CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2592
https://notcve.org/view.php?id=CVE-2015-2592
Unspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-2584. Vulnerabilidad no especificada en el componente Hyperion Enterprise Performance Management Architect en Oracle Hyperion 11.1.2.2 y 11.1.2.3, permite a usuarios remotos autenticados afectar la integridad a través de vectores desconocidos relacionados con la seguridad, una vulnerabilidad diferente a CVE-2015-2584. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032924 •
CVSS: 4.0EPSS: 0%CPEs: 3EXPL: 0CVE-2015-4773
https://notcve.org/view.php?id=CVE-2015-4773
Unspecified vulnerability in the Hyperion Common Security component in Oracle Hyperion 11.1.2.2, 11.1.2.3, and 11.1.2.4 allows remote authenticated users to affect availability via unknown vectors related to User Account Update. Vulnerabilidad no especificada en el componente Hyperion Common Security en Oracle Hyperion 11.1.2.2, 11.1.2.3 y 11.1.2.4, permite a usuarios remotos autenticados afectar la disponibilidad a través de vectores desconocidos relacionados con la actualización de la cuenta de usuario. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032924 •
CVSS: 4.0EPSS: 0%CPEs: 2EXPL: 0CVE-2015-2584
https://notcve.org/view.php?id=CVE-2015-2584
Unspecified vulnerability in the Hyperion Enterprise Performance Management Architect component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote authenticated users to affect integrity via unknown vectors related to Security, a different vulnerability than CVE-2015-2592. Vulnerabilidad no especificada en el componente Hyperion Enterprise Performance Management Architect en Oracle Hyperion 11.1.2.2 y 11.1.2.3, permite a usuarios remotos autenticados afectar la integridad a través de vectores desconocidos relacionados con la seguridad, una vulnerabilidad diferente a CVE-2015-2592. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032924 •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2015-0509
https://notcve.org/view.php?id=CVE-2015-0509
Unspecified vulnerability in the Oracle Hyperion BI+ component in Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows remote attackers to affect integrity via unknown vectors related to Reporting and Analysis. Vulnerabilidad no especificada en el componente Oracle Hyperion BI+ en Oracle Hyperion 11.1.2.2 y 11.1.2.3 Permite a atacantes remotos afectar la integridad a través de vectores desconocidos relacionados con Reporting y Analysis. • http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.securitytracker.com/id/1032123 •
CVSS: 4.3EPSS: 0%CPEs: 57EXPL: 0CVE-2014-3707 – curl: incorrect handle duplication after COPYPOSTFIELDS
https://notcve.org/view.php?id=CVE-2014-3707
The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPT_COPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information. La función curl_easy_duphandle en libcurl 7.17.1 hasta 7.38.0, cuando se ejecuta con la opción CURLOPT_COPYPOSTFIELDS, no copia debidamente datos HTTP POST para un manejo sencillo, lo que provoca una lectura fuera de rango que permite a servidores web remotos leer información sensible de la memoria. A flaw was found in the way the libcurl library performed the duplication of connection handles. If an application set the CURLOPT_COPYPOSTFIELDS option for a handle, using the handle's duplicate could cause the application to crash or disclose a portion of its memory. • http://curl.haxx.se/docs/adv_20141105.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-updates/2015-02/msg00040.html http://rhn.redhat.com/errata/RHSA-2015-1254.html http://www.debian.org/security/2014/dsa-3069 http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html htt • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-416: Use After Free •