CVSS: 7.5EPSS: 74%CPEs: 1EXPL: 0CVE-2015-0446 – Oracle Data Quality LoaderWizard DataPreview Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2015-0446
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, CVE-2015-4758, and CVE-2015-4759. Vulnerabilidad no especificada en el componente de Oracle Data Integrator en Oracle Fusion Middleware 11.1.1.3.0, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con la calidad de datos basado en Trillium, una vulnerabilidad diferente a CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-2634, CVE-2015-2635, CVE-2015-2636, CVE-2015-4758 y CVE-2015-4759. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Data Quality. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the TSS12.LoaderWizard.lwctrl ActiveX control. The DataPreview method does not validate the type of data passed to it, instead treating any object passed in as if it were the expected type. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •
CVSS: 4.3EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0434
https://notcve.org/view.php?id=CVE-2015-0434
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect confidentiality via vectors related to Integration with OAM. Vulnerabilidad no especificada en el componente Oracle Access Manager en Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, y 11.1.2.2 permite a atacantes remotos afectar la confidencialidad a través de vectores relacionados con la integración con OAM. • http://secunia.com/advisories/62473 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72226 https://exchange.xforce.ibmcloud.com/vulnerabilities/100081 •
CVSS: 5.0EPSS: 0%CPEs: 4EXPL: 0CVE-2015-0367
https://notcve.org/view.php?id=CVE-2015-0367
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect integrity via vectors related to SSO Engine. Vulnerabilidad no especificada en el componente Oracle Access Manager en Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, y 11.1.2.2 permite a atacantes remotos afectar la integridad a través de vectores relacionados con SSO Engine. • http://secunia.com/advisories/62473 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72179 https://exchange.xforce.ibmcloud.com/vulnerabilities/100077 •
CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-0389
https://notcve.org/view.php?id=CVE-2015-0389
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a different vulnerability than CVE-2014-6592. Vulnerabilidad no especificada en el componente Oracle OpenSSO en Oracle Fusion Middleware 8.0 Update 2 Patch 5 permite a usuarios remotos autenticados afectar la integridad a través de vectores relacionados con SAML, una vulnerabilidad diferente a CVE-2014-6592. • http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72199 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0396
https://notcve.org/view.php?id=CVE-2015-0396
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Admin Console. Vulnerabilidad no especificada en el componente Oracle GlassFish Server en Oracle Fusion Middleware 3.0.1 y 3.1.2 permite a atacantes remotos afectar la confidencialidad, la integridad y la disponibilidad a través de vectores desconocidos relacionados con Admin Console. • http://secunia.com/advisories/62480 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.securityfocus.com/bid/72121 http://www.securitytracker.com/id/1031570 https://exchange.xforce.ibmcloud.com/vulnerabilities/100073 •