CVSS: 8.1EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0556
https://notcve.org/view.php?id=CVE-2016-0556
21 Jan 2016 — Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Administration, a different vulnerability than CVE-2016-0557. Vulnerabilidad no especificada en el componente Oracle Advanced Collections en Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2 y 12.1.3 permite a usuarios remotos autenticados afectar a la confidencialidad y... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0575
https://notcve.org/view.php?id=CVE-2016-0575
21 Jan 2016 — Unspecified vulnerability in the Oracle Learning Management component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to OTA Self Service. Vulnerabilidad no especificada en el componente Oracle Learning Management en Oracle E-Business Suite 11.5.10.2 permite a atacantes remotos afectar a la integridad a través de vectores relacionados con OTA Self Service. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 3.4EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4926
https://notcve.org/view.php?id=CVE-2015-4926
21 Jan 2016 — Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect integrity via vectors related to UIX. Vulnerabilidad no especificada en el componente Oracle Applications Framework en Oracle E-Business Suite 11.5.10.2, 12.1 y 12.2 permite a atacantes remotos afectar a la integridad a través de vectores relacionados con UIX. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 8.6EPSS: 1%CPEs: 2EXPL: 0CVE-2016-0457
https://notcve.org/view.php?id=CVE-2016-0457
21 Jan 2016 — Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0456. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of servic... • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html •
CVSS: 10.0EPSS: 2%CPEs: 1EXPL: 0CVE-2015-4839
https://notcve.org/view.php?id=CVE-2015-4839
21 Oct 2015 — Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to DB Listener, a different vulnerability than CVE-2015-4798. Vulnerabilidad no especificada en el componente Oracle Applications Technology Stack en Oracle E-Business Suite 11.5.10.2 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vecto... • http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4845 – Oracle E-Business Suite 12.2.4 Database User Enumeration
https://notcve.org/view.php?id=CVE-2015-4845
21 Oct 2015 — Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via vectors related to Java APIs - AOL/J. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue allows remote attackers to enumerate database users via a series of requests to Aoljtest.js. Vulnerabilidad no especificada en el componente Oracl... • http://packetstormsecurity.com/files/134098/Oracle-E-Business-Suite-12.2.4-Database-User-Enumeration.html •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2015-4846 – Oracle E-Business Suite 12.1.3 / 12.1.4 SQL Injection
https://notcve.org/view.php?id=CVE-2015-4846
21 Oct 2015 — Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote authenticated users to affect confidentiality and integrity via vectors related to SQL Extensions. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is a SQL injection vulnerability, which allows remote authenticated users to execute arbitrary SQL commands via a request involving... • http://packetstormsecurity.com/files/134099/Oracle-E-Business-Suite-12.1.3-12.1.4-SQL-Injection.html •
CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2015-4849 – Oracle E-Business Suite 12.1.3 XXE Injection
https://notcve.org/view.php?id=CVE-2015-4849
21 Oct 2015 — Unspecified vulnerability in the Oracle Payments component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Punch-in. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to cause a denial of service or conduct SMB Relay attacks v... • http://packetstormsecurity.com/files/134118/Oracle-E-Business-Suite-12.1.3-XXE-Injection.html •
CVSS: 9.1EPSS: 1%CPEs: 4EXPL: 0CVE-2015-4851 – Oracle E-Business Suite 12.1.3 XXE Injection
https://notcve.org/view.php?id=CVE-2015-4851
21 Oct 2015 — Unspecified vulnerability in the Oracle iSupplier Portal component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to XML input. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is an XML External Entity (XXE) vulnerability, which allows remote attackers to read arbitrary files, cause a denial of service, or conduct SMB Re... • http://packetstormsecurity.com/files/134119/Oracle-E-Business-Suite-12.1.3-XXE-Injection.html •
CVSS: 6.1EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4854 – Oracle E-Business Suite 12.1.4 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2015-4854
21 Oct 2015 — Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect integrity via unknown vectors related to Single Signon. NOTE: the previous information is from the October 2015 CPU. Oracle has not commented on third-party claims that this issue is a cross-site scripting (XSS) vulnerability, which allows remote attackers to inject arbitrary web script or HTML via the Domain parameter in the CfgOCIRetur... • http://packetstormsecurity.com/files/134100/Oracle-E-Business-Suite-12.1.4-Cross-Site-Scripting.html •