15 results (0.011 seconds)

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-21994

https://notcve.org/view.php?id=CVE-2023-21994

Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpujul2023.html •

CVSS: 8.3EPSS: 1%CPEs: 248EXPL: 4

CVE-2021-2351 – Oracle Database Weak NNE Integrity Key Derivation

https://notcve.org/view.php?id=CVE-2021-2351

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. • http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html http://seclists.org/fulldisclosure/2021/Dec/19 http://seclists.org/fulldisclosure/2021/Dec/20 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujan2023.html https://www.oracle.com/security-alerts/cpujul2021.html https:&# • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-384: Session Fixation •

CVSS: 5.8EPSS: 0%CPEs: 136EXPL: 1

CVE-2021-29425 – Possible limited path traversal vulnerabily in Apache Commons IO

https://notcve.org/view.php?id=CVE-2021-29425

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. En Apache Commons IO versiones anteriores a 2.7, Cuando se invoca el método FileNameUtils.normalize con una cadena de entrada inapropiada, como "//../foo" o "\\..\ foo", el resultado sería el mismo valor, por lo que posiblemente proporcionar acceso a archivos en el directorio principal, pero no más arriba (por lo tanto, salto de ruta "limited"), si el código de llamada usara el resultado para construir un valor de ruta • https://issues.apache.org/jira/browse/IO-556 https://lists.apache.org/thread.html/r01b4a1fcdf3311c936ce33d75a9398b6c255f00c1a2f312ac21effe1%40%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r0bfa8f7921abdfae788b1f076a12f73a92c93cc0a6e1083bce0027c5%40%3Cnotifications.zookeeper.apache.org%3E https://lists.apache.org/thread.html/r0d73e2071d1f1afe1a15da14c5b6feb2cf17e3871168d5a3c8451436%40%3Ccommits.pulsar.apache.org%3E https://lists.apache.org/thread.html/r1c2f4683c35696cf6f863e3c107e37ec41305b1930dd40c17260de71%40%3Ccommits.pulsar.apache.org%3E https:/ • CWE-20: Improper Input Validation CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.5EPSS: 94%CPEs: 5EXPL: 0

CVE-2015-2604 – Oracle Endeca Information Discovery Integrator ETL Server CopyFile Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2015-2604

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745. Vulnerabilidad no especificada en el componente Oracle Endeca Information Discovery Studio en Oracle Fusion Middleware de las versiones 2.2.2, 2.3, 2.4, 3.0 y 3.1, permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con Integrator, una vulnerabilidad diferente a CVE-2015-2602, CVE-2015-2603, CVE-2015-2605, CVE-2015-2606 y CVE-2015-4745. This vulnerability allows remote attackers the ability to execute arbitrary code on vulnerable instances of Oracle Endeca Information Discovery. Authentication is required to exploit this vulnerability but an authentication bypass is known. The specific flaw exists in the handling of the CopyFile endpoint. The issue lies in the failure to properly sanitize the path of files. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securityfocus.com/bid/75757 http://www.zerodayinitiative.com/advisories/ZDI-15-354 •

CVSS: 3.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-2598

https://notcve.org/view.php?id=CVE-2015-2598

Unspecified vulnerability in the mobile app in Oracle Business Intelligence Enterprise Edition in Oracle Fusion Middleware before 11.1.1.7.0 (11.6.39) allows remote authenticated users to affect integrity via unknown vectors related to Mobile - iPad. Vulnerabilidad no especificada en la aplicación móvil en Oracle Business Intelligence Enterprise Edition en Oracle Fusion Middleware en la versión anterior a 11.1.1.7.0 (11.6.39), permite a usuarios remotos autenticados afectar la integridad a través de vectores desconocidos relacionados con Móviles - iPad. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html •