CVSS: 9.0EPSS: 1%CPEs: 5EXPL: 0CVE-2014-6567
https://notcve.org/view.php?id=CVE-2014-6567
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that this is a stack-based buffer overflow in DBMS_AW.EXECUTE, which allows code execution via a long Current Directory Alias (CDA) command. Vulnerabilidad no especificada en el componente Core RDBMS de Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios remotos autenticados afectar la confidencialidad, integridad, y disponibilidad a través de vectores desconocidos. NOTA: la información anterior es de la CPU de enero del 2015. • http://www.databaseforensics.com/Oracle_Jan2015_CPU.pdf http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72134 http://www.securitytracker.com/id/1031572 •
CVSS: 6.3EPSS: 0%CPEs: 5EXPL: 0CVE-2014-6541
https://notcve.org/view.php?id=CVE-2014-6541
Unspecified vulnerability in the Recovery component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2, when running on Windows, allows remote authenticated users to affect confidentiality via vectors related to DBMS_IR. Vulnerabilidad no especificada en el componente Recovery en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 y 12.1.0.2, cuando se ejecuta en Windows, permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores relacionados con DBMS_IR. • http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72158 http://www.securitytracker.com/id/1031572 •
CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2014-6514
https://notcve.org/view.php?id=CVE-2014-6514
Unspecified vulnerability in the PL/SQL component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente PL/sQL de Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4 y 12.1.0.1 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72166 http://www.securitytracker.com/id/1031572 •
CVSS: 6.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-6477
https://notcve.org/view.php?id=CVE-2014-6477
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, and CVE-2014-6547. NOTE: this issue was originally mapped to CVE-2014-4301, but CVE-2014-4301 is for an unrelated vulnerability. Vulnerabilidad no especificada en el componente JPublisher en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, y 12.1.0.2 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, y CVE-2014-6547. NOTA: este problema fue designado originalmente a CVE-2014-4301, pero CVE-2014-4301 es para una vulnerabilidad no relacionada. • http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html https://exchange.xforce.ibmcloud.com/vulnerabilities/99937 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-6545
https://notcve.org/view.php?id=CVE-2014-6545
Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6467, and CVE-2014-6560. Vulnerabilidad sin especificar en el componente Java VM en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, y 12.1.0.2 permite a usuarios remotos autenticados afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2014-6453, CVE-2014-6467, y CVE-2014-6560. • http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/70467 •