CVSS: 5.0EPSS: 97%CPEs: 147EXPL: 1CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocido como el problema "POODLE". A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc http://advisories.mageia.org/MGASA-2014-0416.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 http& • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0CVE-2014-4245
https://notcve.org/view.php?id=CVE-2014-4245
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente RDBMS Core en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, y 12.1.0.1 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos. • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/56910 http://secunia.com/advisories/62196 http://www-01.ibm.com/support/docview.wss?uid=swg21689484 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68617 http://www.securitytracker.com/id/1030576 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmclo •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4237
https://notcve.org/view.php?id=CVE-2014-4237
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente RDBMS Core en Oracle Database Server 11.2.0.4 y 12.1.0.1 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos. • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/56910 http://secunia.com/advisories/62196 http://www-01.ibm.com/support/docview.wss?uid=swg21689484 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68627 http://www.securitytracker.com/id/1030576 http://www.vmware.com/security/advisories/VMSA-2014-0012.html •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4236
https://notcve.org/view.php?id=CVE-2014-4236
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente RDBMS Core en Oracle Database Server 11.2.0.4 y 12.1.0.1 permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/56910 http://secunia.com/advisories/62196 http://www-01.ibm.com/support/docview.wss?uid=swg21689484 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68633 http://www.securitytracker.com/id/1030576 http://www.vmware.com/security/advisories/VMSA-2014-0012.html •
CVSS: 6.6EPSS: 0%CPEs: 4EXPL: 0CVE-2014-2408
https://notcve.org/view.php?id=CVE-2014-2408
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to the "Grant Any Object Privilege." Vulnerabilidad no especificada en el componente Core RDBMS en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, y 12.1.0.1 permite a usuarios autenticados remotamente afectar a la confidencialidad e integridad a través de vectores desconocidos relacionados con "Grant Any Object Privilege." • http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •