2.8.3 for TYPO3 has unknown impact and remote attack
vectors, related to "Insecure Unserialize."
|
CVE-2013-6219 |
Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before
A.01.02.02 on HP-UX B.11.31 allows local users to bypass intended
access restrictions via unknown vectors.
|
CVE-2013-6218 |
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x,
9.1x, and 9.2x allows remote attackers to execute arbitrary code via
unknown vectors.
|
CVE-2013-6216 |
Unspecified vulnerability in HP Array Configuration Utility, Array
Diagnostics Utility, ProLiant Array Diagnostics, and SmartSSD Wear
Gauge Utility 9.40 and earlier allows local users to gain privileges
via unknown vectors.
|
CVE-2013-6215 |
Unspecified vulnerability in the Integration Service in HP Universal
Configuration Management Database 10.01 and 10.10 allows remote
authenticated users to execute arbitrary code via unknown vectors, aka
ZDI-CAN-1977.
|
CVE-2013-6214 |
Unspecified vulnerability in the Integration Service in HP Universal
Configuration Management Database 9.05, 10.01, and 10.10 allows remote
authenticated users to obtain sensitive information via unknown
vectors, aka ZDI-CAN-2042.
|
CVE-2013-6213 |
Unspecified vulnerability in Virtual User Generator in HP LoadRunner
before 11.52 Patch 1 allows remote attackers to execute arbitrary code
via unknown vectors, aka ZDI-CAN-1833.
|
CVE-2013-6212 |
Unspecified vulnerability in HP Database and Middleware Automation
10.0, 10.01, 10.10, and 10.20 before 10.20.100 allows remote
authenticated users to obtain sensitive information via unknown
vectors.
|
CVE-2013-6211 |
Unspecified vulnerability in HP StoreOnce Virtual Storage Appliance
(VSA) before 3.7.2, StoreOnce 26xx and 4210 iSCSI Backup System before
3.9.0, StoreOnce 4210 FC Backup System before 3.9.0, and StoreOnce
4xxx Backup System before 3.9.0 allows remote attackers to obtain
sensitive information or cause a denial of service via unknown
vectors.
|
CVE-2013-6210 |
Unspecified vulnerability in HP Unified Functional Testing before 12.0
allows remote attackers to execute arbitrary code via unknown vectors,
aka ZDI-CAN-1932.
|
CVE-2013-6209 |
Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP
HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of
service via unknown vectors.
|
CVE-2013-6208 |
Unspecified vulnerability in HP Smart Update Manager 5.3.5 before
build 70 on Linux allows local users to gain privileges via unknown
vectors.
|
CVE-2013-6207 |
Unspecified vulnerability in the loadFileContents function in the SOAP
implementation in HP SiteScope 10.1x, 11.1x, and 11.21 allows remote
attackers to read arbitrary files or cause a denial of service via
unknown vectors, aka ZDI-CAN-2084.
|
CVE-2013-6206 |
Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and
Insight Control Server Deployment allows remote attackers to obtain
sensitive information, modify data, or cause a denial of service via
unknown vectors.
|
CVE-2013-6205 |
Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and
Insight Control Server Deployment allows local users to obtain
sensitive information, modify data, or cause a denial of service via
unknown vectors.
|
CVE-2013-6201 |
Unspecified vulnerability in HP Security Management System 3.3.0,
3.5.0 before patch 1, and 3.6.0 before patch 2 allows remote attackers
to execute arbitrary code via unknown vectors.
|
CVE-2013-6200 |
Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows
local users to obtain sensitive information or modify data via unknown
vectors.
|
CVE-2013-6197 |
Unspecified vulnerability in HP Service Manager WebTier and Windows
Client 9.20 and 9.21 before 9.21.661 p8 allows remote authenticated
users to execute arbitrary code via unknown vectors.
|
CVE-2013-6195 |
Unspecified vulnerability in HP Storage Data Protector 6.2X allows
remote attackers to execute arbitrary code or cause a denial of
service via unknown vectors, aka ZDI-CAN-2008.
|
CVE-2013-6194 |
Unspecified vulnerability in HP Storage Data Protector 6.2X allows
remote attackers to execute arbitrary code or cause a denial of
service via unknown vectors, aka ZDI-CAN-1905.
|
CVE-2013-6193 |
Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet
Pro 100, 300, 400, CM1415fnw, CP1*, M121*, M1536dnf, and P1*; Color
LaserJet CM* and CP*; and TopShot LaserJet Pro M275 printers allows
remote attackers to cause a denial of service via unknown vectors.
|
CVE-2013-6192 |
Cross-site request forgery (CSRF) vulnerability in HP Operations
Orchestration before 9 allows remote attackers to hijack the
authentication of unspecified victims via unknown vectors.
|
CVE-2013-6189 |
Unspecified vulnerability in the Archive Query Server in HP
Application Information Optimizer (formerly HP Database Archiving)
6.2, 6.3, 6.4, and 7.0 allows remote attackers to execute arbitrary
code via unknown vectors, aka ZDI-CAN-1666.
|
CVE-2013-6188 |
Cross-site request forgery (CSRF) vulnerability in HP System
Management Homepage (SMH) 7.1 through 7.2.2 allows remote attackers to
hijack the authentication of unspecified victims via unknown vectors.
|
CVE-2013-6141 |
Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers
to read arbitrary files via unknown vectors related to lack of
authorization.
|
CVE-2013-6049 |
apt-listbugs before 0.1.10 creates temporary files insecurely, which
allows attackers to have unspecified impact via unknown vectors.
|
CVE-2013-6034 |
The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN
RF-7800B-DU204; Hughes Network Systems 9201, 9450, and 9502; Inmarsat;
Japan Radio JUE-250 and JUE-500; and Thuraya IP satellite terminals
has hardcoded credentials, which makes it easier for attackers to
obtain unspecified login access via unknown vectors.
|
CVE-2013-5998 |
Unspecified vulnerability in the Web manager implementation on D-Link
Japan DES-3800 devices with firmware before R4.50B58 allows remote
attackers to cause a denial of service (device hang) via unknown
vectors, a different vulnerability than CVE-2013-5997.
|
CVE-2013-5997 |
Unspecified vulnerability in the SSH implementation on D-Link Japan
DES-3800 devices with firmware before R4.50B58 allows remote
authenticated users to cause a denial of service (device hang) via
unknown vectors, a different vulnerability than CVE-2013-5998.
|
CVE-2013-5987 |
Unspecified vulnerability in NVIDIA graphics driver Release 331, 325,
319, 310, and 304 allows local users to bypass intended access
restrictions for the GPU and gain privileges via unknown vectors.
|
CVE-2013-5986 |
Unspecified vulnerability in NVIDIA graphics driver Release 331, 325,
319, 310, and 304 has unknown impact and attack vectors, a different
vulnerability than CVE-2013-5987.
|
CVE-2013-5932 |
Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro
Security Gateway) before 9.105 has unknown impact and attack vectors.
|
CVE-2013-5910 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE
Embedded 7u45, and OpenJDK 7 allows remote attackers to affect
integrity via unknown vectors related to Security. NOTE: the previous
information is from the January 2014 CPU. Oracle has not commented on
third-party claims that CanonicalizerBase.java in the XML
canonicalizer allows untrusted code to access mutable byte arrays.
|
CVE-2013-5909 |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component
in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated
users to affect confidentiality and integrity via unknown vectors
related to Org and Workforce Dev.
|
CVE-2013-5908 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier
allows remote attackers to affect availability via unknown vectors
related to Error Handling.
|
CVE-2013-5907 |
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45;
JRockit R27.7.7 and R28.2.9; Java SE Embedded 7u45; and OpenJDK 7
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to 2D. NOTE: the previous
information is from the January 2014 CPU. Oracle has not commented on
third-party claims that the issue is due to incorrect input validation
in LookupProcessor.cpp in the ICU Layout Engine, which allows
attackers to cause a denial of service (crash) or possibly execute
arbitrary code via a crafted font file.
|
CVE-2013-5906 |
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Install, a different
vulnerability than CVE-2013-5905.
|
CVE-2013-5905 |
Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Install, a different
vulnerability than CVE-2013-5906.
|
CVE-2013-5904 |
Unspecified vulnerability in Oracle Java SE 7u45 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Deployment.
|
CVE-2013-5902 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than CVE-2013-5889, CVE-2014-0410, CVE-2014-0415,
CVE-2014-0418, and CVE-2014-0424.
|
CVE-2013-5901 |
Unspecified vulnerability in the Oracle Identity Manager component in
Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote attackers
to affect confidentiality via unknown vectors related to Identity
Console.
|
CVE-2013-5900 |
Unspecified vulnerability in the Oracle Identity Manager component in
Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.0, and 11.1.2.1
allows remote attackers to affect integrity via unknown vectors
related to End User Self Service.
|
CVE-2013-5899 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows
remote attackers to affect confidentiality via unknown vectors related
to Deployment.
|
CVE-2013-5898 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows
remote attackers to affect confidentiality and integrity via unknown
vectors related to Deployment, a different vulnerability than
CVE-2014-0375 and CVE-2014-0403.
|
CVE-2013-5897 |
Unspecified vulnerability in the Oracle Agile Product Lifecycle
Management for Process component in Oracle Supply Chain Products Suite
6.0, 6.1, and 6.1.1 allows remote authenticated users to affect
confidentiality and integrity via unknown vectors related to Manage
Data Cache.
|
CVE-2013-5895 |
Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45
allows remote attackers to affect confidentiality via unknown vectors
related to JavaFX.
|
CVE-2013-5894 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.13 and earlier allows remote authenticated users to affect
availability via unknown vectors related to InnoDB.
|
CVE-2013-5893 |
Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded
7u45, and OpenJDK 7, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Libraries. NOTE: the previous information is from the
January 2014 CPU. Oracle has not commented on third-party claims that
the issue is related to improper handling of methods in MethodHandles
in HotSpot JVM, which allows attackers to escape the sandbox.
|
CVE-2013-5892 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30,
4.2.22, and 4.3.6 allows local users to affect confidentiality,
integrity, and availability via unknown vectors related to Core.
|
CVE-2013-5891 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.33 and earlier and 5.6.13 and earlier allows remote
authenticated users to affect availability via unknown vectors related
to Partition.
|
CVE-2013-5890 |
Unspecified vulnerability in the Oracle Payroll component in Oracle
E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, 12.1.3, and 12.2.2
allows remote authenticated users to affect confidentiality and
integrity via unknown vectors related to Exception Reporting.
|
CVE-2013-5889 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than CVE-2013-5902, CVE-2014-0410, CVE-2014-0415,
CVE-2014-0418, and CVE-2014-0424.
|
CVE-2013-5888 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when
running with GNOME, allows local users to affect confidentiality,
integrity, and availability via unknown vectors related to Deployment.
|
CVE-2013-5887 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows
remote attackers to affect availability via unknown vectors related to
Deployment.
|
CVE-2013-5886 |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component
in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to
affect integrity via unknown vectors related to Common Application
Objects.
|
CVE-2013-5885 |
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to
affect integrity via unknown vectors related to Audit.
|
CVE-2013-5883 |
Unspecified vulnerability in Oracle Solaris 8 allows local users to
affect integrity and availability via unknown vectors related to
Kernel.
|
CVE-2013-5882 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.13 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Stored Procedures.
|
CVE-2013-5881 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.14 and earlier allows remote authenticated users to affect
availability via unknown vectors related to InnoDB, a different
vulnerability than CVE-2014-0431.
|
CVE-2013-5880 |
Unspecified vulnerability in the Oracle Demantra Demand Management
component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and
12.2.2 allows remote attackers to affect confidentiality via unknown
vectors related to DM Others.
|
CVE-2013-5879 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Maintenance.
|
CVE-2013-5878 |
Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE
Embedded 7u45, and OpenJDK 7 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Security. NOTE: the previous information is from the
January 2014 CPU. Oracle has not commented on third-party claims
that the Security component does not properly handle null XML
namespace (xmlns) attributes during XML document canonicalization,
which allows attackers to escape the sandbox.
|
CVE-2013-5877 |
Unspecified vulnerability in the Oracle Demantra Demand Management
component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server,
7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect
confidentiality via unknown vectors related to DM Others.
|
CVE-2013-5876 |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local
users to affect availability via unknown vectors related to Kernel, a
different vulnerability than CVE-2014-0447.
|
CVE-2013-5874 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and
12.2.2 allows local users to affect confidentiality via unknown
vectors related to Logging.
|
CVE-2013-5873 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote
attackers to affect confidentiality via unknown vectors related to
Integration Broker.
|
CVE-2013-5871 |
Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical
Professional component in Oracle Supply Chain Products Suite 20.1.1
allows remote authenticated users to affect confidentiality via
unknown vectors related to Web General, a different vulnerability than
CVE-2013-5868 and CVE-2014-0444.
|
CVE-2013-5870 |
Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to JavaFX.
|
CVE-2013-5869 |
Unspecified vulnerability in the Oracle WebCenter Portal component in
Oracle Fusion Middleware 11.1.1.6.0, 11.1.1.7.0, and 11.1.1.8.0 allows
remote attackers to affect confidentiality via unknown vectors related
to Page Service.
|
CVE-2013-5868 |
Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical
Professional component in Oracle Supply Chain Products Suite 20.1.1
allows remote authenticated users to affect confidentiality via
unknown vectors related to Web General, a different vulnerability than
CVE-2013-5871 and CVE-2014-0444.
|
CVE-2013-5866 |
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to
affect confidentiality, integrity, and availability via unknown
vectors related to Kernel.
|
CVE-2013-5865 |
Unspecified vulnerability in Oracle Solaris 11.1 allows local users to
affect availability via unknown vectors related to Utility/User
administration.
|
CVE-2013-5859 |
Unspecified vulnerability in the Instantis EnterpriseTrack component
in Oracle Primavera Products Suite 8.0.6 and 8.5 allows remote
attackers to affect confidentiality via unknown vectors.
|
CVE-2013-5858 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows
remote authenticated users to affect integrity via unknown vectors, a
different vulnerability than CVE-2015-0370.
|
CVE-2013-5857 |
Unspecified vulnerability in the Oracle Health Sciences InForm
component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6
SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0,
5.0 SP0a, 5.0 SP1, and 5.0 SP1a-b allows remote authenticated users to
affect confidentiality and integrity via unknown vectors related to
Web.
|
CVE-2013-5856 |
Unspecified vulnerability in the Oracle Health Sciences InForm
component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6
SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0,
5.0 SP0a, 5.0 SP1, 5.0 SP1a-b, 5.5 SP0, 5.5 SP0b, 5.5.1, and 6.0.0
allows remote authenticated users to affect confidentiality and
integrity via unknown vectors related to Web.
|
CVE-2013-5854 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and
JavaFX 2.2.40 and earlier allows remote attackers to affect
confidentiality via unknown vectors.
|
CVE-2013-5853 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote
attackers to affect availability via unknown vectors.
|
CVE-2013-5852 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Deployment, a different vulnerability than
CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5832.
|
CVE-2013-5850 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded
7u40 and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Libraries,
a different vulnerability than CVE-2013-5842.
|
CVE-2013-5848 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, and JavaFX 2.2.40 and earlier allows remote
attackers to affect integrity via unknown vectors related to
Deployment.
|
CVE-2013-5847 |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS
eCompensation component in Oracle PeopleSoft Products 9.1 and 9.2
allows remote authenticated users to affect confidentiality via
unknown vectors related to eCompensation.
|
CVE-2013-5846 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and
JavaFX 2.2.40 and earlier, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to JavaFX.
|
CVE-2013-5845 |
Unspecified vulnerability in the Oracle iLearning component in Oracle
iLearning 5.2.1 and 6.0 allows remote attackers to affect integrity
via unknown vectors related to Learner Administration.
|
CVE-2013-5844 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and
JavaFX 2.2.40 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to JavaFX.
|
CVE-2013-5843 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, Java SE 5.0u51 and earlier, JavaFX 2.2.40 and
earlier, and Java SE Embedded 7u40 and earlier allows remote attackers
to affect confidentiality, integrity, and availability via unknown
vectors related to 2D.
|
CVE-2013-5842 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded
7u40 and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Libraries,
a different vulnerability than CVE-2013-5850.
|
CVE-2013-5841 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote attackers to affect confidentiality via unknown vectors related
to Portal, a different vulnerability than CVE-2013-5794.
|
CVE-2013-5840 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded
7u40 and earlier allows remote attackers to affect confidentiality via
unknown vectors related to Libraries.
|
CVE-2013-5839 |
Unspecified vulnerability in Oracle Solaris 10 allows remote attackers
to affect integrity via unknown vectors related to Oracle Java Web
Console.
|
CVE-2013-5838 |
Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java
SE Embedded 7u25 and earlier, allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Libraries.
|
CVE-2013-5837 |
Unspecified vulnerability in the Oracle Health Sciences InForm
component in Oracle Industry Applications 4.6 SP0, 4.6 SP0a-c, 4.6
SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5.0 SP0a, 5.0 SP1, 5.0
SP1a-b, 5.0.3, and 5.0.4 allows remote authenticated users to affect
confidentiality via unknown vectors related to Cognos.
|
CVE-2013-5836 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote attackers to affect confidentiality via unknown vectors related
to Business Interlink.
|
CVE-2013-5834 |
Unspecified vulnerability in Oracle Solaris 8 allows local users to
affect confidentiality, integrity, and availability via unknown
vectors related to ps.
|
CVE-2013-5833 |
Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users
to affect availability via unknown vectors related to Filesystem.
|
CVE-2013-5832 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Deployment, a different vulnerability than
CVE-2013-5787, CVE-2013-5789, CVE-2013-5824, and CVE-2013-5852.
|
CVE-2013-5831 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote
attackers to affect integrity via unknown vectors related to
Deployment, a different vulnerability than CVE-2013-5818 and
CVE-2013-5819.
|
CVE-2013-5830 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and
earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and
earlier allows remote attackers to affect confidentiality, integrity,
and availability via unknown vectors related to Libraries.
|
CVE-2013-5829 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded
7u40 and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to 2D, a
different vulnerability than CVE-2013-5809.
|
CVE-2013-5828 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control EM Base Platform
10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3;
and EM Plugin for DB 12.1.0.2 and 12.1.0.3 allows remote attackers to
affect integrity via unknown vectors related to Storage Management.
|
CVE-2013-5827 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control EM Base Platform
10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3;
and EM Plugin for DB 12.1.0.2 allows remote attackers to affect
integrity via unknown vectors related to Storage Management.
|
CVE-2013-5826 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 6.3 and 6.3.1 allows
remote attackers to affect availability via unknown vectors related to
Install / Installation.
|
CVE-2013-5824 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Deployment, a different vulnerability than
CVE-2013-5787, CVE-2013-5789, CVE-2013-5832, and CVE-2013-5852.
|
CVE-2013-5823 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and
earlier, and Java SE Embedded 7u40 and earlier allows remote attackers
to affect availability via unknown vectors related to Security.
|
CVE-2013-5822 |
Unspecified vulnerability in the Oracle iLearning component in Oracle
iLearning 5.2.1 and 6.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Learner Administration.
|
CVE-2013-5819 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote
attackers to affect integrity via unknown vectors related to
Deployment, a different vulnerability than CVE-2013-5818 and
CVE-2013-5831.
|
CVE-2013-5818 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote
attackers to affect integrity via unknown vectors related to
Deployment, a different vulnerability than CVE-2013-5819 and
CVE-2013-5831.
|
CVE-2013-5816 |
Unspecified vulnerability in the Oracle GlassFish Server component in
Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote
attackers to affect availability via unknown vectors related to Metro.
|
CVE-2013-5815 |
Unspecified vulnerability in the Oracle Identity Analytics component
in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun
Role Manager 4.1 and 5.0 allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Security.
|
CVE-2013-5813 |
Unspecified vulnerability in the Oracle WebCenter Content component in
Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, 11.1.1.7.0, and
11.1.1.8.0 allows remote attackers to affect confidentiality and
integrity via unknown vectors related to Content Server.
|
CVE-2013-5812 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote
attackers to affect confidentiality and availability via unknown
vectors related to Deployment.
|
CVE-2013-5811 |
Unspecified vulnerability in the Oracle Health Sciences InForm
component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6
SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0,
5.0 SP0a, 5.0 SP1, and 5.0 SP1a-b allows remote authenticated users to
affect confidentiality via unknown vectors related to Web.
|
CVE-2013-5810 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and
JavaFX 2.2.40 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors.
|
CVE-2013-5809 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded
7u40 and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to 2D, a
different vulnerability than CVE-2013-5829.
|
CVE-2013-5808 |
Unspecified vulnerability in the Oracle iPlanet Web Proxy Server
component in Oracle Fusion Middleware 4.0 allows remote attackers to
affect confidentiality via unknown vectors related to Administration.
|
CVE-2013-5807 |
Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32
and 5.6.x through 5.6.12 allows remote authenticated users to affect
confidentiality and integrity via unknown vectors related to
Replication.
|
CVE-2013-5806 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java
SE Embedded 7u40 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Swing, a different vulnerability than CVE-2013-5805.
|
CVE-2013-5805 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java
SE Embedded 7u40 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Swing, a different vulnerability than CVE-2013-5806.
|
CVE-2013-5804 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and
earlier, and JRockit R27.7.6 and earlier allows remote attackers to
affect confidentiality and integrity via unknown vectors related to
Javadoc.
|
CVE-2013-5801 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded
7u40 and earlier allows remote attackers to affect confidentiality via
unknown vectors related to 2D.
|
CVE-2013-5799 |
Unspecified vulnerability in the Oracle Agile PLM Framework component
in Oracle Supply Chain Products Suite 9.3.2 allows remote attackers to
affect integrity via unknown vectors related to Security.
|
CVE-2013-5798 |
Unspecified vulnerability in the Oracle Identity Manager component in
Oracle Fusion Middleware 11.1.2.0.0 and 11.1.2.1.0 allows remote
attackers to affect integrity via unknown vectors related to End User
Self Service.
|
CVE-2013-5797 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and
earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier
allows remote authenticated users to affect integrity via unknown
vectors related to Javadoc.
|
CVE-2013-5796 |
Unspecified vulnerability in the Siebel Core - EAI component in Oracle
Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect
availability via unknown vectors related to Web Services.
|
CVE-2013-5795 |
Unspecified vulnerability in the Oracle Demantra Demand Management
component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server,
7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to
affect confidentiality via unknown vectors related to DM Others.
|
CVE-2013-5794 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote attackers to affect confidentiality via unknown vectors related
to Portal, a different vulnerability than CVE-2013-5841.
|
CVE-2013-5793 |
Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to InnoDB, a different vulnerability than
CVE-2013-5786.
|
CVE-2013-5792 |
Unspecified vulnerability in the Techstack component in Oracle
E-Business Suite 12.1 allows remote attackers to affect
confidentiality via unknown vectors related to Apache.
|
CVE-2013-5791 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters. NOTE: the previous information is from
the October 2013 CPU. Oracle has not commented on claims from a third
party that the issue is a stack-based buffer overflow in the Microsoft
Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52,
which allows attackers to execute arbitrary code via a long field (aka
column) name.
|
CVE-2013-5789 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Deployment, a different vulnerability than
CVE-2013-5787, CVE-2013-5824, CVE-2013-5832, and CVE-2013-5852.
|
CVE-2013-5788 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java
SE Embedded 7u40 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Deployment.
|
CVE-2013-5787 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, and Java SE Embedded 7u40 and earlier allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Deployment, a different vulnerability than
CVE-2013-5789, CVE-2013-5824, CVE-2013-5832, and CVE-2013-5852.
|
CVE-2013-5786 |
Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to InnoDB, a different vulnerability than
CVE-2013-5793.
|
CVE-2013-5785 |
Unspecified vulnerability in the Oracle Reports Developer component in
Oracle Fusion Middleware 11.1.1.6, 11.1.1.7, and 11.1.2.1 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Security and
Authentication.
|
CVE-2013-5783 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, Java SE 5.0u51 and earlier, and Java SE Embedded
7u40 and earlier allows remote attackers to affect confidentiality and
integrity via unknown vectors related to Swing.
|
CVE-2013-5782 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and
earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and
earlier allows remote attackers to affect confidentiality, integrity,
and availability via unknown vectors related to 2D.
|
CVE-2013-5780 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE
6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and
earlier, JRockit R27.7.6 and earlier, and Java SE Embedded 7u40 and
earlier allows remote attackers to affect confidentiality via unknown
vectors related to Libraries.
|
CVE-2013-5778 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and
earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows
remote attackers to affect confidentiality via unknown vectors related
to 2D.
|
CVE-2013-5777 |
Unspecified vulnerability in the Java SE and JavaFX components in
Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2013-5775.
|
CVE-2013-5776 |
Unspecified vulnerability in the Java SE and Java SE Embedded
components in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60
and earlier, and Java SE Embedded 7u40 and earlier allows remote
attackers to affect integrity via unknown vectors related to
Deployment.
|
CVE-2013-5775 |
Unspecified vulnerability in the Java SE and JavaFX components in
Oracle Java SE 7u40 and earlier and JavaFX 2.2.40 and earlier allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2013-5777.
|
CVE-2013-5774 |
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and
earlier, 5.0u51 and earlier, and Embedded 7u40 and earlier allows
remote attackers to affect integrity via unknown vectors related to
Libraries.
|
CVE-2013-5773 |
Unspecified vulnerability in the Oracle Containers for J2EE component
in Oracle Fusion Middleware 10.1.3.5.0 allows remote attackers to
affect integrity via unknown vectors related to Servlet Runtime.
|
CVE-2013-5772 |
Unspecified vulnerability in the Java SE component in Oracle Java SE
Java SE 7u40 and earlier and Java SE 6u60 and earlier allows remote
attackers to affect integrity via unknown vectors related to jhat.
|
CVE-2013-5771 |
Unspecified vulnerability in the XML Parser component in Oracle
Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows
remote attackers to affect confidentiality and availability via
unknown vectors.
|
CVE-2013-5770 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.11 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Locking.
|
CVE-2013-5769 |
Unspecified vulnerability in the Siebel Core - EAI component in Oracle
Siebel CRM 8.1.1 allows remote authenticated users to affect
availability via unknown vectors related to Web Services.
|
CVE-2013-5768 |
Unspecified vulnerability in the Siebel UI Framework component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to
affect integrity via unknown vectors related to ActiveX Controls.
|
CVE-2013-5767 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.12 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Optimizer.
|
CVE-2013-5766 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control EM Base Platform
10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3;
and EM Plugin for DB 12.1.0.2 and 12.1.0.3 allows remote attackers to
affect integrity via unknown vectors related to DB Performance
Advisories/UIs.
|
CVE-2013-5764 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 11.1.0.7, 11.2.0.3, and 12.1.0.1 allows remote
authenticated users to affect availability via unknown vectors.
|
CVE-2013-5763 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.4.0 allows context-dependent
attackers to affect availability via unknown vectors related to
Outside In Maintenance. NOTE: the original disclosure of this issue
erroneously mapped it to CVE-2013-3624.
|
CVE-2013-5762 |
Unspecified vulnerability in the Oracle Siebel CTMS component in
Oracle Industry Applications 8.1.1.x allows local users to affect
confidentiality and availability via unknown vectors related to SC-OC
Integration.
|
CVE-2013-5761 |
Unspecified vulnerability in the Siebel Core - Server BizLogic Script
component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers
to affect confidentiality and integrity via unknown vectors related to
Integration - Scripting.
|
CVE-2013-5610 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 26.0 and SeaMonkey before 2.23 allow remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors.
|
CVE-2013-5609 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird before
24.2, and SeaMonkey before 2.23 allow remote attackers to cause a
denial of service (memory corruption and application crash) or
possibly execute arbitrary code via unknown vectors.
|
CVE-2013-5592 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 25.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2013-5591 |
Unspecified vulnerability in the browser engine in Mozilla Firefox
before 25.0, Firefox ESR 24.x before 24.1, Thunderbird before 24.1,
and SeaMonkey before 2.22 allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2013-5590 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 25.0, Firefox ESR 17.x before 17.0.10 and 24.x before
24.1, Thunderbird before 24.1, Thunderbird ESR 17.x before 17.0.10,
and SeaMonkey before 2.22 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2013-5416 |
Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12,
8.0.0.x before 8.0.0.9, and 8.0.1.x before 8.0.1.2 allows local users
to gain privileges via unknown vectors.
|
CVE-2013-5403 |
Unspecified vulnerability on the IBM WebSphere DataPower XC10
appliance 2.0 through 2.5.0.1 allows remote attackers to obtain
administrative access via unknown vectors.
|
CVE-2013-5400 |
An unspecified servlet in IBM Platform Symphony Developer Edition (DE)
5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows
remote attackers to bypass authentication and obtain "local
environment" access via unknown vectors.
|
CVE-2013-5370 |
Unspecified vulnerability in IBM SPSS Collaboration and Deployment
Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute
arbitrary code via unknown vectors, a different vulnerability than
CVE-2013-4042.
|
CVE-2013-5356 |
Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict
access to unspecified AJAX functionality, which allows remote
attackers to bypass authentication via unknown vectors.
|
CVE-2013-5303 |
Unspecified vulnerability in the Store Locator (locator) extension
before 3.1.5 for TYPO3 has unknown impact and remote attack vectors,
related to "Insecure Unserialize."
|
CVE-2013-5034 |
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before
7.1.2, has unknown impact and attack vectors, a different
vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033.
|
CVE-2013-5033 |
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before
7.1.2, has unknown impact and attack vectors, a different
vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034.
|
CVE-2013-5032 |
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before
7.1.2, has unknown impact and attack vectors, a different
vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034.
|
CVE-2013-5031 |
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before
7.1.2, has unknown impact and attack vectors, a different
vulnerability than CVE-2013-5032, CVE-2013-5033, and CVE-2013-5034.
|
CVE-2013-4947 |
Unspecified vulnerability in the update and build database page in
Sawmill before 8.6.3 allows remote attackers to have unknown impact
and attack vectors.
|
CVE-2013-4937 |
Multiple unspecified vulnerabilities in the AiCloud feature on the
ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and
DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack
vectors.
|
CVE-2013-4871 |
Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO
Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote
attackers to hijack the authentication of unspecified victims via
unknown vectors.
|
CVE-2013-4846 |
Unspecified vulnerability in HP System Management Homepage (SMH)
before 7.3 allows remote attackers to obtain sensitive information via
unknown vectors.
|
CVE-2013-4844 |
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30,
9.31, and 9.32, and ServiceCenter 6.2.8, allows remote attackers to
execute arbitrary code via unknown vectors.
|
CVE-2013-4843 |
Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with
firmware before 1.32 allows remote authenticated users to obtain
sensitive information via unknown vectors.
|
CVE-2013-4841 |
Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in
HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand
Virtual SAN Appliance) allows remote attackers to execute arbitrary
code via unknown vectors, aka ZDI-CAN-1509.
|
CVE-2013-4840 |
Unspecified vulnerability in HP and H3C VPN Firewall Module products
SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177
allows remote attackers to cause a denial of service via unknown
vectors.
|
CVE-2013-4839 |
Unspecified vulnerability in Virtual User Generator in HP LoadRunner
before 11.52 allows remote attackers to obtain sensitive information,
modify data, or cause a denial of service via unknown vectors, aka
ZDI-CAN-1851.
|
CVE-2013-4838 |
Unspecified vulnerability in Virtual User Generator in HP LoadRunner
before 11.52 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1850.
|
CVE-2013-4837 |
Unspecified vulnerability in Virtual User Generator in HP LoadRunner
before 11.52 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1832.
|
CVE-2013-4836 |
Unspecified vulnerability in the GossipService SOAP Request
implementation in the Synchronizer component before 1.4.2 in HP
Application LifeCycle Management (ALM) allows remote attackers to
execute arbitrary code via unknown vectors, aka ZDI-CAN-1759.
|
CVE-2013-4834 |
Unspecified vulnerability in the client component in HP Application
LifeCycle Management (ALM) before 11 p11 allows remote attackers to
execute arbitrary code via unknown vectors, aka ZDI-CAN-1327.
|
CVE-2013-4826 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and HP IMC Service Operation Management Software Module allows remote
attackers to obtain sensitive information via unknown vectors, aka
ZDI-CAN-1647.
|
CVE-2013-4825 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and HP IMC Service Operation Management Software Module allows remote
attackers to bypass intended access restrictions via unknown vectors,
aka ZDI-CAN-1645.
|
CVE-2013-4824 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and HP IMC Service Operation Management Software Module allows remote
attackers to bypass authentication via unknown vectors, aka
ZDI-CAN-1644.
|
CVE-2013-4823 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and HP IMC Branch Intelligent Management System Software Module (aka
BIMS) allows remote attackers to obtain sensitive information via
unknown vectors, aka ZDI-CAN-1607.
|
CVE-2013-4822 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and HP IMC Branch Intelligent Management System Software Module (aka
BIMS) allows remote attackers to execute arbitrary code via unknown
vectors, aka ZDI-CAN-1606.
|
CVE-2013-4821 |
Unspecified vulnerability in HP System Management Homepage (SMH)
before 7.2.1 allows remote authenticated users to cause a denial of
service via unknown vectors.
|
CVE-2013-4820 |
Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall
SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option
10.0, IceWall SSO SAML2 Agent Option 8.0, IceWall SSO JAVA Agent
Library 8.0 through 10.0, IceWall Federation Agent 3.0, and IceWall
File Manager 3.0 through SP4 allows remote authenticated users to
obtain sensitive information via unknown vectors.
|
CVE-2013-4819 |
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through
10.0 allows remote authenticated users to obtain sensitive information
via unknown vectors.
|
CVE-2013-4818 |
Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall
SSO Agent Option 8.0 through 10.0, IceWall SSO Smart Device Option
10.0, and IceWall File Manager 3.0 through SP4 allows remote attackers
to obtain sensitive information via unknown vectors.
|
CVE-2013-4817 |
Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through
10.0 allows remote attackers to obtain sensitive information via
unknown vectors.
|
CVE-2013-4808 |
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and
9.31 and Service Center 6.2.8 allows remote attackers to obtain
privileged access via unknown vectors.
|
CVE-2013-4807 |
Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn,
M1212nf MFP, M1213nf MFP, M1214nfh MFP, M1216nfh MFP, M1217nfw MFP,
M1218nfs MFP, and CP1025nw with firmware before 2013-07-26 20130703
allows remote attackers to modify data via unknown vectors.
|
CVE-2013-4805 |
Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3)
firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows
remote attackers to bypass authentication via unknown vectors.
|
CVE-2013-4804 |
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch
1 and 9.22 patch 1 allows remote attackers to execute arbitrary code
and obtain sensitive information via unknown vectors.
|
CVE-2013-4801 |
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote
attackers to execute arbitrary code via unknown vectors, aka
ZDI-CAN-1736.
|
CVE-2013-4800 |
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote
attackers to execute arbitrary code via unknown vectors, aka
ZDI-CAN-1735.
|
CVE-2013-4799 |
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote
attackers to execute arbitrary code via unknown vectors, aka
ZDI-CAN-1734.
|
CVE-2013-4798 |
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote
attackers to execute arbitrary code via unknown vectors, aka
ZDI-CAN-1705.
|
CVE-2013-4797 |
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote
attackers to execute arbitrary code via unknown vectors, aka
ZDI-CAN-1690.
|
CVE-2013-4767 |
Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown
impact and attack vectors.
|
CVE-2013-4726 |
Cross-site request forgery (CSRF) vulnerability in DDSN Interactive
cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly
other versions, allows remote attackers to hijack the authentication
of unspecified victims via unknown vectors.
|
CVE-2013-4697 |
Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop
Management - Manager 09-50 through 09-50-03, 09-51 through 09-51-05,
10-00 through 10-00-02, and 10-01 through 10-01-02; Hitachi Job
Management Partner 1/IT Desktop Management - Manager 09-50 through
09-50-03 and 10-01; and Hitachi IT Operations Director 02-50 through
02-50-07, 03-00 through 03-00-12, and 04-00 through 04-00-01 allow
remote authenticated users to gain privileges via unknown vectors.
|
CVE-2013-4671 |
Cross-site request forgery (CSRF) vulnerability in the management
console on the Symantec Web Gateway (SWG) appliance before 5.1.1
allows remote authenticated users to hijack the authentication of
unspecified victims via unknown vectors.
|
CVE-2013-4611 |
Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow
remote attackers to have an unknown impact via vectors involving (1)
the Online Designer page or (2) the Manage Survey Participants page.
|
CVE-2013-4610 |
Unspecified vulnerability in the Data Search utility in data-entry
forms in REDCap before 5.0.3 and 5.1.x before 5.1.2 has unknown impact
and remote attack vectors.
|
CVE-2013-4365 |
Heap-based buffer overflow in the fcgid_header_bucket_read function in
fcgid_bucket.c in the mod_fcgid module before 2.3.9 for the Apache
HTTP Server allows remote attackers to have an unspecified impact via
unknown vectors.
|
CVE-2013-4362 |
WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users
to gain privileges via unknown attack vectors in (1)
kernel_interface.c and (2) mount_davfs.c, related to the "system"
function.
|
CVE-2013-4316 |
Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation
by default, which has unknown impact and attack vectors.
|
CVE-2013-4290 |
Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote
attackers to have unspecified impact via unknown vectors to (1)
lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3)
lib/openjp3d/event.c.
|
CVE-2013-4189 |
Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py,
and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5,
and 4.3.x through 4.3.1 allow remote authenticated users with
administrator access to a subtree to access nodes above the subtree
via unknown vectors.
|
CVE-2013-4050 |
Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in
Domino Web Administrator in IBM Domino 8.5 and 9.0 allows remote
authenticated users to hijack the authentication of unspecified
victims via unknown vectors.
|
CVE-2013-4042 |
Unspecified vulnerability in IBM SPSS Collaboration and Deployment
Services 4.2.1 and 5.0 through FP2 allows remote attackers to execute
arbitrary code via unknown vectors, a different vulnerability than
CVE-2013-5370.
|
CVE-2013-4022 |
IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager
5.x before 5.2, InfoSphere Optim Configuration Manager 2.x before 2.2,
and DB2 Recovery Expert 2.x store unspecified authentication
information in a cookie, which allows remote authenticated users to
bypass intended access restrictions via unknown vectors.
|
CVE-2013-4021 |
IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12,
and 7.5 before 7.5.0.5 allows remote authenticated users to conduct
unspecified file-inclusion attacks via unknown vectors.
|
CVE-2013-4002 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM
Java 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6,
and 7 before 7 SR5 allows remote attackers to affect availability via
unknown vectors.
|
CVE-2013-3992 |
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere
BigInsights 2.0 through 2.1 allows remote authenticated users to
hijack the authentication of unspecified victims via unknown vectors.
|
CVE-2013-3841 |
Unspecified vulnerability in the Siebel Core - EAI component in Oracle
Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect
confidentiality via unknown vectors related to Web Services.
|
CVE-2013-3840 |
Unspecified vulnerability in the Siebel Core - EAI component in Oracle
Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect
confidentiality via unknown vectors related to Web Services.
|
CVE-2013-3839 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.70 and earlier, 5.5.32 and earlier, and 5.6.12 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Optimizer.
|
CVE-2013-3838 |
Unspecified vulnerability in Oracle SPARC Enterprise T & M Series
Servers running Sun System Firmware before 6.7.13 for SPARC T1,
7.4.6.c for SPARC T2, 8.3.0.b for SPARC T3 & T4, 9.0.0.d for SPARC T5
and 9.0.1.e for SPARC M5 allows local users to affect availability via
unknown vectors related to Sun System Firmware/Hypervisor.
|
CVE-2013-3837 |
Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote
attackers to affect availability via unknown vectors related to Cacao.
|
CVE-2013-3835 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote attackers to affect confidentiality via unknown vectors related
to Integration Broker.
|
CVE-2013-3834 |
Unspecified vulnerability in the Oracle Secure Global Desktop
component in Oracle Virtualization 5 allows remote attackers to affect
availability via unknown vectors related to ttaauxserv.
|
CVE-2013-3833 |
Unspecified vulnerability in the Oracle Access Manager component in
Oracle Fusion Middleware 11.1.1.5.0 and 11.1.2.0.0 allows remote
attackers to affect integrity via unknown vectors related to
Authentication Engine.
|
CVE-2013-3832 |
Unspecified vulnerability in the Siebel Server Remote component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to
affect integrity via unknown vectors related to File System
Management.
|
CVE-2013-3831 |
Unspecified vulnerability in the Oracle Portal component in Oracle
Fusion Middleware 11.1.1.6.0 allows remote authenticated users to
affect confidentiality and integrity via unknown vectors related to
Demos.
|
CVE-2013-3830 |
Unspecified vulnerability in the Hyperion Strategic Finance component
in Oracle Hyperion 11.1.2.1 and 11.1.2.2 allows remote authenticated
users to affect confidentiality, integrity, and availability via
unknown vectors related to Server.
|
CVE-2013-3829 |
Unspecified vulnerability in the Java SE, Java SE Embedded component
in Oracle Java SE Java SE 7u40 and earlier, Java SE 6u60 and earlier,
Java SE 5.0u51 and earlier, and Java SE Embedded 7u40 and earlier
allows remote attackers to affect confidentiality and integrity via
unknown vectors related to Libraries.
|
CVE-2013-3828 |
Unspecified vulnerability in the Oracle Web Services component in
Oracle Fusion Middleware 10.1.3.5.0 and 11.1.1.6.0 allows remote
attackers to affect confidentiality via unknown vectors related to
Test Page.
|
CVE-2013-3827 |
Unspecified vulnerability in the Oracle GlassFish Server component in
Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2; the Oracle
JDeveloper component in Oracle Fusion Middleware 11.1.2.3.0,
11.1.2.4.0, and 12.1.2.0.0; and the Oracle WebLogic Server component
in Oracle Fusion Middleware 10.3.6.0 and 12.1.1 allows remote
attackers to affect confidentiality via unknown vectors related to
Java Server Faces or Web Container.
|
CVE-2013-3826 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 11.1.0.7, 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows
remote attackers to affect confidentiality via unknown vectors.
|
CVE-2013-3825 |
Unspecified vulnerability in the Oracle Agile Product Collaboration
component in Oracle Supply Chain Products Suite 9.3.1 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Folders & Files Attachment.
|
CVE-2013-3824 |
Unspecified vulnerability in the Oracle Agile Collaboration Framework
component in Oracle Supply Chain Products Suite 9.3.1 allows remote
authenticated users to affect integrity via unknown vectors related to
Manufacturing/Mfg Parts.
|
CVE-2013-3823 |
Unspecified vulnerability in the Oracle Agile PLM Framework component
in Oracle Supply Chain Products Suite 9.3.1 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Security.
|
CVE-2013-3822 |
Unspecified vulnerability in the Oracle Agile PLM Framework component
in Oracle Supply Chain Products Suite 9.3.1 allows remote attackers to
affect integrity via unknown vectors related to Web Client (CS).
|
CVE-2013-3821 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote attackers to affect confidentiality and availability via
unknown vectors related to Integration Broker.
|
CVE-2013-3820 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote attackers to affect availability via unknown vectors related to
Business Interlink.
|
CVE-2013-3819 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote attackers to affect confidentiality and availability via
unknown vectors related to Mobile Applications.
|
CVE-2013-3818 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote attackers to affect integrity via unknown vectors related to
Portal, a different vulnerability than CVE-2013-2404.
|
CVE-2013-3816 |
Unspecified vulnerability in the Oracle Policy Automation component in
Oracle Industry Applications 10.2.0, 10.3.0, 10.3.1, 10.4.0, 10.4.1,
and 10.4.2 allows remote authenticated users to affect confidentiality
via unknown vectors related to Determinations Engine.
|
CVE-2013-3814 |
Unspecified vulnerability in the Oracle Retail Invoice Matching
component in Oracle Industry Applications 10.2, 11.0, 12.0, 12.0IN,
12.1, 13.0, 13.1, and 13.2 allows remote authenticated users to affect
confidentiality and integrity via unknown vectors related to System
Administration.
|
CVE-2013-3812 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote
authenticated users to affect availability via unknown vectors related
to Server Replication.
|
CVE-2013-3811 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.11 and earlier allows remote authenticated users to affect
availability via unknown vectors related to InnoDB, a different
vulnerability than CVE-2013-3806.
|
CVE-2013-3810 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.11 and earlier allows remote authenticated users to affect
availability via unknown vectors related to XA Transactions.
|
CVE-2013-3809 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote
authenticated users to affect integrity via unknown vectors related to
Audit Log.
|
CVE-2013-3808 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote
authenticated users to affect availability via unknown vectors related
to Server Options.
|
CVE-2013-3807 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.11 and earlier allows remote attackers to affect
confidentiality and integrity via unknown vectors related to Server
Privileges.
|
CVE-2013-3806 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.11 and earlier allows remote authenticated users to affect
availability via unknown vectors related to InnoDB, a different
vulnerability than CVE-2013-3811.
|
CVE-2013-3805 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users
to affect availability via unknown vectors related to Prepared
Statements.
|
CVE-2013-3804 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Server Optimizer.
|
CVE-2013-3803 |
Unspecified vulnerability in the Hyperion BI+ component in Oracle
Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier,
and 11.1.2.2.305 and earlier allows remote authenticated users to
affect confidentiality via unknown vectors related to Intelligence
Service.
|
CVE-2013-3802 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to Full Text Search.
|
CVE-2013-3801 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users
to affect availability via unknown vectors related to Server Options.
|
CVE-2013-3800 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote attackers to affect confidentiality and integrity via unknown
vectors related to Business Interlinks.
|
CVE-2013-3799 |
Unspecified vulnerability in Oracle Solaris 10 and 11, when running on
AMD64, allows local users to affect availability via unknown vectors
related to Kernel.
|
CVE-2013-3798 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.11 and earlier allows remote attackers to affect integrity
and availability via unknown vectors related to MemCached.
|
CVE-2013-3797 |
Unspecified vulnerability in Oracle Solaris 11 allows local users to
affect availability via unknown vectors related to Filesystem/DevFS.
|
CVE-2013-3796 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.11 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Server Optimizer.
|
CVE-2013-3795 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.6.11 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Data Manipulation
Language.
|
CVE-2013-3794 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.30 and earlier and 5.6.10 allows remote authenticated users
to affect availability via unknown vectors related to Server
Partition.
|
CVE-2013-3793 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote
authenticated users to affect availability via unknown vectors related
to Data Manipulation Language.
|
CVE-2013-3792 |
Unspecified vulnerability in the Oracle VM VirtualBox component in
Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and
4.2.18 allows local users to affect availability via unknown vectors
related to Core.
|
CVE-2013-3791 |
Unspecified vulnerability in Enterprise Manager (EM) Base Platform
10.2.0.5 and EM DB Control 11.1.0.7 in Oracle Enterprise Manager Grid
Control allows remote attackers to affect integrity via unknown
vectors related to User Interface Framework.
|
CVE-2013-3790 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3
allows remote authenticated users to affect integrity via unknown
vectors related to Privileged Account.
|
CVE-2013-3789 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3
allows remote authenticated users to affect confidentiality,
integrity, and availability via unknown vectors.
|
CVE-2013-3788 |
Unspecified vulnerability in the Oracle iSupplier Portal component in
Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3
allows remote attackers to affect integrity via unknown vectors
related to Supplier Management.
|
CVE-2013-3787 |
Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote
attackers to affect availability via unknown vectors related to
Kernel.
|
CVE-2013-3786 |
Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Kernel.
|
CVE-2013-3785 |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component
in Oracle PeopleSoft Products 9.1 allows remote authenticated users to
affect confidentiality via unknown vectors related to Career's Home.
|
CVE-2013-3784 |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component
in Oracle PeopleSoft Products 9.1 allows remote authenticated users to
affect confidentiality and integrity via unknown vectors Time and
Labor.
|
CVE-2013-3783 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.31 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Server Parser.
|
CVE-2013-3782 |
Unspecified vulnerability in the Secure Global Desktop component in
Oracle Virtualization 4.6 prior to 4.63 and 4.7 prior to 4.71 allows
remote attackers to affect integrity via unknown vectors related to
Web UI.
|
CVE-2013-3781 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2013-3776.
|
CVE-2013-3780 |
Unspecified vulnerability in the PeopleSoft Enterprise Portal
component in Oracle PeopleSoft Products 9.1 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Saved Search.
|
CVE-2013-3779 |
Unspecified vulnerability in the Secure Global Desktop component in
Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to
4.71 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Web UI.
|
CVE-2013-3778 |
Unspecified vulnerability in the Oracle Applications Technology Stack
component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote
attackers to affect integrity via unknown vectors related to Help.
|
CVE-2013-3777 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3
allows remote attackers to affect integrity via unknown vectors
related to Signon.
|
CVE-2013-3776 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2013-3781.
|
CVE-2013-3775 |
Unspecified vulnerability in the Oracle iLearning component in Oracle
iLearning 5.2.1 and 6.0 allows remote attackers to affect integrity
via unknown vectors related to Learner Pages.
|
CVE-2013-3774 |
Unspecified vulnerability in the Network Layer component in Oracle
Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, 11.2.0.3, and
12.1.0.1 allows remote attackers to affect confidentiality, integrity,
and availability via unknown vectors.
|
CVE-2013-3772 |
Unspecified vulnerability in the Oracle WebCenter Content component in
Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows
remote attackers to affect integrity via unknown vectors related to
Web Forms.
|
CVE-2013-3771 |
Unspecified vulnerability in the Oracle executable component in Oracle
Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2013-3760.
|
CVE-2013-3770 |
Unspecified vulnerability in the Oracle WebCenter Content component in
Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows
remote authenticated users to affect confidentiality and integrity via
unknown vectors related to Content Server. NOTE: the previous
information is from the October 2013 CPU. Oracle has not commented on
claims from a third party that the issue is related to "iDoc script
injection" in the (1) cs and (2) urm components, which allows
attackers to read "sensitive" files, as demonstrated by obtaining the
"AES encryption key and encrypted credentials" of the weblogic user.
|
CVE-2013-3769 |
Unspecified vulnerability in the Oracle WebCenter Content component in
Oracle Fusion Middleware 10.1.3.5.1, 11.1.1.6.0, and 11.1.1.7.0 allows
remote attackers to affect integrity via unknown vectors related to
Site Studio.
|
CVE-2013-3768 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote attackers to affect integrity via unknown vectors related to
Rich Text Editor.
|
CVE-2013-3767 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite Access Gate 1.2.1 allows remote
attackers to affect integrity via unknown vectors.
|
CVE-2013-3766 |
Unspecified vulnerability in the Primavera P6 Enterprise Project
Portfolio Management component in Oracle Primavera Products Suite 8.1,
8.2, and 8.3 allows remote authenticated users to affect integrity via
unknown vectors related to Web Access.
|
CVE-2013-3765 |
Unspecified vulnerability in Oracle Solaris 11 allows local users to
affect availability via unknown vectors related to Kernel/VM.
|
CVE-2013-3764 |
Unspecified vulnerability in the Oracle Endeca Server component in
Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated
users to affect confidentiality and integrity via unknown vectors, a
different vulnerability than CVE-2013-3763.
|
CVE-2013-3763 |
Unspecified vulnerability in the Oracle Endeca Server component in
Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated
users to affect confidentiality and integrity via unknown vectors, a
different vulnerability than CVE-2013-3764.
|
CVE-2013-3762 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control EM Base Platform
10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3;
and EM Plugin for DB 12.1.0.2, 12.1.0.3, and 12.1.0.4 allows remote
attackers to affect integrity via unknown vectors related to Schema
Management.
|
CVE-2013-3760 |
Unspecified vulnerability in the Oracle executable component in Oracle
Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3
allows local users to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2013-3771.
|
CVE-2013-3758 |
Unspecified vulnerability in the Enterprise Manager (EM) Base Platform
10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.4, 10.2.0.5, 11.1.0.7,
11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 and 12.1.0.3 in
Oracle Enterprise Manager Grid Control allows remote attackers to
affect integrity via unknown vectors related to Schema Management.
|
CVE-2013-3756 |
Unspecified vulnerability in the Oracle Landed Cost Management
component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows
remote authenticated users to affect confidentiality and integrity via
unknown vectors related to Shipment Workbench.
|
CVE-2013-3754 |
Unspecified vulnerability in the Solaris Cluster component in Oracle
and Sun Systems Products Suite 3.3 allows local users to affect
confidentiality, integrity, and availability via unknown vectors
related to HA for TimesTen.
|
CVE-2013-3751 |
Unspecified vulnerability in the XML Parser component in Oracle
Database Server 11.2.0.2, 11.2.0.3, and 12.1.0.1 allows remote
authenticated users to affect confidentiality, integrity, and
availability via unknown vectors.
|
CVE-2013-3750 |
Unspecified vulnerability in Oracle Solaris 11 allows local users to
affect confidentiality, integrity, and availability via unknown
vectors related to Kernel/VM
|
CVE-2013-3749 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3
allows remote authenticated users to affect confidentiality via
unknown vectors related to Logging. NOTE: the previous information is
from the July 2013 CPU. Oracle has not commented on claims from a
third party that the issue is due to storage of credentials in the (1)
FND_LOG_MESSAGES database table or (2) log files by "native login
pages."
|
CVE-2013-3747 |
Unspecified vulnerability in the Oracle Applications Technology Stack
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3
allows remote authenticated users to affect confidentiality via
unknown vectors related to Client System Analyzer.
|
CVE-2013-3746 |
Unspecified vulnerability in the Solaris Cluster component in Oracle
and Sun Systems Products Suite 3.2, 3.3, and 4 prior to 4.1 SRU 3
allows local users to affect confidentiality, integrity, and
availability via unknown vectors related to Zone Cluster
Infrastructure.
|
CVE-2013-3745 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows
local users to affect availability via unknown vectors related to
Libraries/Libc.
|
CVE-2013-3744 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier allows remote
attackers to affect integrity via unknown vectors related to
Deployment, a different vulnerability than CVE-2013-2400.
|
CVE-2013-3612 |
Dahua DVR appliances have a hardcoded password for (1) the root
account and (2) an unspecified "backdoor" account, which makes it
easier for remote attackers to obtain administrative access via
authorization requests involving (a) ActiveX, (b) a standalone client,
or (c) unknown other vectors.
|
CVE-2013-3573 |
HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct
unspecified injection attacks via unknown vectors.
|
CVE-2013-3477 |
Cross-site request forgery (CSRF) vulnerability in the Related Posts
by Zemanta plugin before 1.3.2 for WordPress allows remote attackers
to hijack the authentication of unspecified users for requests that
change settings via unknown vectors.
|
CVE-2013-3402 |
An unspecified function in Cisco Unified Communications Manager (CUCM)
7.1(x) through 9.1(2) allows remote authenticated users to execute
arbitrary commands via unknown vectors, aka Bug ID CSCuh73440.
|
CVE-2013-3374 |
Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17
and 4.0.x before 4.0.13, when using the Apache::Session::File session
store, allows remote attackers to obtain sensitive information (user
preferences and caches) via unknown vectors, related to a "limited
session re-use."
|
CVE-2013-3349 |
Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when
the JRun application server is used, allows remote attackers to cause
a denial of service via unknown vectors.
|
CVE-2013-3336 |
Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and
10 allows remote attackers to read arbitrary files via unknown
vectors.
|
CVE-2013-3243 |
Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver
allows remote attackers to execute arbitrary ABAP code via unknown
vectors.
|
CVE-2013-3211 |
Unspecified vulnerability in Opera before 12.15 has unknown impact and
attack vectors, related to a "moderately severe issue."
|
CVE-2013-3038 |
Unspecified vulnerability in IBM Rational Requirements Composer before
4.0.4 makes it easier for remote attackers to discover credentials via
unknown vectors.
|
CVE-2013-3037 |
Unspecified vulnerability in IBM Rational Requirements Composer before
4.0.4 makes it easier for local users to gain privileges via unknown
vectors.
|
CVE-2013-3012 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM
Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6
SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote
attackers to affect confidentiality, availability, and integrity via
unknown vectors, a different vulnerability than CVE-2013-3009 and
CVE-2013-3011.
|
CVE-2013-3011 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM
Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6
SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote
attackers to affect confidentiality, availability, and integrity via
unknown vectors, a different vulnerability than CVE-2013-3009 and
CVE-2013-3012.
|
CVE-2013-3010 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM
Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers
to affect confidentiality, availability, and integrity via unknown
vectors, a different vulnerability than CVE-2013-3007.
|
CVE-2013-3008 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM
Java 7 before 7 SR5 allows remote attackers to affect confidentiality,
availability, and integrity via unknown vectors, a different
vulnerability than CVE-2013-3006.
|
CVE-2013-3007 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM
Java 6.0.1 before 6.0.1 SR6 and 7 before 7 SR5 allows remote attackers
to affect confidentiality, availability, and integrity via unknown
vectors, a different vulnerability than CVE-2013-3006.
|
CVE-2013-3006 |
Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM
Java 7 before 7 SR5 allows remote attackers to affect confidentiality,
availability, and integrity via unknown vectors, a different
vulnerability than CVE-2013-3008.
|
CVE-2013-3003 |
Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite
1.1, 2.1, and 2.2 allows remote authenticated users to execute
arbitrary commands via unknown vectors.
|
CVE-2013-2994 |
IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5
incorrectly maintains a valid session after unspecified interaction
with REST services, which allows remote attackers to issue REST
requests in the context of an arbitrary user's active session via
unknown vectors.
|
CVE-2013-2993 |
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7
does not properly perform authentication for unspecified web services,
which allows remote attackers to issue requests in the context of an
arbitrary user's active session via unknown vectors.
|
CVE-2013-2970 |
Unspecified vulnerability in IBM QRadar Security Information and Event
Manager (SIEM) 7.x before 7.1 MR2 Patch 1 allows remote authenticated
users to execute operating-system commands via unknown vectors.
|
CVE-2013-2940 |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka
Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in
CTX137162.
|
CVE-2013-2939 |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka
Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in
CTX137162.
|
CVE-2013-2938 |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka
Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in
CTX137162.
|
CVE-2013-2937 |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka
Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack
vectors, related to debugging messages, a different vulnerability than
other CVEs listed in CTX137162.
|
CVE-2013-2936 |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka
Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in
CTX137162.
|
CVE-2013-2935 |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka
Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in
CTX137162.
|
CVE-2013-2933 |
Unspecified vulnerability in Citrix CloudPortal Services Manager (aka
Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack
vectors, a different vulnerability than other CVEs listed in
CTX137162.
|
CVE-2013-2931 |
Multiple unspecified vulnerabilities in Google Chrome before
31.0.1650.48 allow attackers to execute arbitrary code or possibly
have other impact via unknown vectors.
|
CVE-2013-2928 |
Multiple unspecified vulnerabilities in Google Chrome before
30.0.1599.101 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2013-2924 |
Use-after-free vulnerability in International Components for Unicode
(ICU), as used in Google Chrome before 30.0.1599.66 and other
products, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via unknown vectors.
|
CVE-2013-2923 |
Multiple unspecified vulnerabilities in Google Chrome before
30.0.1599.66 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2013-2919 |
Google V8, as used in Google Chrome before 30.0.1599.66, allows remote
attackers to cause a denial of service (memory corruption) or possibly
have unspecified other impact via unknown vectors.
|
CVE-2013-2910 |
Use-after-free vulnerability in
modules/webaudio/AudioScheduledSourceNode.cpp in the Web Audio
implementation in Blink, as used in Google Chrome before 30.0.1599.66,
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.
|
CVE-2013-2901 |
Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and
(2) libGLESv2/renderer/Renderer11.cpp in Almost Native Graphics Layer
Engine (ANGLE), as used in Google Chrome before 29.0.1547.57, allow
remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.
|
CVE-2013-2887 |
Multiple unspecified vulnerabilities in Google Chrome before
29.0.1547.57 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2013-2886 |
Multiple unspecified vulnerabilities in Google Chrome before
28.0.1500.95 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2013-2880 |
Multiple unspecified vulnerabilities in Google Chrome before
28.0.1500.71 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2013-2865 |
Multiple unspecified vulnerabilities in Google Chrome before
27.0.1453.110 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2013-2864 |
The PDF functionality in Google Chrome before 27.0.1453.110 allows
remote attackers to cause a denial of service (invalid free operation)
or possibly have unspecified other impact via unknown vectors.
|
CVE-2013-2862 |
Skia, as used in Google Chrome before 27.0.1453.110, does not properly
handle GPU acceleration, which allows remote attackers to cause a
denial of service (memory corruption) or possibly have unspecified
other impact via unknown vectors.
|
CVE-2013-2861 |
Use-after-free vulnerability in the SVG implementation in Google
Chrome before 27.0.1453.110 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via unknown
vectors.
|
CVE-2013-2858 |
Use-after-free vulnerability in the HTML5 Audio implementation in
Google Chrome before 27.0.1453.110 allows remote attackers to cause a
denial of service or possibly have unspecified other impact via
unknown vectors.
|
CVE-2013-2855 |
The Developer Tools API in Google Chrome before 27.0.1453.110 allows
remote attackers to cause a denial of service (memory corruption) or
possibly have unspecified other impact via unknown vectors.
|
CVE-2013-2854 |
Google Chrome before 27.0.1453.110 on Windows provides an incorrect
handle to a renderer process in unspecified circumstances, which
allows remote attackers to cause a denial of service or possibly have
other impact via unknown vectors.
|
CVE-2013-2847 |
Race condition in the workers implementation in Google Chrome before
27.0.1453.93 allows remote attackers to cause a denial of service
(use-after-free and application crash) or possibly have unspecified
other impact via unknown vectors.
|
CVE-2013-2846 |
Use-after-free vulnerability in the media loader in Google Chrome
before 27.0.1453.93 allows remote attackers to cause a denial of
service or possibly have unspecified other impact via unknown vectors,
a different vulnerability than CVE-2013-2840.
|
CVE-2013-2845 |
The Web Audio implementation in Google Chrome before 27.0.1453.93
allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown
vectors.
|
CVE-2013-2840 |
Use-after-free vulnerability in the media loader in Google Chrome
before 27.0.1453.93 allows remote attackers to cause a denial of
service or possibly have unspecified other impact via unknown vectors,
a different vulnerability than CVE-2013-2846.
|
CVE-2013-2839 |
Google Chrome before 27.0.1453.93 does not properly perform a cast of
an unspecified variable during handling of clipboard data, which
allows remote attackers to cause a denial of service or possibly have
other impact via unknown vectors.
|
CVE-2013-2837 |
Use-after-free vulnerability in the SVG implementation in Google
Chrome before 27.0.1453.93 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via unknown
vectors.
|
CVE-2013-2836 |
Multiple unspecified vulnerabilities in Google Chrome before
27.0.1453.93 allow attackers to cause a denial of service or possibly
have other impact via unknown vectors.
|
CVE-2013-2767 |
Unspecified vulnerability in Citrix NetScaler Access Gateway
Enterprise Edition (AGEE) before 9.3.62.4 and 10.x through 10.0.74.4,
and NetScaler AGEE Common Criteria build before 9.3.53.6, allows
remote attackers to bypass intended intranet access restrictions via
unknown vectors.
|
CVE-2013-2757 |
Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6
Patch C does not properly restrict access to VNC ports on the
management network, which allows remote attackers to have unspecified
impact via unknown vectors.
|
CVE-2013-2717 |
Multiple unspecified vulnerabilities in the System Management (aka
SysAdmin) Console in EMC Smarts Network Configuration Manager (NCM)
through 9.2 have unknown impact and attack vectors, a different issue
than CVE-2013-0935. NOTE: this might overlap CVEs for open-source
server components or other third-party components.
|
CVE-2013-2701 |
Cross-site request forgery (CSRF) vulnerability in the Social Sharing
Toolkit plugin 2.1.1 for WordPress allows remote attackers to hijack
the authentication of administrators for requests that manipulate
plugin settings via unknown vectors.
|
CVE-2013-2558 |
Unspecified vulnerability in Microsoft Windows 8 allows remote
attackers to cause a denial of service (reboot) or possibly have
unknown other impact via a crafted TrueType Font (TTF) file, as
demonstrated by the 120612-69701-01.dmp error report.
|
CVE-2013-2557 |
The sandbox protection mechanism in Microsoft Internet Explorer 9
allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown
vectors, as demonstrated against Adobe Flash Player by VUPEN during a
Pwn2Own competition at CanSecWest 2013.
|
CVE-2013-2556 |
Unspecified vulnerability in Microsoft Windows Vista SP2, Windows
Server 2008 SP2 and R2 SP1, and Windows 7 through SP1 allows attackers
to bypass the ASLR protection mechanism via unknown vectors, as
demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own
competition at CanSecWest 2013, aka "ASLR Security Feature Bypass
Vulnerability."
|
CVE-2013-2554 |
Unspecified vulnerability in Microsoft Windows 7 allows attackers to
bypass the ASLR and DEP protection mechanisms via unknown vectors, as
demonstrated against Firefox by VUPEN during a Pwn2Own competition at
CanSecWest 2013, a different vulnerability than CVE-2013-0787.
|
CVE-2013-2553 |
Unspecified vulnerability in the kernel in Microsoft Windows 7 allows
local users to gain privileges via unknown vectors, as demonstrated by
Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest
2013, a different vulnerability than CVE-2013-0912.
|
CVE-2013-2550 |
Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to
bypass the sandbox protection mechanism via unknown vectors, as
demonstrated by George Hotz during a Pwn2Own competition at CanSecWest
2013.
|
CVE-2013-2473 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to 2D. NOTE: the previous information is from
the June 2013 CPU. Oracle has not commented on claims from another
vendor that this issue allows remote attackers to bypass the Java
sandbox via vectors related to "Incorrect ByteBandedRaster size
checks" in 2D.
|
CVE-2013-2472 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to 2D. NOTE: the previous information is from
the June 2013 CPU. Oracle has not commented on claims from another
vendor that this issue allows remote attackers to bypass the Java
sandbox via vectors related to "Incorrect ShortBandedRaster size
checks" in 2D.
|
CVE-2013-2471 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to 2D. NOTE: the previous information is from
the June 2013 CPU. Oracle has not commented on claims from another
vendor that this issue allows remote attackers to bypass the Java
sandbox via vectors related to "Incorrect IntegerComponentRaster size
checks."
|
CVE-2013-2470 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to 2D. NOTE: the previous information is from
the June 2013 CPU. Oracle has not commented on claims from another
vendor that this issue allows remote attackers to bypass the Java
sandbox via vectors related to "ImagingLib byte lookup processing."
|
CVE-2013-2469 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to 2D. NOTE: the previous information is from
the June 2013 CPU. Oracle has not commented on claims from another
vendor that this issue allows remote attackers to bypass the Java
sandbox via vectors related to "Incorrect image layout verification"
in 2D.
|
CVE-2013-2468 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45
and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Deployment,
a different vulnerability than CVE-2013-2442 and CVE-2013-2466.
|
CVE-2013-2467 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 5.0 Update 45 and earlier allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to the Java installer.
|
CVE-2013-2466 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45
and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Deployment,
a different vulnerability than CVE-2013-2442 and CVE-2013-2468.
|
CVE-2013-2465 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to 2D. NOTE: the previous information is from
the June 2013 CPU. Oracle has not commented on claims from another
vendor that this issue allows remote attackers to bypass the Java
sandbox via vectors related to "Incorrect image channel verification"
in 2D.
|
CVE-2013-2464 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier allows remote attackers to
affect confidentiality, integrity, and availability via unknown
vectors related to 2D, a different vulnerability than CVE-2013-2463,
CVE-2013-2465, CVE-2013-2469, CVE-2013-2470, CVE-2013-2471,
CVE-2013-2472, and CVE-2013-2473.
|
CVE-2013-2463 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to 2D. NOTE: the previous information is from
the June 2013 CPU. Oracle has not commented on claims from another
vendor that this issue allows remote attackers to bypass the Java
sandbox via vectors related to "Incorrect image attribute
verification" in 2D.
|
CVE-2013-2462 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Deployment.
|
CVE-2013-2461 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45
and earlier; the Oracle JRockit component in Oracle Fusion Middleware
R27.7.5 and earlier and R28.2.7 and earlier; and OpenJDK 7 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Libraries. NOTE: the
previous information is from the June and July 2013 CPU. Oracle has
not commented on claims from another vendor that this issue allows
remote attackers to bypass verification of XML signatures via vectors
related to a "Missing check for [a] valid DOMCanonicalizationMethod
canonicalization algorithm."
|
CVE-2013-2460 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7,
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Serviceability. NOTE: the
previous information is from the June 2013 CPU. Oracle has not
commented on claims from another vendor that this issue allows remote
attackers to bypass the Java sandbox via vectors related to
"insufficient access checks" in the tracing component.
|
CVE-2013-2458 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7,
allows remote attackers to affect confidentiality and integrity via
unknown vectors related to Libraries. NOTE: the previous information
is from the June 2013 CPU. Oracle has not commented on claims from
another vendor that this issue allows remote attackers to bypass the
Java sandbox via "an error related to method handles."
|
CVE-2013-2456 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect confidentiality via unknown vectors related to
Serialization. NOTE: the previous information is from the June 2013
CPU. Oracle has not commented on claims from another vendor that this
issue is related to improper access checks for subclasses in the
ObjectOutputStream class.
|
CVE-2013-2455 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect confidentiality via unknown vectors related to
Libraries, a different vulnerability than CVE-2013-2443 and
CVE-2013-2452. NOTE: the previous information is from the June 2013
CPU. Oracle has not commented on claims from another vendor that this
issue is related to incorrect access checks by the (1)
getEnclosingClass, (2) getEnclosingMethod, and (3)
getEnclosingConstructor methods.
|
CVE-2013-2452 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect confidentiality via unknown vectors related to
Libraries, a different vulnerability than CVE-2013-2443 and
CVE-2013-2455. NOTE: the previous information is from the June 2013
CPU. Oracle has not commented on claims from another vendor that this
issue is related to "network address handling in virtual machine
identifiers" and the lack of "unique and unpredictable IDs" in the
java.rmi.dgc.VMID class.
|
CVE-2013-2451 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45
and earlier, and OpenJDK 7, allows local users to affect
confidentiality, integrity, and availability via unknown vectors
related to Networking. NOTE: the previous information is from the June
2013 CPU. Oracle has not commented on claims from another vendor that
this issue is related to improper enforcement of exclusive port binds
when running on Windows, which allows attackers to bind to ports that
are already in use.
|
CVE-2013-2450 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect availability via unknown vectors related to
Serialization. NOTE: the previous information is from the June 2013
CPU. Oracle has not commented on claims from another vendor that this
issue is related to improper handling of circular references in
ObjectStreamClass.
|
CVE-2013-2449 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, and OpenJDK 7,
allows remote attackers to affect confidentiality via unknown vectors
related to Libraries. NOTE: the previous information is from the June
2013 CPU. Oracle has not commented on claims from another vendor that
this issue is related to GnomeFileTypeDetector and a missing check for
read permissions for a path.
|
CVE-2013-2448 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Sound. NOTE: the previous information is
from the June 2013 CPU. Oracle has not commented on claims from
another vendor that this issue allows remote attackers to bypass the
Java sandbox via vectors related to insufficient "access restrictions"
and "robustness of sound classes."
|
CVE-2013-2447 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect confidentiality via unknown vectors related to
Networking. NOTE: the previous information is from the June 2013 CPU.
Oracle has not commented on claims from another vendor that this issue
allows remote attackers to obtain a socket's local address via vectors
involving inconsistencies between Socket.getLocalAddress and
InetAddress.getLocalHost.
|
CVE-2013-2445 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect availability via unknown vectors related to
Hotspot. NOTE: the previous information is from the June 2013 CPU.
Oracle has not commented on claims from another vendor that this issue
allows remote attackers to bypass the Java sandbox via vectors related
to "handling of memory allocation errors."
|
CVE-2013-2443 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote
attackers to affect confidentiality via unknown vectors related to
Libraries, a different vulnerability than CVE-2013-2452 and
CVE-2013-2455. NOTE: the previous information is from the June 2013
CPU. Oracle has not commented on claims from another vendor that this
issue is due to an incorrect "checking order" within the
AccessControlContext class.
|
CVE-2013-2442 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45
and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Deployment,
a different vulnerability than CVE-2013-2466 and CVE-2013-2468.
|
CVE-2013-2441 |
Unspecified vulnerability in the Agile EDM component in Oracle Supply
Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote
authenticated users to affect integrity via unknown vectors related to
Java Client.
|
CVE-2013-2440 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43
and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Deployment,
a different vulnerability than CVE-2013-2435.
|
CVE-2013-2439 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and
earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier
allows local users to affect confidentiality, integrity, and
availability via unknown vectors related to Install.
|
CVE-2013-2438 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier allows remote
attackers to affect integrity via unknown vectors related to JavaFX.
|
CVE-2013-2437 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45
and earlier allows remote attackers to affect confidentiality via
unknown vectors related to Deployment.
|
CVE-2013-2436 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7,
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Libraries, a different
vulnerability than CVE-2013-1488 and CVE-2013-2426. NOTE: the previous
information is from the April 2013 CPU. Oracle has not commented on
claims from another vendor that this issue is related to incorrect
"type checks" and "method handle binding" involving Wrapper.convert.
|
CVE-2013-2435 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43
and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Deployment,
a different vulnerability than CVE-2013-2440.
|
CVE-2013-2434 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7
and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to 2D.
|
CVE-2013-2433 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43
and earlier allows remote attackers to affect integrity via unknown
vectors related to Deployment, a different vulnerability than
CVE-2013-1540.
|
CVE-2013-2432 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and
earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to 2D, a different
vulnerability than CVE-2013-2394 and CVE-2013-1491.
|
CVE-2013-2431 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and
7, allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to HotSpot. NOTE: the
previous information is from the April 2013 CPU. Oracle has not
commented on claims from another vendor that this issue is related to
bypassing the Java sandbox using "method handle intrinsic frames."
|
CVE-2013-2430 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and
earlier, and 5.0 Update 41 and earlier; JavaFX 2.2.7 and earlier; and
OpenJDK 6 and 7 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to ImageIO.
NOTE: the previous information is from the April 2013 CPU. Oracle has
not commented on claims from another vendor that this issue is related
to "JPEGImageReader state corruption" when using native code.
|
CVE-2013-2429 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and
earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to ImageIO. NOTE: the
previous information is from the April 2013 CPU. Oracle has not
commented on claims from another vendor that this issue is related to
"JPEGImageWriter state corruption" when using native code, which
triggers memory corruption.
|
CVE-2013-2428 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7
and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to JavaFX, a
different vulnerability than CVE-2013-0402, CVE-2013-2414, and
CVE-2013-2427.
|
CVE-2013-2427 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7
and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to JavaFX, a
different vulnerability than CVE-2013-0402, CVE-2013-2414, and
CVE-2013-2428.
|
CVE-2013-2426 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and
7, allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Libraries. NOTE: the
previous information is from the April 2013 CPU. Oracle has not
commented on claims from another vendor that this issue is related to
incorrect invocation of the defaultReadObject method in the
ConcurrentHashMap class, which allows remote attackers to bypass the
Java sandbox.
|
CVE-2013-2425 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Install.
|
CVE-2013-2423 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7,
allows remote attackers to affect integrity via unknown vectors
related to HotSpot. NOTE: the previous information is from the April
2013 CPU. Oracle has not commented on claims from the original
researcher that this vulnerability allows remote attackers to bypass
permission checks by the MethodHandles method and modify arbitrary
public final fields using reflection and type confusion, as
demonstrated using integer and double fields to disable the security
manager.
|
CVE-2013-2422 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43
and earlier; and OpenJDK 6 and 7; allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Libraries. NOTE: the previous information is from the April
2013 CPU. Oracle has not commented on claims from another vendor that
this issue is related to improper method-invocation restrictions by
the MethodUtil trampoline class, which allows remote attackers to
bypass the Java sandbox.
|
CVE-2013-2421 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 6 and
7, allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to HotSpot. NOTE: the
previous information is from the April 2013 CPU. Oracle has not
commented on claims from another vendor that this issue is related to
incorrect MethodHandle lookups, which allows remote attackers to
bypass Java sandbox restrictions.
|
CVE-2013-2420 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and
earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to 2D. NOTE: the previous
information is from the April 2013 CPU. Oracle has not commented on
claims from another vendor that this issue is related to insufficient
"validation of images" in share/native/sun/awt/image/awt_ImageRep.c,
possibly involving offsets.
|
CVE-2013-2419 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and
earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows
remote attackers to affect availability via unknown vectors related to
2D. NOTE: the previous information is from the April 2013 CPU. Oracle
has not commented on claims from another vendor that this issue is
related to "font processing errors" in the International Components
for Unicode (ICU) Layout Engine before 51.2.
|
CVE-2013-2418 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43
and earlier allows local users to affect confidentiality, integrity,
and availability via unknown vectors related to Deployment.
|
CVE-2013-2417 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and
earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows
remote attackers to affect availability via unknown vectors related to
Networking. NOTE: the previous information is from the April 2013 CPU.
Oracle has not commented on claims from another vendor that this issue
is related to an information leak involving InetAddress serialization.
CVE has not investigated the apparent discrepancy between vendor
reports regarding the impact of this issue.
|
CVE-2013-2416 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier allows remote
attackers to affect integrity via unknown vectors related to
Deployment.
|
CVE-2013-2414 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7
and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to JavaFX, a
different vulnerability than CVE-2013-0402, CVE-2013-2427, and
CVE-2013-2428.
|
CVE-2013-2413 |
Unspecified vulnerability in the Siebel Enterprise Application
Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows
remote authenticated users to affect confidentiality and integrity via
unknown vectors related to Web Services.
|
CVE-2013-2412 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45
and earlier, and OpenJDK 7, allows remote attackers to affect
confidentiality via unknown vectors related to Serviceability. NOTE:
the previous information is from the June 2013 CPU. Oracle has not
commented on claims from another vendor that this issue is related to
insufficient indication of an SSL connection failure by JConsole,
related to RMI connection dialog box.
|
CVE-2013-2411 |
Unspecified vulnerability in the Primavera P6 Enterprise Project
Portfolio Management component in Oracle Primavera Products Suite 7.0,
8.1, and 8.2 allows remote attackers to affect integrity via unknown
vectors related to Web Access.
|
CVE-2013-2410 |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component
in Oracle PeopleSoft Products 9.1.0 allows remote authenticated users
to affect confidentiality via unknown vectors related to Absence
Management.
|
CVE-2013-2407 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier and 6 Update 45
and earlier, and OpenJDK 7, allows remote attackers to affect
confidentiality and availability via unknown vectors related to
Libraries. NOTE: the previous information is from the June 2013 CPU.
Oracle has not commented on claims from another vendor that this issue
is related to "XML security and the class loader."
|
CVE-2013-2405 |
Unspecified vulnerability in the Primavera P6 Enterprise Project
Portfolio Management component in Oracle Primavera Products Suite 7.0,
8.1, and 8.2 allows remote authenticated users to affect
confidentiality and integrity via unknown vectors related to Web
Access.
|
CVE-2013-2404 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote attackers to affect integrity via unknown vectors related to
Portal, a different vulnerability than CVE-2013-3818.
|
CVE-2013-2403 |
Unspecified vulnerability in the Siebel Enterprise Application
Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows
remote authenticated users to affect confidentiality via unknown
vectors related to Web Services, a different vulnerability than
CVE-2013-0416.
|
CVE-2013-2402 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote attackers to affect integrity via unknown vectors related to
WorkCenter.
|
CVE-2013-2401 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote authenticated users to affect integrity via unknown vectors
related to Portal.
|
CVE-2013-2400 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier allows remote
attackers to affect integrity via unknown vectors related to
Deployment, a different vulnerability than CVE-2013-3744.
|
CVE-2013-2398 |
Unspecified vulnerability in the Siebel UI Framework component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to
affect confidentiality, integrity, and availability via unknown
vectors related to Open UI Client.
|
CVE-2013-2397 |
Unspecified vulnerability in the Oracle Retail Central Office
component in Oracle Industry Applications 13.1, 13.2, 13.3, and 13.4
allows remote authenticated users to affect confidentiality and
integrity via unknown vectors related to Customer Operations (Add,
Search).
|
CVE-2013-2395 |
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows
remote authenticated users to affect availability via unknown vectors
related to Data Manipulation Language, a different vulnerability than
CVE-2013-1567.
|
CVE-2013-2394 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and
earlier, 5.0 Update 41 and earlier, and JavaFX 2.2.7 and earlier
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to 2D, a different
vulnerability than CVE-2013-2432 and CVE-2013-1491.
|
CVE-2013-2393 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters.
|
CVE-2013-2392 |
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30
and earlier, and 5.6.10 and earlier allows remote authenticated users
to affect availability via unknown vectors related to Server
Optimizer.
|
CVE-2013-2391 |
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30
and earlier, and 5.6.10 and earlier allows local users to affect
confidentiality and integrity via unknown vectors related to Server
Install.
|
CVE-2013-2390 |
Unspecified vulnerability in the Oracle WebLogic Server component in
Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows
remote attackers to affect integrity via unknown vectors related to
WebLogic Console, a different vulnerability than CVE-2013-1504.
|
CVE-2013-2389 |
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30
and earlier, and 5.6.10 and earlier allows remote authenticated users
to affect availability via unknown vectors related to InnoDB.
|
CVE-2013-2388 |
Unspecified vulnerability in the Oracle Applications Technology Stack
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3
allows remote attackers to affect availability via unknown vectors
related to Mid Tier File Management.
|
CVE-2013-2384 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and
earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to 2D, a different
vulnerability than CVE-2013-1569, CVE-2013-2383, and CVE-2013-2420.
NOTE: the previous information is from the April 2013 CPU. Oracle has
not commented on claims from another vendor that this issue is related
to "font layout" in the International Components for Unicode (ICU)
Layout Engine before 51.2.
|
CVE-2013-2383 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and
earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to 2D, a different
vulnerability than CVE-2013-1569, CVE-2013-2384, and CVE-2013-2420.
NOTE: the previous information is from the April 2013 CPU. Oracle has
not commented on claims from another vendor that this issue is related
to "handling of [a] glyph table" in the International Components for
Unicode (ICU) Layout Engine before 51.2.
|
CVE-2013-2381 |
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows
remote authenticated users to affect integrity via unknown vectors
related to Server Privileges.
|
CVE-2013-2380 |
Unspecified vulnerability in the Oracle JRockit component in Oracle
Fusion Middleware R27.7.4 and earlier and R28.2.6 and earlier allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors. NOTE: this might be a duplicate of
CVE-2013-1537 and CVE-2013-2415. If so, then CVE-2013-2380 might be
REJECTed in the future.
|
CVE-2013-2379 |
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking
component in Oracle Financial Services Software 2.8.0 through 12.0.1
allows remote authenticated users to affect integrity via unknown
vectors related to RT.
|
CVE-2013-2378 |
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29
and earlier, and 5.6.10 and earlier allows remote authenticated users
to affect confidentiality, integrity, and availability via unknown
vectors related to Information Schema.
|
CVE-2013-2377 |
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking
component in Oracle Financial Services Software 2.8.0 through 4.1.0
allows remote authenticated users to affect confidentiality via
unknown vectors related to My Services.
|
CVE-2013-2376 |
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and
5.6.10 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Stored Procedure.
|
CVE-2013-2375 |
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30
and earlier, and 5.6.10 and earlier allows remote authenticated users
to affect confidentiality, integrity, and availability via unknown
vectors.
|
CVE-2013-2374 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote authenticated users to affect integrity via unknown vectors
related to Rich Text Editor.
|
CVE-2013-2370 |
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote
attackers to execute arbitrary code via unknown vectors, aka
ZDI-CAN-1671.
|
CVE-2013-2369 |
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote
attackers to execute arbitrary code via unknown vectors, aka
ZDI-CAN-1670.
|
CVE-2013-2368 |
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote
attackers to cause a denial of service via unknown vectors, aka
ZDI-CAN-1669.
|
CVE-2013-2367 |
Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21,
when SOAP is used, allow remote attackers to execute arbitrary code
via unknown vectors, aka ZDI-CAN-1678.
|
CVE-2013-2366 |
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch
1 and 9.22 patch 1 allows remote attackers to execute arbitrary code
and obtain sensitive information via unknown vectors, aka
ZDI-CAN-1802.
|
CVE-2013-2362 |
Unspecified vulnerability in HP System Management Homepage (SMH)
before 7.2.1 allows local users to cause a denial of service via
unknown vectors, aka ZDI-CAN-1676.
|
CVE-2013-2360 |
Unspecified vulnerability in HP System Management Homepage (SMH)
before 7.2.1 allows remote authenticated users to cause a denial of
service via unknown vectors, a different vulnerability than
CVE-2013-2357, CVE-2013-2358, and CVE-2013-2359.
|
CVE-2013-2359 |
Unspecified vulnerability in HP System Management Homepage (SMH)
before 7.2.1 allows remote authenticated users to cause a denial of
service via unknown vectors, a different vulnerability than
CVE-2013-2357, CVE-2013-2358, and CVE-2013-2360.
|
CVE-2013-2358 |
Unspecified vulnerability in HP System Management Homepage (SMH)
before 7.2.1 allows remote authenticated users to cause a denial of
service via unknown vectors, a different vulnerability than
CVE-2013-2357, CVE-2013-2359, and CVE-2013-2360.
|
CVE-2013-2357 |
Unspecified vulnerability in HP System Management Homepage (SMH)
before 7.2.1 allows remote authenticated users to cause a denial of
service via unknown vectors, a different vulnerability than
CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360.
|
CVE-2013-2353 |
Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before
1.2.19 and 2.x before 2.3.0 allows remote attackers to cause a denial
of service via unknown vectors.
|
CVE-2013-2351 |
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00,
9.1x, and 9.2x allows remote attackers to obtain sensitive
information, modify data, or cause a denial of service via unknown
vectors.
|
CVE-2013-2350 |
Unspecified vulnerability in HP Storage Data Protector 6.2X allows
remote attackers to execute arbitrary code or cause a denial of
service via unknown vectors, aka ZDI-CAN-1897.
|
CVE-2013-2349 |
Unspecified vulnerability in HP Storage Data Protector 6.2X allows
remote attackers to execute arbitrary code or cause a denial of
service via unknown vectors, aka ZDI-CAN-1896.
|
CVE-2013-2348 |
Unspecified vulnerability in HP Storage Data Protector 6.2X allows
remote attackers to execute arbitrary code or cause a denial of
service via unknown vectors, aka ZDI-CAN-1892.
|
CVE-2013-2346 |
Unspecified vulnerability in HP Storage Data Protector 6.2X allows
remote attackers to execute arbitrary code or cause a denial of
service via unknown vectors, aka ZDI-CAN-1870.
|
CVE-2013-2345 |
Unspecified vulnerability in HP Storage Data Protector 6.2X allows
remote attackers to execute arbitrary code or cause a denial of
service via unknown vectors, aka ZDI-CAN-1869.
|
CVE-2013-2344 |
Unspecified vulnerability in HP Storage Data Protector 6.2X allows
remote attackers to execute arbitrary code or cause a denial of
service via unknown vectors, aka ZDI-CAN-1866.
|
CVE-2013-2343 |
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance
hydra with software before 10.0 allows remote attackers to execute
arbitrary code via unknown vectors, aka ZDI-CAN-1510.
|
CVE-2013-2341 |
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A,
JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and
658247-B21; HP 3COM routers and switches; and HP H3C routers and
switches allows remote authenticated users to execute arbitrary code
or obtain sensitive information via unknown vectors.
|
CVE-2013-2340 |
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A,
JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and
658247-B21; HP 3COM routers and switches; and HP H3C routers and
switches allows remote attackers to execute arbitrary code or obtain
sensitive information via unknown vectors.
|
CVE-2013-2339 |
HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero
Client, t410 Smart Zero Client, t510 Flexible Thin Client, t5565z
Smart Client, t610 Flexible Thin Client, and t610 PLUS Flexible Thin
Client allows local users to obtain sensitive information, modify
data, or cause a denial of service via unknown vectors.
|
CVE-2013-2338 |
Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3)
cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware
before 1.22, when Single-Sign-On (SSO) is used, allows remote
attackers to execute arbitrary code via unknown vectors.
|
CVE-2013-2335 |
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21,
7.00, and 7.01 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1733.
|
CVE-2013-2334 |
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21,
7.00, and 7.01 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1681.
|
CVE-2013-2333 |
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21,
7.00, and 7.01 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1680.
|
CVE-2013-2332 |
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21,
7.00, and 7.01 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1654.
|
CVE-2013-2331 |
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21,
7.00, and 7.01 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1652.
|
CVE-2013-2330 |
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21,
7.00, and 7.01 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1638.
|
CVE-2013-2329 |
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21,
7.00, and 7.01 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1637.
|
CVE-2013-2328 |
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21,
7.00, and 7.01 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1636.
|
CVE-2013-2327 |
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21,
7.00, and 7.01 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1635.
|
CVE-2013-2326 |
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21,
7.00, and 7.01 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1634.
|
CVE-2013-2325 |
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21,
7.00, and 7.01 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1633.
|
CVE-2013-2324 |
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21,
7.00, and 7.01 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1629.
|
CVE-2013-2278 |
Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when
running as a Windows service, allows remote attackers to cause a
denial of service (crash) and possibly execute arbitrary code via
unknown vectors related to log messages and the "internal log handler
to the Windows Event log."
|
CVE-2013-2268 |
Unspecified vulnerability in the MathML implementation in WebKit in
Google Chrome before 25.0.1364.97 on Windows and Linux, and before
25.0.1364.99 on Mac OS X, has unknown impact and remote attack
vectors, related to a "high severity security issue."
|
CVE-2013-2263 |
Unspecified vulnerability in Citrix Access Gateway Standard Edition
5.0.x before 5.0.4.223524 allows remote attackers to access network
resources via unknown attack vectors.
|
CVE-2013-2158 |
Cross-site request forgery (CSRF) vulnerability in the Services module
6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers
to hijack the authentication of unspecified victims via unknown
vectors.
|
CVE-2013-2145 |
The cpansign verify functionality in the Module::Signature module
before 0.72 for Perl allows attackers to bypass the signature check
and execute arbitrary code via a SIGNATURE file with a "special
unknown cipher" that references an untrusted module in Digest/.
|
CVE-2013-1972 |
Cross-site request forgery (CSRF) vulnerability in the elFinder file
manager module 6.x-0.x before 6.x-0.8 and 7.x-0.x before 7.x-0.8 for
Drupal allows remote attackers to hijack the authentication of
unspecified victims to create, modify, or delete files via unknown
vectors.
|
CVE-2013-1890 |
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server
before 5.0.1 allow remote attackers to inject arbitrary web script or
HTML via the (1) new_name parameter to
apps/bookmarks/ajax/renameTag.php or (2) multiple unspecified
parameters to unknown files in apps/contacts/ajax/.
|
CVE-2013-1813 |
util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for
parent directories when creating nested directories under /dev/, which
allows local users to have unknown impact and attack vectors.
|
CVE-2013-1719 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before
2.21 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors.
|
CVE-2013-1718 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird
before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before
2.21 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors.
|
CVE-2013-1702 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 23.0 and SeaMonkey before 2.20 allow remote attackers
to cause a denial of service (memory corruption and application crash)
or possibly execute arbitrary code via unknown vectors.
|
CVE-2013-1701 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird
before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey
before 2.20 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2013-1683 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 22.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2013-1682 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird
before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
|
CVE-2013-1669 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 21.0 allow remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2013-1587 |
The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c
in the ROHC dissector in Wireshark 1.8.x before 1.8.5 does not
properly handle unknown profiles, which allows remote attackers to
cause a denial of service (application crash) via a malformed packet.
|
CVE-2013-1571 |
Unspecified vulnerability in the Javadoc component in Oracle Java SE 7
Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and
earlier; JavaFX 2.2.21 and earlier; and OpenJDK 7 allows remote
attackers to affect integrity via unknown vectors related to Javadoc.
NOTE: the previous information is from the June 2013 CPU. Oracle has
not commented on claims from another vendor that this issue is related
to frame injection in HTML that is generated by Javadoc.
|
CVE-2013-1570 |
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows
remote attackers to affect availability via unknown vectors related to
MemCached.
|
CVE-2013-1569 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and
earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to 2D. NOTE: the previous
information is from the April 2013 CPU. Oracle has not commented on
claims from another vendor that this issue is related to "checking of
[a] glyph table" in the International Components for Unicode (ICU)
Layout Engine before 51.2.
|
CVE-2013-1568 |
Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking
component in Oracle Financial Services Software 2.8.0 through 5.3.3,
6.0.1, and 6.2.0 allows remote authenticated users to affect
availability via unknown vectors related to CB.
|
CVE-2013-1567 |
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows
remote authenticated users to affect availability via unknown vectors
related to Data Manipulation Language, a different vulnerability than
CVE-2013-2395.
|
CVE-2013-1566 |
Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows
remote authenticated users to affect availability via unknown vectors
related to InnoDB.
|
CVE-2013-1565 |
Unspecified vulnerability in the Oracle GoldenGate Veridata component
in Oracle Fusion Middleware 3.0.0.11 allows remote attackers to affect
availability via unknown vectors.
|
CVE-2013-1564 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7
and earlier allows remote attackers to affect integrity via unknown
vectors related to JavaFX.
|
CVE-2013-1563 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and
earlier, and JavaFX 2.2.7 and earlier allows remote attackers to
affect confidentiality, integrity, and availability via unknown
vectors related to Install.
|
CVE-2013-1561 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier and JavaFX 2.2.7
and earlier allows remote attackers to affect confidentiality via
unknown vectors related to JavaFX.
|
CVE-2013-1559 |
Unspecified vulnerability in the Oracle WebCenter Content component in
Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote
authenticated users to affect availability via unknown vectors related
to Content Server.
|
CVE-2013-1558 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43
and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Beans.
|
CVE-2013-1555 |
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and
5.5.29 and earlier, allows remote authenticated users to affect
availability via unknown vectors related to Server Partition.
|
CVE-2013-1554 |
Unspecified vulnerability in the Network Layer component in Oracle
Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3
allows remote attackers to affect availability via unknown vectors.
|
CVE-2013-1553 |
Unspecified vulnerability in the Oracle Web Services Manager component
in Oracle Fusion Middleware 11.1.1.6.0 allows remote attackers to
affect confidentiality and integrity via unknown vectors related to
Web Services Security.
|
CVE-2013-1552 |
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and
5.5.29 and earlier allows remote authenticated users to affect
confidentiality, integrity, and availability via unknown vectors.
|
CVE-2013-1551 |
Unspecified vulnerability in the Siebel Enterprise Application
Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows
remote authenticated users to affect confidentiality, integrity, and
availability via unknown vectors related to Integration Business
Services.
|
CVE-2013-1550 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote
attackers to affect integrity via unknown vectors related to
WorkCenter.
|
CVE-2013-1548 |
Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows
remote authenticated users to affect availability via unknown vectors
related to Server Types.
|
CVE-2013-1545 |
Unspecified vulnerability in the Oracle HTTP Server component in
Oracle Fusion Middleware 10.1.3.5, 11.1.1.5.0, and 11.1.1.6.0 allows
remote attackers to affect availability via unknown vectors related to
Web Listener.
|
CVE-2013-1544 |
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30
and earlier, and 5.6.10 and earlier allows remote authenticated users
to affect availability via unknown vectors related to Data
Manipulation Language.
|
CVE-2013-1543 |
Unspecified vulnerability in the Siebel UI Framework component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to
affect confidentiality via unknown vectors related to Open UI Client.
|
CVE-2013-1542 |
Unspecified vulnerability in the Oracle Containers for J2EE component
in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect
integrity via unknown vectors related to Servlet Runtime.
|
CVE-2013-1540 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 17 and earlier and 6 Update 43
and earlier allows remote attackers to affect integrity via unknown
vectors related to Deployment, a different vulnerability than
CVE-2013-2433.
|
CVE-2013-1538 |
Unspecified vulnerability in the Network Layer component in Oracle
Database Server 11.2.0.2 and 11.2.0.3 allows remote attackers to
affect availability via unknown vectors.
|
CVE-2013-1536 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 5.5.05 and 6.2 allows
remote authenticated users to affect confidentiality via unknown
vectors related to Security.
|
CVE-2013-1534 |
Unspecified vulnerability in the Workload Manager component in Oracle
Database Server 11.2.0.2 and 11.2.0.3, when used in RAC
configurations, allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors.
|
CVE-2013-1532 |
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30
and earlier, and 5.6.10 and earlier allows remote authenticated users
to affect availability via unknown vectors related to Information
Schema.
|
CVE-2013-1531 |
Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and
5.5.28 and earlier allows remote authenticated users to affect
confidentiality, integrity, and availability via unknown vectors
related to Server Privileges.
|
CVE-2013-1530 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users
to affect availability via unknown vectors related to Kernel.
|
CVE-2013-1529 |
Unspecified vulnerability in the Oracle WebCenter Interaction
component in Oracle Fusion Middleware 6.5.1 and 10.3.3.0 allows remote
attackers to affect integrity via unknown vectors related to Image
Service.
|
CVE-2013-1528 |
Unspecified vulnerability in the Oracle HRMS component in Oracle
E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows
remote attackers to affect integrity via unknown vectors related to
Payroll.
|
CVE-2013-1527 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows
remote authenticated users to affect confidentiality via unknown
vectors related to Report Distribution.
|
CVE-2013-1526 |
Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows
remote authenticated users to affect availability via unknown vectors
related to Server Replication.
|
CVE-2013-1525 |
Unspecified vulnerability in the Oracle Retail Integration Bus
component in Oracle Industry Applications 13.0, 13.1, and 13.2 allows
remote authenticated users to affect confidentiality via unknown
vectors related to Retail Integration Bus Manager.
|
CVE-2013-1524 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 12.0.6 and 12.1.3 allows remote
attackers to affect integrity via unknown vectors related to
Attachments.
|
CVE-2013-1523 |
Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and
5.6.10 and earlier allows remote authenticated users to affect
confidentiality, integrity, and availability via unknown vectors
related to Server Optimizer.
|
CVE-2013-1522 |
Unspecified vulnerability in the Oracle WebCenter Content component in
Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote
attackers to affect integrity via unknown vectors related to Content
Server.
|
CVE-2013-1521 |
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and
5.5.29 and earlier allows remote authenticated users to affect
confidentiality, integrity, and availability via unknown vectors
related to Server Locking.
|
CVE-2013-1519 |
Unspecified vulnerability in the Application Express component in
Oracle Database Server before 4.2.1 allows remote attackers to affect
integrity via unknown vectors.
|
CVE-2013-1517 |
Unspecified vulnerability in the Oracle Application Object Library
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3
allows remote attackers to affect confidentiality via unknown vectors
related to Diagnostics.
|
CVE-2013-1516 |
Unspecified vulnerability in the Oracle WebCenter Capture component in
Oracle Fusion Middleware 10.1.3.5.1 allows remote authenticated users
to affect availability via unknown vectors related to Import Server.
|
CVE-2013-1512 |
Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows
remote authenticated users to affect availability via unknown vectors
related to Data Manipulation Language.
|
CVE-2013-1511 |
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and
5.6.10 and earlier allows remote authenticated users to affect
availability via unknown vectors related to InnoDB.
|
CVE-2013-1510 |
Unspecified vulnerability in the Siebel UI Framework component in
Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect
confidentiality via unknown vectors related to Portal Framework, a
different vulnerability than CVE-2015-0419.
|
CVE-2013-1509 |
Unspecified vulnerability in the Oracle WebCenter Sites component in
Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows
remote authenticated users to affect integrity via unknown vectors
related to WebCenter Sites.
|
CVE-2013-1507 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local
users to affect availability via unknown vectors related to
Filesystem.
|
CVE-2013-1506 |
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29
and earlier, and 5.6.10 and earlier allows remote authenticated users
to affect availability via unknown vectors related to Server Locking.
|
CVE-2013-1504 |
Unspecified vulnerability in the Oracle WebLogic Server component in
Oracle Fusion Middleware 10.0.2, 10.3.5, 10.3.6, and 12.1.1 allows
remote attackers to affect integrity via unknown vectors related to
WebLogic Console, a different vulnerability than CVE-2013-2390.
|
CVE-2013-1503 |
Unspecified vulnerability in the Oracle WebCenter Content component in
Oracle Fusion Middleware 10.1.3.5.1 and 11.1.1.6.0 allows remote
authenticated users to affect integrity via unknown vectors related to
Content Server.
|
CVE-2013-1502 |
Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9
and earlier allows local users to affect availability via unknown
vectors related to Server Partition.
|
CVE-2013-1501 |
Unspecified vulnerability in the Oracle iStore component in Oracle
E-Business Suite 11.5.10.2 allows remote attackers to affect integrity
via unknown vectors related to Login.
|
CVE-2013-1500 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and
earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows local
users to affect confidentiality and integrity via unknown vectors
related to 2D. NOTE: the previous information is from the June 2013
CPU. Oracle has not commented on claims from another vendor that this
issue is related to weak permissions for shared memory.
|
CVE-2013-1499 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect availability via unknown vectors related to Network
Configuration.
|
CVE-2013-1498 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local
users to affect availability via unknown vectors related to Kernel/IO,
a different vulnerability than CVE-2013-1496.
|
CVE-2013-1497 |
Unspecified vulnerability in the Oracle COREid Access component in
Oracle Fusion Middleware 10.1.4.3.0 allows remote attackers to affect
integrity via unknown vectors related to WebGate - WebServer plugin.
|
CVE-2013-1496 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local
users to affect availability via unknown vectors related to Kernel/IO,
a different vulnerability than CVE-2013-1498.
|
CVE-2013-1494 |
Unspecified vulnerability in Oracle Sun Solaris 10, when running on
SPARC T4 servers, allows local users to affect availability via
unknown vectors related to Kernel.
|
CVE-2013-1489 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 10 and Update 11, when running on
Windows using Internet Explorer, Firefox, Opera, and Google Chrome,
allows remote attackers to bypass the "Very High" security level of
the Java Control Panel and execute unsigned Java code without
prompting the user via unknown vectors, aka "Issue 53" and the "Java
Security Slider" vulnerability.
|
CVE-2013-1487 |
Unspecified vulnerability in the Java Runtime Environment component in
Oracle Java SE 7 Update 13 and earlier and 6 Update 39 and earlier
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment.
|
CVE-2013-1485 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 13 and earlier allows remote
attackers to affect integrity via unknown vectors related to
Libraries.
|
CVE-2013-1484 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 13 and earlier allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Libraries.
|
CVE-2013-1483 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE
JavaFX 2.2.4 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than other CVEs listed in the February 2013
CPU.
|
CVE-2013-1482 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE
JavaFX 2.2.4 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than other CVEs listed in the February 2013
CPU.
|
CVE-2013-1481 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 6 through Update 38, 5.0 through Update
38, and 1.4.2_40 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors
related to Sound.
|
CVE-2013-1479 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11, 6 through Update 38,
and JavaFX 2.2.4 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors.
|
CVE-2013-1478 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11, 6 through Update 38,
5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7,
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to 2D. NOTE: the previous
information is from the February 2013 CPU. Oracle has not commented on
claims from another vendor that this issue is related to "insufficient
validation of raster parameters" that can trigger an integer overflow
and memory corruption.
|
CVE-2013-1477 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE
JavaFX 2.2.4 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than other CVEs listed in the February 2013
CPU.
|
CVE-2013-1474 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE
JavaFX 2.2.4 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than other CVEs listed in the February 2013
CPU.
|
CVE-2013-1473 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11 and 6 through Update
38 allows remote attackers to affect integrity via unknown vectors
related to Deployment.
|
CVE-2013-1472 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE
JavaFX 2.2.4 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than other CVEs listed in the February 2013
CPU.
|
CVE-2013-1441 |
econvert in ExactImage 0.8.9 and earlier does not properly initialize
the setjmp variable, which allows context-dependent users to cause a
denial of service (crash) via a crafted image file.
|
CVE-2013-1399 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1)
node request management, (2) live management, and (3) user
administration components in the console in Puppet Enterprise (PE)
before 2.7.1 allow remote attackers to hijack the authentication of
unspecified victims via unknown vectors.
|
CVE-2013-1389 |
Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11,
9.0.1 before Update 10, 9.0.2 before Update 5, and 10 before Update 10
allows remote attackers to execute arbitrary code via unknown vectors.
|
CVE-2013-1388 |
Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10,
9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9
allows attackers to obtain administrator-console access via unknown
vectors.
|
CVE-2013-1387 |
Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10,
9.0.1 before Update 9, 9.0.2 before Update 4, and 10 before Update 9
allows attackers to impersonate users via unknown vectors.
|
CVE-2013-1128 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the
server in Cisco Unified MeetingPlace before 7.1(2.2000) allow remote
attackers to hijack the authentication of unspecified victims via
unknown vectors, aka Bug ID CSCuc64903. NOTE: some of these details
are obtained from third party information.
|
CVE-2013-1120 |
Multiple cross-site request forgery (CSRF) vulnerabilities on the
Cisco Unity Express with software before 8.0 allow remote attackers to
hijack the authentication of unspecified victims via unknown vectors,
aka Bug ID CSCue35910.
|
CVE-2013-1083 |
Unspecified vulnerability in the login functionality in the Reporting
Module in Novell Identity Manager (aka IDM) Roles Based Provisioning
Module 4.0.2 before Field Patch C has unknown impact and attack
vectors.
|
CVE-2013-1051 |
apt 0.8.16, 0.9.7, and possibly other versions does not properly
handle InRelease files, which allows man-in-the-middle attackers to
modify packages before installation via unknown vectors, possibly
related to integrity checking and the use of third-party repositories.
|
CVE-2013-0940 |
The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and
8.x before 8.0.1.4 sets weak permissions for unspecified files, which
allows local users to gain privileges via unknown vectors.
|
CVE-2013-0920 |
Use-after-free vulnerability in the extension bookmarks API in Google
Chrome before 26.0.1410.43 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via unknown
vectors.
|
CVE-2013-0916 |
Use-after-free vulnerability in the Web Audio implementation in Google
Chrome before 26.0.1410.43 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via unknown
vectors.
|
CVE-2013-0906 |
The IndexedDB implementation in Google Chrome before 25.0.1364.152
allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown
vectors.
|
CVE-2013-0904 |
The Web Audio implementation in Google Chrome before 25.0.1364.152
allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown
vectors.
|
CVE-2013-0902 |
Use-after-free vulnerability in the frame-loader implementation in
Google Chrome before 25.0.1364.152 allows remote attackers to cause a
denial of service or possibly have unspecified other impact via
unknown vectors.
|
CVE-2013-0900 |
Race condition in the International Components for Unicode (ICU)
functionality in Google Chrome before 25.0.1364.97 on Windows and
Linux, and before 25.0.1364.99 on Mac OS X, allows remote attackers to
cause a denial of service or possibly have unspecified other impact
via unknown vectors.
|
CVE-2013-0896 |
Google Chrome before 25.0.1364.97 on Windows and Linux, and before
25.0.1364.99 on Mac OS X, does not properly manage memory during
message handling for plug-ins, which allows remote attackers to cause
a denial of service or possibly have unspecified other impact via
unknown vectors.
|
CVE-2013-0892 |
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome
before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on
Mac OS X, allow remote attackers to cause a denial of service or
possibly have other impact via unknown vectors.
|
CVE-2013-0890 |
Multiple unspecified vulnerabilities in the IPC layer in Google Chrome
before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on
Mac OS X, allow remote attackers to cause a denial of service (memory
corruption) or possibly have other impact via unknown vectors.
|
CVE-2013-0879 |
Google Chrome before 25.0.1364.97 on Windows and Linux, and before
25.0.1364.99 on Mac OS X, does not properly implement web audio nodes,
which allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown
vectors.
|
CVE-2013-0841 |
Array index error in the content-blocking functionality in Google
Chrome before 24.0.1312.56 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via unknown
vectors.
|
CVE-2013-0835 |
Unspecified vulnerability in the Geolocation implementation in Google
Chrome before 24.0.1312.52 allows remote attackers to cause a denial
of service (application crash) via unknown vectors.
|
CVE-2013-0830 |
The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a
NUL character required for termination of an unspecified data
structure, which has unknown impact and attack vectors.
|
CVE-2013-0828 |
The PDF functionality in Google Chrome before 24.0.1312.52 does not
properly perform a cast of an unspecified variable during processing
of the root of the structure tree, which allows remote attackers to
cause a denial of service or possibly have unknown other impact via a
crafted document.
|
CVE-2013-0809 |
Unspecified vulnerability in the 2D component in the Java Runtime
Environment (JRE) component in Oracle Java SE 7 Update 15 and earlier,
6 Update 41 and earlier, and 5.0 Update 40 and earlier allows remote
attackers to execute arbitrary code via unknown vectors, a different
vulnerability than CVE-2013-1493.
|
CVE-2013-0801 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 21.0, Firefox ESR 17.x before 17.0.6, Thunderbird
before 17.0.6, and Thunderbird ESR 17.x before 17.0.6 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
|
CVE-2013-0790 |
Unspecified vulnerability in the browser engine in Mozilla Firefox
before 20.0 on Android allows remote attackers to cause a denial of
service (stack memory corruption and application crash) or possibly
execute arbitrary code via unknown vectors involving a plug-in.
|
CVE-2013-0788 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 20.0, Firefox ESR 17.x before 17.0.5, Thunderbird
before 17.0.5, Thunderbird ESR 17.x before 17.0.5, and SeaMonkey
before 2.17 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2013-0784 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey before
2.16 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors.
|
CVE-2013-0783 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird
before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey
before 2.16 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2013-0770 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 18.0, Thunderbird before 17.0.2, and SeaMonkey before
2.15 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors.
|
CVE-2013-0769 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before
17.0.1, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12
and 17.x before 17.0.1, and SeaMonkey before 2.15 allow remote
attackers to cause a denial of service (memory corruption and
application crash) or possibly execute arbitrary code via unknown
vectors.
|
CVE-2013-0749 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 18.0, Firefox ESR 17.x before 17.0.1, Thunderbird
before 17.0.2, Thunderbird ESR 17.x before 17.0.1, and SeaMonkey
before 2.15 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2013-0685 |
Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal,
and 5.0- Portal does not restrict unspecified size and amount values,
which allows remote attackers to execute arbitrary code or cause a
denial of service (resource consumption) via unknown vectors.
|
CVE-2013-0627 |
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before
9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows local users
to gain privileges via unknown vectors.
|
CVE-2013-0600 |
Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance
devices 2.0 and 2.1 through 2.1 FP3 allows remote attackers to bypass
authentication and perform administrative actions via unknown vectors.
|
CVE-2013-0593 |
Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS
SamplePower 3.0 before 3.0-IM-S3SAMPC-WIN32-FP001 allows remote
attackers to execute arbitrary code via unknown vectors.
|
CVE-2013-0559 |
Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1
allows remote attackers to access tenant APIs, and consequently obtain
sensitive information or modify data, via unknown vectors.
|
CVE-2013-0490 |
Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2
on z/OS allows local users to gain privileges via unknown vectors.
|
CVE-2013-0485 |
Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before
SR13-FP1, 5.0 before SR16-FP1, and 1.4.2 before SR13-FP16 has unknown
impact and attack vectors related to Class Libraries.
|
CVE-2013-0472 |
The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3
before 6.3.1.0 and 6.4 before 6.4.0.1 allows man-in-the-middle
attackers to obtain unspecified client access, and consequently obtain
unspecified server access, via unknown vectors.
|
CVE-2013-0465 |
Unspecified vulnerability in the IBM WebSphere Cast Iron physical and
virtual appliance 6.0 and 6.1 before 6.1.0.15 and 6.3 before 6.3.0.1,
when LDAP authentication is enabled, allows remote attackers to obtain
sensitive information, modify data, or cause a denial of service via
unknown vectors.
|
CVE-2013-0462 |
Unspecified vulnerability in IBM WebSphere Application Server (WAS)
6.1, 7.0 before 7.0.0.27, 8.0, and 8.5 has unknown impact and attack
vectors.
|
CVE-2013-0449 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11 allows remote
attackers to affect confidentiality via unknown vectors related to
Deployment.
|
CVE-2013-0448 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11 allows remote
attackers to affect integrity via unknown vectors related to
Libraries.
|
CVE-2013-0447 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE
JavaFX 2.2.4 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than other CVEs listed in the February 2013
CPU.
|
CVE-2013-0446 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11 and 6 through Update
38 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than other CVEs listed in the February 2013 CPU.
|
CVE-2013-0444 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Beans. NOTE: the previous
information is from the February 2013 CPU. Oracle has not commented on
claims from another vendor that this issue is related to "insufficient
checks for cached results" by the Java Beans MethodFinder, which might
allow attackers to access methods that should only be accessible to
privileged code.
|
CVE-2013-0439 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE
JavaFX 2.2.4 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than other CVEs listed in the February 2013
CPU.
|
CVE-2013-0438 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11 and 6 through Update
38 allows remote attackers to affect confidentiality via unknown
vectors related to Deployment.
|
CVE-2013-0437 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11 and JavaFX 2.2.4 and
earlier allows remote attackers to affect confidentiality, integrity,
and availability via unknown vectors related to 2D.
|
CVE-2013-0436 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE
JavaFX 2.2.4 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than other CVEs listed in the February 2013
CPU.
|
CVE-2013-0433 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11, 6 through Update 38,
and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote
attackers to affect integrity via unknown vectors related to
Networking. NOTE: the previous information is from the February 2013
CPU. Oracle has not commented on claims from another vendor that this
issue allows remote attackers to avoid triggering an exception during
the deserialization of invalid InetSocketAddress data.
|
CVE-2013-0430 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11 and 6 through Update
38, allows local users to affect confidentiality, integrity, and
availability via unknown vectors related to the installation process
of the client.
|
CVE-2013-0428 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11, 6 through Update 38,
5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7,
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Libraries, a different
vulnerability than CVE-2013-0425 and CVE-2013-0426. NOTE: the
previous information is from the February 2013 CPU. Oracle has not
commented on claims from another vendor that this issue is related to
"incorrect checks for proxy classes" in the Reflection API.
|
CVE-2013-0427 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11, 6 through Update 38,
and 5.0 through Update 38, and OpenJDK 6 and 7, allows remote
attackers to affect integrity via unknown vectors related to
Libraries. NOTE: the previous information is from the February 2013
CPU. Oracle has not commented on claims from another vendor that this
issue allows remote attackers to interrupt certain threads that should
not be interrupted.
|
CVE-2013-0426 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11, 6 through Update 38,
5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7,
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Libraries, a different
vulnerability than CVE-2013-0425 and CVE-2013-0428. NOTE: the
previous information is from the February 2013 CPU. Oracle has not
commented on claims from another vendor that this issue is related to
incorrect "access control checks" in the logging API that allow remote
attackers to bypass Java sandbox restrictions.
|
CVE-2013-0425 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11, 6 through Update 38,
5.0 through Update 38, and 1.4.2_40 and earlier, and OpenJDK 6 and 7,
allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Libraries, a different
vulnerability than CVE-2013-0428 and CVE-2013-0426. NOTE: the
previous information is from the February 2013 CPU. Oracle has not
commented on claims from another vendor that this issue is related to
incorrect "access control checks" in the logging API that allow remote
attackers to bypass Java sandbox restrictions.
|
CVE-2013-0423 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11 and 6 through Update
38 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than other CVEs listed in the February 2013 CPU.
|
CVE-2013-0420 |
Unspecified vulnerability in the VirtualBox component in Oracle
Virtualization 4.0, 4.1, and 4.2 allows local users to affect
integrity and availability via unknown vectors related to Core. NOTE:
The previous information was obtained from the January 2013 Oracle
CPU. Oracle has not commented on claims from another vendor that this
issue is related to an incorrect comparison in the vga_draw_text
function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to
"draw more lines than necessary."
|
CVE-2013-0419 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11 and 6 through Update
38 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than other CVEs listed in the February 2013 CPU.
|
CVE-2013-0418 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.7 and 8.4 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2013-0393. NOTE: the previous information was obtained from the
January 2013 CPU. Oracle has not commented on claims from an
independent researcher that this is a heap-based buffer overflow in
the Paradox database stream filter (vspdx.dll) that can be triggered
using a table header with a crafted "number of fields" value.
|
CVE-2013-0416 |
Unspecified vulnerability in the Siebel Enterprise Application
Integration component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows
remote authenticated users to affect confidentiality via unknown
vectors related to Web Services, a different vulnerability than
CVE-2013-2403.
|
CVE-2013-0415 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users
to affect confidentiality, integrity, and availability via unknown
vectors related to the Bind/Postinstall script for Bind package.
|
CVE-2013-0414 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect integrity and availability via unknown vectors related to
Utility/ksh93.
|
CVE-2013-0413 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Remote Execution Service.
|
CVE-2013-0412 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11
allows local users to affect integrity and availability via unknown
vectors related to Utility/pax.
|
CVE-2013-0410 |
Unspecified vulnerability in the Agile EDM component in Oracle Supply
Chain Products Suite 6.1.1.0, 6.1.2.0, and 6.1.2.2 allows remote
attackers to affect confidentiality via unknown vectors related to
Base Component - Common Objects.
|
CVE-2013-0407 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local
users to affect availability via unknown vectors related to
Kernel/DTrace Framework.
|
CVE-2013-0406 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote
attackers to affect integrity via unknown vectors via vectors related
to Kernel/IPsec.
|
CVE-2013-0404 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users
to affect confidentiality, integrity, and availability via unknown
vectors related to Kernel/Boot.
|
CVE-2013-0403 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11
allows local users to affect availability via unknown vectors related
to Utility.
|
CVE-2013-0400 |
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Filesystem/cachefs.
|
CVE-2013-0399 |
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Utility/Umount.
|
CVE-2013-0398 |
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows
remote attackers to affect confidentiality via unknown vectors related
to Utility/Remote Execution Server (in.rexecd).
|
CVE-2013-0397 |
Unspecified vulnerability in the Oracle Applications Framework
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3
allows remote attackers to affect confidentiality and integrity via
unknown vectors related to Diagnostics.
|
CVE-2013-0396 |
Unspecified vulnerability in the Application Performance Management
(APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1,
and 12.1.0.2 allows remote attackers to affect integrity via unknown
vectors related to Business Transaction Management, a different
vulnerability than CVE-2013-0360.
|
CVE-2013-0395 |
Unspecified vulnerability in the PeopleSoft PeopleTools component in
Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated
users to affect integrity via unknown vectors related to Security.
|
CVE-2013-0394 |
Unspecified vulnerability in the PeopleSoft HRMS component in Oracle
PeopleSoft Products 9.0 and 9.1 allows remote attackers to affect
confidentiality via unknown vectors related to Candidate Gateway.
|
CVE-2013-0393 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.7 and 8.4 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2013-0418.
|
CVE-2013-0392 |
Unspecified vulnerability in the PeopleSoft PeopleTools component in
Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to
affect integrity via unknown vectors related to Portal, a different
vulnerability than CVE-2012-5059.
|
CVE-2013-0391 |
Unspecified vulnerability in the PeopleSoft PeopleTools component in
Oracle PeopleSoft Products 8.52 allows remote authenticated users to
affect confidentiality and integrity via unknown vectors related to
Security.
|
CVE-2013-0390 |
Unspecified vulnerability in the Oracle Applications Framework
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3
allows remote authenticated users to affect integrity via unknown
vectors related to Bookmarkable Pages.
|
CVE-2013-0389 |
Unspecified vulnerability in the Server component in Oracle MySQL
5.1.66 and earlier, and 5.5.28 and earlier, allows remote
authenticated users to affect availability via unknown vectors related
to Server Optimizer.
|
CVE-2013-0388 |
Unspecified vulnerability in the PeopleSoft HRMS component in Oracle
PeopleSoft Products 9.1 allows remote attackers to affect integrity
via unknown vectors related to Mobile Company Directory.
|
CVE-2013-0387 |
Unspecified vulnerability in the PeopleSoft PeopleTools component in
Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated
users to affect confidentiality and integrity via unknown vectors
related to PeopleCode.
|
CVE-2013-0386 |
Unspecified vulnerability in the Server component in Oracle MySQL
5.5.28 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Stored Procedure.
|
CVE-2013-0385 |
Unspecified vulnerability in the Server component in Oracle MySQL
5.1.66 and earlier, and 5.5.28 and earlier, allows local users to
affect confidentiality and integrity via unknown vectors related to
Server Replication.
|
CVE-2013-0384 |
Unspecified vulnerability in the Server component in Oracle MySQL
5.1.66 and earlier, and 5.5.28 and earlier, allows remote
authenticated users to affect availability via unknown vectors related
to Information Schema.
|
CVE-2013-0383 |
Unspecified vulnerability in the Server component in Oracle MySQL
5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to
affect availability via unknown vectors related to Server Locking.
|
CVE-2013-0382 |
Unspecified vulnerability in the Oracle Marketing component in Oracle
E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows
remote attackers to affect confidentiality and integrity via unknown
vectors related to Campaign Management.
|
CVE-2013-0381 |
Unspecified vulnerability in the Oracle CRM Technical Foundation
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3
allows remote attackers to affect confidentiality and integrity via
unknown vectors related to Application Framework.
|
CVE-2013-0380 |
Unspecified vulnerability in the Oracle Payroll component in Oracle
E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows
remote attackers to affect integrity via unknown vectors related to
View Payslip.
|
CVE-2013-0379 |
Unspecified vulnerability in the Siebel CRM component in Oracle Siebel
CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via
unknown vectors related to Siebel Calendar, a different vulnerability
than CVE-2013-0378.
|
CVE-2013-0378 |
Unspecified vulnerability in the Siebel CRM component in Oracle Siebel
CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via
unknown vectors related to Siebel Calendar, a different vulnerability
than CVE-2013-0379.
|
CVE-2013-0377 |
Unspecified vulnerability in the Oracle Applications Technology Stack
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3
allows remote attackers to affect integrity via unknown vectors
related to Client System Analyzer.
|
CVE-2013-0376 |
Unspecified vulnerability in the Oracle Applications Framework
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3
allows remote attackers to affect integrity via unknown vectors
related to Diagnostics.
|
CVE-2013-0375 |
Unspecified vulnerability in the Server component in Oracle MySQL
5.1.66 and earlier, and 5.1.28 and earlier, allows remote
authenticated users to affect confidentiality and integrity via
unknown vectors related to Server Replication.
|
CVE-2013-0374 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control EM Base Platform
10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5,
11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1, and
12.1.0.2 allows remote attackers to affect integrity via unknown
vectors related to Database Cloning.
|
CVE-2013-0373 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control EM Base Platform
10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5,
11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1, and
12.1.0.2 allows remote attackers to affect integrity via unknown
vectors related to Distributed/Cross DB Features.
|
CVE-2013-0372 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control EM Base Platform
11.1.0.1 and 12.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3;
and EM Plugin for DB 12.1.0.2 allows remote attackers to affect
integrity via unknown vectors related to Distributed/Cross DB
Features.
|
CVE-2013-0370 |
Unspecified vulnerability in the Oracle Agile PLM Framework component
in Oracle Supply Chain Products Suite 9.3.1.1 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Security.
|
CVE-2013-0369 |
Unspecified vulnerability in the PeopleSoft PeopleTools component in
Oracle PeopleSoft Products 8.51 and 8.52 allows remote authenticated
users to affect confidentiality and integrity via unknown vectors
related to Query.
|
CVE-2013-0368 |
Unspecified vulnerability in the Server component in Oracle MySQL
5.5.28 and earlier allows remote authenticated users to affect
availability via unknown vectors related to InnoDB.
|
CVE-2013-0367 |
Unspecified vulnerability in the Server component in Oracle MySQL
5.5.28 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Server Partition.
|
CVE-2013-0366 |
Unspecified vulnerability in the Mobile Server component in Oracle
Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3
and 11.1.0.0 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors, a different
vulnerability than CVE-2013-0361.
|
CVE-2013-0365 |
Unspecified vulnerability in the Siebel CRM component in Oracle Siebel
CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect
confidentiality via unknown vectors related to Security.
|
CVE-2013-0364 |
Unspecified vulnerability in the Mobile Server component in Oracle
Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3
and 11.1.0.0 allows remote attackers to affect confidentiality via
unknown vectors, a different vulnerability than CVE-2013-0362 and
CVE-2013-0363.
|
CVE-2013-0363 |
Unspecified vulnerability in the Mobile Server component in Oracle
Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3
and 11.1.0.0 allows remote attackers to affect confidentiality via
unknown vectors, a different vulnerability than CVE-2013-0362 and
CVE-2013-0364.
|
CVE-2013-0362 |
Unspecified vulnerability in the Mobile Server component in Oracle
Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3
and 11.1.0.0 allows remote attackers to affect confidentiality via
unknown vectors, a different vulnerability than CVE-2013-0363 and
CVE-2013-0364.
|
CVE-2013-0361 |
Unspecified vulnerability in the Mobile Server component in Oracle
Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3
and 11.1.0.0 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors, a different
vulnerability than CVE-2013-0366.
|
CVE-2013-0360 |
Unspecified vulnerability in the Application Performance Management
(APM) component in Oracle Enterprise Manager Grid Control 6.5, 11.1,
and 12.1.0.2 allows remote attackers to affect integrity via unknown
vectors related to Business Transaction Management, a different
vulnerability than CVE-2013-0396.
|
CVE-2013-0359 |
Unspecified vulnerability in the APM - Application Performance
Management component in Oracle Enterprise Manager Grid Control 6.5,
11.1, and 12.1.0.2 allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Business
Transaction Management.
|
CVE-2013-0358 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control EM Base Platform
10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5,
11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and
12.1.0.2 allows remote attackers to affect integrity via unknown
vectors related to Resource Manager.
|
CVE-2013-0355 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control EM Base Platform
10.2.0.5 and 11.1.0.1, and EM DB Control 11.1.0.7, 11.2.0.2, and
11.2.0.3, allows remote attackers to affect integrity via unknown
vectors related to Distributed/Cross DB Features.
|
CVE-2013-0354 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control EM Base Platform
10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, allows
remote attackers to affect integrity via unknown vectors related to
Policy Framework.
|
CVE-2013-0353 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control EM Base Platform
10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3;
and EM Plugin for DB 12.1.0.1 allows remote attackers to affect
integrity via unknown vectors related to Enterprise Configuration
Management.
|
CVE-2013-0352 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control EM Base Platform
10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5,
11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and
12.1.0.2 allows remote attackers to affect integrity via unknown
vectors related to Content Management.
|
CVE-2013-0351 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11 and 6 through Update
38 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than other CVEs listed in the February 2013 CPU.
|
CVE-2013-0330 |
Unspecified vulnerability in Jenkins before 1.502 and LTS before
1.480.3 allows remote authenticated users with write access to build
arbitrary jobs via unknown attack vectors.
|
CVE-2013-0329 |
Unspecified vulnerability in Jenkins before 1.502 and LTS before
1.480.3 allows remote attackers to bypass the CSRF protection
mechanism via unknown attack vectors.
|
CVE-2013-0327 |
Cross-site request forgery (CSRF) vulnerability in Jenkins master in
Jenkins before 1.502 and LTS before 1.480.3 allows remote attackers to
hijack the authentication of users via unknown vectors.
|
CVE-2013-0303 |
Unspecified vulnerability in core/ajax/translations.php in ownCloud
before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users
to execute arbitrary PHP code via unknown vectors. NOTE: this entry
has been SPLIT due to different affected versions. The
core/settings.php issue is covered by CVE-2013-7344.
|
CVE-2013-0260 |
Unspecified vulnerability in the Drush Debian Packaging module for
Drupal allows local users to obtain database credentials via unknown
vectors.
|
CVE-2013-0233 |
Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5,
and 1.5.x before 1.5.4 for Ruby, when using certain databases, does
not properly perform type conversion when performing database queries,
which might allow remote attackers to cause incorrect results to be
returned and bypass security checks via unknown vectors, as
demonstrated by resetting passwords of arbitrary accounts.
|
CVE-2013-0207 |
Cross-site request forgery (CSRF) vulnerability in the Mark Complete
module 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to
hijack the authentication of unspecified victims via unknown vectors.
|
CVE-2013-0205 |
Cross-site request forgery (CSRF) vulnerability in the RESTful Web
Services (restws) module 7.x-1.x before 7.x-1.2 and 7.x-2.x before
7.x-2.0-alpha4 for Drupal allows remote attackers to hijack the
authentication of arbitrary users via unknown vectors.
|
CVE-2013-0184 |
Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x
before 1.1.5, 1.2.x before 1.2.7, 1.3.x before 1.3.9, and 1.4.x before
1.4.4 allows remote attackers to cause a denial of service via unknown
vectors related to "symbolized arbitrary strings."
|
CVE-2013-0158 |
Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before
1.480.2, and Jenkins Enterprise 1.447.x before 1.447.6.1 and 1.466.x
before 1.466.12.1, when a slave is attached and anonymous read access
is enabled, allows remote attackers to obtain the master cryptographic
key via unknown vectors.
|
CVE-2012-6665 |
Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4
allows remote attackers to read arbitrary files via a .. (dot dot) in
the file parameter, a different vulnerability than CVE-2012-1669.
NOTE: the provenance of this information is unknown; the details are
obtained solely from third party information. NOTE: this issue might
have been fixed in 1.0.3.
|
CVE-2012-6642 |
Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows
remote attackers to inject arbitrary web script or HTML via the type
parameter to view_channel.php. NOTE: the provenance of this
information is unknown; the details are obtained solely from third
party information.
|
CVE-2012-6629 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the
Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote
attackers to hijack the authentication of administrators for requests
that (1) change an email address or (2) conduct script insertion
attacks. NOTE: the provenance of this information is unknown; the
details are obtained solely from third party information.
|
CVE-2012-6552 |
Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before
2.1.935 has unknown impact and attack vectors.
|
CVE-2012-6503 |
Unspecified vulnerability in the NinjaXplorer component before 1.0.7
for Joomla! has unknown impact and attack vectors.
|
CVE-2012-6395 |
Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do
not properly validate unspecified input related to UNC share
pathnames, which allows remote authenticated users to cause a denial
of service (device crash) via unknown vectors, aka Bug ID CSCuc65775.
|
CVE-2012-6299 |
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16,
r12.5 before SP15, and r12.6 GA allows remote attackers to bypass
intended access restrictions via unknown vectors.
|
CVE-2012-6298 |
Unspecified vulnerability in CA IdentityMinder r12.0 through CR16,
r12.5 before SP15, and r12.6 GA allows remote attackers to execute
arbitrary commands or modify data via unknown vectors.
|
CVE-2012-6037 |
Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x
before 1.4.5 and 1.5.x before 1.5.4, and other versions including 1.2,
allow remote attackers to inject arbitrary web script or HTML via a
CSV header with "unknown fields," which are not properly handled in
error messages in the (1) bulk user, (2) group, and (3) group member
upload capabilities. NOTE: this issue was originally part of
CVE-2012-2243, but that ID was SPLIT due to different issues by
different researchers.
|
CVE-2012-5955 |
Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM
WebSphere Application Server (WAS) for z/OS allows remote attackers to
execute arbitrary commands via unknown vectors.
|
CVE-2012-5954 |
Unspecified vulnerability in IBM Tivoli Storage Manager for Space
Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0
allows remote attackers to read or modify HSM-managed file system
objects via unknown vectors.
|
CVE-2012-5937 |
Unspecified vulnerability in the CLA2 server in IBM Gentran
Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling
B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through
2.2 and other products, allows remote attackers to execute arbitrary
commands via unknown vectors.
|
CVE-2012-5895 |
Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown
impact and attack vectors.
|
CVE-2012-5843 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey before
2.14 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors.
|
CVE-2012-5842 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 17.0, Firefox ESR 10.x before 10.0.11, Thunderbird
before 17.0, Thunderbird ESR 10.x before 10.0.11, and SeaMonkey before
2.14 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors.
|
CVE-2012-5763 |
Cross-site request forgery (CSRF) vulnerability in the WebAdmin
application 6.0.5, 6.0.8, and 7.0 before P2 in IBM Netezza allows
remote attackers to hijack the authentication of unspecified victims
via unknown vectors.
|
CVE-2012-5758 |
The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and
2.1.0.0 through 2.1.0.2 does not require authentication for an
unspecified interface, which allows remote attackers to cause a denial
of service (process exit) via unknown vectors.
|
CVE-2012-5692 |
Unspecified vulnerability in admin/sources/base/core.php in Invision
Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown
impact and remote attack vectors.
|
CVE-2012-5674 |
Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when
Internet Information Services (IIS) is used, allows attackers to cause
a denial of service via unknown vectors.
|
CVE-2012-5673 |
Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and
11.x before 11.4.402.287 on Windows and Mac OS X, before 10.3.183.29
and 11.x before 11.2.202.243 on Linux, before 11.1.111.19 on Android
2.x and 3.x, and before 11.1.115.20 on Android 4.x; Adobe AIR before
3.4.0.2710; and Adobe AIR SDK before 3.4.0.2710 has unknown impact and
attack vectors.
|
CVE-2012-5556 |
Multiple cross-site request forgery (CSRF) vulnerabilities in the
RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.1 and
7.x-2.x before 7.x-2.0-alpha3 for Drupal allow remote attackers to
hijack the authentication of arbitrary users via unknown vectors.
|
CVE-2012-5549 |
Cross-site request forgery (CSRF) vulnerability in the Time Spent
module 6.x and 7.x for Drupal allows remote attackers to hijack the
authentication of unspecified victims via unknown vectors.
|
CVE-2012-5422 |
Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400
devices allows remote authenticated users to cause a denial of service
(spurious errors) via unknown vectors, aka Bug ID CSCub61009.
|
CVE-2012-5386 |
Directory traversal vulnerability in index.php in phpPaleo 4.8b180
allows remote attackers to include and execute arbitrary local files
via a .. (dot dot) in the phppaleo4_lang cookie, a different
vulnerability than CVE-2012-1671. NOTE: the provenance of this
information is unknown; the details are obtained solely from third
party information.
|
CVE-2012-5230 |
Unspecified vulnerability in the JE Story Submit (com_jesubmit)
component before 1.9 for Joomla! has unknown impact and attack
vectors.
|
CVE-2012-5221 |
Directory traversal vulnerability in the PostScript Interpreter, as
used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx,
P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3xxx,
47xx, 5550, 9500, CM60xx, CP35xx, CP4005, and CP6015; Color LaserJet
Enterprise CP4xxx; and 9250c Digital Sender with model-dependent
firmware through 52.x allows remote attackers to read arbitrary files
via unknown vectors.
|
CVE-2012-5220 |
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21,
7.00, and 7.01 allows local users to gain privileges via unknown
vectors.
|
CVE-2012-5216 |
Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8
(aka J9079A) switches with software before VA.02.09 and 1700-24 (aka
J9080A) switches with software before VB.02.09 allows remote attackers
to hijack the authentication of unspecified victims via unknown
vectors.
|
CVE-2012-5215 |
Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf,
M1214nfh, M1216nfh, M1217nfw, and M1219nf, and HotSpot LaserJet Pro
M1218nfs, with firmware before 20130211; LaserJet Pro CP1025nw with
firmware before 20130212; and LaserJet Pro P1102w and P1606dn with
firmware before 20130213 allows remote attackers to modify data or
cause a denial of service via unknown vectors.
|
CVE-2012-5214 |
Unspecified vulnerability in HP ServiceCenter 6.2.8 before 6.2.8.10
allows remote attackers to obtain sensitive information, modify data,
or cause a denial of service via unknown vectors.
|
CVE-2012-5213 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and Intelligent Management Center for Automated Network Manager (ANM)
before 5.2 E0401 allows remote attackers to obtain sensitive
information via unknown vectors, aka ZDI-CAN-1662.
|
CVE-2012-5212 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and Intelligent Management Center for Automated Network Manager (ANM)
before 5.2 E0401 allows remote attackers to obtain sensitive
information, modify data, or cause a denial of service via unknown
vectors, aka ZDI-CAN-1663.
|
CVE-2012-5211 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
User Access Manager (UAM) before 5.2 E0402 allows remote attackers to
obtain sensitive information, modify data, or cause a denial of
service via unknown vectors, aka ZDI-CAN-1643.
|
CVE-2012-5210 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
TACACS+ Authentication Manager (TAM) before 5.2 E0401 allows remote
attackers to obtain sensitive information, modify data, or cause a
denial of service via unknown vectors, aka ZDI-CAN-1646.
|
CVE-2012-5209 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and Intelligent Management Center for Automated Network Manager (ANM)
before 5.2 E0401 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1659.
|
CVE-2012-5208 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and Intelligent Management Center for Automated Network Manager (ANM)
before 5.2 E0401 allows remote attackers to obtain sensitive
information, modify data, or cause a denial of service via unknown
vectors, aka ZDI-CAN-1615.
|
CVE-2012-5207 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and Intelligent Management Center for Automated Network Manager (ANM)
before 5.2 E0401 allows remote attackers to obtain sensitive
information, modify data, or cause a denial of service via unknown
vectors, aka ZDI-CAN-1661.
|
CVE-2012-5206 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and Intelligent Management Center for Automated Network Manager (ANM)
before 5.2 E0401 allows remote attackers to obtain sensitive
information, modify data, or cause a denial of service via unknown
vectors, aka ZDI-CAN-1660.
|
CVE-2012-5205 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and Intelligent Management Center for Automated Network Manager (ANM)
before 5.2 E0401 allows remote attackers to obtain sensitive
information, modify data, or cause a denial of service via unknown
vectors, aka ZDI-CAN-1650.
|
CVE-2012-5204 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and Intelligent Management Center for Automated Network Manager (ANM)
before 5.2 E0401 allows remote attackers to obtain sensitive
information, modify data, or cause a denial of service via unknown
vectors, aka ZDI-CAN-1614.
|
CVE-2012-5203 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and Intelligent Management Center for Automated Network Manager (ANM)
before 5.2 E0401 allows remote attackers to obtain sensitive
information, modify data, or cause a denial of service via unknown
vectors, aka ZDI-CAN-1613.
|
CVE-2012-5202 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and Intelligent Management Center for Automated Network Manager (ANM)
before 5.2 E0401 allows remote attackers to obtain sensitive
information, modify data, or cause a denial of service via unknown
vectors, aka ZDI-CAN-1612.
|
CVE-2012-5201 |
Unspecified vulnerability in HP Intelligent Management Center (iMC)
and Intelligent Management Center for Automated Network Manager (ANM)
before 5.2 E0401 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1611.
|
CVE-2012-5199 |
Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and
earlier and ArcSight Logger 5.2 and earlier allows remote
authenticated users to execute arbitrary code via unknown vectors.
|
CVE-2012-5198 |
Unspecified vulnerability in HP ArcSight Connector Appliance before
6.3 and ArcSight Logger 5.2 and earlier allows remote attackers to
obtain sensitive information via unknown vectors.
|
CVE-2012-5197 |
Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and
7.8.x before 7.8.4 have unknown impact and attack vectors related to
"error checking of system calls."
|
CVE-2012-5196 |
Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x
before 7.8.4 have unknown impact and attack vectors.
|
CVE-2012-5149 |
Integer overflow in the audio IPC layer in Google Chrome before
24.0.1312.52 allows remote attackers to cause a denial of service or
possibly have unspecified other impact via unknown vectors.
|
CVE-2012-5136 |
Google Chrome before 23.0.1271.91 does not properly perform a cast of
an unspecified variable during handling of the INPUT element, which
allows remote attackers to cause a denial of service or possibly have
unknown other impact via a crafted HTML document.
|
CVE-2012-5131 |
Google Chrome before 23.0.1271.91 on Mac OS X does not properly
mitigate improper rendering behavior in the Intel GPU driver, which
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.
|
CVE-2012-5129 |
Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS
before 23.0.1271.94 allows remote attackers to cause a denial of
service (GPU process crash) or possibly have unspecified other impact
via unknown vectors.
|
CVE-2012-5128 |
Google V8 before 3.13.7.5, as used in Google Chrome before
23.0.1271.64, does not properly perform write operations, which allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.
|
CVE-2012-5124 |
Google Chrome before 23.0.1271.64 does not properly handle textures,
which allows remote attackers to cause a denial of service (memory
corruption) or possibly have unspecified other impact via unknown
vectors.
|
CVE-2012-5122 |
Google Chrome before 23.0.1271.64 does not properly perform a cast of
an unspecified variable during handling of input, which allows remote
attackers to cause a denial of service or possibly have other impact
via unknown vectors.
|
CVE-2012-5118 |
Google Chrome before 23.0.1271.64 on Mac OS X does not properly
validate an integer value during the handling of GPU command buffers,
which allows remote attackers to cause a denial of service or possibly
have unspecified other impact via unknown vectors.
|
CVE-2012-5115 |
Google Chrome before 23.0.1271.64 on Mac OS X does not properly
mitigate improper write behavior in graphics drivers, which allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors that trigger "wild
writes."
|
CVE-2012-5096 |
Unspecified vulnerability in the Server component in Oracle MySQL
5.5.28 and earlier allows remote authenticated users with Server
Privileges to affect availability via unknown vectors.
|
CVE-2012-5095 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users
to affect confidentiality, integrity, and availability via unknown
vectors related to inetd.
|
CVE-2012-5094 |
Unspecified vulnerability in the Oracle Agile PLM for Process
component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0
allows remote attackers to affect confidentiality via unknown vectors
related to User Group Management.
|
CVE-2012-5093 |
Unspecified vulnerability in the Oracle Agile PLM for Process
component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0
allows remote attackers to affect integrity via unknown vectors
related to Global Spec Management.
|
CVE-2012-5092 |
Unspecified vulnerability in the Oracle Agile PLM for Process
component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0
allows remote authenticated users to affect confidentiality and
integrity via unknown vectors related to Supply Chain Relationship
Management.
|
CVE-2012-5091 |
Unspecified vulnerability in the Oracle Agile Product Supplier
Collaboration for Process component in Oracle Supply Chain Products
Suite 5.2.2 and 6.1.0.0 allows remote attackers to affect
confidentiality via unknown vectors related to Supplier Portal.
|
CVE-2012-5090 |
Unspecified vulnerability in the Oracle Agile PLM for Process
component in Oracle Supply Chain Products Suite 5.2.2 and 6.1.0.0
allows remote authenticated users to affect confidentiality via
unknown vectors related to Document Reference Library.
|
CVE-2012-5088 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Libraries.
|
CVE-2012-5087 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Beans.
|
CVE-2012-5086 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35
and earlier, allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Beans.
|
CVE-2012-5085 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and
earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows
remote authenticated users to have an unspecified impact via unknown
vectors related to Networking. NOTE: the Oracle CPU states that this
issue has a 0.0 CVSS score. If so, then this is not a vulnerability
and this issue should not be included in CVE.
|
CVE-2012-5084 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and
earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Swing.
|
CVE-2012-5083 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and
earlier, 5.0 Update 36 and earlier, 1.4.2_38 and earlier, and JavaFX
2.2 and earlier allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to 2D.
|
CVE-2012-5082 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE
JavaFX 2.2 and earlier allows remote attackers to affect availability
via unknown vectors.
|
CVE-2012-5080 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE
JavaFX 2.2 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than CVE-2012-5078.
|
CVE-2012-5079 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and
earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows
remote attackers to affect integrity via unknown vectors related to
Libraries, a different vulnerability than CVE-2012-5073.
|
CVE-2012-5078 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE
JavaFX 2.2 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than CVE-2012-5080.
|
CVE-2012-5077 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and
earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows
remote attackers to affect confidentiality via unknown vectors related
to Security.
|
CVE-2012-5073 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and
earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows
remote attackers to affect integrity via unknown vectors related to
Libraries, a different vulnerability than CVE-2012-5079.
|
CVE-2012-5072 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35
and earlier, allows remote attackers to affect confidentiality via
unknown vectors related to Security.
|
CVE-2012-5069 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and
earlier, and 5.0 Update 36 and earlier allows remote attackers to
affect confidentiality and integrity via unknown vectors related to
Concurrency.
|
CVE-2012-5068 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35
and earlier, allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Libraries.
|
CVE-2012-5067 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier allows remote
attackers to affect confidentiality via unknown vectors related to
Deployment.
|
CVE-2012-5066 |
Unspecified vulnerability in the Oracle Central Designer component in
Oracle Industry Applications 1.3, 1.4, and 1.4.2 allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors.
|
CVE-2012-5065 |
Unspecified vulnerability in the Oracle WebCenter Sites component in
Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5,
7.6.1, 7.6.2, and 11.1.1.6.0 allows local users to affect integrity
via unknown vectors related to ImagePicker.
|
CVE-2012-5062 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control EM Base Platform
10.2.0.5 and EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7,
11.2.0.2, and 11.2.0.3 allows remote attackers to affect integrity via
unknown vectors related to User Interface Framework.
|
CVE-2012-5059 |
Unspecified vulnerability in the PeopleSoft PeopleTools component in
Oracle PeopleSoft Products 8.51 and 8.52 allows remote attackers to
affect integrity via unknown vectors related to Portal, a different
vulnerability than CVE-2013-0392.
|
CVE-2012-5058 |
Unspecified vulnerability in the Oracle iStore component in Oracle
E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows
remote attackers to affect integrity via unknown vectors related to
the Web interface.
|
CVE-2012-4930 |
The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google
Chrome, and other products, can perform TLS encryption of compressed
data without properly obfuscating the length of the unencrypted data,
which allows man-in-the-middle attackers to obtain plaintext HTTP
headers by observing length differences during a series of guesses in
which a string in an HTTP request potentially matches an unknown
string in an HTTP header, aka a "CRIME" attack.
|
CVE-2012-4929 |
The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google
Chrome, Qt, and other products, can encrypt compressed data without
properly obfuscating the length of the unencrypted data, which allows
man-in-the-middle attackers to obtain plaintext HTTP headers by
observing length differences during a series of guesses in which a
string in an HTTP request potentially matches an unknown string in an
HTTP header, aka a "CRIME" attack.
|
CVE-2012-4925 |
Multiple SQL injection vulnerabilities in approve.php in Img Pals
Photo Host 1.0 allow remote attackers to execute arbitrary SQL
commands via the u parameter in a (1) app0 or (2) app1 action. NOTE:
the provenance of this information is unknown; the details are
obtained solely from third party information.
|
CVE-2012-4892 |
Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS
2012-03.08 and earlier allow remote attackers to inject arbitrary web
script or HTML via the (1) title_en, (2) summary_en, or (3) body_en
parameter in a submitnews action to the news module, a different
vulnerability than CVE-2012-4890. NOTE: the provenance of this
information is unknown; the details are obtained solely from third
party information.
|
CVE-2012-4891 |
Cross-site scripting (XSS) vulnerability in fw/index2.do in
ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject
arbitrary web script or HTML via the url parameter, a different vector
than CVE-2012-4889. NOTE: the provenance of this information is
unknown; the details are obtained solely from third party information.
|
CVE-2012-4883 |
Multiple untrusted search path vulnerabilities in 3DVIA Composer
V6R2012 HF1 Build 6.8.1.1652 allow local users to gain privileges via
a Trojan horse (1) dwmapi.dll or (2) ibfs32.dll file in the current
working directory, as demonstrated by a directory that contains a .smg
file. NOTE: the provenance of this information is unknown; the details
are obtained solely from third party information.
|
CVE-2012-4882 |
Multiple untrusted search path vulnerabilities in 3D XML Player
6.212.13.12076 allow local users to gain privileges via a Trojan horse
(1) dwmapi.dll or (2) JT0DevPhase.dll file in the current working
directory, as demonstrated by a directory that contains a .3dx file.
NOTE: the provenance of this information is unknown; the details are
obtained solely from third party information.
|
CVE-2012-4881 |
Untrusted search path vulnerability in moviEZ HD 1.0 Build
2554-29894-A allows local users to gain privileges via a Trojan horse
avrt.dll file in the current working directory, as demonstrated by a
directory that contains a .mvz file. NOTE: the provenance of this
information is unknown; the details are obtained solely from third
party information.
|
CVE-2012-4880 |
Multiple untrusted search path vulnerabilities in DVD Architect Pro
5.2 Build 133 and DVD Architect Studio 5.0 Build 156 allow local users
to gain privileges via a Trojan horse (1) enc_mp2v.200 or (2)
CFHDDecoder.dll file in the current working directory, as demonstrated
by a directory that contains a .dar file. NOTE: the provenance of this
information is unknown; the details are obtained solely from third
party information.
|
CVE-2012-4874 |
Unspecified vulnerability in the Another WordPress Classifieds Plugin
before 2.0 for WordPress has unknown impact and attack vectors related
to "image uploads."
|
CVE-2012-4859 |
Unspecified vulnerability in IBM Tivoli Storage Manager for Space
Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0
allows local users to read or modify file system objects via unknown
vectors.
|
CVE-2012-4855 |
Unspecified vulnerability in the web services framework in IBM
WebSphere Commerce 6.0 through 6.0.0.11 and 7.0 through 7.0.0.6 allows
remote attackers to cause a denial of service (login outage) via
unknown vectors.
|
CVE-2012-4841 |
Unspecified vulnerability in Tivoli Endpoint Manager for Remote
Control Broker 8.2 before 8.2.1-TIV-TEMRC821-IF0002 allows remote
attackers to cause a denial of service (resource consumption) via
unknown vectors.
|
CVE-2012-4830 |
Unspecified vulnerability in IBM WebSphere Commerce 6.0 through
6.0.0.11 and 7.0 through 7.0.0.6 allows remote attackers to obtain
users' personal data via unknown vectors.
|
CVE-2012-4758 |
Multiple untrusted search path vulnerabilities in CyberLink
PowerProducer 5.5.3.2325 allow local users to gain privileges via a
Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current
working directory, as demonstrated by a directory that contains a .ppp
or .rdf file. NOTE: the provenance of this information is unknown; the
details are obtained solely from third party information.
|
CVE-2012-4757 |
Multiple untrusted search path vulnerabilities in CyberLink
StreamAuthor 4.0 build 3308 allow local users to gain privileges via a
Trojan horse (1) mfc71loc.dll or (2) mfc71enu.dll file in the current
working directory, as demonstrated by a directory that contains a .sta
or .stp file. NOTE: the provenance of this information is unknown; the
details are obtained solely from third party information.
|
CVE-2012-4756 |
Multiple untrusted search path vulnerabilities in CyberLink LabelPrint
2.5.3602 allow local users to gain privileges via a Trojan horse (1)
mfc71loc.dll or (2) mfc71enu.dll file in the current working
directory, as demonstrated by a directory that contains a .lpp file.
NOTE: the provenance of this information is unknown; the details are
obtained solely from third party information.
|
CVE-2012-4753 |
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud
before 4.0.5 allow remote attackers to hijack the authentication of
unspecified victims via unknown vectors.
|
CVE-2012-4734 |
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows
remote attackers to conduct a "confused deputy" attack to bypass the
CSRF warning protection mechanism and cause victims to "modify
arbitrary state" via unknown vectors related to a crafted link.
|
CVE-2012-4731 |
FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly
check user rights, which allows remote authenticated users to create
arbitrary articles in arbitrary classes via unknown vectors.
|
CVE-2012-4730 |
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows
remote authenticated users with ModifySelf or AdminUser privileges to
inject arbitrary email headers and conduct phishing attacks or obtain
sensitive information via unknown vectors.
|
CVE-2012-4712 |
Moxa EDR-G903 series routers with firmware before 2.11 have a
hardcoded account, which allows remote attackers to obtain unspecified
device access via unknown vectors.
|
CVE-2012-4683 |
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers
to cause a denial of service via unknown vectors, a different
vulnerability than CVE-2012-4682.
|
CVE-2012-4682 |
Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers
to cause a denial of service via unknown vectors, a different
vulnerability than CVE-2012-4683.
|
CVE-2012-4568 |
Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS
(formerly MyDMS) before 3.3.8 allow remote attackers to hijack the
authentication of unspecified victims via unknown vectors.
|
CVE-2012-4547 |
Unspecified vulnerability in awredir.pl in AWStats before 7.1 has
unknown impact and attack vectors.
|
CVE-2012-4477 |
Unspecified vulnerability in the Drag & Drop Gallery module 6.x for
Drupal allows remote attackers to bypass access restrictions via
unknown attack vectors.
|
CVE-2012-4416 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35
and earlier, allows remote attackers to affect confidentiality and
integrity via unknown vectors related to Hotspot.
|
CVE-2012-4343 |
Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow
attackers to execute arbitrary PHP code via unknown vectors.
|
CVE-2012-4331 |
Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x
before 2.0.18, and 2.1.x before 2.1.13 have unknown impact and attack
vectors that are not related to cross-site scripting (XSS), different
vulnerabilities than CVE-2012-2151.
|
CVE-2012-4328 |
Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through
4.1.12, Forum 4.1.2 through 4.1.12, and the MAPI plugin 1.4.3 for
vBulletin 3.x has unknown impact and attack vectors.
|
CVE-2012-4305 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE
JavaFX 2.2.4 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than other CVEs listed in the February 2013
CPU. NOTE: the previous information is from the February 2013 CPU.
Oracle has not commented on claims from a third party that the issue
allows remote attackers to execute arbitrary code via vectors related
to an "invalid type cast" and exposed native methods in the T2KGlyph
class.
|
CVE-2012-4303 |
Unspecified vulnerability in the Oracle WebCenter Content component in
Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users
to affect confidentiality via unknown vectors related to Content
Server.
|
CVE-2012-4301 |
Unspecified vulnerability in the JavaFX component in Oracle Java SE
JavaFX 2.2.4 and earlier allows remote attackers to affect
confidentiality, integrity, and availability via unknown vectors, a
different vulnerability than other CVEs listed in the February 2013
CPU. NOTE: the previous information is from the February 2013 CPU.
Oracle has not commented on claims from a third party that this issue
allows remote attackers to execute arbitrary code via an "invalid type
case" in the init method of the D3DShader class in the
com.sun.prism.d3d package.
CPU.
|
CVE-2012-4276 |
Unspecified vulnerability in Hitachi IT Operations Director 02-50-01
through 02-50-07, 03-00 before 03-00-08 allows attackers to cause a
denial of service via unknown attack vectors.
|
CVE-2012-4274 |
Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01
through 06-01-/A, 07-00, 07-01 before 07-01-/B, and 08-00 before
08-00-/B and Cobol GUI Option Server 07-00, 07-01 before 07-01-/B, and
08-00 before 08-00-/B allows remote attackers to execute arbitrary
code via unknown attack vectors.
|
CVE-2012-4145 |
Unspecified vulnerability in Opera before 12.01 on Windows and UNIX,
and before 11.66 and 12.x before 12.01 on Mac OS X, has unknown impact
and attack vectors, related to a "low severity issue."
|
CVE-2012-4053 |
Cross-site request forgery (CSRF) vulnerability in eZOE flash player
in eZ Publish 4.1 through 4.6 allows remote attackers to hijack the
authentication of unspecified victims via unknown vectors.
|
CVE-2012-4050 |
Multiple unspecified vulnerabilities in Google Chrome OS before
21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook
platforms, and the Samsung Chromebox Series 3, have unknown impact and
attack vectors.
|
CVE-2012-4033 |
Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin
before 2.4.0 for WordPress have unknown impact and attack vectors.
|
CVE-2012-4014 |
Unspecified vulnerability in McAfee Email Anti-virus (formerly
WebShield SMTP) allows remote attackers to cause a denial of service
via unknown vectors.
|
CVE-2012-4003 |
Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT
GLPI before 0.83.3 allow remote attackers to inject arbitrary web
script or HTML via unknown vectors.
|
CVE-2012-4002 |
Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI
before 0.83.3 allows remote attackers to hijack the authentication of
unspecified victims via unknown vectors.
|
CVE-2012-3983 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey before
2.13 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors.
|
CVE-2012-3982 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 16.0, Firefox ESR 10.x before 10.0.8, Thunderbird
before 16.0, Thunderbird ESR 10.x before 10.0.8, and SeaMonkey before
2.13 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors.
|
CVE-2012-3859 |
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has
unknown impact and attack vectors, a different vulnerability than
CVE-2012-2446 and CVE-2012-2447.
|
CVE-2012-3802 |
Unspecified vulnerability in the Post Affiliate Pro (PAP) module for
Drupal allows remote authenticated users to read the commissions of
other users via unknown attack vectors.
|
CVE-2012-3789 |
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3,
0.5.x before 0.5.6rc3, 0.6.0.x before 0.6.0.9rc1, and 0.6.x before
0.6.3rc1 allows remote attackers to cause a denial of service (process
hang) via unknown behavior on a Bitcoin network.
|
CVE-2012-3559 |
Unspecified vulnerability in Opera before 12.00 on Mac OS X has
unknown impact and attack vectors, related to a "moderate severity
issue."
|
CVE-2012-3532 |
Cross-site request forgery (CSRF) vulnerability in the GateIn Portal
component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows
remote attackers to hijack the authentication of unspecified victims
via unknown vectors.
|
CVE-2012-3506 |
Unspecified vulnerability in the Apache Open For Business Project (aka
OFBiz) 10.04.x before 10.04.03 has unknown impact and attack vectors.
|
CVE-2012-3466 |
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set
to "idle" or "timeout," does not properly limit the amount of time a
passphrase is cached, which allows attackers to have an unspecified
impact via unknown attack vectors.
|
CVE-2012-3448 |
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote
attackers to execute arbitrary PHP code via unknown attack vectors.
|
CVE-2012-3385 |
WordPress before 3.4.1 does not properly restrict access to post
contents such as private or draft posts, which allows remote authors
or contributors to obtain sensitive information via unknown vectors.
|
CVE-2012-3384 |
Cross-site request forgery (CSRF) vulnerability in the customizer in
WordPress before 3.4.1 allows remote attackers to hijack the
authentication of unspecified victims via unknown vectors.
|
CVE-2012-3342 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11 and 6 through Update
38 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Deployment, a different
vulnerability than other CVEs listed in the February 2013 CPU.
|
CVE-2012-3290 |
Multiple unspecified vulnerabilities in Google Chrome before
20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox
3; and Cr-48 Chromebook platforms have unknown impact and attack
vectors.
|
CVE-2012-3286 |
Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and
earlier and ArcSight Logger 5.2 and earlier allows remote
authenticated users to obtain sensitive information, modify data, or
cause a denial of service via unknown vectors.
|
CVE-2012-3285 |
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance
hydra with software before 10.0 allows remote attackers to execute
arbitrary code via unknown vectors, aka ZDI-CAN-1513.
|
CVE-2012-3284 |
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance
hydra with software before 10.0 allows remote attackers to execute
arbitrary code via unknown vectors, aka ZDI-CAN-1512.
|
CVE-2012-3283 |
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance
hydra with software before 10.0 allows remote attackers to execute
arbitrary code via unknown vectors, aka ZDI-CAN-1511.
|
CVE-2012-3282 |
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance
hydra with software before 10.0 allows remote attackers to execute
arbitrary code via unknown vectors, aka ZDI-CAN-1468.
|
CVE-2012-3281 |
Unspecified vulnerability in Device Manager in HP XP P9000 Command
View Advanced Edition before 7.4.0-00 allows remote attackers to cause
a denial of service via unknown vectors.
|
CVE-2012-3275 |
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and
9.20 allows remote attackers to execute arbitrary code via unknown
vectors.
|
CVE-2012-3273 |
Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP
M425 with firmware 20120625 and LaserJet 400 M401 with firmware
20120621 allow remote attackers to obtain sensitive information via
unknown vectors.
|
CVE-2012-3271 |
Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3)
with firmware before 1.50 and Integrated Lights-Out 4 (aka iLO4) with
firmware before 1.13 allows remote attackers to obtain sensitive
information via unknown vectors.
|
CVE-2012-3270 |
Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and
5.41, when Sybase is used, allows remote attackers to obtain sensitive
information, modify data, or cause a denial of service via unknown
vectors, a different vulnerability than CVE-2012-3269.
|
CVE-2012-3269 |
Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and
5.41, when Sybase is used, allows remote attackers to obtain sensitive
information, modify data, or cause a denial of service via unknown
vectors, a different vulnerability than CVE-2012-3270.
|
CVE-2012-3267 |
Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20
allows remote attackers to obtain sensitive information via unknown
vectors.
|
CVE-2012-3266 |
Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX
X9000 Storage allows remote attackers to obtain sensitive information
via unknown vectors.
|
CVE-2012-3264 |
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10
through 11.12 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1472.
|
CVE-2012-3263 |
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10
through 11.12 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1465.
|
CVE-2012-3262 |
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10
through 11.12 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1464.
|
CVE-2012-3261 |
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10
through 11.12 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1463.
|
CVE-2012-3260 |
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10
through 11.12 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1462.
|
CVE-2012-3259 |
Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10
through 11.12 allows remote attackers to execute arbitrary code via
unknown vectors, aka ZDI-CAN-1461.
|
CVE-2012-3258 |
Unspecified vulnerability in HP Operations Orchestration 9.0 before
9.03 allows remote attackers to execute arbitrary code via unknown
vectors.
|
CVE-2012-3256 |
Cross-site request forgery (CSRF) vulnerability in HP Business
Availability Center (BAC) 8.07 allows remote attackers to hijack the
authentication of unspecified victims via unknown vectors.
|
CVE-2012-3252 |
Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20
allows remote attackers to cause a denial of service via unknown
vectors.
|
CVE-2012-3250 |
Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and
9.30, and HP Service Center Server 6.28, allows remote attackers to
cause a denial of service via unknown vectors.
|
CVE-2012-3247 |
Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c
i2, and BL890c i2 with firmware before 26.31 and the HP Integrity
Server rx2800 i2 with firmware before 26.30 allows local users to
cause a denial of service via unknown vectors.
|
CVE-2012-3243 |
Cross-site scripting (XSS) vulnerability in the SEOgento plugin for
Magento allows remote attackers to inject arbitrary web script or HTML
via the id parameter. NOTE: the provenance of this information is
unknown; the details are obtained solely from third party information.
|
CVE-2012-3230 |
Unspecified vulnerability in the Siebel UI Framework component in
Oracle Siebel CRM 8.1.1 allows remote attackers to affect
confidentiality via unknown vectors related to Portal Framework.
|
CVE-2012-3229 |
Unspecified vulnerability in the Siebel UI Framework component in
Oracle Siebel CRM 8.1.1 allows remote authenticated users to affect
confidentiality via unknown vectors related to Siebel Documentation.
|
CVE-2012-3222 |
Unspecified vulnerability in the Oracle iRecruitment component in
Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3
allows remote attackers to affect availability via unknown vectors
related to Signon.
|
CVE-2012-3221 |
Unspecified vulnerability in the Oracle VM Virtual Box component in
Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect
availability via unknown vectors related to VirtualBox Core. NOTE:
The previous information was obtained from the October 2012
CPU. Oracle has not commented on claims from another vendor that this
issue is related to "incorrect interrupt handling."
|
CVE-2012-3220 |
Unspecified vulnerability in the Spatial component in Oracle Database
Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3
allows remote authenticated users with Create Session privileges to
affect confidentiality, integrity, and availability via unknown
vectors.
|
CVE-2012-3219 |
Unspecified vulnerability in the Enterprise Manager Base Platform
component in Oracle Enterprise Manager Grid Control EM Base Platform
10.2.0.5 and 11.1.0.1; EM DB Control 10.2.0.3, 10.2.0.4, 10.2.0.5,
11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.1 and
12.1.0.2 allows remote attackers to affect integrity via unknown
vectors related to Storage Management.
|
CVE-2012-3218 |
Unspecified vulnerability in the Human Resources component in Oracle
E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote
authenticated users to affect confidentiality and integrity via
unknown vectors related to Security Groups.
|
CVE-2012-3216 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier, 6 Update 35 and
earlier, 5.0 Update 36 and earlier, and 1.4.2_38 and earlier allows
remote attackers to affect confidentiality via unknown vectors related
to Libraries.
|
CVE-2012-3215 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when
running on SPARC, allows local users to affect confidentiality via
unknown vectors related to Kernel.
|
CVE-2012-3214 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent
attackers to affect availability via unknown vectors related to
Outside In Filters.
|
CVE-2012-3213 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 through Update 11 and 6 through Update
38 allows remote attackers to affect confidentiality, integrity, and
availability via unknown vectors related to Scripting.
|
CVE-2012-3212 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when
running on SPARC T4 servers, allows local users to affect availability
via unknown vectors related to Kernel.
|
CVE-2012-3211 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local
users to affect availability via unknown vectors related to
Kernel/System Call.
|
CVE-2012-3210 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote
attackers to affect availability via unknown vectors related to
Kernel.
|
CVE-2012-3209 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when
running on SPARC, allows local users to affect integrity and
availability via unknown vectors related to Logical Domain (LDOM).
|
CVE-2012-3207 |
Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows
local users to affect availability via unknown vectors related to
Kernel.
|
CVE-2012-3206 |
Unspecified vulnerability in the Integrated Lights Out Manager CLI in
Oracle Sun Products Suite SysFW 8.2.0.a for SPARC and Netra SPARC T3
and T4-based servers, and other versions and servers, allows local
users to affect confidentiality via unknown vectors.
|
CVE-2012-3205 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect integrity via unknown vectors related to Vino server.
|
CVE-2012-3204 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users
to affect confidentiality, integrity, and availability via unknown
vectors related to Power Management.
|
CVE-2012-3202 |
Multiple unspecified vulnerabilities in the Oracle JRockit component
in Oracle Fusion Middleware 28.2.4 and earlier, and 27.7.3 and
earlier, when using JDK/JRE 5 or 6, allow remote attackers to affect
confidentiality, integrity, and availability via unknown vectors.
NOTE: this overlaps CVE-2012-5083, CVE-2012-1531, CVE-2012-5081, and
CVE-2012-5085.
|
CVE-2012-3201 |
Unspecified vulnerability in the PeopleSoft Enterprise Campus
Solutions component in Oracle PeopleSoft Products 9.0 allows remote
authenticated users to affect confidentiality via unknown vectors
related to Self-Service (Student Records).
|
CVE-2012-3199 |
Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local
users to affect confidentiality, integrity, and availability via
unknown vectors related to Gnome Trusted Extension.
|
CVE-2012-3198 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.51 and 8.52 allows remote
authenticated users to affect availability via unknown vectors related
to Query.
|
CVE-2012-3197 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote
authenticated users to affect availability via unknown vectors related
to Server Replication.
|
CVE-2012-3195 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows
remote authenticated users to affect confidentiality via unknown
vectors related to Portal.
|
CVE-2012-3194 |
Unspecified vulnerability in the Oracle BI Publisher component in
Oracle Fusion Middleware 10.1.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and
11.1.1.6.2 allows remote attackers to affect integrity via unknown
vectors related to Administration.
|
CVE-2012-3193 |
Unspecified vulnerability in the Oracle BI Publisher component in
Oracle Fusion Middleware 10.3.4.2, 11.1.1.5.0, 11.1.1.6.0, and
11.1.1.6.2 allows remote authenticated users to affect confidentiality
via unknown vectors related to Administration.
|
CVE-2012-3191 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows
remote authenticated users to affect availability via unknown vectors
related to Data Mover.
|
CVE-2012-3187 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users
to affect confidentiality, integrity, and availability via unknown
vectors related to Kernel.
|
CVE-2012-3186 |
Unspecified vulnerability in the Oracle WebCenter Sites component in
Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5,
7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to
affect confidentiality and integrity via unknown vectors related to
Advanced UI, a different vulnerability than CVE-2012-3183 and
CVE-2012-3185.
|
CVE-2012-3185 |
Unspecified vulnerability in the Oracle WebCenter Sites component in
Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5,
7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to
affect confidentiality and integrity via unknown vectors related to
Advanced UI, a different vulnerability than CVE-2012-3183 and
CVE-2012-3186.
|
CVE-2012-3184 |
Unspecified vulnerability in the Oracle WebCenter Sites component in
Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5,
7.6.1, 7.6.2, and 11.1.1.6.0 allows remote attackers to affect
integrity via unknown vectors related to Advanced UI.
|
CVE-2012-3183 |
Unspecified vulnerability in the Oracle WebCenter Sites component in
Oracle Fusion Middleware 6.1, 6.2, 6.3.x, 7, 7.0.1, 7.0.2, 7.0.3, 7.5,
7.6.1, 7.6.2, and 11.1.1.6.0 allows remote authenticated users to
affect confidentiality and integrity via unknown vectors related to
Advanced UI, a different vulnerability than CVE-2012-3185 and
CVE-2012-3186.
|
CVE-2012-3181 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows
remote authenticated users to affect availability via unknown vectors
related to Security.
|
CVE-2012-3180 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote
authenticated users to affect availability via unknown vectors related
to Server Optimizer.
|
CVE-2012-3179 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows
remote authenticated users to affect integrity via unknown vectors
related to Tree Manager.
|
CVE-2012-3178 |
Unspecified vulnerability in the kernel in Oracle Sun Solaris 11
allows local users to affect availability via unknown vectors.
|
CVE-2012-3177 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote
authenticated users to affect availability via unknown vectors related
to Server.
|
CVE-2012-3176 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.52 allows remote
authenticated users to affect integrity via unknown vectors related to
Panel Processor.
|
CVE-2012-3175 |
Unspecified vulnerability in the Oracle Application Server Single
Sign-On component in Oracle Fusion Middleware 10.1.4.3.0 allows remote
attackers to affect integrity via unknown vectors related to
Redirects, a different vulnerability than CVE-2012-0518.
|
CVE-2012-3174 |
Unspecified vulnerability in Oracle Java 7 before Update 11 allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors, a different vulnerability than
CVE-2013-0422. NOTE: some parties have mapped CVE-2012-3174 to an
issue involving recursive use of the Reflection API, but that issue is
already covered as part of CVE-2013-0422. This identifier is for a
different vulnerability whose details are not public as of 20130114.
|
CVE-2012-3173 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote
authenticated users to affect availability via unknown vectors related
to InnoDB Plugin.
|
CVE-2012-3172 |
Unspecified vulnerability in the Siebel CRM component in Oracle Siebel
CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect
availability via unknown vectors related to Siebel Apps -
Multi-channel Technologies.
|
CVE-2012-3171 |
Unspecified vulnerability in the Oracle Applications Technology Stack
component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3
allows remote attackers to affect confidentiality via unknown vectors
related to Autoconfig Templates.
|
CVE-2012-3170 |
Unspecified vulnerability in the Siebel CRM component in Oracle Siebel
CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via
unknown vectors related to Siebel Core - Server Infrastructure, a
different vulnerability than CVE-2012-3169.
|
CVE-2012-3169 |
Unspecified vulnerability in the Siebel CRM component in Oracle Siebel
CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via
unknown vectors related to Siebel Core - Server Infrastructure, a
different vulnerability than CVE-2012-3170.
|
CVE-2012-3168 |
Unspecified vulnerability in the Siebel CRM component in Oracle Siebel
CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect
availability via unknown vectors related to Siebel Core - Server
Infrastructure.
|
CVE-2012-3167 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote
authenticated users to affect availability via unknown vectors related
to Server Full Text Search.
|
CVE-2012-3166 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote
authenticated users to affect availability via unknown vectors related
to InnoDB.
|
CVE-2012-3165 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11
allows local users to affect confidentiality and integrity via unknown
vectors related to mailx.
|
CVE-2012-3164 |
Unspecified vulnerability in the Oracle Marketing component in Oracle
E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows
remote authenticated users to affect integrity via unknown vectors
related to Publish Item.
|
CVE-2012-3163 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote
authenticated users to affect confidentiality, integrity, and
availability via unknown vectors related to Information Schema.
|
CVE-2012-3161 |
Unspecified vulnerability in the Oracle Agile PLM Framework component
in Oracle Supply Chain Products Suite 9.3.1.1 allows remote attackers
to affect integrity via unknown vectors related to Web Client (CS).
|
CVE-2012-3160 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users
to affect confidentiality via unknown vectors related to Server
Installation.
|
CVE-2012-3159 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 7 and earlier, and 6 Update 35
and earlier, allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors related to Deployment,
a different vulnerability than CVE-2012-1533.
|
CVE-2012-3158 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Protocol.
|
CVE-2012-3156 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.25 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Server.
|
CVE-2012-3153 |
Unspecified vulnerability in the Oracle Reports Developer component in
Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows
remote attackers to affect confidentiality and integrity via unknown
vectors related to Servlet. NOTE: the previous information is from
the October 2012 CPU. Oracle has not commented on claims from the
original researcher that the PARSEQUERY function allows remote
attackers to obtain database credentials via
reports/rwservlet/parsequery, and that this issue occurs in earlier
versions. NOTE: this can be leveraged with CVE-2012-3152 to execute
arbitrary code by uploading a .jsp file.
|
CVE-2012-3152 |
Unspecified vulnerability in the Oracle Reports Developer component in
Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows
remote attackers to affect confidentiality and integrity via unknown
vectors related to Report Server Component. NOTE: the previous
information is from the October 2012 CPU. Oracle has not commented on
claims from the original researcher that the URLPARAMETER
functionality allows remote attackers to read and upload arbitrary
files to reports/rwservlet, and that this issue occurs in earlier
versions. NOTE: this can be leveraged with CVE-2012-3153 to execute
arbitrary code by uploading a .jsp file.
|
CVE-2012-3151 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3,
when running on Unix and Linux platforms, allows local users to affect
integrity and availability via unknown vectors.
|
CVE-2012-3150 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote
authenticated users to affect availability via unknown vectors related
to Server Optimizer.
|
CVE-2012-3146 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and
11.2.0.3 allows remote authenticated users to affect integrity via
unknown vectors.
|
CVE-2012-3144 |
Unspecified vulnerability in the MySQL Server component in Oracle
MySQL 5.5.26 and earlier allows remote authenticated users to affect
availability via unknown vectors related to Server.
|
CVE-2012-3140 |
Unspecified vulnerability in the Oracle Agile PLM For Process
component in Oracle Supply Chain Products Suite 6.0.0.6.3 and
6.1.0.1.14 allows remote authenticated users to affect confidentiality
and integrity via unknown vectors related to Supply Chain Relationship
Management.
|
CVE-2012-3138 |
Unspecified vulnerability in the Oracle iStore component in Oracle
E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows
remote attackers to affect integrity via unknown vectors related to
Web interface.
|
CVE-2012-3136 |
Unspecified vulnerability in the Java Runtime Environment (JRE)
component in Oracle Java SE 7 Update 6 and earlier allows remote
attackers to affect confidentiality, integrity, and availability via
unknown vectors related to Beans, a different vulnerability than
CVE-2012-1682.
|
CVE-2012-3135 |
Unspecified vulnerability in the Oracle JRockit component in Oracle
Fusion Middleware 28.2.3 and before, and 27.7.2 and earlier, allows
remote attackers to affect confidentiality, integrity, and
availability via unknown vectors.
|
CVE-2012-3134 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote
authenticated users to affect availability via unknown vectors.
|
CVE-2012-3133 |
Buffer overflow in the DataDirect ODBC driver, as used in Oracle
Hyperion Interactive Reporting 11.1.2.1 and 11.1.2.2, Essbase Server
11.1.2.1 and 11.1.2.2, Production Reporting Server 11.1.2.1 and
11.1.2.2, and Integration Services Server 11.1.2.1 and 11.1.2.2 has
unknown impact and attack vectors.
|
CVE-2012-3130 |
Unspecified vulnerability in Oracle Sun Solaris 11 allows remote
attackers to affect integrity via unknown vectors related to
pkg.depotd.
|
CVE-2012-3128 |
Unspecified vulnerability in Oracle SPARC T-Series Servers running
System Firmware 8.2.0 and 8.1.4.e or earlier allows local users to
affect confidentiality, integrity, and availability via unknown
vectors related to Integrated Lights Out Manager.
|
CVE-2012-3126 |
Unspecified vulnerability in the Solaris Cluster component in Oracle
Sun Products Suite 3.3 allows local users to affect confidentiality,
integrity, and availability via unknown vectors related to Apache
Tomcat Agent.
|
CVE-2012-3122 |
Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local
users to affect confidentiality and integrity via unknown vectors
related to sort.
|
CVE-2012-3121 |
Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote
attackers to affect availability via unknown vectors related to
in.tnamed and NameServer.
|
CVE-2012-3119 |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component
in Oracle PeopleSoft Products 9.0.20 allows remote authenticated users
to affect confidentiality via unknown vectors related to Candidate
Gateway.
|
CVE-2012-3117 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and
6.2 allows remote authenticated users to affect confidentiality via
unknown vectors related to HTTP.
|
CVE-2012-3116 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and
6.2 allows local users to affect confidentiality via unknown vectors.
|
CVE-2012-3115 |
Unspecified vulnerability in the Oracle MapViewer component in Oracle
Fusion Middleware 10.1.3.1, 11.1.1.5, and 11.1.1.6 allows remote
attackers to affect integrity via unknown vectors related to Install.
|
CVE-2012-3114 |
Unspecified vulnerability in the Oracle Transportation Management
component in Oracle Supply Chain Products Suite 5.5.06, 6.0, 6.1, and
6.2 allows remote attackers to affect integrity via unknown vectors.
|
CVE-2012-3112 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows remote
attackers to affect integrity via unknown vectors related to Solaris
Management Console.
|
CVE-2012-3110 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770,
CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106,
CVE-2012-3107, and CVE-2012-3108.
|
CVE-2012-3109 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.7 allows context-dependent
attackers to affect availability via unknown vectors related to
Outside In Filters, a different vulnerability than CVE-2012-1768.
|
CVE-2012-3108 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770,
CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106,
CVE-2012-3107, and CVE-2012-3110.
|
CVE-2012-3107 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770,
CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3106,
CVE-2012-3108, and CVE-2012-3110.
|
CVE-2012-3106 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770,
CVE-2012-1771, CVE-2012-1772, CVE-2012-1773, CVE-2012-3107,
CVE-2012-3108, and CVE-2012-3110.
|
CVE-2012-3105 |
The glBufferData function in the WebGL implementation in Mozilla
Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird
5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey
before 2.10 does not properly mitigate an unspecified flaw in an
NVIDIA driver, which allows remote attackers to cause a denial of
service (memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors, a related issue to CVE-2011-3101.
|
CVE-2012-2965 |
Caucho Quercus, as distributed in Resin before 4.0.29, does not
properly handle unspecified characters in the names of variables,
which has unknown impact and remote attack vectors, related to an
"HTTP Parameter Contamination" issue.
|
CVE-2012-2900 |
Skia, as used in Google Chrome before 22.0.1229.92, does not properly
render text, which allows remote attackers to cause a denial of
service (application crash) or possibly have unspecified other impact
via unknown vectors.
|
CVE-2012-2896 |
Integer overflow in the WebGL implementation in Google Chrome before
22.0.1229.79 on Mac OS X allows remote attackers to cause a denial of
service or possibly have unspecified other impact via unknown vectors.
|
CVE-2012-2894 |
Google Chrome before 22.0.1229.79 does not properly handle
graphics-context data structures, which allows remote attackers to
cause a denial of service (application crash) or possibly have
unspecified other impact via unknown vectors.
|
CVE-2012-2892 |
Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows
remote attackers to bypass the pop-up blocker via unknown vectors.
|
CVE-2012-2882 |
FFmpeg, as used in Google Chrome before 22.0.1229.79, does not
properly handle OGG containers, which allows remote attackers to cause
a denial of service or possibly have unspecified other impact via
unknown vectors, related to a "wild pointer" issue.
|
CVE-2012-2881 |
Google Chrome before 22.0.1229.79 does not properly handle plug-ins,
which allows remote attackers to cause a denial of service (DOM tree
corruption) or possibly have unspecified other impact via unknown
vectors.
|
CVE-2012-2876 |
Buffer overflow in the SSE2 optimization functionality in Google
Chrome before 22.0.1229.79 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via unknown
vectors.
|
CVE-2012-2875 |
Multiple unspecified vulnerabilities in the PDF functionality in
Google Chrome before 22.0.1229.79 allow remote attackers to have an
unknown impact via a crafted document.
|
CVE-2012-2871 |
libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before
21.0.1180.89, does not properly support a cast of an unspecified
variable during handling of XSL transforms, which allows remote
attackers to cause a denial of service or possibly have unknown other
impact via a crafted document, related to the _xmlNs data structure in
include/libxml/tree.h.
|
CVE-2012-2866 |
Google Chrome before 21.0.1180.89 does not properly perform a cast of
an unspecified variable during handling of run-in elements, which
allows remote attackers to cause a denial of service or possibly have
unknown other impact via a crafted document.
|
CVE-2012-2850 |
Multiple unspecified vulnerabilities in the PDF functionality in
Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before
21.0.1180.60 on Windows and Chrome Frame, allow remote attackers to
have an unknown impact via a crafted document.
|
CVE-2012-2833 |
Buffer overflow in the JS API in the PDF functionality in Google
Chrome before 20.0.1132.43 allows remote attackers to cause a denial
of service or possibly have unspecified other impact via unknown
vectors.
|
CVE-2012-2832 |
The image-codec implementation in the PDF functionality in Google
Chrome before 20.0.1132.43 does not initialize an unspecified pointer,
which allows remote attackers to cause a denial of service or possibly
have unknown other impact via a crafted document.
|
CVE-2012-2830 |
Google Chrome before 20.0.1132.43 does not properly set array values,
which allows remote attackers to cause a denial of service (incorrect
pointer use) or possibly have unspecified other impact via unknown
vectors.
|
CVE-2012-2827 |
Use-after-free vulnerability in the UI in Google Chrome before
20.0.1132.43 on Mac OS X allows attackers to cause a denial of service
or possibly have unspecified other impact via unknown vectors.
|
CVE-2012-2807 |
Multiple integer overflows in libxml2, as used in Google Chrome before
20.0.1132.43 and other products, on 64-bit Linux platforms allow
remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors.
|
CVE-2012-2804 |
Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11
and Libav 0.8.x before 0.8.5 has unknown impact and attack vectors,
related to "reallocation code" and the luma height and width.
|
CVE-2012-2803 |
Double free vulnerability in the mpeg_decode_frame function in
libavcodec/mpeg12.c in FFmpeg before 0.11, and Libav 0.7.x before
0.7.7 and 0.8.x before 0.8.5, has unknown impact and attack vectors,
related to resetting the data size value.
|
CVE-2012-2802 |
Unspecified vulnerability in the ac3_decode_frame function in
libavcodec/ac3dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4
has unknown impact and attack vectors, related to the "number of
output channels" and "out of array writes."
|
CVE-2012-2801 |
Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11,
and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown
impact and attack vectors, related to dimensions and "out of array
writes."
|
CVE-2012-2800 |
Unspecified vulnerability in the ff_ivi_process_empty_tile function in
libavcodec/ivi_common.c in FFmpeg before 0.11, and Libav 0.7.x before
0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in
which the "tile size ... mismatches parameters" and triggers "writing
into a too small array."
|
CVE-2012-2799 |
Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg
before 0.11 has unknown impact and attack vectors, related to the "put
bit buffer when num_saved_bits is reset."
|
CVE-2012-2798 |
Unspecified vulnerability in the decode_dds1 function in
libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7
and 0.8.x before 0.8.4, has unknown impact and attack vectors, related
to an "out of array write."
|
CVE-2012-2797 |
Unspecified vulnerability in the decode_frame_mp3on4 function in
libavcodec/mpegaudiodec.c in FFmpeg before 0.11 and Libav 0.8.x before
0.8.5 has unknown impact and attack vectors related to a calculation
that prevents a frame from being "large enough."
|
CVE-2012-2796 |
Unspecified vulnerability in the vc1_decode_frame function in
libavcodec/vc1dec.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4
has unknown impact and attack vectors, related to inconsistencies in
"coded slice positions and interlacing" that trigger "out of array
writes."
|
CVE-2012-2795 |
Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in
FFmpeg before 0.11 have unknown impact and attack vectors related to
(1) size of "mclms arrays," (2) "a get_bits(0) in decode_ac_filter,"
and (3) "too many bits in decode_channel_residues()."
|
CVE-2012-2794 |
Unspecified vulnerability in the decode_mb_info function in
libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before
0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors in
which the "allocated tile size ... mismatches parameters."
|
CVE-2012-2793 |
Unspecified vulnerability in the lag_decode_zero_run_line function in
libavcodec/lagarith.c in FFmpeg before 0.11, and Libav 0.7.x before
0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors
related to "too many zeros."
|
CVE-2012-2792 |
Unspecified vulnerability in the decode_init function in
libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact
and attack vectors, related to the samples per frame.
|
CVE-2012-2791 |
Multiple unspecified vulnerabilities in the (1) decode_band_hdr
function in indeo4.c and (2) ff_ivi_decode_blocks function in
ivi_common.c in libavcodec/ in FFmpeg before 0.11, and Libav 0.7.x
before 0.7.7 and 0.8.x before 0.8.5, have unknown impact and attack
vectors, related to the "transform size."
|
CVE-2012-2790 |
Unspecified vulnerability in the read_var_block_data function in
libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before
0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors,
related to the "number of decoded samples in first sub-block in BGMC
mode."
|
CVE-2012-2789 |
Unspecified vulnerability in the avi_read_packet function in
libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before
0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors,
related to a large number of vector coded coefficients
(num_vec_coeffs).
|
CVE-2012-2788 |
Unspecified vulnerability in the avi_read_packet function in
libavformat/avidec.c in FFmpeg before 0.11, and Libav 0.7.x before
0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors,
related to an "out of array read" when a "packet is shrunk."
|
CVE-2012-2787 |
Unspecified vulnerability in the decode_frame function in
libavcodec/indeo4.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4
has unknown impact and attack vectors, related to the "setup
width/height."
|
CVE-2012-2786 |
Unspecified vulnerability in the decode_wdlt function in
libavcodec/dfa.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7
and 0.8.x before 0.8.4, has unknown impact and attack vectors, related
to an "out of array write."
|
CVE-2012-2785 |
Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in
FFmpeg before 0.11 have unknown impact and attack vectors, related to
(1) "some subframes only encode some channels" or (2) a large order
value.
|
CVE-2012-2784 |
Unspecified vulnerability in the decode_pic function in
libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before
0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors,
related to "width/height changing in CAVS," a different vulnerability
than CVE-2012-2777.
|
CVE-2012-2783 |
Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11,
and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.5, has unknown
impact and attack vectors, related to "freeing the returned frame."
|
CVE-2012-2782 |
Unspecified vulnerability in the decode_slice_header function in
libavcodec/h264.c in FFmpeg before 0.11 has unknown impact and attack
vectors, related to a "rejected resolution change."
|
CVE-2012-2781 |
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact
and attack vectors, a different vulnerability than CVE-2012-2771,
CVE-2012-2773, CVE-2012-2778, and CVE-2012-2780.
|
CVE-2012-2780 |
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact
and attack vectors, a different vulnerability than CVE-2012-2771,
CVE-2012-2773, CVE-2012-2778, and CVE-2012-2781.
|
CVE-2012-2779 |
Unspecified vulnerability in the decode_frame function in
libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before
0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors,
related to an invalid "gop header" and decoding in a "half initialized
context."
|
CVE-2012-2778 |
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact
and attack vectors, a different vulnerability than CVE-2012-2771,
CVE-2012-2773, CVE-2012-2780, and CVE-2012-2781.
|
CVE-2012-2777 |
Unspecified vulnerability in the decode_pic function in
libavcodec/cavsdec.c in FFmpeg before 0.11, and Libav 0.7.x before
0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors,
related to "width/height changing in CAVS," a different vulnerability
than CVE-2012-2784.
|
CVE-2012-2776 |
Unspecified vulnerability in the decode_cell_data function in
libavcodec/indeo3.c in FFmpeg before 0.11 and Libav 0.8.x before 0.8.4
has unknown impact and attack vectors, related to an "out of picture
write."
|
CVE-2012-2775 |
Unspecified vulnerability in the read_var_block_data function in
libavcodec/alsdec.c in FFmpeg before 0.11, and Libav 0.7.x before
0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors,
related to a large order and an "out of array write in quant_cof."
|
CVE-2012-2773 |
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact
and attack vectors, a different vulnerability than CVE-2012-2771,
CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.
|
CVE-2012-2772 |
Unspecified vulnerability in the ff_rv34_decode_frame function in
libavcodec/rv34.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7
and 0.8.x before 0.8.4, has unknown impact and attack vectors, related
to "width/height changing with frame threading."
|
CVE-2012-2771 |
Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact
and attack vectors, a different vulnerability than CVE-2012-2773,
CVE-2012-2778, CVE-2012-2780, and CVE-2012-2781.
|
CVE-2012-2750 |
Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown
impact and attack vectors related to a "Security Fix", aka Bug #59533.
NOTE: this might be a duplicate of CVE-2012-1689, but as of 20120816,
Oracle has not commented on this possibility.
|
CVE-2012-2747 |
Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote
attackers to gain privileges via unknown attack vectors related to
"Inadequate checking."
|
CVE-2012-2688 |
Unspecified vulnerability in the _php_stream_scandir function in the
stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has
unknown impact and remote attack vectors, related to an "overflow."
|
CVE-2012-2459 |
Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6,
0.5.x before 0.5.5, 0.6.0.x before 0.6.0.7, and 0.6.x before 0.6.2
allows remote attackers to cause a denial of service (block-processing
outage and incorrect block count) via unknown behavior on a Bitcoin
network.
|
CVE-2012-2440 |
The default configuration of the TP-Link 8840T router enables
web-based administration on the WAN interface, which allows remote
attackers to establish an HTTP connection and possibly have
unspecified other impact via unknown vectors.
|
CVE-2012-2439 |
The default configuration of the NETGEAR ProSafe FVS318N firewall
enables web-based administration on the WAN interface, which allows
remote attackers to establish an HTTP connection and possibly have
unspecified other impact via unknown vectors.
|
CVE-2012-2400 |
Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress
before 3.3.2 has unknown impact and attack vectors.
|
CVE-2012-2307 |
Cross-site request forgery (CSRF) vulnerability in the Addressbook
module for Drupal 6.x-4.2 and earlier allows remote attackers to
hijack the authentication of unspecified victims via unknown vectors.
|
CVE-2012-2286 |
Unspecified vulnerability in EMC RSA Adaptive Authentication
On-Premise (AAOP) 6.0.2.1 before SP3 P3 allows remote attackers to
obtain sensitive information via unknown vectors.
|
CVE-2012-2166 |
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level
10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have
hardcoded passwords for unspecified accounts, which allows remote
attackers to gain user access via unknown vectors. IBM X-Force ID:
75041.
|
CVE-2012-2155 |
Cross-site request forgery (CSRF) vulnerability in the CDN2 Video
module 6.x for Drupal allows remote attackers to hijack the
authentication of unspecified victims via unknown vectors.
|
CVE-2012-2077 |
Cross-site request forgery (CSRF) vulnerability in the ShareThis
module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to
hijack the authentication of users with administer sharethis
permissions via unknown vectors "outside of the Form API."
|
CVE-2012-2074 |
Unspecified vulnerability in certain default views in the Ubercart
Views module 6.x before 6.x-3.2 for Drupal allows remote attackers to
obtain sensitive information via unknown attack vectors.
|
CVE-2012-2061 |
Cross-site request forgery (CSRF) vulnerability in the Admin tools
module for Drupal allows remote attackers to hijack the authentication
of unspecified victims via unknown vectors involving "not checking
tokens."
|
CVE-2012-2057 |
Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk
Stock Updater module for Drupal allows remote attackers to hijack the
authentication of unspecified victims via unknown vectors related to
formAPI.
|
CVE-2012-2056 |
Cross-site request forgery (CSRF) vulnerability in the Content Lock
module for Drupal allows remote attackers to hijack the authentication
of unspecified victims via unknown vectors.
|
CVE-2012-2048 |
Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows
attackers to cause a denial of service via unknown vectors.
|
CVE-2012-2020 |
Unspecified vulnerability in HP Operations Agent before 11.03.12
allows remote attackers to execute arbitrary code via unknown vectors,
aka ZDI-CAN-1326.
|
CVE-2012-2019 |
Unspecified vulnerability in HP Operations Agent before 11.03.12
allows remote attackers to execute arbitrary code via unknown vectors,
aka ZDI-CAN-1325.
|
CVE-2012-2017 |
Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110,
e-All-in-One D110, Plus e-All-in-One B210, eStation All-in-One C510,
Ink Advantage e-All-in-One K510, and Premium Fax e-All-in-One C410
printers allows remote attackers to cause a denial of service via
unknown vectors.
|
CVE-2012-2016 |
Unspecified vulnerability in HP System Management Homepage (SMH)
before 7.1.1 allows local users to obtain sensitive information via
unknown vectors.
|
CVE-2012-2015 |
Unspecified vulnerability in HP System Management Homepage (SMH)
before 7.1.1 allows remote authenticated users to gain privileges and
obtain sensitive information via unknown vectors.
|
CVE-2012-2014 |
HP System Management Homepage (SMH) before 7.1.1 does not properly
validate input, which allows remote authenticated users to have an
unspecified impact via unknown vectors.
|
CVE-2012-2013 |
Unspecified vulnerability in HP System Management Homepage (SMH)
before 7.1.1 allows remote attackers to cause a denial of service, or
possibly obtain sensitive information or modify data, via unknown
vectors.
|
CVE-2012-2009 |
Unspecified vulnerability in HP Performance Insight for Networks
5.3.x, 5.41, 5.41.001, and 5.41.002 allows remote authenticated users
to gain privileges via unknown vectors.
|
CVE-2012-2006 |
Unspecified vulnerability in HP Insight Management Agents before
9.0.0.0 on Windows Server 2003 and 2008 allows remote attackers to
modify data or cause a denial of service via unknown vectors.
|
CVE-2012-2003 |
Cross-site request forgery (CSRF) vulnerability in HP Insight
Management Agents before 9.0.0.0 on Windows Server 2003 and 2008
allows remote attackers to hijack the authentication of unspecified
victims via unknown vectors.
|
CVE-2012-2000 |
Multiple unspecified vulnerabilities in HP System Health Application
and Command Line Utilities before 9.0.0 allow remote attackers to
execute arbitrary code via unknown vectors.
|
CVE-2012-1999 |
Unspecified vulnerability in HP Systems Insight Manager (SIM) before
7.0 allows remote authenticated users to obtain sensitive information
or modify data via unknown vectors.
|
CVE-2012-1998 |
Unspecified vulnerability in HP Systems Insight Manager (SIM) before
7.0 allows remote attackers to obtain sensitive information, modify
data, or cause a denial of service via unknown vectors, a different
vulnerability than CVE-2012-1997.
|
CVE-2012-1997 |
Unspecified vulnerability in HP Systems Insight Manager (SIM) before
7.0 allows remote attackers to obtain sensitive information, modify
data, or cause a denial of service via unknown vectors, a different
vulnerability than CVE-2012-1998.
|
CVE-2012-1996 |
Unspecified vulnerability in HP Systems Insight Manager (SIM) before
7.0 allows remote attackers to modify data via unknown vectors.
|
CVE-2012-1995 |
Unspecified vulnerability in HP Systems Insight Manager (SIM) before
7.0 allows local users to obtain sensitive information or modify data
via unknown vectors.
|
CVE-2012-1993 |
Unspecified vulnerability in HP System Management Homepage (SMH)
before 7.0 allows local users to modify data or obtain sensitive
information via unknown vectors.
|
CVE-2012-1971 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before
2.12 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via vectors related to garbage collection after certain MethodJIT
execution, and unknown other vectors.
|
CVE-2012-1970 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird
before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before
2.12 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via unknown vectors.
|
CVE-2012-1949 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 4.x through 13.0, Thunderbird 5.0 through 13.0, and SeaMonkey
before 2.11 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2012-1948 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, Thunderbird
5.0 through 13.0, Thunderbird ESR 10.x before 10.0.6, and SeaMonkey
before 2.11 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2012-1938 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox before 13.0, Thunderbird before 13.0, and SeaMonkey before
2.10 allow remote attackers to cause a denial of service (memory
corruption and application crash) or possibly execute arbitrary code
via vectors related to (1) methodjit/ImmutableSync.cpp, (2) the
JSObject::makeDenseArraySlow function in js/src/jsarray.cpp, and
unknown other components.
|
CVE-2012-1937 |
Multiple unspecified vulnerabilities in the browser engine in Mozilla
Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird
5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey
before 2.10 allow remote attackers to cause a denial of service
(memory corruption and application crash) or possibly execute
arbitrary code via unknown vectors.
|
CVE-2012-1908 |
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3
allows remote attackers to inject arbitrary web script or HTML via
unknown vectors.
|
CVE-2012-1844 |
The Quantum Scalar i500 tape library with firmware before i7.0.3
(604G.GS00100), also distributed as the Dell ML6000 tape library with
firmware before A20-00 (590G.GS00100) and the IBM TS3310 tape library
with firmware before R6C (606G.GS001), uses default passwords for
unspecified user accounts, which makes it easier for remote attackers
to obtain access via unknown vectors.
|
CVE-2012-1818 |
An unspecified ActiveX control in Emerson DeltaV and DeltaV
Workstations 9.3.1, 10.3.1, 11.3, and 11.3.1 and DeltaV ProEssentials
Scientific Graph 5.0.0.6 allows remote attackers to overwrite
arbitrary files via unknown vectors.
|
CVE-2012-1808 |
The web server in the ECOM Ethernet module in Koyo H0-ECOM,
H0-ECOM100, H2-ECOM, H2-ECOM-F, H2-ECOM100, H4-ECOM, H4-ECOM-F, and
H4-ECOM100 does not require authentication, which allows remote
attackers to perform unspecified functions via unknown vectors.
|
CVE-2012-1796 |
Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as
used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain
privileges via unknown vectors.
|
CVE-2012-1786 |
The Media Upload form in the Video Embed & Thumbnail Generator plugin
before 2.0 for WordPress allows remote attackers to obtain the
installation path via unknown vectors.
|
CVE-2012-1774 |
Unspecified vulnerability in the Open URL feature in Gretech GOM Media
Player before 2.1.39.5101 has unknown impact and attack vectors, a
different vulnerability than CVE-2007-5779 and CVE-2012-1264.
|
CVE-2012-1773 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770,
CVE-2012-1771, CVE-2012-1772, CVE-2012-3106, CVE-2012-3107,
CVE-2012-3108, and CVE-2012-3110.
|
CVE-2012-1772 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770,
CVE-2012-1771, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107,
CVE-2012-3108, and CVE-2012-3110.
|
CVE-2012-1771 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1770,
CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107,
CVE-2012-3108, and CVE-2012-3110.
|
CVE-2012-1770 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2012-1766, CVE-2012-1767, CVE-2012-1769, CVE-2012-1771,
CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107,
CVE-2012-3108, and CVE-2012-3110.
|
CVE-2012-1769 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2012-1766, CVE-2012-1767, CVE-2012-1770, CVE-2012-1771,
CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107,
CVE-2012-3108, and CVE-2012-3110.
|
CVE-2012-1768 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.7 allows context-dependent
attackers to affect availability via unknown vectors related to
Outside In Filters, a different vulnerability than CVE-2012-3109.
|
CVE-2012-1767 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2012-1766, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771,
CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107,
CVE-2012-3108, and CVE-2012-3110.
|
CVE-2012-1766 |
Unspecified vulnerability in the Oracle Outside In Technology
component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows
context-dependent attackers to affect availability via unknown vectors
related to Outside In Filters, a different vulnerability than
CVE-2012-1767, CVE-2012-1769, CVE-2012-1770, CVE-2012-1771,
CVE-2012-1772, CVE-2012-1773, CVE-2012-3106, CVE-2012-3107,
CVE-2012-3108, and CVE-2012-3110.
|
CVE-2012-1765 |
Unspecified vulnerability in Oracle Sun Solaris 10 allows local users
to affect integrity via unknown vectors related to Branded Zone.
|
CVE-2012-1761 |
Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows
remote attackers to affect integrity via unknown vectors related to UI
Framework.
|
CVE-2012-1760 |
Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows
remote attackers to affect availability via unknown vectors related to
UI Framework, a different vulnerability than CVE-2012-1742.
|
CVE-2012-1759 |
Unspecified vulnerability in the Oracle AutoVue component in Oracle
Supply Chain Products Suite 20.0.2 and 20.1 allows remote
authenticated users to affect availability via unknown vectors, a
different vulnerability than CVE-2012-1758.
|
CVE-2012-1758 |
Unspecified vulnerability in the Oracle AutoVue component in Oracle
Supply Chain Products Suite 20.0.2 and 20.1 allows remote
authenticated users to affect availability via unknown vectors, a
different vulnerability than CVE-2012-1759.
|
CVE-2012-1757 |
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier
allows remote authenticated users to affect availability via unknown
vectors related to InnoDB.
|
CVE-2012-1756 |
Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier
allows remote authenticated users to affect availability via unknown
vectors.
|
CVE-2012-1754 |
Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows
remote authenticated users to affect confidentiality via unknown
vectors related to UI Framework, a different vulnerability than
CVE-2012-1732.
|
CVE-2012-1753 |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools
component in Oracle PeopleSoft Products 8.50, 8.51, and 8.52 allows
remote authenticated users to affect confidentiality, integrity, and
availability via unknown vectors related to PC.
|
CVE-2012-1751 |
Unspecified vulnerability in the Core RDBMS component in Oracle
Database Server 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote
authenticated users to affect confidentiality, integrity, and
availability via unknown vectors related to flashback archive.
|
CVE-2012-1750 |
Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11
allows local users to affect confidentiality, integrity, and
availability via unknown vectors related to mailx.
|
CVE-2012-1749 |
Unspecified vulnerability in the Oracle MapViewer component in Oracle
Fusion Middleware 10.1.3.1 and 11.1.1.5 allows remote attackers to
affect confidentiality via unknown vectors related to Oracle Maps.
|
CVE-2012-1748 |
Unspecified vulnerability in the PeopleSoft Enterprise HRMS component
in Oracle PeopleSoft Products 9.1 allows remote authenticated users to
affect confidentiality via unknown vectors related to Candidate
Gateway, a different vulnerability than CVE-2012-0562.
|
CVE-2012-1747 |
Unspecified vulnerability in the Network Layer component in Oracle
Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and
11.2.0.3, when running on Windows, allows remote attackers to affect
availability via unknown vectors, a different vulnerability than
C |