CVE-2014-6499
https://notcve.org/view.php?id=CVE-2014-6499
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to WebLogic Tuxedo Connector. Vulnerabilidad sin especificar en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, 12.1.2.0, y 12.1.3.0 permite a atacantes remotos afectar a la confidencialidad, la integridad a través de vectores desconocidos relacionados con WebLogic Tuxedo Connector. • http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html http://www.securityfocus.com/bid/70463 •
CVE-2014-0191 – libxml2: external parameter entity loaded when entity substitution is disabled
https://notcve.org/view.php?id=CVE-2014-0191
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document. La función xmlParserHandlePEReference en parser.c en libxml2 en versiones anteriores a 2.9.2, como se utiliza en Web Listener en Oracle HTTP Server en Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0 y 12.1.3.0 y otros productos, carga entidades de parámetro externas independientemente de si la sustitución de entidad o la validación están habilitadas, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de un documento XML manipulado. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html http://rhn.redhat.com/errata/RHSA-2015-0749.html http://www-01.ibm.com/support/docview.wss?uid=swg21678183 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securityfocus.com/ • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2012-1677
https://notcve.org/view.php?id=CVE-2012-1677
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via unknown vectors. Vulnerabilidad no especificada en el componente Oracle Application Server Single Sign-On en Oracle Fusion Middleware permite a atacantes remotos afectar a la integridad a través de vectores desconocidos. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html •
CVE-2012-3135
https://notcve.org/view.php?id=CVE-2012-3135
Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.3 and before, and 27.7.2 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente de Oracle JRockit en Oracle Fusion Middleware v28.2.3 y anteriores, y v27.7.2 y versiones anteriores, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos. • http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html http://www.securityfocus.com/bid/54494 http://www.securitytracker.com/id?1027264 https://exchange.xforce.ibmcloud.com/vulnerabilities/76993 •
CVE-2012-1695
https://notcve.org/view.php?id=CVE-2012-1695
Unspecified vulnerability in the Oracle JRockit component in Oracle Fusion Middleware 28.2.2 and earlier, and JDK/JRE 5 and 6 27.7.1 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Vulnerabilidad no especificada en el componente Oracle JRockit en Oracle Fusion Middleware v28.2.2 y anteriores, y JDK/JRE 5 y 6 27.7.1 y anteriores permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores no especificados. • http://secunia.com/advisories/48864 http://www.mandriva.com/security/advisories?name=MDVSA-2013:150 http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html http://www.securitytracker.com/id?1026948 https://www.oracle.com/security-alerts/cpujan2020.html •