CVE Daily
← All years

Uncategorized 2015

Page 21/23.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2015-01-30
High

CVE-2014-4492

libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary…

CVSS: 7.5CWE: CWE-19
Read more
Critical

CVE-2014-4489

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly initialize event queues, which allows attackers to execute arbitrary code in a privileged…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2014-4488

IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly validate resource-queue metadata, which allows attackers to execute arbitrary code in a p…

CVSS: 10.0CWE: CWE-19
Read more
Critical

CVE-2014-4486

IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not properly handle resource lists and IOService userclient types, which allows attackers to e…

CVSS: 10.0CWE: N/A
Read more
High

CVE-2014-4484

FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and applic…

CVSS: 7.5CWE: CWE-19
Read more
Medium

CVE-2014-4481

Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (applic…

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2014-4467

WebKit, as used in Apple iOS before 8.1.3, does not properly determine scrollbar boundaries during the rendering of FRAME elements, which allows remote attackers to spoof the UI via a crafted web sit…

CVSS: 4.3CWE: CWE-17
Read more
2015-01-29
Low

CVE-2015-1044

vmware-authd (aka the Authorization process) in VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allows attackers to cause a host OS denial of se…

CVSS: 3.3CWE: N/A
Read more
Medium

CVE-2014-8370

VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, VMware Fusion 6.x before 6.0.5, and VMware ESXi 5.0 through 5.5 allow host OS users to gain host OS privileges or cause a denial…

CVSS: 6.4CWE: CWE-264
Read more
Medium

CVE-2014-8895

IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote attackers to bypass intended access restrictions and read the image files of arbitrary users via…

CVSS: 4.3CWE: CWE-264
Read more
Medium

CVE-2014-8894

Open redirect vulnerability in IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and 3.4.1 before 3.4.1.1 allows remote authenticated users to redirect users to arbitrary web sites and…

CVSS: 4.9CWE: N/A
Read more
2015-01-28
High

CVE-2015-0586

The Network-Based Application Recognition (NBAR) protocol implementation in Cisco IOS 15.3(100)M and earlier on Cisco 2900 Integrated Services Router (aka Cisco Internet Router) devices allows remote…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2015-0581

The XML parser in Cisco Prime Service Catalog before 10.1 allows remote authenticated users to read arbitrary files or cause a denial of service (CPU and memory consumption) via an external entity de…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2015-1419

Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote attackers to bypass access restrictions via unknown vectors, related to deny_file parsing.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2015-1375

pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.

CVSS: 7.5CWE: CWE-264
Read more
2015-01-27
High

CVE-2015-1182

The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL 1.0 through 1.2.12 and 1.3.x through 1.3.9 does not properly initialize a pointer in the asn1_sequence linked list, which allows r…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2015-1370

Incomplete blacklist vulnerability in marked 0.3.2 and earlier for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks via a vbscript tag in a link.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-1361

platform/image-decoders/ImageFrame.h in Blink, as used in Google Chrome before 40.0.2214.91, does not initialize a variable that is used in calls to the Skia SkBitmap::setAlphaType function, which mi…

CVSS: 6.8CWE: CWE-17
Read more
Medium

CVE-2015-1359

Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (buffer overflow) or possibly h…

CVSS: 6.8CWE: CWE-189
Read more
Medium

CVE-2015-0232

The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2015-0231

Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execu…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2014-9650

CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2014-9647

Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2014-9646

Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Googl…

CVSS: 4.6CWE: CWE-264
Read more
Critical

CVE-2014-9198

The FTP server on the Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware through 1.60 IR 04 has hardcoded credentials, which makes it easier for remote attackers to obtain access via an…

CVSS: 10.0CWE: CWE-255
Read more
2015-01-26
High

CVE-2014-8157

Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted JPEG 2…

CVSS: 7.5CWE: CWE-189
Read more
High

CVE-2014-8148

The default D-Bus access control rule in Midgard2 10.05.7.1 allows local users to send arbitrary method calls or signals to any process on the system bus and possibly execute arbitrary code with root…

CVSS: 7.2CWE: CWE-264
Read more
2015-01-23
Critical

CVE-2015-0311

Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2014-9639

Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (crash) via a crafted number of channels in a WAV file, which triggers an out-of-bounds memory ac…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2014-9638

oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (divide-by-zero error and crash) via a WAV file with the number of channels set to zero.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2014-9623

OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier allows remote authenticated users to bypass the storage quota and cause a denial of service (disk consumption) by deleting an image i…

CVSS: 4.0CWE: CWE-399
Read more
Medium

CVE-2014-8802

The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted…

CVSS: 5.0CWE: CWE-264
Read more
2015-01-22
High

CVE-2015-1346

Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, as used in Google Chrome before 40.0.2214.91, allow attackers to cause a denial of service or possibly have other impact via unkno…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2015-1205

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2014-7948

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions e…

CVSS: 4.3CWE: CWE-310
Read more
High

CVE-2014-7942

The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified…

CVSS: 7.5CWE: CWE-399
Read more
High

CVE-2014-7940

The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for…

CVSS: 7.5CWE: CWE-399
Read more
Medium

CVE-2014-7939

Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.l…

CVSS: 4.3CWE: CWE-264
Read more
Medium

CVE-2014-7936

Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allows remote…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2014-7935

Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2014-7934

Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2014-7933

Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a d…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2014-7932

Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2014-7931

factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted J…

CVSS: 7.5CWE: CWE-17
Read more
High

CVE-2014-7930

Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of se…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2014-7929

Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.9…

CVSS: 7.5CWE: CWE-17
Read more
High

CVE-2014-7928

hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or poss…

CVSS: 7.5CWE: CWE-19
Read more
High

CVE-2014-7927

The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allow…

CVSS: 7.5CWE: CWE-189
Read more
High

CVE-2014-7926

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of…

CVSS: 7.5CWE: CWE-17
Read more
High

CVE-2014-7925

Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified o…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2014-7924

Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by tri…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2014-7923

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of…

CVSS: 7.5CWE: CWE-17
Read more
High

CVE-2015-1312

The Dealer Portal in SAP ERP does not properly restrict access, which allows remote attackers to obtain sensitive information, gain privileges, and possibly have other unspecified impact via unknown…

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2015-1309

XML external entity vulnerability in the Extended Computer Aided Test Tool (eCATT) in SAP NetWeaver AS ABAP 7.31 and earlier allows remote attackers to access arbitrary files via a crafted XML reques…

CVSS: 5.0CWE: N/A
Read more
2015-01-21
Critical

CVE-2015-0437

Unspecified vulnerability in Oracle Java SE 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2015-0436

Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect confidentiality via unknown vectors related to Login.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-0435

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated us…

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2015-0434

Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to affect confidentiality via vectors r…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-0432

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier allows remote authenticated users to affect availability via vectors related to Server : InnoDB : DDL : Foreign Key.

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2015-0431

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0 6.3.1, 6.3.2, 6.3.4, and 6.3.5 allows remote attackers to affect inte…

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2015-0430

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect confidentiality via vectors related to RPC Utility.

CVSS: 1.9CWE: N/A
Read more
Low

CVE-2015-0429

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect integrity and availability via vectors related to RPC Utility.

CVSS: 3.3CWE: N/A
Read more
Medium

CVE-2015-0428

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local users to affect availability via unknown vectors related to Resource Control.

CVSS: 4.9CWE: N/A
Read more
Low

CVE-2015-0427

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 4.3.20 allows local users to affect integrity and availability via vectors related to VMSV…

CVSS: 3.2CWE: N/A
Read more
Medium

CVE-2015-0426

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.3 and 12.1.0.4 allows remote attackers to affect confidentiality via unkno…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2015-0425

Unspecified vulnerability in the Oracle Enterprise Asset Management component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Sie…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2015-0424

Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) component in Oracle Sun Systems Products Suite ILOM prior to 3.2.4 allows remote authenticated users to affect confidentiality, i…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2015-0422

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.1, 6.2, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, and 6.3.5 allows remote authenticated us…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2015-0421

Unspecified vulnerability in Oracle Java SE 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to the installation process.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2015-0420

Unspecified vulnerability in the Oracle Forms component in Oracle Fusion Middleware 11.1.1.7 and 11.1.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Forms Servic…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-0419

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Portal Framework,…

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2015-0418

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown v…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2015-0417

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal F…

CVSS: 4.0CWE: N/A
Read more
Low

CVE-2015-0416

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.3 allows remote authenticated users to affect integrity via unknown vectors related to Roles & Pr…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2015-0415

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Ses…

CVSS: 4.0CWE: N/A
Read more
Low

CVE-2015-0414

Unspecified vulnerability in the Oracle SOA Suite component in Oracle Fusion Middleware 11.1.1.7 and 12.1.3.0 allows remote authenticated users to affect confidentiality via unknown vectors related t…

CVSS: 3.5CWE: N/A
Read more
Low

CVE-2015-0413

Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local users to affect integrity via unknown vectors related to Serviceability.

CVSS: 1.9CWE: N/A
Read more
High

CVE-2015-0412

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS.

CVSS: 7.2CWE: N/A
Read more
High

CVE-2015-0411

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, and 5.6.21 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2015-0554

The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensi…

CVSS: 9.4CWE: CWE-264
Read more
Medium

CVE-2015-0410

Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows rem…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2015-0409

Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

CVSS: 4.0CWE: N/A
Read more
Critical

CVE-2015-0408

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to RMI.

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2015-0407

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Swing.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2015-0406

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality and availability via unknown vectors related to Deployment.

CVSS: 5.8CWE: N/A
Read more
Medium

CVE-2015-0404

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote attackers to affect integrity v…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-0403

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Deployment.

CVSS: 6.9CWE: N/A
Read more
Medium

CVE-2015-0402

Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect integrity via vectors related to Integration - C…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-0401

Unspecified vulnerability in the Oracle Directory Server Enterprise Edition component in Oracle Fusion Middleware 7.0 and 11.1.1.7 allows remote authenticated users to affect integrity via unknown ve…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2015-0400

Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors related to Libraries.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2015-0399

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 10.1.3.4.2 and 11.1.1.7 allows remote authenticated users to affect confidential…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2015-0398

Unspecified vulnerability in the Siebel Life Sciences component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Clinica…

CVSS: 4.0CWE: N/A
Read more
Low

CVE-2015-0397

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to File System, a different vulnerability than CVE-2014-6570 and CVE-2014-6600.

CVSS: 2.1CWE: N/A
Read more
High

CVE-2015-0396

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unkno…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2015-0395

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot.

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2015-0394

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote authenticated users to affect confidentiality via unknown vector…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2015-0393

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, 12.2.2, 12.2.3, and 12.2.4 allows remote authenticated users to affect confide…

CVSS: 6.0CWE: N/A
Read more
Medium

CVE-2015-0392

Unspecified vulnerability in the Siebel Core - Server BizLogic Script component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality, integrity, and availa…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2015-0391

Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, and 5.6.19 and earlier, allows remote authenticated users to affect availability via vectors related to DDL.

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2015-0390

Unspecified vulnerability in the MICROS Retail component in Oracle Retail Applications Xstore: 3.2.1, 3.4.2, 3.5.0, 4.0.1, 4.5.1, 4.8.0, 5.0.3, 5.5.3, 6.0.6, and 6.5.2 allows remote attackers to affe…

CVSS: 6.8CWE: N/A
Read more
Low

CVE-2015-0389

Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity via vectors related to SAML, a differe…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2015-0388

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Portal F…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2015-0387

Unspecified vulnerability in the Siebel Core - Server OM Services component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality via vectors related to Sec…

CVSS: 4.0CWE: N/A
Read more
Medium

CVE-2015-0386

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related…

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2015-0385

Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Pluggable Auth.

CVSS: 3.5CWE: N/A
Read more
Low

CVE-2015-0384

Unspecified vulnerability in the Siebel Public Sector component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect integrity via unknown vectors related to Public Sector…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2015-0383

Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit R27.8.4 and R28.3.4 allows local users to affect integrity and availability via un…

CVSS: 5.4CWE: N/A
Read more
Medium

CVE-2015-0382

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a differ…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-0381

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote attackers to affect availability via unknown vectors related to Server : Replication, a differ…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-0380

Unspecified vulnerability in the Oracle Telecommunications Billing Integrator component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.5, 12.0.6, 12.1.1, 12.1.2, 12.1.3, 12.2.2, 12.2.3, and 12.2.…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-0379

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 allows remote attackers to affect integrity via vectors related to PIA Core Technology.

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2015-0378

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Libc.

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2015-0377

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.26, 4.0.28, 4.1.36, and 4.2.28 allows local users to affect availability via unknown v…

CVSS: 4.4CWE: N/A
Read more
Medium

CVE-2015-0376

Unspecified vulnerability in the Oracle WebCenter Content component in Oracle Fusion Middleware 11.1.1.8.0 allows remote attackers to affect integrity via unknown vectors related to Content Server.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2015-0375

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect confidentiality via unknown vectors related to Network.

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2015-0374

Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier and 5.6.21 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Server : Security…

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2015-0373

Unspecified vulnerability in the OJVM component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity,…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2015-0372

Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2015-0371

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity and availability via u…

CVSS: 4.9CWE: N/A
Read more
Low

CVE-2015-0370

Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect integrity via unknown vectors, a…

CVSS: 3.5CWE: N/A
Read more
>