CVE-2015-0370
https://notcve.org/view.php?id=CVE-2015-0370
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a different vulnerability than CVE-2013-5858. Vulnerabilidad no especificada en el componente Core RDBMS en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4 y 12.1.0.1 permite a usuarios remotos autenticados afectar la integridad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2013-5858. • http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72171 http://www.securitytracker.com/id/1031572 https://exchange.xforce.ibmcloud.com/vulnerabilities/100072 •
CVE-2015-0373
https://notcve.org/view.php?id=CVE-2015-0373
Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente OJVM en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, y 12.1.0.2 permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72145 http://www.securitytracker.com/id/1031572 https://exchange.xforce.ibmcloud.com/vulnerabilities/100067 •
CVE-2014-6578
https://notcve.org/view.php?id=CVE-2014-6578
Unspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to SDO_TOPO and WMSYS.LT. Vulnerabilidad no especificada en el componente Workspace Manager en Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, y 12.1.0.1 permite a usuarios remotos autenticados afectar la confidencialidad, integridad y disponibilidad a través de vectores relacionados con SDO_TOPO and WMSYS.LT. • http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72149 http://www.securitytracker.com/id/1031572 •
CVE-2014-6577
https://notcve.org/view.php?id=CVE-2014-6577
Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the original researcher's claim that this is an XML external entity (XXE) vulnerability in the XML parser, which allows attackers to conduct internal port scanning, perform SSRF attacks, or cause a denial of service via a crafted (1) http: or (2) ftp: URI. Vulnerabilidad no especificada en el componente XML Developer's Kit for C en Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, y 12.1.0.2 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos. NOTA: la información previa es la CPU de enero del 2015. • http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72139 http://www.securitytracker.com/id/1031572 https://blog.netspi.com/advisory-xxe-injection-oracle-database-cve-2014-6577 •
CVE-2014-6567
https://notcve.org/view.php?id=CVE-2014-6567
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the researcher's claim that this is a stack-based buffer overflow in DBMS_AW.EXECUTE, which allows code execution via a long Current Directory Alias (CDA) command. Vulnerabilidad no especificada en el componente Core RDBMS de Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1 y 12.1.0.2 permite a usuarios remotos autenticados afectar la confidencialidad, integridad, y disponibilidad a través de vectores desconocidos. NOTA: la información anterior es de la CPU de enero del 2015. • http://www.databaseforensics.com/Oracle_Jan2015_CPU.pdf http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72134 http://www.securitytracker.com/id/1031572 •