CVSS: 8.7EPSS: 0%CPEs: 4EXPL: 0CVE-2016-0679
https://notcve.org/view.php?id=CVE-2016-0679
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect integrity and availability via vectors related to PIA Grids. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise PeopleTools en Oracle PeopleSoft Products 8.53, 8.54 y 8.55 permite a usuarios remotos autenticados afectar a la integridad y disponibilidad a través de vectores relacionados con PIA Grids. • http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html http://www.securitytracker.com/id/1035610 •
CVSS: 5.9EPSS: 1%CPEs: 38EXPL: 0CVE-2015-3197 – OpenSSL: SSLv2 doesn't block disabled ciphers
https://notcve.org/view.php?id=CVE-2015-3197
ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f does not prevent use of disabled ciphers, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by performing computations on SSLv2 traffic, related to the get_client_master_key and get_client_hello functions. ssl/s2_srvr.c en OpenSSL 1.0.1 en versiones anteriores a 1.0.1r y 1.0.2 en versiones anteriores a 1.0.2f no impide el uso de cifrados deshabilitados, lo que hace que sea más fácil para atacantes man-in-the-middle vencer los mecanismos de protección criptográfica llevando a cabo cálculos sobre tráfico SSLv2, relacionado con las funciones get_client_master_key y get_client_hello. A flaw was found in the way malicious SSLv2 clients could negotiate SSLv2 ciphers that were disabled on the server. This could result in weak SSLv2 ciphers being used for SSLv2 connections, making them vulnerable to man-in-the-middle attacks. • http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.fedoraproject.org/pipermail/package-announce/2016-January/176373.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-0460
https://notcve.org/view.php?id=CVE-2016-0460
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.55 allows remote attackers to affect integrity via unknown vectors related to Fluid Homepage and NavBar. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise PeopleTools en Oracle PeopleSoft Products 8.55 permite a atacantes remotos afectar a la integridad a través de vectores desconocidos relacionados con Fluid Homepage y NavBar. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034720 •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2016-0587
https://notcve.org/view.php?id=CVE-2016-0587
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors related to File Processing. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise PeopleTools en Oracle PeopleSoft Products 8.53, 8.54 y 8.55 permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores desconocidos relacionados con File Processing. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034720 •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2016-0462
https://notcve.org/view.php?id=CVE-2016-0462
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Multichannel Framework, a different vulnerability than CVE-2015-2650. Vulnerabilidad no especificada en el componente PeopleSoft Enterprise PeopleTools en Oracle PeopleSoft Products 8.53 y 8.54 permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores desconocidos relacionados con Multichannel Framework, una vulnerabilidad diferente a CVE-2015-2650. • http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html http://www.securitytracker.com/id/1034720 •