CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-0465
https://notcve.org/view.php?id=CVE-2014-0465
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via unknown vectors related to Admin Console. Vulnerabilidad no especificada en el componente Oracle OpenSSO en Oracle Fusion Middleware 8.0 Update 2 Patch 5 permite a usuarios autenticados remotamente afectar a la integridad a través de vectores relacionados con la consola de administración. • http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2400 – Endeca Latitude 2.2.2 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2014-2400
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2399. Vulnerabilidad no especificada en el componente Oracle Endeca Server en Oracle Fusion Middleware 2.2.2 permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Oracle Endeca Information Discovery (Formerly Latitude), una vulnerabilidad diferente a CVE-2014-2399. • http://packetstormsecurity.com/files/127223/Endeca-Latitude-2.2.2-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2014/Jun/124 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/archive/1/532557/100/0/threaded http://www.securityfocus.com/bid/66857 •
CVSS: 4.0EPSS: 0%CPEs: 7EXPL: 0CVE-2014-2404
https://notcve.org/view.php?id=CVE-2014-2404
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to WebGate. Vulnerabilidad no especificada en el componente Oracle Access Manager en Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, y 11.1.2.2.0 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos relacionados con WebGate. • http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/bid/66862 •
CVSS: 4.3EPSS: 68%CPEs: 1EXPL: 2CVE-2014-2399 – Endeca Latitude 2.2.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2014-2399
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 2.2.2 allows remote attackers to affect integrity via unknown vectors related to Oracle Endeca Information Discovery (Formerly Latitude), a different vulnerability than CVE-2014-2400. Vulnerabilidad no especificada en el componente Oracle Endeca Server en Oracle Fusion Middleware 2.2.2 permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Oracle Endeca Information Discovery (Formerly Latitude), una vulnerabilidad diferente a CVE-2014-2400. RedTeam Pentesting discovered a cross site request forgery vulnerability in Endeca Latitude version 2.2.2. Using this vulnerability, an attacker might be able to change several different settings of the Endeca Latitude instance or disable it entirely. • https://www.exploit-db.com/exploits/33897 http://packetstormsecurity.com/files/127222/Endeca-Latitude-2.2.2-Cross-Site-Request-Forgery.html http://seclists.org/fulldisclosure/2014/Jun/123 http://www.exploit-db.com/exploits/33897 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/archive/1/532556/100/0/threaded http://www.securityfocus.com/bid/66864 •
CVSS: 6.8EPSS: 61%CPEs: 1EXPL: 0CVE-2014-2407 – Oracle Data Quality LoaderWizard ActiveX Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-2407
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality, a different vulnerability than CVE-2014-2415, CVE-2014-2416, CVE-2014-2417, and CVE-2014-2418. Vulnerabilidad no especificada en el componente Oracle Data Integrator en Oracle Fusion Middleware 11.1.1.3.0 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Data Quality, una vulnerabilidad diferente a CVE-2014-2415, CVE-2014-2416, CVE-2014-2417 y CVE-2014-2418. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the TSS12.LoaderWizard.lwctrl ActiveX control. The issue lies in the failure to properly initialize values leading to a use-after-free condition. • http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •