CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-4212
https://notcve.org/view.php?id=CVE-2014-4212
Unspecified vulnerability in the Oracle Fusion Middleware component in Oracle Fusion Middleware 11.1.1.7 allows remote attackers to affect confidentiality via unknown vectors related to Process Mgmt and Notification. Vulnerabilidad no especificada en el componente Oracle Fusion Middleware en Oracle Fusion Middleware 11.1.1.7 permite a atacantes remotos afectar a la confidencialidad a través de vectores desconocidos relacionados con el Proceso Mgmt y Notificación • http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68638 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94556 •
CVSS: 6.8EPSS: 3%CPEs: 4EXPL: 0CVE-2014-2481
https://notcve.org/view.php?id=CVE-2014-2481
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-2480. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, y 12.1.2.0 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2014-2480. • http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2014-0012.html •
CVSS: 4.3EPSS: 2%CPEs: 3EXPL: 0CVE-2014-0191 – libxml2: external parameter entity loaded when entity substitution is disabled
https://notcve.org/view.php?id=CVE-2014-0191
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document. La función xmlParserHandlePEReference en parser.c en libxml2 en versiones anteriores a 2.9.2, como se utiliza en Web Listener en Oracle HTTP Server en Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0 y 12.1.3.0 y otros productos, carga entidades de parámetro externas independientemente de si la sustitución de entidad o la validación están habilitadas, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de un documento XML manipulado. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html http://rhn.redhat.com/errata/RHSA-2015-0749.html http://www-01.ibm.com/support/docview.wss?uid=swg21678183 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securityfocus.com/ • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2014-2470
https://notcve.org/view.php?id=CVE-2014-2470
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Security. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, y 12.1.2.0 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con WLS Security. • http://secunia.com/advisories/59847 http://www.ibm.com/support/docview.wss?uid=swg21680702 http://www.ibm.com/support/docview.wss?uid=swg24038065 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVSS: 7.5EPSS: 97%CPEs: 1EXPL: 2CVE-2014-2424 – Oracle Event Processing FileUploadServlet Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2424
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system. Vulnerabilidad no especificada en el componente Oracle Event Processing en Oracle Fusion Middleware 11.1.1.7.0 permite a los usuarios remotos autenticados afectar a la integridad a través de vectores relacionados con CEP system. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Event Processing. Authentication is not required to exploit this vulnerability. The specific flaw exists within the FileUploadServlet class. The class contains a method that does not properly sanitize input allowing for directory traversal. • https://www.exploit-db.com/exploits/33989 http://packetstormsecurity.com/files/127365/Oracle-Event-Processing-FileUploadServlet-Arbitrary-File-Upload.html http://www.exploit-db.com/exploits/33989 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.osvdb.org/105844 http://www.securityfocus.com/bid/66871 •