Vulnerability Summary for the Week of July 14, 2014 · 2014-07-22 · Vulnerability Summary for the...
23
Vulnerability Summary for the Week of July 14, 2014 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can search the status of that particular vulnerability using that ID. • The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Product Description Date Published CVSS Score The CVE Identity cisco -- dpc3010 The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, EPC3010, EPC3212, EPC3825, and EPC3925 Wireless Residential Gateway products allows remote attackers to execute arbitrary code via a crafted HTTP request, aka Bug ID CSCup40808. 2014-07-17 10.0 CVE-2014-3306 dahuasecurity -- dvr_firmware Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777. 2014-07-11 7.5 CVE-2013-6117 OSVDB EXPLOIT-DB BUGTRAQ MISC MISC datumsystems -- snip Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require authentication for FTP sessions, which allows remote attackers to obtain sensitive information via RETR commands. 2014-07-14 7.8 CVE-2014-2950 datumsystems -- snip Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded password of admin for 2014-07-14 10.0 CVE-2014-2951
Transcript of Vulnerability Summary for the Week of July 14, 2014 · 2014-07-22 · Vulnerability Summary for the...
Vulnerability Summary for the Week of July 14, 2014Please Note:
• The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low.
• The CVE indentity number is the publicly known ID given to that particular vulnerability. Therefore you can
search the status of that particular vulnerability using that ID.
• The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the
severity of the vulnerability.
High Severity Vulnerabilities
The Primary Vendor --- Product
Description Date Published
CVSS Score
The CVE Identity
cisco -- dpc3010 The web server on Cisco DPC3010, DPC3212,
DPC3825, DPC3925, DPQ3925, EPC3010,
EPC3212, EPC3825, and EPC3925 Wireless
Residential Gateway products allows remote
attackers to execute arbitrary code via a crafted
HTTP request, aka Bug ID CSCup40808.
2014-07-17 10.0 CVE-2014-3306
dahuasecurity --
dvr_firmware
Dahua DVR 2.608.0000.0 and 2.608.GV00.0
allows remote attackers to bypass
authentication and obtain sensitive information
including user credentials, change user
passwords, clear log files, and perform other
actions via a request to TCP port 37777.
2014-07-11 7.5 CVE-2013-6117OSVDBEXPLOIT-DBBUGTRAQMISCMISC
datumsystems -- snip Datum Systems SnIP on PSM-500 and PSM-4500
devices does not require authentication for FTP
sessions, which allows remote attackers to
obtain sensitive information via RETR
commands.
2014-07-14 7.8 CVE-2014-2950
datumsystems -- snip Datum Systems SnIP on PSM-500 and PSM-4500
devices has a hardcoded password of admin for
2014-07-14 10.0 CVE-2014-2951
the admin account, which makes it easier for
remote attackers to obtain access via
unspecified vectors.
hp --
storage_management_sof
tware
Unspecified vulnerability in HP StoreVirtual 4000
Storage and StoreVirtual VSA 9.5 through 11.0
allows remote authenticated users to gain
privileges via unknown vectors.
2014-07-16 9.0 CVE-2014-2606
hp --
imc_branch_intelligent_
management_system_sof
tware_module
Unspecified vulnerability in HP Intelligent
Management Center (iMC) before 7.0 E02020P03
and Branch Intelligent Management System
(BIMS) before 7.0 E0201P02 allows remote
attackers to obtain sensitive information via
unknown vectors, aka ZDI-CAN-2080.
2014-07-16 7.8 CVE-2014-2618
hp --
imc_branch_intelligent_
management_system_sof
tware_module
Unspecified vulnerability in HP Intelligent
Management Center (iMC) before 7.0 E02020P03
and Branch Intelligent Management System
(BIMS) before 7.0 E0201P02 allows remote
attackers to obtain sensitive information via
unknown vectors, aka ZDI-CAN-2088.
2014-07-16 7.8 CVE-2014-2619
hp --
imc_branch_intelligent_
management_system_sof
tware_module
Unspecified vulnerability in HP Intelligent
Management Center (iMC) before 7.0 E02020P03
and Branch Intelligent Management System
(BIMS) before 7.0 E0201P02 allows remote
attackers to obtain sensitive information via
unknown vectors, aka ZDI-CAN-2089.
2014-07-16 7.8 CVE-2014-2620
hp --
imc_branch_intelligent_
management_system_sof
tware_module
Unspecified vulnerability in HP Intelligent
Management Center (iMC) before 7.0 E02020P03
and Branch Intelligent Management System
(BIMS) before 7.0 E0201P02 allows remote
attackers to obtain sensitive information via
unknown vectors, aka ZDI-CAN-2090.
2014-07-16 7.8 CVE-2014-2621
hp --
imc_branch_intelligent_
management_system_sof
tware_module
Unspecified vulnerability in HP Intelligent
Management Center (iMC) before 7.0 E02020P03
and Branch Intelligent Management System
(BIMS) before 7.0 E0201P02 allows remote
authenticated users to obtain sensitive
information or modify data via unknown vectors,
aka ZDI-CAN-2312.
2014-07-16 8.5 CVE-2014-2622HPHP
hp --
storage_data_protector
Unspecified vulnerability in HP Storage Data
Protector 8.x allows remote attackers to execute
arbitrary code via unknown vectors.
2014-07-17 10.0 CVE-2014-2623
infoblox -- netmri config/userAdmin/login.tdf in Infoblox NetMRI
before 6.8.5 allows remote attackers to execute
arbitrary commands via shell metacharacters in
the skipjackUsername parameter.
2014-07-15 10.0 CVE-2014-3418MISCXFBIDBUGTRAQEXPLOIT-DBFULLDISCMISC
infoblox -- netmri Infoblox NetMRI before 6.8.5 has a default
password of admin for the "root" MySQL
database account, which makes it easier for local
users to obtain access via unspecified vectors.
2014-07-15 7.2 CVE-2014-3419MISCXFSECTRACKBIDBUGTRAQMISCMISC
juniper -- srx100 Juniper Junos 12.1X46 before 12.1X46-D20 and
12.1X47 before 12.1X47-D10 on SRX Series
devices allows remote attackers to cause a denial
of service (flowd crash) via a crafted SIP packet.
2014-07-11 7.8 CVE-2014-3815SECTRACK
juniper -- junos Juniper Junos 11.4 before 11.4R12, 12.1 before
12.1R11, 12.1X44 before 12.1X44-D35, 12.1X45
before 12.1X45-D30, 12.1X46 before 12.1X46-
D20, 12.1X47 before 12.1X47-D10, 12.2 before
12.2R8-S2, 12.3 before 12.3R7, 13.1 before
13.1R4-S2, 13.2 before 13.2R5, 13.3 before
13.3R2-S2, and 14.1 before 14.1R1 allows remote
authenticated users to gain privileges via
unspecified combinations of CLI commands and
arguments.
2014-07-11 9.0 CVE-2014-3816SECTRACK
juniper -- srx100 Juniper Junos 11.4 before 11.4R12, 12.1X44
before 12.1X44-D32, 12.1X45 before 12.1X45-
D25, 12.1X46 before 12.1X46-D20, and 12.1X47
before 12.1X47-D10 on SRX Series devices, when
NAT protocol translation from IPv4 to IPv6 is
enabled, allows remote attackers to cause a
denial of service (flowd hang or crash) via a
crafted packet.
2014-07-11 7.8 CVE-2014-3817SECTRACK
juniper -- junos Juniper Junos 11.4 before 11.4R12, 12.1 before 2014-07-11 7.8 CVE-2014-3819
12.1R10, 12.1X44 before 12.1X44-D35, 12.1X45
before 12.1X45-D25, 12.1X46 before 12.1X46-
D20, 12.1X47 before 12.1X47-D10, 12.2 before
12.2R8, 12.3 before 12.3R7, 13.1 before 13.1R4,
13.2 before 13.2R4, 13.3 before 13.3R2, and 14.1
before 14.1R1, when Auto-RP is enabled, allows
remote attackers to cause a denial of service
(RDP routing process crash and restart) via a
malformed PIM packet.
SECTRACKBID
oracle -- jdk Unspecified vulnerability in the Java SE
component in Oracle Java SE Java SE 7u60 and
OpenJDK 7 allows remote attackers to affect
confidentiality, integrity, and availability via
unknown vectors related to Libraries, a different
vulnerability than CVE-2014-4223. NOTE: the
previous information is from the July 2014 CPU.
Oracle has not commented on another vendor's
claim that the issue is related to improper
restriction of the "use of privileged annotations."
2014-07-17 9.3 CVE-2014-2483CONFIRM
oracle -- jdk Unspecified vulnerability in the Java SE
component in Oracle Java SE 7u60 and SE 8u5
allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors
related to Hotspot.
2014-07-17 9.3 CVE-2014-2490
oracle -- jdk Unspecified vulnerability in Oracle Java SE
5.0u65, 6u75, 7u60, and 8u5 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors related to
Hotspot.
2014-07-17 9.3 CVE-2014-4216
oracle -- jdk Unspecified vulnerability in Oracle Java SE 6u75,
7u60, and 8u5 allows remote attackers to affect
confidentiality, integrity, and availability via
unknown vectors related to Hotspot.
2014-07-17 9.3 CVE-2014-4219
oracle -- jdk Unspecified vulnerability in Oracle Java SE 7u60
allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors
related to Libraries, a different vulnerability than
CVE-2014-2483.
2014-07-17 9.3 CVE-2014-4223
oracle -- jdk Unspecified vulnerability in Oracle Java SE 6u75,
7u60, and 8u5 allows remote attackers to affect
confidentiality, integrity, and availability via
unknown vectors related to Deployment.
2014-07-17 10.0 CVE-2014-4227
oracle -- jdk Unspecified vulnerability in Oracle Java SE 8u5
allows remote attackers to affect confidentiality,
integrity, and availability via unknown vectors
related to JavaFX.
2014-07-17 9.3 CVE-2014-4247
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle
WebCenter Portal component in Oracle Fusion
Middleware 11.1.1.7.0 and 11.1.1.8.0 allows
remote attackers to affect confidentiality via
unknown vectors related to Portlet Services.
2014-07-17 7.1 CVE-2014-4257
oracle -- jdk Unspecified vulnerability in Oracle Java SE
5.0u65, 6u75, 7u60, and 8u5 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors related to
Libraries.
2014-07-17 9.3 CVE-2014-4262
raritan -- dpxr20a-16 Raritan PX before 1.5.11 on DPXR20A-16 devices
allows remote attackers to bypass
authentication and execute arbitrary IPMI
commands by using cipher suite 0 (aka cipher
zero) and an arbitrary password.
2014-07-14 10.0 CVE-2014-2955FULLDISC
wp_rss_poster_plugin_pr
oject -- wp-rss-poster
SQL injection vulnerability in the WP Rss Poster
(wp-rss-poster) plugin 1.0.0 for WordPress allows
remote attackers to execute arbitrary SQL
commands via the id parameter in the wrp-add-
new page to wp-admin/admin.php.
2014-07-11 7.5 CVE-2014-4938MISC
yealink -- sip-t38g config/.htpasswd in Yealink IP Phone SIP-T38G
have a hardcoded password of (1) user
(s7C9Cx.rLsWFA) for the user account, (2) admin
(uoCbM.VEiKQto) for the admin account, and (3)
var (jhl3iZAe./qXM) for the var account, which
makes it easier for remote attackers to obtain
access via unspecified vectors.
2014-07-16 7.8 CVE-2013-5755EXPLOIT-DB
zte -- zxv10_w300 The ZTE ZXV10 W300 router with firmware
W300V1.0.0a_ZRD_LK has a default password of
admin for the admin account, which makes it
2014-07-16 7.8 CVE-2014-4018MISCEXPLOIT-DBMISC
easier for remote attackers to obtain access via
unspecified vectors.
Medium Severity Vulnerabilities
The Primary Vendor --- Product
Description Date Published CVSSScore
The CVE Identity
arubanetworks --
clearpass
SQL injection vulnerability in the Policy Manager in
Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through
6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x
before 6.3.4 allows remote authenticated users to
execute arbitrary SQL commands via unspecified
vectors.
2014-07-14 4.9 CVE-2014-4013SECUNIA
arubanetworks --
clearpass
The Policy Manager in Aruba Networks ClearPass
5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through
6.2.6.62196, and 6.3.x before 6.3.4 allows remote
authenticated users to obtain database credentials
via unspecified vectors.
2014-07-15 4.0 CVE-2014-4031SECUNIA
bannersky --
bsk_pdf_manager
Multiple SQL injection vulnerabilities in inc/bsk-pdf-
dashboard.php in the BSK PDF Manager plugin
1.3.2 for WordPress allow remote authenticated
users to execute arbitrary SQL commands via the (1)
categoryid or (2) pdfid parameter to wp-
admin/admin.php.
2014-07-14 6.5 CVE-2014-4944BIDMISC
bestpractical -- rt Algorithmic complexity vulnerability in
Email::Address::List before 0.02, as used in RT 4.2.0
through 4.2.2, allows remote attackers to cause a
denial of service (CPU consumption) via a string
without an address.
2014-07-15 5.0 CVE-2014-1474
binarymoon --
timthumb
TimThumb 2.8.13 and WordThumb 1.07, when
Webshot (aka Webshots) is enabled, allows remote
attackers to execute arbitrary commands via shell
metacharacters in the src parameter.
2014-07-15 6.8 CVE-2014-4663CONFIRMCONFIRMEXPLOIT-DBSECUNIAMLISTFULLDISCFULLDISCMISC
bookx_plugin_proje
ct -- bookx
Directory traversal vulnerability in
includes/bookx_export.php BookX plugin 1.7 for
WordPress allows remote attackers to read arbitrary
files via a .. (dot dot) in the file parameter.
2014-07-11 5.0 CVE-2014-4937MISC
cisco --
adaptive_security_a
ppliance_software
Cisco Adaptive Security Appliance (ASA) Software
8.4(.6) and earlier, when using an unsupported
configuration with overlapping criteria for filtering
and inspection, allows remote attackers to cause a
denial of service (traffic loop and device crash) via a
packet that triggers multiple matches, aka Bug ID
CSCui45606.
2014-07-14 5.4 CVE-2013-5567XFSECTRACKBID
cisco --
adaptive_security_a
ppliance_software
The WebVPN CIFS implementation in Cisco
Adaptive Security Appliance (ASA) Software
9.0(.4.1) and earlier allows remote CIFS servers to
cause a denial of service (device reload) via a long
share list, aka Bug ID CSCuj83344.
2014-07-14 6.8 CVE-2013-6691XFSECTRACKBID
cisco --
unified_communica
tions_manager
Directory traversal vulnerability in the Multiple
Analyzer in the Dialed Number Analyzer (DNA)
component in Cisco Unified Communications
Manager 10.0(1) allows remote authenticated users
to delete arbitrary files via a crafted URL, aka Bug ID
CSCup76314.
2014-07-14 5.5 CVE-2014-3317XFSECTRACKBIDSECUNIA
cisco --
unified_communica
tions_manager
Directory traversal vulnerability in the Real-Time
Monitoring Tool (RTMT) in Cisco Unified
Communications Manager (CM) 10.0(1) allows
remote authenticated users to read arbitrary files
via a crafted URL, aka Bug ID CSCup57676.
2014-07-14 6.8 CVE-2014-3319XFSECTRACKSECUNIA
cisco --
unified_communica
tions_domain_man
ager
Multiple open redirect vulnerabilities in the admin
web interface in the web framework in Cisco
Unified Communications Domain Manager (CDM)
8.1(.4) and earlier allow remote attackers to redirect
2014-07-17 5.8 CVE-2014-3320
users to arbitrary web sites and conduct phishing
attacks via crafted URLs for unspecified scripts, aka
Bug ID CSCuo48835.
cisco --
asr_9000_rsp440_r
outer
Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices,
when bridge-group virtual interface (BVI) routing is
enabled, allows remote attackers to cause a denial
of service (chip and card hangs) via a series of
crafted MPLS packets, aka Bug ID CSCuo91149.
2014-07-17 5.7 CVE-2014-3321
cisco --
unified_contact_ce
nter_enterprise
Directory traversal vulnerability in Cisco Unified
Contact Center Enterprise allows remote
authenticated users to read arbitrary web-root files
via a crafted URL, aka Bug ID CSCun25262.
2014-07-17 4.0 CVE-2014-3323
citrix --
netscaler_access_ga
teway
Cross-site scripting (XSS) vulnerability in
administration user interface in Citrix NetScaler
Application Delivery Controller (ADC) and NetScaler
Gateway (formerly Access Gateway Enterprise
Edition) 10.1 before 10.1-126.12 allows remote
attackers to inject arbitrary web script or HTML via
unspecified vectors.
2014-07-16 4.3 CVE-2014-4346SECTRACKSECTRACK
citrix --
netscaler_access_ga
teway
Citrix NetScaler Application Delivery Controller
(ADC) and NetScaler Gateway (formerly Access
Gateway Enterprise Edition) before 9.3-62.4 and
10.x before 10.1-126.12 allows attackers to obtain
sensitive information via vectors related to a cookie.
2014-07-16 5.0 CVE-2014-4347SECTRACKSECTRACK
citrix -- xendesktop Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled
random desktop groups is enabled and
ShutdownDesktopsAfterUse is disabled, allows
local guest users to gain access to another user's
desktop via unspecified vectors.
2014-07-11 4.9 CVE-2014-4700XFSECTRACKBIDSECUNIA
cross-
rss_plugin_project
-- wp-cross-rss
Absolute path traversal vulnerability in Cross-RSS
(wp-cross-rss) plugin 1.7 for WordPress allows
remote attackers to read arbitrary files via a full
pathname in the rss parameter to proxy.php.
2014-07-11 5.0 CVE-2014-4941MISC
dell --
sonicwall_scrutinize
r
Dell SonicWall Scrutinizer 11.0.1 allows remote
authenticated users to change the change user
passwords via the user ID in the savePrefs
parameter in a change password request to cgi-
bin/admin.cgi.
2014-07-16 5.5 CVE-2014-4976MISCMISCXFBIDFULLDISC
MISC
dell --
sonicwall_scrutinize
r
Multiple SQL injection vulnerabilities in Dell
SonicWall Scrutinizer 11.0.1 allow remote
authenticated users to execute arbitrary SQL
commands via the (1) selectedUserGroup
parameter in a create new user request to cgi-
bin/admin.cgi or the (2) user_id parameter in the
changeUnit function, (3) methodDetail parameter
in the methodDetail function, or (4)
xcNetworkDetail parameter in the xcNetworkDetail
function in d4d/exporters.php.
2014-07-16 6.5 CVE-2014-4977MISCMISCXFBIDFULLDISCMISC
enl_newsletter_plu
gin_project -- enl-
newsletter
SQL injection vulnerability in the ENL Newsletter
(enl-newsletter) plugin 1.0.1 for WordPress allows
remote authenticated administrators to execute
arbitrary SQL commands via the id parameter in the
enl-add-new page to wp-admin/admin.php.
2014-07-11 6.5 CVE-2014-4939MISC
fortinet -- fortiweb Multiple cross-site scripting (XSS) vulnerabilities in
FortiGuard FortiWeb 5.0.x, 5.1.x, and 5.2.x before
5.2.1 allow remote attackers to inject arbitrary web
script or HTML via unspecified vectors to (1)
user/ldap_user/check_dlg or (2)
user/radius_user/check_dlg.
2014-07-11 4.3 CVE-2014-4738SECTRACKBIDSECUNIA
freebsd -- freebsd FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before
p10, and 10.0 before p7 does not properly initialize
the buffer between the header and data of a control
message, which allows local users to obtain
sensitive information from kernel memory via
unspecified vectors.
2014-07-15 4.9 CVE-2014-3952XFSECTRACKBID
freebsd -- freebsd FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before
p10, and 10.0 before p7 does not properly initialize
certain data structures, which allows local users to
obtain sensitive information from kernel memory
via a (1) SCTP_SNDRCV, (2) SCTP_EXTRCV, or (3)
SCTP_RCVINFO SCTP cmsg or a (4)
SCTP_PEER_ADDR_CHANGE, (5)
SCTP_REMOTE_ERROR, or (6)
SCTP_AUTHENTICATION_EVENT notification.
2014-07-15 4.9 CVE-2014-3953SECTRACK
horde -- groupware Multiple cross-site scripting (XSS) vulnerabilities in 2014-07-14 4.3 CVE-2014-4945CONFIRM
Horde Internet Mail Program (IMP) before 6.1.8, as
used in Horde Groupware Webmail Edition before
5.1.5, allow remote attackers to inject arbitrary web
script or HTML via an unspecified flag in the basic
(1) mailbox or (2) message view.
CONFIRMSECUNIASECUNIA
horde -- groupware Multiple cross-site scripting (XSS) vulnerabilities in
Horde Internet Mail Program (IMP) before 6.1.8, as
used in Horde Groupware Webmail Edition before
5.1.5, allow remote attackers to inject arbitrary web
script or HTML via (1) unspecified flags or (2) a
mailbox name in the dynamic mailbox view.
2014-07-14 4.3 CVE-2014-4946CONFIRMCONFIRMSECUNIASECUNIAMLIST
hp --
storage_manageme
nt_software
Unspecified vulnerability in HP StoreVirtual 4000
Storage and StoreVirtual VSA 9.5 through 11.0
allows remote attackers to obtain sensitive
information via unknown vectors.
2014-07-16 5.0 CVE-2014-2605
ibm --
business_process_
manager
Cross-site scripting (XSS) vulnerability in IBM
Business Process Manager 7.5 through 8.5.5, and
WebSphere Lombardi Edition 7.2, allows remote
attackers to inject arbitrary web script or HTML via a
crafted URL that triggers a service failure.
2014-07-17 4.3 CVE-2014-0957XF
juniper -- junos Cross-site scripting (XSS) vulnerability in SRX Web
Authentication (webauth) in Juniper Junos 11.4
before 11.4R11, 12.1X44 before 12.1X44-D34,
12.1X45 before 12.1X45-D25, 12.1X46 before
12.1X46-D20, and 12.1X47 before 12.1X47-D10
allows remote attackers to inject arbitrary web
script or HTML via unspecified vectors.
2014-07-11 4.3 CVE-2014-3821SECTRACKBID
juniper -- srx100 Juniper Junos 11.4 before 11.4R8, 12.1 before
12.1R5, 12.1X44 before 12.1X44-D20, 12.1X45
before 12.1X45-D15, 12.1X46 before 12.1X46-D10,
and 12.1X47 before 12.1X47-D10 on SRX Series
devices, allows remote attackers to cause a denial
of service (flowd crash) via a malformed packet,
related to translating IPv6 to IPv4.
2014-07-11 5.4 CVE-2014-3822SECTRACK
levelfourdevelopme
nt -- wp-easycart
The EasyCart (wp-easycart) plugin before 2.0.6 for
WordPress allows remote attackers to obtain
configuration information via a direct request to
inc/admin/phpinfo.php, which calls the phpinfo
2014-07-11 5.0 CVE-2014-4942MISC
function.
mysql -- mysql Unspecified vulnerability in the MySQL Server
component in Oracle MySQL 5.5.37 and earlier and
5.6.17 and earlier allows remote authenticated
users to affect confidentiality, integrity, and
availability via vectors related to SRINFOSC.
2014-07-17 6.5 CVE-2014-4258
mysql -- mysql Unspecified vulnerability in the MySQL Server
component in Oracle MySQL 5.5.37 and earlier, and
5.6.17 and earlier, allows remote authenticated
users to affect integrity and availability via vectors
related to SRCHAR.
2014-07-17 5.5 CVE-2014-4260
op5 -- monitor Cross-site scripting (XSS) vulnerability in
share/pnp/application/views/kohana_error_page.p
hp in PNP4Nagios before 0.6.22 allows remote
attackers to inject arbitrary web script or HTML via a
parameter that is not properly handled in an error
message.
2014-07-11 4.3 CVE-2014-4907CONFIRMBIDSECUNIASECUNIAMLIST
oracle -- mojarra Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before
2.1.28 does not perform appropriate encoding
when a (1) <h:outputText> tag or (2) EL expression
is used after a scriptor style block, which allows
remote attackers to conduct cross-site scripting
(XSS) attacks via application-specific vectors.
2014-07-17 4.3 CVE-2013-5855CONFIRMCONFIRMMISC
oracle -- hyperion Unspecified vulnerability in the Hyperion BI+
component in Oracle Hyperion 11.1.2.2 and 11.1.2.3
allows remote attackers to affect integrity via
unknown vectors related to Web Analysis.
2014-07-17 4.3 CVE-2014-0436
oracle --
peoplesoft_product
s
Unspecified vulnerability in the PeopleSoft
Enterprise ELS Enterprise Learning Management
component in Oracle PeopleSoft Products 9.1 and
9.2 allows remote authenticated users to affect
confidentiality and integrity via unknown vectors.
2014-07-17 5.5 CVE-2014-2456
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle WebLogic
Server component in Oracle Fusion Middleware
10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows
remote attackers to affect confidentiality, integrity,
and availability via vectors related to WLS - Web
Services.
2014-07-17 6.8 CVE-2014-2479
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle WebLogic
Server component in Oracle Fusion Middleware
10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows
remote attackers to affect confidentiality, integrity,
and availability via unknown vectors, a different
vulnerability than CVE-2014-2481.
2014-07-17 6.8 CVE-2014-2480
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle WebLogic
Server component in Oracle Fusion Middleware
10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows
remote attackers to affect confidentiality, integrity,
and availability via unknown vectors, a different
vulnerability than CVE-2014-2480.
2014-07-17 6.8 CVE-2014-2481
oracle -- e-
business_suite
Unspecified vulnerability in the Oracle Concurrent
Processing component in Oracle E-Business Suite
12.1.3, 12.2.2, and 12.2.3 allows remote
authenticated users to affect confidentiality and
integrity via unknown vectors.
2014-07-17 5.5 CVE-2014-2482
oracle -- mysql Unspecified vulnerability in the MySQL Server
component in Oracle MySQL 5.6.17 and earlier
allows remote authenticated users to affect
confidentiality, integrity, and availability via vectors
related to SRFTS.
2014-07-17 6.5 CVE-2014-2484
oracle --
vm_virtualbox
Unspecified vulnerability in the Oracle VM
VirtualBox component in Oracle Virtualization
VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and
4.3.14, when running on Windows, allows local
users to affect confidentiality, integrity, and
availability via unknown vectors related to Core, a
different vulnerability than CVE-2014-4261.
2014-07-17 6.9 CVE-2014-2487
oracle --
vm_virtualbox
Unspecified vulnerability in the Oracle VM
VirtualBox component in Oracle Virtualization
VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and
4.3.12 allows local users to affect confidentiality,
integrity, and availability via unknown vectors
related to Core.
2014-07-17 4.1 CVE-2014-2489
oracle -- siebel_crm Unspecified vulnerability in the Siebel UI
Framework component in Oracle Siebel CRM 8.1.1
and 8.2.2 allows remote attackers to affect integrity
2014-07-17 4.3 CVE-2014-2491
via unknown vectors related to Portal Framework, a
different vulnerability than CVE-2014-4205.
oracle --
supply_chain_prod
ucts_suite
Unspecified vulnerability in the Oracle Agile
Product Collaboration component in Oracle Supply
Chain Products Suite 9.3.3 allows remote attackers
to affect integrity via unknown vectors related to
Web client (PC).
2014-07-17 4.3 CVE-2014-2492
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle JDeveloper
component in Oracle Fusion Middleware 11.1.1.7.0,
11.1.2.4.0, and 12.1.2.0.0 allows remote attackers to
affect confidentiality and availability via vectors
related to ADF Faces.
2014-07-17 6.4 CVE-2014-2493
oracle -- mysql Unspecified vulnerability in the MySQL Server
component in Oracle MySQL 5.5.37 and earlier
allows remote authenticated users to affect
availability via vectors related to ENARC.
2014-07-17 4.0 CVE-2014-2494
oracle --
peoplesoft_product
s
Unspecified vulnerability in the PeopleSoft
Enterprise PT PeopleTools component in Oracle
PeopleSoft Products 8.52 and 8.53 allows remote
authenticated users to affect confidentiality and
integrity via unknown vectors related to Test
Framework.
2014-07-17 5.5 CVE-2014-2496
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle WebLogic
Server component in Oracle Fusion Middleware
10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote
attackers to affect availability via vectors related to
WLS - Web Services.
2014-07-17 5.0 CVE-2014-4201
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle WebLogic
Server component in Oracle Fusion Middleware
10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows
remote attackers to affect availability via vectors
related to WLS - Web Services.
2014-07-17 5.0 CVE-2014-4202
oracle -- hyperion Unspecified vulnerability in the Hyperion Enterprise
Performance Management Architect component in
Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows local
users to affect confidentiality, integrity, and
availability via unknown vectors related to Property
Editing.
2014-07-17 4.1 CVE-2014-4203
oracle -- siebel_crm Unspecified vulnerability in the Siebel UI
Framework component in Oracle Siebel CRM 8.1.1
and 8.2.2 allows remote attackers to affect integrity
via unknown vectors related to Portal Framework, a
different vulnerability than CVE-2014-2491.
2014-07-17 4.3 CVE-2014-4205
oracle -- mysql Unspecified vulnerability in the MySQL Server
component in Oracle MySQL 5.5.37 and earlier
allows remote authenticated users to affect
availability via vectors related to SROPTZR.
2014-07-17 4.0 CVE-2014-4207
oracle -- jdk Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allows remote attackers to
affect confidentiality and integrity via vectors
related to JMX.
2014-07-17 6.4 CVE-2014-4209
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle WebLogic
Server component in Oracle Fusion Middleware
10.0.2.0 and 10.3.6.0 allows remote attackers to
affect confidentiality via vectors related to WLS -
Web Services.
2014-07-17 5.0 CVE-2014-4210
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle WebCenter
Portal component in Oracle Fusion Middleware
11.1.1.7 and 11.1.1.8 allows remote attackers to
affect integrity via unknown vectors related to
Portlet Services.
2014-07-17 5.0 CVE-2014-4211
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle Fusion
Middleware component in Oracle Fusion
Middleware 11.1.1.7 allows remote attackers to
affect confidentiality via unknown vectors related
to Process Mgmt and Notification.
2014-07-17 4.3 CVE-2014-4212
oracle -- e-
business_suite
Unspecified vulnerability in the Oracle Applications
Manager component in Oracle E-Business Suite
12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote
attackers to affect integrity via unknown vectors.
2014-07-17 4.3 CVE-2014-4213
oracle -- sunos Unspecified vulnerability in Oracle Solaris 10 and
11.1 allows local users to affect availability via
vectors related to CPU performance counters (CPC)
drivers.
2014-07-17 4.9 CVE-2014-4215
oracle -- Unspecified vulnerability in the Oracle WebLogic 2014-07-17 4.3 CVE-2014-4217
fusion_middleware Server component in Oracle Fusion Middleware
10.0.2.0, 10.3.6.0, and 12.1.1.0 allows remote
attackers to affect integrity via vectors related to
WLS - Web Services.
oracle -- jdk Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allows remote attackers to
affect integrity via unknown vectors related to
Libraries.
2014-07-17 5.0 CVE-2014-4218
oracle -- jdk Unspecified vulnerability in Oracle Java SE 7u60 and
8u5 allows remote attackers to affect integrity via
unknown vectors related to Deployment, a different
vulnerability than CVE-2014-4208.
2014-07-17 5.0 CVE-2014-4220
oracle -- jdk Unspecified vulnerability in Oracle Java SE 7u60 and
8u5 allows remote attackers to affect confidentiality
via unknown vectors related to Libraries.
2014-07-17 4.3 CVE-2014-4221
oracle -- sunos Unspecified vulnerability in Oracle Sun Solaris 8, 9,
10, and 11.1 allows local users to affect availability
via unknown vectors related to sockfs.
2014-07-17 4.9 CVE-2014-4224
oracle --
peoplesoft_product
s
Unspecified vulnerability in the PeopleSoft
Enterprise FIN Install component in Oracle
PeopleSoft Products 9.1 and 9.2 allows remote
attackers to affect confidentiality, integrity, and
availability via unknown vectors.
2014-07-17 5.1 CVE-2014-4226
oracle --
vm_virtualbox
Unspecified vulnerability in the Oracle VM
VirtualBox component in Oracle Virtualization
VirtualBox before 4.1.34, 4.2.26, and 4.3.12 allows
local users to affect confidentiality, integrity, and
availability via vectors related to Graphics driver
(WDDM) for Windows guests.
2014-07-17 4.4 CVE-2014-4228
oracle --
supply_chain_prod
ucts_suite
Unspecified vulnerability in the Oracle
Transportation Management component in Oracle
Supply Chain Products Suite 6.2, 6.3, 6.3.1, 6.3.2,
6.3.3, and 6.3.4 allows remote authenticated users
to affect confidentiality and integrity via unknown
vectors related to Data, Domain, and Function
Security.
2014-07-17 5.5 CVE-2014-4229
oracle -- siebel_crm Unspecified vulnerability in the Siebel UI 2014-07-17 4.3 CVE-2014-4230
Framework component in Oracle Siebel CRM 8.1.1
and 8.2.2 allows remote attackers to affect integrity
via vectors related to Open_UI.
oracle -- siebel_crm Unspecified vulnerability in the Siebel Travel &
Transportation component in Oracle Siebel CRM
8.1.1 and 8.2.2 allows remote attackers to affect
integrity via unknown vectors related to Diary.
2014-07-17 4.3 CVE-2014-4231
oracle --
virtualization
Unspecified vulnerability in the Oracle Secure
Global Desktop (SGD) component in Oracle
Virtualization 4.63, 4.71, 5.0, and 5.1 allows remote
attackers to affect integrity via unknown vectors
related to Workspace Web Application.
2014-07-17 4.3 CVE-2014-4232
oracle -- mysql Unspecified vulnerability in the MySQL Server
component in Oracle MySQL 5.6.17 and earlier
allows remote authenticated users to affect
availability via vectors related to SRREP.
2014-07-17 4.0 CVE-2014-4233
oracle --
supply_chain_prod
ucts_suite
Unspecified vulnerability in the Oracle
Transportation Management component in Oracle
Supply Chain Products Suite 6.1, 6.2, 6.3, 6.3.1,
6.3.2, 6.3.3, and 6.3.4 allows remote attackers to
affect confidentiality via unknown vectors related
to Data, Domain & Function Security.
2014-07-17 5.0 CVE-2014-4234
oracle --
database_server
Unspecified vulnerability in the RDBMS Core
component in Oracle Database Server 11.2.0.4 and
12.1.0.1 allows remote authenticated users to affect
confidentiality, integrity, and availability via
unknown vectors.
2014-07-17 6.5 CVE-2014-4236
oracle --
database_server
Unspecified vulnerability in the RDBMS Core
component in Oracle Database Server 11.2.0.4 and
12.1.0.1 allows remote authenticated users to affect
confidentiality via unknown vectors.
2014-07-17 4.0 CVE-2014-4237
oracle -- mysql Unspecified vulnerability in the MySQL Server
component in Oracle MySQL 5.6.17 and earlier
allows remote authenticated users to affect
availability via vectors related to SROPTZR.
2014-07-17 4.0 CVE-2014-4238
oracle -- sunos Unspecified vulnerability in Oracle Sun Solaris 8, 9,
10, and 11.1 allows remote authenticated users to
2014-07-17 4.0 CVE-2014-4239
affect confidentiality via unknown vectors related
to Common Agent Container (Cacao).
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle WebLogic
Server component in Oracle Fusion Middleware
10.0.2.0 and 10.3.6.0 allows remote attackers to
affect integrity via vectors related to WLS - Web
Services.
2014-07-17 4.3 CVE-2014-4241
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle WebLogic
Server component in Oracle Fusion Middleware
10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows
remote attackers to affect integrity via unknown
vectors related to Console.
2014-07-17 4.3 CVE-2014-4242
oracle -- jdk Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5, and JRockit R27.8.2 and
JRockit R28.3.2, allows remote attackers to affect
confidentiality and integrity via unknown vectors
related to Security.
2014-07-17 4.0 CVE-2014-4244
oracle --
fusion_middleware
Unspecified vulnerability in the BI Publisher
component in Oracle Fusion Middleware 11.1.1.7
allows remote attackers to affect confidentiality via
unknown vectors related to Mobile Service.
2014-07-17 5.0 CVE-2014-4249
oracle -- jdk Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allows remote attackers to
affect confidentiality via unknown vectors related
to Security.
2014-07-17 5.0 CVE-2014-4252
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle WebLogic
Server component in Oracle Fusion Middleware
10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows
remote attackers to affect availability via vectors
related to WebLogic Server JVM.
2014-07-17 5.0 CVE-2014-4253
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle WebLogic
Server component in Oracle Fusion Middleware
10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote
attackers to affect confidentiality, integrity, and
availability via vectors related to WLS - Web
Services.
2014-07-17 6.8 CVE-2014-4254
oracle -- Unspecified vulnerability in the Oracle WebLogic 2014-07-17 6.8 CVE-2014-4255
fusion_middleware Server component in Oracle Fusion Middleware
10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote
attackers to affect confidentiality, integrity, and
availability via vectors related to WLS - Security and
Policy.
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle WebLogic
Server component in Oracle Fusion Middleware
10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows
remote attackers to affect confidentiality and
integrity via vectors related to WLS - Deployment.
2014-07-17 5.8 CVE-2014-4256
oracle --
vm_virtualbox
Unspecified vulnerability in the Oracle VM
VirtualBox component in Oracle Virtualization
VirtualBox before 3.2.24, 4.0.26, 4.1.34, 4.2.26, and
4.3.14 allows local users to affect confidentiality,
integrity, and availability via unknown vectors
related to Core, a different vulnerability than CVE-
2014-2487.
2014-07-17 6.9 CVE-2014-4261
oracle -- jdk Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5, and JRockit R27.8.2 and
R28.3.2, allows remote attackers to affect
confidentiality and integrity via unknown vectors
related to "Diffie-Hellman key agreement."
2014-07-17 4.0 CVE-2014-4263
oracle -- jdk Unspecified vulnerability in Oracle Java SE 7u60 and
8u5 allows remote attackers to affect availability via
unknown vectors related to Security.
2014-07-17 5.0 CVE-2014-4264
oracle -- jdk Unspecified vulnerability in Oracle Java SE 6u75,
7u60, and 8u5 allows remote attackers to affect
integrity via unknown vectors related to
Deployment.
2014-07-17 5.0 CVE-2014-4265
oracle -- jdk Unspecified vulnerability in Oracle Java SE 7u60 and
8u5 allows remote attackers to affect integrity via
unknown vectors related to Serviceability.
2014-07-17 5.0 CVE-2014-4266
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle WebLogic
Server component in Oracle Fusion Middleware
10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows
remote attackers to affect confidentiality, integrity,
and availability via vectors related to WLS Core
Components.
2014-07-17 6.8 CVE-2014-4267
oracle -- jdk Unspecified vulnerability in Oracle Java SE 5.0u65,
6u75, 7u60, and 8u5 allows remote attackers to
affect confidentiality via unknown vectors related
to Swing.
2014-07-17 5.0 CVE-2014-4268
oracle -- hyperion Unspecified vulnerability in the Hyperion Common
Admin component in Oracle Hyperion 11.1.2.2 and
11.1.2.3 allows remote authenticated users to affect
confidentiality via unknown vectors related to User
Interface, a different vulnerability than CVE-2014-
4270.
2014-07-17 4.0 CVE-2014-4269
oracle -- hyperion Unspecified vulnerability in the Hyperion Common
Admin component in Oracle Hyperion 11.1.2.2 and
11.1.2.3 allows remote authenticated users to affect
confidentiality via unknown vectors related to User
Interface, a different vulnerability than CVE-2014-
4269.
2014-07-17 4.0 CVE-2014-4270
oracle -- hyperion Unspecified vulnerability in the Hyperion Essbase
component in Oracle Hyperion 11.1.2.2 and 11.1.2.3
allows remote attackers to affect availability via
unknown vectors related to Agent.
2014-07-17 5.0 CVE-2014-4271
reportico --
php_report_design
er
Directory traversal vulnerability in Reportico PHP
Report Designer before 4.0 allows remote attackers
to read arbitrary files via a .. (dot dot) in the xmlin
parameter.
2014-07-16 5.0 CVE-2014-3777MISCOSVDBFULLDISCMISC
shopizer -- shopizer Shopizer 1.1.5 and earlier allows remote attackers
to reduce the total cost of their shopping cart via a
negative number in the productQuantity
parameter, which causes the price of the item to be
subtracted from the total cost.
2014-07-15 6.4 CVE-2014-4962BUGTRAQFULLDISC
shopizer -- shopizer Shopizer 1.1.5 and earlier allows remote attackers
to modify the account settings of arbitrary users via
the customer.customerId parameter to
shop/profile/register.action.
2014-07-15 6.8 CVE-2014-4963BUGTRAQFULLDISC
shopizer -- shopizer Multiple cross-site request forgery (CSRF)
vulnerabilities in Shopizer 1.1.5 and earlier allow
remote attackers to hijack the authentication of
users for requests that (1) modify customer settings
or hijack the authentication of administrators for
2014-07-15 6.8 CVE-2014-4964BUGTRAQFULLDISC
requests that change (2) customer passwords, (3)
shop configuration, or (4) product details, as
demonstrated by (5) modify a product's price via a
crafted request to
central/catalog/saveproduct.action or (6) creating a
product review via a crafted request to
shop/product/createReview.action.
shopizer -- shopizer Multiple cross-site scripting (XSS) vulnerabilities in
Shopizer 1.1.5 and earlier allow remote attackers to
inject arbitrary web script or HTML via the (1)
customername parameter to
central/orders/searchcriteria.action; (2)
productname, (3) availability, or (4) status
parameter to central/catalog/productlist.action; or
unspecified vectors in (5)
WebContent/orders/orderlist.jsp.
2014-07-15 4.3 CVE-2014-4965BUGTRAQFULLDISC
sun -- sunos Unspecified vulnerability in Oracle Sun Solaris 10
allows local users to affect confidentiality, integrity,
and availability via unknown vectors related to
Patch installation scripts.
2014-07-17 6.9 CVE-2014-4225
tera_charts_plugin_
project -- tera-charts
Multiple directory traversal vulnerabilities in Tera
Charts (tera-charts) plugin 0.1 for WordPress allow
remote attackers to read arbitrary files via a .. (dot
dot) in the fn parameter to (1) charts/treemap.php
or (2) charts/zoomabletreemap.php.
2014-07-11 5.0 CVE-2014-4940MISC
yealink --
voip_phone_firmwa
re
CRLF injection vulnerability in Yealink VoIP Phones
with firmware 28.72.0.2 allows remote attackers to
inject arbitrary HTTP headers and conduct HTTP
response splitting attacks via the model parameter
to servlet.
2014-07-16 5.0 CVE-2014-3427BUGTRAQFULLDISC
zte -- zxv10_w300 ZTE ZXV10 W300 router with firmware
W300V1.0.0a_ZRD_LK stores sensitive information
under the web root with insufficient access control,
which allows remote attackers to obtain the
PPPoE/PPPoA password via a direct request for
basic/tc2wanfun.js.
2014-07-16 5.0 CVE-2014-4154MISCEXPLOIT-DBMISC
Low Severity Vulnerabilities
The Primary Vendor --- Product
Description Date Published CVSSScore
The CVE Identity
kaseya --
virtual_system_ad
ministrator
kapfa.sys in Kaseya Virtual System Administrator
(VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16
allows local users to cause a denial of service (NULL
pointer dereference and application crash) via
unspecified vectors.
2014-07-14 1.7 CVE-2014-2926
mysql -- mysql Unspecified vulnerability in the MySQL Server
component in Oracle MySQL 5.5.35 and earlier and
5.6.15 and earlier allows remote authenticated users
to affect availability via vectors related to ENFED.
2014-07-17 2.8 CVE-2014-4243
oracle --
vm_virtualbox
Unspecified vulnerability in the Oracle VM VirtualBox
component in Oracle Virtualization VirtualBox before
3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local
users to affect integrity and availability via unknown
vectors related to Core.
2014-07-17 3.6 CVE-2014-2477
oracle -- siebel_crm Unspecified vulnerability in the Siebel Core - EAI
component in Oracle Siebel CRM 8.1.1 and 8.2.2
allows local users to affect confidentiality via
unknown vectors related to Integration Business
Services.
2014-07-17 1.4 CVE-2014-2485
oracle --
vm_virtualbox
Unspecified vulnerability in the Oracle VM VirtualBox
component in Oracle Virtualization VirtualBox before
3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local
users to affect integrity and availability via unknown
vectors related to Core.
2014-07-17 3.0 CVE-2014-2486
oracle --
vm_virtualbox
Unspecified vulnerability in the Oracle VM VirtualBox
component in Oracle Virtualization VirtualBox before
3.2.24, 4.0.26, 4.1.34, 4.2.26, and 4.3.12 allows local
2014-07-17 1.0 CVE-2014-2488
users to affect confidentiality via unknown vectors
related to Core.
oracle --
peoplesoft_product
s
Unspecified vulnerability in the PeopleSoft
Enterprise SCM Purchasing component in Oracle
PeopleSoft Products 9.1 and 9.2 allows remote
authenticated users to affect confidentiality via
unknown vectors related to Purchasing.
2014-07-17 2.3 CVE-2014-2495
oracle --
peoplesoft_product
s
Unspecified vulnerability in the PeopleSoft
Enterprise PT PeopleTools component in Oracle
PeopleSoft Products 8.53 allows remote
authenticated users to affect integrity via vectors
related to PIA Core Technology.
2014-07-17 3.5 CVE-2014-4204
oracle -- hyperion Unspecified vulnerability in the Hyperion Enterprise
Performance Management Architect component in
Oracle Hyperion 11.1.2.2 and 11.1.2.3 allows local
users to affect integrity and availability via unknown
vectors related to Data Synchronizer.
2014-07-17 3.3 CVE-2014-4206
oracle -- jdk Unspecified vulnerability in the Java SE component
in Oracle Java SE 7u60 and 8u5 allows remote
attackers to affect integrity via unknown vectors
related to Deployment, a different vulnerability than
CVE-2014-4220.
2014-07-17 2.6 CVE-2014-4208
oracle -- mysql Unspecified vulnerability in the MySQL Server
component in Oracle MySQL 5.6.17 and earlier
allows remote authenticated users to affect
availability via vectors related to SRSP.
2014-07-17 3.3 CVE-2014-4214
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle HTTP Server
component in Oracle Fusion Middleware 11.1.1.7.0
and 12.1.2.0 allows remote authenticated users to
affect confidentiality via vectors related to plugin
1.1.
2014-07-17 2.1 CVE-2014-4222
oracle -- e-
business_suite
Unspecified vulnerability in the Oracle iStore
component in Oracle E-Business Suite 11.5.10.2,
12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows remote
authenticated users to affect integrity via unknown
vectors.
2014-07-17 3.5 CVE-2014-4235
oracle -- mysql Unspecified vulnerability in the MySQL Server 2014-07-17 3.6 CVE-2014-4240
component in Oracle MySQL 5.6.17 and earlier
allows local users to affect confidentiality and
integrity via vectors related to SRREP.
oracle --
database_server
Unspecified vulnerability in the RDBMS Core
component in Oracle Database Server 11.1.0.7,
11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote
authenticated users to affect confidentiality via
unknown vectors.
2014-07-17 3.5 CVE-2014-4245
oracle -- hyperion Unspecified vulnerability in the Hyperion Analytic
Provider Services component in Oracle Hyperion
11.1.2.2 and 11.1.2.3 allows remote authenticated
users to affect confidentiality via vectors related to
SVP.
2014-07-17 3.5 CVE-2014-4246
oracle -- e-
business_suite
Unspecified vulnerability in the Oracle Application
Object Library component in Oracle E-Business Suite
11.5.10.2, 12.0.6, 12.1.3, 12.2.2, and 12.2.3 allows
local users to affect confidentiality via unknown
vectors related to Logging.
2014-07-17 1.0 CVE-2014-4248
oracle -- siebel_crm Unspecified vulnerability in the Siebel Core - Server
OM Frwks component in Oracle Siebel CRM 8.1.1 and
8.2.2 allows remote authenticated users to affect
confidentiality via unknown vectors related to
Object Manager.
2014-07-17 3.5 CVE-2014-4250
oracle --
fusion_middleware
Unspecified vulnerability in the Oracle HTTP Server
component in Oracle Fusion Middleware 11.1.1.7.0
and 12.1.2.0 allows remote authenticated users to
affect integrity via vectors related to plugin 1.1.
2014-07-17 3.5 CVE-2014-4251
• Sources: http://nvd.nist.gov (For more information visit the National Vulnerabilities Database (NVD) which
contains a database of every vulnerability that has ever been published).
Uganda Communications Commission – UGCERTEmail: [email protected] Tel + 256 414 302 100/150 Toll Free: 0800 133 911
Website www.ug-cert.ug Face book / Twitter: UGCERT
![[LEAKED DRAFT*] IPCC: Change 2014: Impacts, Adaptation, and Vulnerability](https://static.fdocuments.us/doc/165x107/55cf9b3e550346d033a54792/leaked-draft-ipcc-change-2014-impacts-adaptation-and-vulnerability.jpg)
