CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4257
https://notcve.org/view.php?id=CVE-2014-4257
Unspecified vulnerability in the Oracle WebCenter Portal component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.8.0 allows remote attackers to affect confidentiality via unknown vectors related to Portlet Services. Vulnerabilidad no especificada en el componente Oracle WebCenter Portal en Oracle Fusion Middleware 11.1.1.7.0 y 11.1.1.8.0 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Portlet Services. • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/58739 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68563 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94541 •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4251
https://notcve.org/view.php?id=CVE-2014-4251
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect integrity via vectors related to plugin 1.1. Vulnerabilidad no especificada en el componente Oracle HTTP Server en Oracle Fusion Middleware 11.1.1.7.0 y 12.1.2.0 permite a usuarios remotos autenticados afectar la integridad a través de vectores relacionados con plugin 1.1. • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59204 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68650 http://www.securitytracker.com/id/1030594 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94560 •
CVSS: 6.8EPSS: 2%CPEs: 3EXPL: 0CVE-2014-4254
https://notcve.org/view.php?id=CVE-2014-4254
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Web Services. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.3.6.0, 12.1.1.0, y 12.1.2.0 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con WLS - Web Services. • http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68591 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94545 •
CVSS: 5.8EPSS: 0%CPEs: 4EXPL: 0CVE-2014-4256
https://notcve.org/view.php?id=CVE-2014-4256
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality and integrity via vectors related to WLS - Deployment. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0 y 12.1.2.0 permite a atacantes remotos afectar la confidencialidad e integridad a través de vectores relacionados con WLS - Deployment. • http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68589 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94549 •
CVSS: 7.5EPSS: 88%CPEs: 1EXPL: 0CVE-2014-4249 – Oracle Business Intelligence Mobile App Designer UIXCacheResourceServlet Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2014-4249
Unspecified vulnerability in the BI Publisher component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to Mobile Service. Vulnerabilidad no especificada en el componente BI Publisher en Oracle Fusion Middleware 11.1.1.7 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con Mobile Service. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Business Intelligence Mobile App Designer. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UIXCacheResourceServlet servlet. The issue lies in the ability to download arbitrary files using a directory traversal vulnerability. • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59111 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68605 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94550 •