Page 21 of 120 results (0.025 seconds)

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542. Vulnerabilidad sin especificar en el componente SQLJ en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, y 12.1.0.2 permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2014-4298, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, y CVE-2014-6542. • http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/70526 •

CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-6453, CVE-2014-6545, and CVE-2014-6560. Vulnerabilidad sin especificar en el componente Java VM en Oracle Database Server 1.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, y 12.1.0.2 permite a usuarios remotos autenticados afectar a la confidencialidad, la integridad y la disponiblidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2014-6453, CVE-2014-6545, y CVE-2014-6560. • http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/70514 •

CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0

Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6454, and CVE-2014-6542. Vulnerabilidad sin especificar en el componente SQLJ en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, y 12.1.0.2 permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-6454, y CVE-2014-6542. • http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/70528 •

CVSS: 5.0EPSS: 97%CPEs: 147EXPL: 1

The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocido como el problema "POODLE". A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc http://advisories.mageia.org/MGASA-2014-0416.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 http& • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •

CVSS: 3.5EPSS: 0%CPEs: 4EXPL: 0

Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente RDBMS Core en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, y 12.1.0.1 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos. • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/56910 http://secunia.com/advisories/62196 http://www-01.ibm.com/support/docview.wss?uid=swg21689484 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68617 http://www.securitytracker.com/id/1030576 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmclo •