CVSS: 6.5EPSS: 8%CPEs: 10EXPL: 1CVE-2015-1793 – OpenSSL - Alternative Chains Certificate Forgery
https://notcve.org/view.php?id=CVE-2015-1793
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. La función de verificación de certificado X509 en crypto/x509/x509_vfy.c en OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, y 1.0.2c no procesa correctamente los valores cA de restricción básica del X.509 durante la identificación de cadenas de certificado alternativo, lo que permite a atacantes remotos suplantar una función de autoridad de certificación y propiciar verificaciones de certificado involuntarias a través de un leaf certificate válido. • https://www.exploit-db.com/exploits/38640 http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html http://marc.info/?l=bugtraq&m=143880121627664&w=2 http • CWE-254: 7PK - Security Features •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-6565
https://notcve.org/view.php?id=CVE-2014-6565
Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Portal SEC. Vulnerabilidad no especificada en el componente JD Edwards EnterpriseOne Tools en Oracle JD Edwards Products 9.1.5 permite a atacantes remotos afectar la confidencialidad, integridad, y disponibilidad a través de vectores relacionados con Portal SEC. • http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securitytracker.com/id/1031573 •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2011-2326
https://notcve.org/view.php?id=CVE-2011-2326
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-3509, and CVE-2011-3524. Vulnerabilidad no especificada en el componente EnterpriseOne Tools en Oracle JD Edwards 8.98 SP 24 permite a usuarios autenticados remotos afectar a la confidencialidad, relacionado con Enterprise Infrastructure SEC (JDENET), una vulnerabilidad diferente a CVE-2011-2325, CVE-2011-3509 y CVE-2011-3524. • http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3514
https://notcve.org/view.php?id=CVE-2011-3514
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect integrity, related to Enterprise Infrastructure SEC (JDENET). Vulnerabilidad no especificada en el componente EnterpriseOne Tools en Oracle JD Edwards 8.98 SP 24 permite a usuarios autenticados remotos afectar a la integridad, relacionado con Enterprise Infrastructure SEC (JDENET). • http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2011-3524
https://notcve.org/view.php?id=CVE-2011-3524
Unspecified vulnerability in the EnterpriseOne Tools component in Oracle JD Edwards 8.98 SP 24 allows remote authenticated users to affect confidentiality, related to Enterprise Infrastructure SEC (JDENET), a different vulnerability than CVE-2011-2325, CVE-2011-2326, and CVE-2011-3509. Vulnerabilidad no especificada en el componente EnterpriseOne Tools en Oracle JD Edwards 8.98 SP 24 permite a usuarios autenticados remotos afectar a la confidencialidad, relacionado con Enterprise Infrastructure SEC (JDENET), una vulnerabilidad diferente a CVE-2011-2325, CVE-2011-2326 y CVE-2011-3509. • http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html •