CVE-2016-0425
https://notcve.org/view.php?id=CVE-2016-0425
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Monitoring and Diagnostics. Vulnerabilidad no especificada en el componente JD Edwards EnterpriseOne Tools en Oracle JD Edwards Products 9.1 y 9.2 permite a usuarios remotos autenticados afectar a la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Monitoring y Diagnostics. • http://packetstormsecurity.com/files/138511/JD-Edwards-9.1-EnterpriseOne-Server-Password-Disclosure.html http://seclists.org/fulldisclosure/2016/Aug/129 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034722 •
CVE-2016-0424
https://notcve.org/view.php?id=CVE-2016-0424
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2016-0422. Vulnerabilidad no especificada en el componente JD Edwards EnterpriseOne Tools en Oracle JD Edwards Products 9.1 y 9.2 permite a atacantes remotos afectar a la disponibilidad a través de vectores relacionados con Enterprise Infrastructure SEC, una vulnerabilidad diferente a CVE-2016-0422. • http://packetstormsecurity.com/files/138510/JD-Edwards-9.1-EnterpriseOne-Server-Denial-Of-Service.html http://seclists.org/fulldisclosure/2016/Aug/127 http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034722 https://www.onapsis.com/research/security-advisories/jd-edwards-jdenet-type-8-dos •
CVE-2015-1793 – OpenSSL - Alternative Chains Certificate Forgery
https://notcve.org/view.php?id=CVE-2015-1793
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. La función de verificación de certificado X509 en crypto/x509/x509_vfy.c en OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, y 1.0.2c no procesa correctamente los valores cA de restricción básica del X.509 durante la identificación de cadenas de certificado alternativo, lo que permite a atacantes remotos suplantar una función de autoridad de certificación y propiciar verificaciones de certificado involuntarias a través de un leaf certificate válido. • https://www.exploit-db.com/exploits/38640 http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html http://marc.info/?l=bugtraq&m=143880121627664&w=2 http • CWE-254: 7PK - Security Features CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVE-2015-0475
https://notcve.org/view.php?id=CVE-2015-0475
Unspecified vulnerability in the JD Edwards EnterpriseOne Technology component in Oracle JD Edwards Products 9.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Web Runtime Security. Vulnerabilidad no especificada en el componente JD Edwards EnterpriseOne Technology en Oracle JD Edwards Products 9.1 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos relacionados con Web Runtime Security. • http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securitytracker.com/id/1032126 •
CVE-2012-1678
https://notcve.org/view.php?id=CVE-2012-1678
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 8.98, 9.1, and 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC. Vulnerabilidad no especificada en el componente JD Edwards EnterpriseOne Tools en Oracle JD Edwards Products v8.98, v9.1, y v24 permite a usuarios remotos autenticados afectar la confidencialidad, relacionado con Enterprise Infrastructure SEC. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html •