ID CVE-2014-6577 Type cve Reporter cve@mitre.org Modified 2016-11-28T19:12:00
Description
Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the original researcher's claim that this is an XML external entity (XXE) vulnerability in the XML parser, which allows attackers to conduct internal port scanning, perform SSRF attacks, or cause a denial of service via a crafted (1) http: or (2) ftp: URI.
Per: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
The CVSS score is 6.8 only on Windows for Database versions prior to 12c. The CVSS is 4.0 (Confidentiality is "Partial+") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms.
{"id": "CVE-2014-6577", "bulletinFamily": "NVD", "title": "CVE-2014-6577", "description": "Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown vectors. NOTE: the previous information is from the January 2015 CPU. Oracle has not commented on the original researcher's claim that this is an XML external entity (XXE) vulnerability in the XML parser, which allows attackers to conduct internal port scanning, perform SSRF attacks, or cause a denial of service via a crafted (1) http: or (2) ftp: URI.\nPer: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\n\nThe CVSS score is 6.8 only on Windows for Database versions prior to 12c. The CVSS is 4.0 (Confidentiality is \"Partial+\") for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms.", "published": "2015-01-21T15:28:00", "modified": "2016-11-28T19:12:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6577", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/72139", "https://blog.netspi.com/advisory-xxe-injection-oracle-database-cve-2014-6577/", "http://www.securitytracker.com/id/1031572", "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"], "cvelist": ["CVE-2014-6577"], "type": "cve", "lastseen": "2021-02-02T06:14:33", "edition": 4, "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310807042"]}, {"type": "nessus", "idList": ["ORACLE_RDBMS_CPU_JAN_2015.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14233"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2015-1972971", "ORACLE:CPUJAN2015"]}], "modified": "2021-02-02T06:14:33", "rev": 2}, "score": {"value": 4.6, "vector": "NONE", "modified": "2021-02-02T06:14:33", "rev": 2}, "vulnersScore": 4.6}, "cpe": ["cpe:/a:oracle:database_server:11.2.0.4", "cpe:/a:oracle:database_server:12.1.0.2", "cpe:/a:oracle:database_server:11.2.0.3", "cpe:/a:oracle:database_server:12.1.0.1"], "affectedSoftware": [{"cpeName": "oracle:database_server", "name": "oracle database server", "operator": "eq", "version": "12.1.0.2"}, {"cpeName": "oracle:database_server", "name": "oracle database server", "operator": "eq", "version": "11.2.0.4"}, {"cpeName": "oracle:database_server", "name": "oracle database server", "operator": "eq", "version": "12.1.0.1"}, {"cpeName": "oracle:database_server", "name": "oracle database server", "operator": "eq", "version": "11.2.0.3"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 6.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-noinfo"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:database_server:11.2.0.3:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "1031572", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id/1031572"}, {"name": "72139", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/72139"}, {"name": "https://blog.netspi.com/advisory-xxe-injection-oracle-database-cve-2014-6577/", "refsource": "MISC", "tags": ["Exploit"], "url": "https://blog.netspi.com/advisory-xxe-injection-oracle-database-cve-2014-6577/"}, {"name": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html", "refsource": "CONFIRM", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"}], "immutableFields": []}
{"openvas": [{"lastseen": "2019-05-29T18:35:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2015-0455", "CVE-2015-4753", "CVE-2014-6577"], "description": "This host is running Oracle Database Server\n and is prone to multiple unspecified vulnerabilities.", "modified": "2019-03-14T00:00:00", "published": "2016-01-25T00:00:00", "id": "OPENVAS:1361412562310807042", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807042", "type": "openvas", "title": "Oracle Database Server Multiple Unspecified Vulnerabilities -06 Jan16", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_db_mult_unspecified_vuln06_jan16.nasl 14181 2019-03-14 12:59:41Z cfischer $\n#\n# Oracle Database Server Multiple Unspecified Vulnerabilities -06 Jan16\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:oracle:database_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807042\");\n script_version(\"$Revision: 14181 $\");\n script_cve_id(\"CVE-2014-6577\", \"CVE-2015-4753\", \"CVE-2015-0455\");\n script_bugtraq_id(72139, 75839, 74076);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:C/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 13:59:41 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-25 14:59:25 +0530 (Mon, 25 Jan 2016)\");\n script_name(\"Oracle Database Server Multiple Unspecified Vulnerabilities -06 Jan16\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle Database Server\n and is prone to multiple unspecified vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to:\n\n - An Unspecified vulnerability in the XML Developer's Kit for C component.\n\n - An Unspecified vulnerability in the RDBMS Support Tools component.\n\n - An Unspecified vulnerability in the XDB - XML Database component.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploitation will allow remote\n authenticated and local attackers to affect confidentiality, integrity, and\n availability via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle Database Server versions\n 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2.\");\n\n script_tag(name:\"solution\", value:\"Apply the patche from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"oracle_tnslsnr_version.nasl\");\n script_mandatory_keys(\"OracleDatabaseServer/installed\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!dbPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dbVer = get_app_version(cpe:CPE, port:dbPort)){\n exit(0);\n}\n\nif(dbVer =~ \"^(12|11)\")\n{\n if(version_is_equal(version:dbVer, test_version:\"12.1.0.1\") ||\n version_is_equal(version:dbVer, test_version:\"12.1.0.2\") ||\n version_is_equal(version:dbVer, test_version:\"11.2.0.3\") ||\n version_is_equal(version:dbVer, test_version:\"11.2.0.4\"))\n {\n report = report_fixed_ver(installed_version:dbVer, fixed_version:\"Apply the appropriate patch\");\n security_message(data:report, port:dbPort);\n exit(0);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:L/Au:S/C:C/I:N/A:N"}}], "nessus": [{"lastseen": "2020-09-14T17:17:26", "description": "The remote Oracle database server is missing the January 2015 Critical\nPatch Update (CPU). It is, therefore, affected by security issues in\nthe following components :\n\n - Core RDBMS\n - DBMS_UTILITY\n - PL/SQL\n - Recovery\n - Workspace Manager\n - XML Developer's Kit for C", "edition": 19, "published": "2015-01-22T00:00:00", "title": "Oracle Database Multiple Vulnerabilities (January 2015 CPU)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2014-6578", "CVE-2014-6567", "CVE-2015-0371", "CVE-2015-0373", "CVE-2015-0370", "CVE-2014-6541", "CVE-2014-6514", "CVE-2014-6577"], "modified": "2015-01-22T00:00:00", "cpe": ["cpe:/a:oracle:database_server"], "id": "ORACLE_RDBMS_CPU_JAN_2015.NASL", "href": "https://www.tenable.com/plugins/nessus/80906", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(80906);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/01\");\n\n script_cve_id(\n \"CVE-2014-6514\",\n \"CVE-2014-6541\",\n \"CVE-2014-6567\",\n \"CVE-2014-6577\",\n \"CVE-2014-6578\",\n \"CVE-2015-0370\",\n \"CVE-2015-0371\",\n \"CVE-2015-0373\"\n );\n script_bugtraq_id(\n 72134,\n 72139,\n 72145,\n 72149,\n 72158,\n 72163,\n 72166,\n 72171\n );\n\n script_name(english:\"Oracle Database Multiple Vulnerabilities (January 2015 CPU)\");\n script_summary(english:\"Checks the installed patch info.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle database server is missing the January 2015 Critical\nPatch Update (CPU). It is, therefore, affected by security issues in\nthe following components :\n\n - Core RDBMS\n - DBMS_UTILITY\n - PL/SQL\n - Recovery\n - Workspace Manager\n - XML Developer's Kit for C\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?75c6cafb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2015 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/01/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude(\"oracle_rdbms_cpu_func.inc\");\n\n################################################################################\n# JAN2015\npatches = make_nested_array();\n\n# RDBMS 11.1.0.7\npatches[\"11.1.0.7\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.1.0.7.22\", \"CPU\", \"19854433, 19769499\");\npatches[\"11.1.0.7\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"11.1.0.7.59\", \"CPU\", \"20126914\");\npatches[\"11.1.0.7\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"11.1.0.7.59\", \"CPU\", \"20126915\");\n# RDBMS 12.1.0.2\npatches[\"12.1.0.2\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.2.2\", \"CPU\", \"19769480\");\npatches[\"12.1.0.2\"][\"db\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.2.1\", \"CPU\", \"19720843\");\n# RDBMS 12.1.0.1\npatches[\"12.1.0.1\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.1.6\", \"CPU\", \"19769486\");\npatches[\"12.1.0.1\"][\"db\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.1.16\", \"CPU\", \"20160748\");\n# RDBMS 11.2.0.3\npatches[\"11.2.0.3\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.3.13\", \"CPU\", \"19854461, 19769496\");\npatches[\"11.2.0.3\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"11.2.0.3.36\", \"CPU\", \"20233167\");\npatches[\"11.2.0.3\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"11.2.0.3.36\", \"CPU\", \"20233168\");\n# RDBMS 11.2.0.4\npatches[\"11.2.0.4\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.4.5\", \"CPU\", \"19854503, 19769489\");\npatches[\"11.2.0.4\"][\"db\"][\"win\"] = make_array(\"patch_level\", \"11.2.0.4.12\", \"CPU\", \"20127071\");\n# JVM 11.2.0.3\npatches[\"11.2.0.3\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.3.2\", \"CPU\", \"19877443\");\npatches[\"11.2.0.3\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"11.2.0.3.2\", \"CPU\", \"20227195\");\n# JVM 12.1.0.2\npatches[\"12.1.0.2\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.2.2\", \"CPU\", \"19877336\");\npatches[\"12.1.0.2\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.2.1\", \"CPU\", \"20225938\");\n# JVM 11.1.0.7\npatches[\"11.1.0.7\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"11.1.0.7.2\", \"CPU\", \"19877446\");\npatches[\"11.1.0.7\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"11.1.0.7.2\", \"CPU\", \"20227146\");\n# JVM 11.2.0.4\npatches[\"11.2.0.4\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.4.2\", \"CPU\", \"19877440\");\npatches[\"11.2.0.4\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"11.2.0.4.2\", \"CPU\", \"20225982\");\n# JVM 12.1.0.1\npatches[\"12.1.0.1\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.1.2\", \"CPU\", \"19877342\");\npatches[\"12.1.0.1\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.1.2\", \"CPU\", \"20225916\");\n\ncheck_oracle_database(patches:patches, high_risk:TRUE);\n", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:58", "bulletinFamily": "software", "cvelist": ["CVE-2015-0388", "CVE-2014-6574", "CVE-2015-0390", "CVE-2014-6592", "CVE-2014-3566", "CVE-2011-4461", "CVE-2015-0386", "CVE-2015-0425", "CVE-2014-6566", "CVE-2013-4784", "CVE-2014-0191", "CVE-2015-0365", "CVE-2014-6579", "CVE-2014-6556", "CVE-2014-6571", "CVE-2015-0427", "CVE-2014-6578", "CVE-2015-0398", "CVE-2014-6510", "CVE-2014-6595", "CVE-2011-3607", "CVE-2014-6518", "CVE-2015-0385", "CVE-2015-0395", "CVE-2015-0368", "CVE-2014-6575", "CVE-2015-0380", "CVE-2015-0424", "CVE-2003-0001", "CVE-2014-6565", "CVE-2015-0407", "CVE-2015-0362", "CVE-2015-0430", "CVE-2014-6585", "CVE-2015-0410", "CVE-2013-5704", "CVE-2015-0402", "CVE-2015-0379", "CVE-2014-6548", "CVE-2015-0396", "CVE-2015-0422", "CVE-2015-0435", "CVE-2014-6584", "CVE-2014-0224", "CVE-2014-4259", "CVE-2015-0391", "CVE-2014-6567", "CVE-2015-0418", "CVE-2013-0338", "CVE-2014-6480", "CVE-2014-6576", "CVE-2015-0428", "CVE-2015-0431", "CVE-2014-0098", "CVE-2014-6549", "CVE-2015-0420", "CVE-2015-0432", "CVE-2015-0383", "CVE-2011-3389", "CVE-2013-1741", "CVE-2014-6583", "CVE-2014-6597", "CVE-2014-4279", "CVE-2004-0230", "CVE-2015-0369", "CVE-2014-6525", "CVE-2015-0372", "CVE-2014-6582", "CVE-2015-0378", "CVE-2015-0392", "CVE-2015-0416", "CVE-2014-6587", "CVE-2013-6438", "CVE-2015-0406", "CVE-2015-0401", "CVE-2014-6569", "CVE-2014-6599", "CVE-2013-2877", "CVE-2015-0417", "CVE-2015-0404", "CVE-2013-6450", "CVE-2014-0114", "CVE-2015-0364", "CVE-2010-5107", "CVE-2011-3368", "CVE-2014-6573", "CVE-2013-4286", "CVE-2015-0371", "CVE-2014-6526", "CVE-2015-0382", "CVE-2014-1568", "CVE-2015-0363", "CVE-2014-6600", "CVE-2014-6580", "CVE-2014-6509", "CVE-2015-0375", "CVE-2015-0414", "CVE-2015-0413", "CVE-2014-6593", "CVE-2014-6601", "CVE-2014-6594", "CVE-2015-0373", "CVE-2015-0421", "CVE-2013-2186", "CVE-2014-3567", "CVE-2014-6581", "CVE-2015-0403", "CVE-2014-6570", "CVE-2015-0408", "CVE-2015-0429", "CVE-2014-6596", "CVE-2014-6521", "CVE-2015-0374", "CVE-2014-6591", "CVE-2014-6586", "CVE-2014-6524", "CVE-2014-6572", "CVE-2015-0370", "CVE-2015-0412", "CVE-2015-0400", "CVE-2015-0409", "CVE-2015-0387", "CVE-2015-0389", "CVE-2015-0399", "CVE-2015-0415", "CVE-2014-6590", "CVE-2015-0376", "CVE-2014-6481", "CVE-2015-0393", "CVE-2015-0366", "CVE-2015-0419", "CVE-2014-6568", "CVE-2015-0377", "CVE-2015-0394", "CVE-2015-0397", "CVE-2015-0384", "CVE-2014-6589", "CVE-2014-6528", "CVE-2014-6588", "CVE-2014-6541", "CVE-2011-1944", "CVE-2015-0437", "CVE-2014-6514", "CVE-2014-4212", "CVE-2015-0436", "CVE-2014-6598", "CVE-2015-0367", "CVE-2014-0226", "CVE-2013-1620", "CVE-2013-4545", "CVE-2015-0426", "CVE-2015-0434", "CVE-2015-0411", "CVE-2015-0381", "CVE-2014-6577"], "description": "Over 150 vulnerabilities in different applications are closed in auqrterly update.", "edition": 1, "modified": "2015-01-25T00:00:00", "published": "2015-01-25T00:00:00", "id": "SECURITYVULNS:VULN:14233", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14233", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2020-10-04T21:16:02", "bulletinFamily": "software", "cvelist": ["CVE-2003-0001", "CVE-2004-0230", "CVE-2010-5107", "CVE-2010-5298", "CVE-2011-1944", "CVE-2011-3368", "CVE-2011-3389", "CVE-2011-3607", "CVE-2011-4317", "CVE-2011-4461", "CVE-2012-0053", "CVE-2013-0338", "CVE-2013-1620", "CVE-2013-1739", "CVE-2013-1740", "CVE-2013-1741", "CVE-2013-2186", "CVE-2013-2877", "CVE-2013-4286", "CVE-2013-4545", "CVE-2013-4784", "CVE-2013-5605", "CVE-2013-5606", "CVE-2013-5704", "CVE-2013-6438", "CVE-2013-6449", "CVE-2013-6450", "CVE-2014-0015", "CVE-2014-0050", "CVE-2014-0076", "CVE-2014-0098", "CVE-2014-0114", "CVE-2014-0117", "CVE-2014-0118", "CVE-2014-0191", "CVE-2014-0195", "CVE-2014-0198", "CVE-2014-0221", "CVE-2014-0224", "CVE-2014-0226", "CVE-2014-0231", "CVE-2014-1490", "CVE-2014-1491", "CVE-2014-1492", "CVE-2014-1568", "CVE-2014-3470", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-4212", "CVE-2014-4259", "CVE-2014-4279", "CVE-2014-5704", "CVE-2014-6480", "CVE-2014-6481", "CVE-2014-6509", "CVE-2014-6510", "CVE-2014-6514", "CVE-2014-6518", "CVE-2014-6521", "CVE-2014-6524", "CVE-2014-6525", "CVE-2014-6526", "CVE-2014-6528", "CVE-2014-6541", "CVE-2014-6548", "CVE-2014-6549", "CVE-2014-6556", "CVE-2014-6565", "CVE-2014-6566", "CVE-2014-6567", "CVE-2014-6568", "CVE-2014-6569", "CVE-2014-6570", "CVE-2014-6571", "CVE-2014-6572", "CVE-2014-6573", "CVE-2014-6574", "CVE-2014-6575", "CVE-2014-6576", "CVE-2014-6577", "CVE-2014-6578", "CVE-2014-6579", "CVE-2014-6580", "CVE-2014-6581", "CVE-2014-6582", "CVE-2014-6583", "CVE-2014-6584", "CVE-2014-6585", "CVE-2014-6586", "CVE-2014-6587", "CVE-2014-6588", "CVE-2014-6589", "CVE-2014-6590", "CVE-2014-6591", "CVE-2014-6592", "CVE-2014-6593", "CVE-2014-6594", "CVE-2014-6595", "CVE-2014-6596", "CVE-2014-6597", "CVE-2014-6598", "CVE-2014-6599", "CVE-2014-6600", "CVE-2014-6601", "CVE-2015-0362", "CVE-2015-0363", "CVE-2015-0364", "CVE-2015-0365", "CVE-2015-0366", "CVE-2015-0367", "CVE-2015-0368", "CVE-2015-0369", "CVE-2015-0370", "CVE-2015-0371", "CVE-2015-0372", "CVE-2015-0373", "CVE-2015-0374", "CVE-2015-0375", "CVE-2015-0376", "CVE-2015-0377", "CVE-2015-0378", "CVE-2015-0379", "CVE-2015-0380", "CVE-2015-0381", "CVE-2015-0382", "CVE-2015-0383", "CVE-2015-0384", "CVE-2015-0385", "CVE-2015-0386", "CVE-2015-0387", "CVE-2015-0388", "CVE-2015-0389", "CVE-2015-0390", "CVE-2015-0391", "CVE-2015-0392", "CVE-2015-0393", "CVE-2015-0394", "CVE-2015-0395", "CVE-2015-0396", "CVE-2015-0397", "CVE-2015-0398", "CVE-2015-0399", "CVE-2015-0400", "CVE-2015-0401", "CVE-2015-0402", "CVE-2015-0403", "CVE-2015-0404", "CVE-2015-0406", "CVE-2015-0407", "CVE-2015-0408", "CVE-2015-0409", "CVE-2015-0410", "CVE-2015-0411", "CVE-2015-0412", "CVE-2015-0413", "CVE-2015-0414", "CVE-2015-0415", "CVE-2015-0416", "CVE-2015-0417", "CVE-2015-0418", "CVE-2015-0419", "CVE-2015-0420", "CVE-2015-0421", "CVE-2015-0422", "CVE-2015-0424", "CVE-2015-0425", "CVE-2015-0426", "CVE-2015-0427", "CVE-2015-0428", "CVE-2015-0429", "CVE-2015-0430", "CVE-2015-0431", "CVE-2015-0432", "CVE-2015-0434", "CVE-2015-0435", "CVE-2015-0436", "CVE-2015-0437"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 169 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ https://blogs.oracle.com/security](<https://blogs.oracle.com/security>).\n\nPlease note that on October 16, 2014, Oracle released information for CVE-2014-3566 \"POODLE\" .Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2014-3566 in addition to the fixes announced in this CPU.\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: https://www.oracle.com/security-alerts/cpufaq.html#CVRF.\n", "modified": "2015-01-20T00:00:00", "published": "2015-03-10T00:00:00", "id": "ORACLE:CPUJAN2015", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - January 2015", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:21:04", "bulletinFamily": "software", "cvelist": ["CVE-2015-0388", "CVE-2014-6574", "CVE-2015-0390", "CVE-2011-4317", "CVE-2014-6592", "CVE-2014-3566", "CVE-2011-4461", "CVE-2015-0386", "CVE-2015-0425", "CVE-2014-6566", "CVE-2013-4784", "CVE-2014-0191", "CVE-2015-0365", "CVE-2014-6579", "CVE-2014-6556", "CVE-2014-0231", "CVE-2014-6571", "CVE-2015-0427", "CVE-2014-6578", "CVE-2015-0398", "CVE-2014-6510", "CVE-2014-6595", "CVE-2011-3607", "CVE-2014-6518", "CVE-2015-0385", "CVE-2015-0395", "CVE-2015-0368", "CVE-2013-6449", "CVE-2014-6575", "CVE-2015-0380", "CVE-2015-0424", "CVE-2003-0001", "CVE-2014-6565", "CVE-2015-0407", "CVE-2014-0076", "CVE-2015-0362", "CVE-2015-0430", "CVE-2014-6585", "CVE-2015-0410", "CVE-2013-5704", "CVE-2015-0402", "CVE-2015-0379", "CVE-2014-6548", "CVE-2015-0396", "CVE-2015-0422", "CVE-2015-0435", "CVE-2014-5704", "CVE-2013-5605", "CVE-2014-6584", "CVE-2014-0224", "CVE-2014-4259", "CVE-2015-0391", "CVE-2014-6567", "CVE-2015-0418", "CVE-2013-0338", "CVE-2014-6480", "CVE-2014-6576", "CVE-2015-0428", "CVE-2015-0431", "CVE-2014-0098", "CVE-2014-6549", "CVE-2015-0420", "CVE-2015-0432", "CVE-2015-0383", "CVE-2011-3389", "CVE-2013-1741", "CVE-2014-6583", "CVE-2014-6597", "CVE-2014-4279", "CVE-2004-0230", "CVE-2015-0369", "CVE-2014-6525", "CVE-2015-0372", "CVE-2014-6582", "CVE-2015-0378", "CVE-2015-0392", "CVE-2015-0416", "CVE-2014-6587", "CVE-2013-1740", "CVE-2013-6438", "CVE-2015-0406", "CVE-2015-0401", "CVE-2014-6569", "CVE-2014-3470", "CVE-2012-0053", "CVE-2013-1739", "CVE-2014-6599", "CVE-2014-1492", "CVE-2013-2877", "CVE-2015-0417", "CVE-2015-0404", "CVE-2013-6450", "CVE-2013-5606", "CVE-2014-0114", "CVE-2015-0364", "CVE-2014-0050", "CVE-2010-5107", "CVE-2011-3368", "CVE-2014-6573", "CVE-2014-1490", "CVE-2010-5298", "CVE-2013-4286", "CVE-2015-0371", "CVE-2014-6526", "CVE-2015-0382", "CVE-2014-1568", "CVE-2015-0363", "CVE-2014-6600", "CVE-2014-6580", "CVE-2014-6509", "CVE-2015-0375", "CVE-2015-0414", "CVE-2014-0195", "CVE-2015-0413", "CVE-2014-6593", "CVE-2014-0198", "CVE-2014-6601", "CVE-2014-6594", "CVE-2015-0373", "CVE-2015-0421", "CVE-2013-2186", "CVE-2014-3567", "CVE-2014-6581", "CVE-2014-0015", "CVE-2015-0403", "CVE-2014-6570", "CVE-2015-0408", "CVE-2015-0429", "CVE-2014-6596", "CVE-2014-6521", "CVE-2015-0374", "CVE-2014-6591", "CVE-2014-6586", "CVE-2014-6524", "CVE-2014-6572", "CVE-2015-0370", "CVE-2015-0412", "CVE-2015-0400", "CVE-2015-0409", "CVE-2015-0387", "CVE-2015-0389", "CVE-2015-0399", "CVE-2014-0118", "CVE-2015-0415", "CVE-2014-6590", "CVE-2015-0376", "CVE-2014-6481", "CVE-2015-0393", "CVE-2015-0366", "CVE-2015-0419", "CVE-2014-6568", "CVE-2015-0377", "CVE-2015-0394", "CVE-2015-0397", "CVE-2015-0384", "CVE-2014-6589", "CVE-2014-1491", "CVE-2014-6528", "CVE-2014-6588", "CVE-2014-6541", "CVE-2011-1944", "CVE-2015-0437", "CVE-2014-6514", "CVE-2014-0117", "CVE-2014-4212", "CVE-2015-0436", "CVE-2014-6598", "CVE-2015-0367", "CVE-2014-0226", "CVE-2013-1620", "CVE-2013-4545", "CVE-2015-0426", "CVE-2015-0434", "CVE-2014-0221", "CVE-2015-0411", "CVE-2015-0381", "CVE-2014-6577"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle has received specific reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply these Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 169 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\nPlease note that on October 16, 2014, Oracle released information for [CVE-2014-3566 \"POODLE\"](<http://www.oracle.com/technetwork/topics/security/poodlecve-2014-3566-2339408.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2014-3566 in addition to the fixes announced in this CPU.\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2015-01-20T00:00:00", "published": "2015-03-10T00:00:00", "id": "ORACLE:CPUJAN2015-1972971", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - January 2015", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
