CVSS: 4.0EPSS: 0%CPEs: 4EXPL: 0CVE-2015-4746
https://notcve.org/view.php?id=CVE-2015-4746
Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.0.0.7, 6.1.0.3, 6.1.1.5, and 6.2.0.0 allows remote authenticated users to affect confidentiality via unknown vectors related to Global Spec Management. Vulnerabilidad no especificada en el componente Oracle Agile Product Lifecycle Management for Process en Oracle Supply Chain Products Suite 6.0.0.7, 6.1.0.3, 6.1.1.5, y 6.2.0.0, permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos relacionados con Global Spec Management. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032915 •
CVSS: 4.0EPSS: 0%CPEs: 10EXPL: 0CVE-2015-2657
https://notcve.org/view.php?id=CVE-2015-2657
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, and 6.3.0 through 6.3.7 allows remote authenticated users to affect confidentiality via unknown vectors related to Business Process Automation. Vulnerabilidad no especificada en el componente Oracle Transportation Management en Oracle Supply Chain Products Suite 6.1, 6.2, y 6.3.0 a 6.3.7, permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos relacionados con Business Process Automation. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032915 •
CVSS: 4.0EPSS: 0%CPEs: 10EXPL: 0CVE-2015-4768
https://notcve.org/view.php?id=CVE-2015-4768
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, and 6.3.7 allows remote authenticated users to affect confidentiality via unknown vectors related to Diagnostics. Vulnerabilidad no especificada en el componente Oracle Transportation Management en Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6 y 6.3.7, permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos relacionados con Diagnostics. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032915 •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2015-2663
https://notcve.org/view.php?id=CVE-2015-2663
Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, and 6.3.0 through 6.3.7 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Business Process Automation. Vulnerabilidad no especificada en el componente Oracle Transportation Management en Oracle Supply Chain Products Suite 6.1, 6.2, y 6.3.0 a 6.3.7, permite a usuarios remotos autenticados afectar la confidencialidad e integridad a través de vectores desconocidos relacionados con Business Process Automation. • http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.securitytracker.com/id/1032915 •
CVSS: 6.5EPSS: 8%CPEs: 10EXPL: 1CVE-2015-1793 – OpenSSL - Alternative Chains Certificate Forgery
https://notcve.org/view.php?id=CVE-2015-1793
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate. La función de verificación de certificado X509 en crypto/x509/x509_vfy.c en OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, y 1.0.2c no procesa correctamente los valores cA de restricción básica del X.509 durante la identificación de cadenas de certificado alternativo, lo que permite a atacantes remotos suplantar una función de autoridad de certificación y propiciar verificaciones de certificado involuntarias a través de un leaf certificate válido. • https://www.exploit-db.com/exploits/38640 http://fortiguard.com/advisory/2015-07-09-cve-2015-1793-openssl-alternative-chains-certificate-forgery http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10694 http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161747.html http://lists.fedoraproject.org/pipermail/package-announce/2015-July/161782.html http://marc.info/?l=bugtraq&m=143880121627664&w=2 http • CWE-254: 7PK - Security Features CWE-754: Improper Check for Unusual or Exceptional Conditions •