CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4838
https://notcve.org/view.php?id=CVE-2015-4838
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote authenticated users to affect confidentiality via vectors related to ADF Faces. Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0 y 12.1.3.0.0 permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores relacionados con ADF Faces. • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securitytracker.com/id/1033898 •
CVSS: 3.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4914
https://notcve.org/view.php?id=CVE-2015-4914
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Listener. Vulnerabilidad no especificada en el componente Oracle HTTP Server en Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0 y 12.1.3.0 permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores desconocidos relacionados con Web Listener. • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securitytracker.com/id/1033907 •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4909
https://notcve.org/view.php?id=CVE-2015-4909
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0, and 12.1.3.0.0 allows remote attackers to affect integrity via vectors related to ADF Faces. Vulnerabilidad no especificada en el componente Oracle JDeveloper en Oracle Fusion Middleware 11.1.2.4.0, 12.1.2.0.0 y 12.1.3.0.0 permite a atacantes remotos afectar a la integridad a través de vectores relacionados con ADF Faces. • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securitytracker.com/id/1033898 •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2015-1829
https://notcve.org/view.php?id=CVE-2015-1829
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener. Vulnerabilidad no especificada en el componente Oracle HTTP Server en Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0 y 12.1.3.0 permite a atacantes remotos afectar a la disponibilidad a través de vectores desconocidos relacionados con Web Listener. • http://www.apache.org/dist/apr/Announcement1.x.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securityfocus.com/bid/75164 http://www.securitytracker.com/id/1032617 •
CVSS: 7.5EPSS: 51%CPEs: 6EXPL: 0CVE-2014-3576 – ActiveMQ: DoS via unauthenticated remote shutdown command
https://notcve.org/view.php?id=CVE-2014-3576
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command. Vulnerabilidad en la función processControlCommand en broker/TransportConnection.java en Apache ActiveMQ en versiones anteriores a 5.11.0, permite a atacantes remotos causar una denegación de servicio (apagado) a través de un comando de apagado. It was found that the Apache ActiveMQ broker exposed a remote shutdown command without requiring any authentication to use it. A remote, unauthenticated attacker could use this flaw to shut down ActiveMQ broker's listener. • http://activemq.2283324.n4.nabble.com/About-CVE-2014-3576-tp4699628.html http://packetstormsecurity.com/files/134274/Apache-ActiveMQ-5.10.1-Denial-Of-Service.html http://www.debian.org/security/2015/dsa-3330 http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securityfocus.com/archive/1/536862/100/0/threaded http://www.securityfocus.com/bid/76272 http://www.securitytracker.com/id/10 • CWE-264: Permissions, Privileges, and Access Controls CWE-306: Missing Authentication for Critical Function •