CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4298
https://notcve.org/view.php?id=CVE-2014-4298
Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542. Vulnerabilidad sin especificar en el componente SQLJ en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, y 12.1.0.2 permite a usuarios remotos autenticados afectar a la disponibilidad a través de vectores desconocidos una vulnerabilidad diferente a CVE-2014-4299, CVE-2014-4300, CVE-2014-6452, CVE-2014-6454, y CVE-2014-6542. • http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/70524 •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4291
https://notcve.org/view.php?id=CVE-2014-4291
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4290, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547, and CVE-2014-6477. Vulnerabilidad no especificada en el componente JPublisher en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios autenticados remotos afectar a la confidencialidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2014-4290, CVE-2014-4292, CVE-2014-4293, CVE-2014-4296, CVE-2014-4297, CVE-2014-4310, CVE-2014-6547 y CVE-2014-6477. • http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/70500 •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-4300
https://notcve.org/view.php?id=CVE-2014-4300
Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2014-4298, CVE-2014-4299, CVE-2014-6452, CVE-2014-6454, and CVE-2014-6542. Vulnerabilidad sin especificar en el componente SQLJ en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2014-4298, CVE-2014-4299, CVE-2014-6452, CVE-2014-6454, y CVE-2014-6542. • http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/70527 •
CVSS: 5.0EPSS: 97%CPEs: 147EXPL: 1CVE-2014-3566 – SSL/TLS: Padding Oracle On Downgraded Legacy Encryption attack
https://notcve.org/view.php?id=CVE-2014-3566
The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue. El protocolo SSL 3.0, utilizado en OpenSSL hasta 1.0.1i y otros productos, utiliza relleno (padding) CBC no determinístico, lo que facilita a los atacantes man-in-the-middle obtener datos de texto plano a través de un ataque de relleno (padding) oracle, también conocido como el problema "POODLE". A flaw was found in the way SSL 3.0 handled padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. This flaw allows a man-in-the-middle (MITM) attacker to decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections. • https://github.com/mikesplain/CVE-2014-3566-poodle-cookbook ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-015.txt.asc http://advisories.mageia.org/MGASA-2014-0416.html http://aix.software.ibm.com/aix/efixes/security/openssl_advisory11.asc http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html http://askubuntu.com/questions/537196/how-do-i-patch-workaround-sslv3-poodle-vulnerability-cve-2014-3566 http& • CWE-310: Cryptographic Issues CWE-757: Selection of Less-Secure Algorithm During Negotiation ('Algorithm Downgrade') •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4237
https://notcve.org/view.php?id=CVE-2014-4237
Unspecified vulnerability in the RDBMS Core component in Oracle Database Server 11.2.0.4 and 12.1.0.1 allows remote authenticated users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente RDBMS Core en Oracle Database Server 11.2.0.4 y 12.1.0.1 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos. • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/56910 http://secunia.com/advisories/62196 http://www-01.ibm.com/support/docview.wss?uid=swg21689484 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68627 http://www.securitytracker.com/id/1030576 http://www.vmware.com/security/advisories/VMSA-2014-0012.html •