CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0424
https://notcve.org/view.php?id=CVE-2016-0424
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2016-0422. Vulnerabilidad no especificada en el componente JD Edwards EnterpriseOne Tools en Oracle JD Edwards Products 9.1 y 9.2 permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con Enterprise Infrastructure SEC, una vulnerabilidad diferente a CVE-2016-0422. • http://packetstormsecurity.com/files/138510/JD-Edwards-9.1-EnterpriseOne-Server-Denial-Of-Service.html http://seclists.org/fulldisclosure/2016/Aug/127 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034722 https://www.onapsis.com/research/security-advisories/jd-edwards-jdenet-type-8-dos •
CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0425
https://notcve.org/view.php?id=CVE-2016-0425
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Monitoring and Diagnostics. Vulnerabilidad no especificada en el componente JD Edwards EnterpriseOne Tools en Oracle JD Edwards Products 9.1 y 9.2 permite a usuarios remotos autenticados afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Monitoring y Diagnostics. • http://packetstormsecurity.com/files/138511/JD-Edwards-9.1-EnterpriseOne-Server-Password-Disclosure.html http://seclists.org/fulldisclosure/2016/Aug/129 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034722 •
CVSS: 6.5EPSS: 10%CPEs: 10EXPL: 1CVE-2015-1793 – OpenSSL - Alternative Chains Certificate Forgery
https://notcve.org/view.php?id=CVE-2015-1793
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. La función de verificación de certificado X509 en crypto/x509/x509_vfy.c en OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, y 1.0.2c no procesa correctamente los valores cA de restricción básica del X.509 durante la identificación de cadenas de certificado alternativo, lo que permite a atacantes remotos suplantar una función de autoridad de certificación y propiciar verificaciones de certificado involuntarias a través de un leaf certificate válido. • https://www.exploit-db.com/exploits/38640 http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html http://marc.info/?l=bugtraq&m=143880121627664&w=2 http • CWE-254: 7PK - Security Features •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0475
https://notcve.org/view.php?id=CVE-2015-0475
Unspecified vulnerability in the JD Edwards EnterpriseOne Technology component in Oracle JD Edwards Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Runtime Security. Vulnerabilidad no especificada en el componente JD Edwards EnterpriseOne Technology en Oracle JD Edwards Products 9.1 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos relacionados con Web Runtime Security. • http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securitytracker.com/id/1032126 •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6516
https://notcve.org/view.php?id=CVE-2014-6516
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98 allows local users to affect confidentiality, integrity, and availability via vectors related to Installation SEC. Vulnerabilidad sin especificar en el componente JD Edwards EnterpriseOne en Oracle JD Edwards Products 8.98 permite a usuarios locales afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores relacionados con la instalación de SEC. • http://secunia.com/advisories/61698 http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/70571 http://www.securitytracker.com/id/1031047 •