Search...

Oracle Business Intelligence Publisher Multiple Vulnerabilities (January 2016 CPU)

2016-01-23T00:00:00

ID ORACLE_BI_PUBLISHER_JAN_2016_CPU_WIN.NASL
Type nessus
Reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
Modified 2016-01-23T00:00:00

Description

The Oracle Business Intelligence Publisher installed on the remote host is affected by multiple vulnerabilities :

An unspecified vulnerability exists in the Security subcomponent that allows an authenticated, remote attacker to affect the confidentiality and integrity of the system. No other details are available. (CVE-2016-0470)

Multiple unspecified vulnerabilities exist in the Scheduler subcomponent that allow an unauthenticated, remote attacker to affect the integrity of the system. No other details are available. (CVE-2016-0401, CVE-2016-0429)

An unspecified vulnerability exists in the Security subcomponent that allows an authenticated, remote attacker to affect the confidentiality of the system. No other details are available. (CVE-2016-0614)

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(88104);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/22");

  script_cve_id(
    "CVE-2016-0470",
    "CVE-2016-0401",
    "CVE-2016-0429",
    "CVE-2016-0614"
  );
  script_bugtraq_id(
    81132,
    81147,
    81157,
    81191
  );

  script_name(english:"Oracle Business Intelligence Publisher Multiple Vulnerabilities (January 2016 CPU)");
  script_summary(english:"Checks for applied patches.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The Oracle Business Intelligence Publisher installed on the remote
host is affected by multiple vulnerabilities :

  - An unspecified vulnerability exists in the Security
    subcomponent that allows an authenticated, remote
    attacker to affect the confidentiality and integrity of
    the system. No other details are available.
    (CVE-2016-0470)

  - Multiple unspecified vulnerabilities exist in the
    Scheduler subcomponent that allow an unauthenticated,
    remote attacker to affect the integrity of the system.
    No other details are available. (CVE-2016-0401,
    CVE-2016-0429)

  - An unspecified vulnerability exists in the Security
    subcomponent that allows an authenticated, remote
    attacker to affect the confidentiality of the system.
    No other details are available. (CVE-2016-0614)");
  # https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d13bbe45");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the January 2016 Oracle
Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-0470");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/01/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2016/01/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2016/01/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"agent", value:"all");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:fusion_middleware");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:business_intelligence_publisher");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");

  script_dependencies("oracle_bi_publisher_installed.nbin");
  script_require_keys("installed_sw/Oracle Business Intelligence Publisher");
  script_require_ports(139, 445);

  exit(0);
}

include("global_settings.inc");
include("audit.inc");
include("misc_func.inc");
include("install_func.inc");
include("oracle_rdbms_cpu_func.inc");

appname = "Oracle Business Intelligence Publisher";
install = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);

version = install['version'];
path = install['path'];

fixes = NULL;
bundles = make_list("None");

# Super set patches from Doc ID 1276869.1
# 11.1.1.7.0 needs either
#   BIP specific patch 22225969, which is in BI bundle 22225110, or
#   BIP specific patch 23299563, which is in BI bundle 23703041

# Super set patches from Doc ID 1276869.1
# 11.1.1.9.0 needs either
#   BIP specific patch 22382217, which is in BI bundle 22393988, or
#   BIP specific patch 22974747, which is in BI bundle 22951634, or
#   BIP specific patch 23632905, which is in BI bundle 23703078, or
#   BIP specific patch 24736889, which is in BI bundle 24668000, or
#   BIP specific patch 25214935, which is in BI bundle 25189841

# Super set patches from Doc ID 2147699.1
# 12.2.1.0.0 needs
#   BIP specific patch 22387713, or
#   BI bundle patch 22734181

if (version == "11.1.1.7.0")
{
  fixes = make_list("22225969", "23299563");
  bundles = make_list("22225110", "23703041");
}
else if (version == "11.1.1.9.0")
{
  fixes = make_list("22382217", "22974747", "23632905", "24736889", "25214935");
  bundles = make_list("22393988", "22951634", "23703078", "24668000", "25189841");
}
else if (version == "12.2.1.0.0")
  fixes = make_list("22387713", "22734181");

if (isnull(fixes)) audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);

patches = find_patches_in_ohomes(ohomes:make_list(path));

vuln = TRUE;
foreach patch (keys(patches[path]))
{
  foreach fix (fixes)
  {
    if (patch == fix)
    {
      vuln = FALSE;
      break;
    }
  }
  if (!vuln) break;
}

if (vuln)
{
  port = get_kb_item("SMB/transport");
  if (!port) port = 445;

  order = make_list("Path", "Version", "Patch required", "Bundled in");
  report = make_array(
    order[0], path,
    order[1], version,
    order[2], join(fixes, sep:" or "),
    order[3], join(bundles, sep:" or ")
  );
  report = report_items_str(report_items:report, ordered_fields:order);

  security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);
}
else audit(AUDIT_INST_PATH_NOT_VULN, appname, version + ' with patch ' + fix, path);

JSON Vulners Source

Initial Source

{"id": "ORACLE_BI_PUBLISHER_JAN_2016_CPU_WIN.NASL", "bulletinFamily": "scanner", "title": "Oracle Business Intelligence Publisher Multiple Vulnerabilities (January 2016 CPU)", "description": "The Oracle Business Intelligence Publisher installed on the remote\nhost is affected by multiple vulnerabilities :\n\n - An unspecified vulnerability exists in the Security\n subcomponent that allows an authenticated, remote\n attacker to affect the confidentiality and integrity of\n the system. No other details are available.\n (CVE-2016-0470)\n\n - Multiple unspecified vulnerabilities exist in the\n Scheduler subcomponent that allow an unauthenticated,\n remote attacker to affect the integrity of the system.\n No other details are available. (CVE-2016-0401,\n CVE-2016-0429)\n\n - An unspecified vulnerability exists in the Security\n subcomponent that allows an authenticated, remote\n attacker to affect the confidentiality of the system.\n No other details are available. (CVE-2016-0614)", "published": "2016-01-23T00:00:00", "modified": "2016-01-23T00:00:00", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}, "href": "https://www.tenable.com/plugins/nessus/88104", "reporter": "This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.", "references": ["http://www.nessus.org/u?d13bbe45"], "cvelist": ["CVE-2016-0470", "CVE-2016-0401", "CVE-2016-0614", "CVE-2016-0429"], "type": "nessus", "lastseen": "2020-05-23T03:27:27", "edition": 19, "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2016-0429", "CVE-2016-0401", "CVE-2016-0614", "CVE-2016-0470"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2016", "ORACLE:CPUJAN2016-2367955"]}], "modified": "2020-05-23T03:27:27", "rev": 2}, "score": {"value": 6.2, "vector": "NONE", "modified": "2020-05-23T03:27:27", "rev": 2}, "vulnersScore": 6.2}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(88104);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/22\");\n\n script_cve_id(\n \"CVE-2016-0470\",\n \"CVE-2016-0401\",\n \"CVE-2016-0429\",\n \"CVE-2016-0614\"\n );\n script_bugtraq_id(\n 81132,\n 81147,\n 81157,\n 81191\n );\n\n script_name(english:\"Oracle Business Intelligence Publisher Multiple Vulnerabilities (January 2016 CPU)\");\n script_summary(english:\"Checks for applied patches.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Oracle Business Intelligence Publisher installed on the remote\nhost is affected by multiple vulnerabilities :\n\n - An unspecified vulnerability exists in the Security\n subcomponent that allows an authenticated, remote\n attacker to affect the confidentiality and integrity of\n the system. No other details are available.\n (CVE-2016-0470)\n\n - Multiple unspecified vulnerabilities exist in the\n Scheduler subcomponent that allow an unauthenticated,\n remote attacker to affect the integrity of the system.\n No other details are available. (CVE-2016-0401,\n CVE-2016-0429)\n\n - An unspecified vulnerability exists in the Security\n subcomponent that allows an authenticated, remote\n attacker to affect the confidentiality of the system.\n No other details are available. (CVE-2016-0614)\");\n # https://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d13bbe45\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the January 2016 Oracle\nCritical Patch Update advisory.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2016-0470\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2016/01/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/01/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:fusion_middleware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:business_intelligence_publisher\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.\");\n\n script_dependencies(\"oracle_bi_publisher_installed.nbin\");\n script_require_keys(\"installed_sw/Oracle Business Intelligence Publisher\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\ninclude(\"oracle_rdbms_cpu_func.inc\");\n\nappname = \"Oracle Business Intelligence Publisher\";\ninstall = get_single_install(app_name:appname, exit_if_unknown_ver:TRUE);\n\nversion = install['version'];\npath = install['path'];\n\nfixes = NULL;\nbundles = make_list(\"None\");\n\n# Super set patches from Doc ID 1276869.1\n# 11.1.1.7.0 needs either\n# BIP specific patch 22225969, which is in BI bundle 22225110, or\n# BIP specific patch 23299563, which is in BI bundle 23703041\n\n# Super set patches from Doc ID 1276869.1\n# 11.1.1.9.0 needs either\n# BIP specific patch 22382217, which is in BI bundle 22393988, or\n# BIP specific patch 22974747, which is in BI bundle 22951634, or\n# BIP specific patch 23632905, which is in BI bundle 23703078, or\n# BIP specific patch 24736889, which is in BI bundle 24668000, or\n# BIP specific patch 25214935, which is in BI bundle 25189841\n\n# Super set patches from Doc ID 2147699.1\n# 12.2.1.0.0 needs\n# BIP specific patch 22387713, or\n# BI bundle patch 22734181\n\nif (version == \"11.1.1.7.0\")\n{\n fixes = make_list(\"22225969\", \"23299563\");\n bundles = make_list(\"22225110\", \"23703041\");\n}\nelse if (version == \"11.1.1.9.0\")\n{\n fixes = make_list(\"22382217\", \"22974747\", \"23632905\", \"24736889\", \"25214935\");\n bundles = make_list(\"22393988\", \"22951634\", \"23703078\", \"24668000\", \"25189841\");\n}\nelse if (version == \"12.2.1.0.0\")\n fixes = make_list(\"22387713\", \"22734181\");\n\nif (isnull(fixes)) audit(AUDIT_INST_PATH_NOT_VULN, appname, version, path);\n\npatches = find_patches_in_ohomes(ohomes:make_list(path));\n\nvuln = TRUE;\nforeach patch (keys(patches[path]))\n{\n foreach fix (fixes)\n {\n if (patch == fix)\n {\n vuln = FALSE;\n break;\n }\n }\n if (!vuln) break;\n}\n\nif (vuln)\n{\n port = get_kb_item(\"SMB/transport\");\n if (!port) port = 445;\n\n order = make_list(\"Path\", \"Version\", \"Patch required\", \"Bundled in\");\n report = make_array(\n order[0], path,\n order[1], version,\n order[2], join(fixes, sep:\" or \"),\n order[3], join(bundles, sep:\" or \")\n );\n report = report_items_str(report_items:report, ordered_fields:order);\n\n security_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, version + ' with patch ' + fix, path);\n", "naslFamily": "Misc.", "pluginID": "88104", "cpe": ["cpe:/a:oracle:business_intelligence_publisher", "cpe:/a:oracle:fusion_middleware"], "scheme": null, "cvss3": {"score": 5.4, "vector": "AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}, "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T06:28:00", "description": "Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.", "edition": 4, "cvss3": {}, "published": "2016-01-21T03:02:00", "title": "CVE-2016-0614", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0614"], "modified": "2017-09-10T01:29:00", "cpe": ["cpe:/a:oracle:business_intelligence_publisher:11.1.1.7.0", "cpe:/a:oracle:business_intelligence_publisher:11.1.1.9.0", "cpe:/a:oracle:business_intelligence_publisher:12.2.1.0.0"], "id": "CVE-2016-0614", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0614", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:oracle:business_intelligence_publisher:11.1.1.9.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:business_intelligence_publisher:12.2.1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:business_intelligence_publisher:11.1.1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:00", "description": "Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to BI Publisher Security.", "edition": 4, "cvss3": {}, "published": "2016-01-21T03:00:00", "title": "CVE-2016-0470", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0470"], "modified": "2017-09-10T01:29:00", "cpe": ["cpe:/a:oracle:fusion_middleware:11.1.1.7.0", "cpe:/a:oracle:fusion_middleware:12.2.1", "cpe:/a:oracle:fusion_middleware:11.1.1.9"], "id": "CVE-2016-0470", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0470", "cvss": {"score": 5.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:fusion_middleware:12.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:fusion_middleware:11.1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:fusion_middleware:11.1.1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:00", "description": "Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect integrity via unknown vectors related to Scheduler, a different vulnerability than CVE-2016-0429.", "edition": 4, "cvss3": {}, "published": "2016-01-21T02:59:00", "title": "CVE-2016-0401", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0401"], "modified": "2017-09-10T01:29:00", "cpe": ["cpe:/a:oracle:fusion_middleware:11.1.1.7.0", "cpe:/a:oracle:fusion_middleware:11.1.1.9"], "id": "CVE-2016-0401", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0401", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:fusion_middleware:11.1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:fusion_middleware:11.1.1.7.0:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T06:28:00", "description": "Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect integrity via unknown vectors related to Scheduler, a different vulnerability than CVE-2016-0401.", "edition": 4, "cvss3": {}, "published": "2016-01-21T02:59:00", "title": "CVE-2016-0429", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-0429"], "modified": "2017-09-10T01:29:00", "cpe": ["cpe:/a:oracle:fusion_middleware:11.1.1.7.0", "cpe:/a:oracle:fusion_middleware:11.1.1.9"], "id": "CVE-2016-0429", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0429", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:oracle:fusion_middleware:11.1.1.9:*:*:*:*:*:*:*", "cpe:2.3:a:oracle:fusion_middleware:11.1.1.7.0:*:*:*:*:*:*:*"]}], "oracle": [{"lastseen": "2019-05-29T18:20:52", "bulletinFamily": "software", "cvelist": ["CVE-2016-0571", "CVE-2016-0528", "CVE-2015-6013", "CVE-2015-4000", "CVE-2016-0608", "CVE-2016-0515", "CVE-2016-0514", "CVE-2016-0600", "CVE-2015-1792", "CVE-2016-0492", "CVE-2016-0611", "CVE-2016-0575", "CVE-2016-0544", "CVE-2016-0599", "CVE-2015-0235", "CVE-2016-0445", "CVE-2016-0500", "CVE-2016-0572", "CVE-2015-1793", "CVE-2016-0592", "CVE-2016-0435", "CVE-2016-0512", "CVE-2015-8126", "CVE-2016-0526", "CVE-2016-0457", "CVE-2016-0594", "CVE-2016-0498", "CVE-2016-0516", "CVE-2016-0580", "CVE-2016-0470", "CVE-2016-0444", "CVE-2016-0577", "CVE-2016-0440", "CVE-2016-0546", "CVE-2015-1789", "CVE-2016-0541", "CVE-2016-0560", "CVE-2016-0428", "CVE-2016-0447", "CVE-2016-0477", "CVE-2016-0568", "CVE-2016-0415", "CVE-2015-0286", "CVE-2016-0489", "CVE-2016-0559", "CVE-2016-0472", "CVE-2016-0578", "CVE-2016-0579", "CVE-2016-0561", "CVE-2014-3583", "CVE-2016-0412", "CVE-2015-3195", "CVE-2016-0449", "CVE-2016-0555", "CVE-2016-0481", "CVE-2016-0511", "CVE-2016-0605", "CVE-2015-4885", "CVE-2016-0455", "CVE-2015-4921", "CVE-2016-0534", "CVE-2016-0414", "CVE-2015-4924", "CVE-2016-0589", "CVE-2016-0474", "CVE-2016-0508", "CVE-2016-0465", "CVE-2016-0553", "CVE-2016-0582", "CVE-2016-0483", "CVE-2013-5855", "CVE-2016-0517", "CVE-2013-5704", "CVE-2016-0454", "CVE-2015-0288", "CVE-2016-0486", "CVE-2013-5605", "CVE-2016-0554", "CVE-2016-0542", "CVE-2016-0591", "CVE-2016-0433", "CVE-2016-0448", "CVE-2016-0506", "CVE-2016-0401", "CVE-2016-0416", "CVE-2016-0437", "CVE-2016-0550", "CVE-2016-0533", "CVE-2016-0403", "CVE-2015-4922", "CVE-2016-0566", "CVE-2016-0606", "CVE-2016-0510", "CVE-2016-0431", "CVE-2015-0285", "CVE-2016-0569", "CVE-2016-0459", "CVE-2016-0471", "CVE-2016-0564", "CVE-2016-0524", "CVE-2016-0563", "CVE-2016-0522", "CVE-2015-3153", "CVE-2016-0616", "CVE-2016-0614", "CVE-2013-1741", "CVE-2015-0207", "CVE-2016-0442", "CVE-2016-0493", "CVE-2016-0443", "CVE-2016-0618", "CVE-2016-0573", "CVE-2016-0527", "CVE-2016-0610", "CVE-2016-0609", "CVE-2016-0570", "CVE-2015-4926", "CVE-2015-0208", "CVE-2015-5307", "CVE-2016-0473", "CVE-2016-0518", "CVE-2013-1740", "CVE-2016-0567", "CVE-2015-7575", "CVE-2016-0558", "CVE-2016-0543", "CVE-2016-0463", "CVE-2016-0487", "CVE-2013-1739", "CVE-2016-0466", "CVE-2016-0462", "CVE-2016-0423", "CVE-2016-0596", "CVE-2016-0535", "CVE-2016-0509", "CVE-2016-0574", "CVE-2014-1492", "CVE-2016-0426", "CVE-2016-0460", "CVE-2016-0504", "CVE-2016-0521", "CVE-2016-0501", "CVE-2013-5606", "CVE-2016-0451", "CVE-2016-0482", "CVE-2015-4808", "CVE-2016-0539", "CVE-2014-0050", "CVE-2016-0404", "CVE-2016-0419", "CVE-2016-0494", "CVE-2015-0293", "CVE-2016-0552", "CVE-2016-0485", "CVE-2014-1490", "CVE-2016-0595", "CVE-2016-0402", "CVE-2016-0480", "CVE-2016-0478", "CVE-2016-0427", "CVE-2015-4919", "CVE-2016-0529", "CVE-2015-7183", "CVE-2016-0503", "CVE-2015-1788", "CVE-2016-0413", "CVE-2016-0476", "CVE-2016-0598", "CVE-2016-0556", "CVE-2015-0209", "CVE-2016-0422", "CVE-2016-0502", "CVE-2016-0601", "CVE-2013-2186", "CVE-2015-3183", "CVE-2015-4920", "CVE-2016-0441", "CVE-2016-0432", "CVE-2016-0484", "CVE-2016-0536", "CVE-2016-0576", "CVE-2015-0204", "CVE-2016-0540", "CVE-2016-0584", "CVE-2016-0537", "CVE-2016-0590", "CVE-2016-0565", "CVE-2016-0420", "CVE-2016-0557", "CVE-2016-0586", "CVE-2016-0417", "CVE-2016-0491", "CVE-2016-0424", "CVE-2015-8472", "CVE-2016-0450", "CVE-2016-0495", "CVE-2016-0520", "CVE-2016-0405", "CVE-2016-0488", "CVE-2015-1790", "CVE-2016-0525", "CVE-2016-0475", "CVE-2016-0499", "CVE-2016-0452", "CVE-2015-6014", "CVE-2016-0548", "CVE-2016-0519", "CVE-2016-0587", "CVE-2016-0461", "CVE-2016-0464", "CVE-2016-0409", "CVE-2016-0438", "CVE-2015-0291", "CVE-2016-0429", "CVE-2016-0497", "CVE-2014-3581", "CVE-2016-0607", "CVE-2015-8370", "CVE-2016-0439", "CVE-2015-0287", "CVE-2014-8109", "CVE-2016-0530", "CVE-2016-0456", "CVE-2016-0496", "CVE-2016-0551", "CVE-2016-0425", "CVE-2016-0421", "CVE-2016-0523", "CVE-2016-0430", "CVE-2015-0289", "CVE-2016-0597", "CVE-2016-0467", "CVE-2016-0581", "CVE-2016-0549", "CVE-2016-0458", "CVE-2014-1491", "CVE-2016-0538", "CVE-2016-0531", "CVE-2015-0292", "CVE-2016-0583", "CVE-2016-0411", "CVE-2016-0507", "CVE-2016-0490", "CVE-2016-0418", "CVE-2014-0107", "CVE-2016-0453", "CVE-2015-7744", "CVE-2016-0513", "CVE-2016-0436", "CVE-2016-0547", "CVE-2016-0588", "CVE-2015-0290", "CVE-2016-0434", "CVE-2016-0446", "CVE-2015-1787", "CVE-2016-0505", "CVE-2015-4852", "CVE-2016-0562", "CVE-2016-0585", "CVE-2015-4923", "CVE-2016-0406", "CVE-2015-1791", "CVE-2015-8104", "CVE-2016-0532", "CVE-2015-4925", "CVE-2015-6015", "CVE-2016-0545", "CVE-2016-0602"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 248 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\n** Please note that on November 10, 2015, Oracle released [Security Alert for CVE-2015-4852](<http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-4852. **\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "modified": "2016-02-12T00:00:00", "published": "2016-01-19T00:00:00", "id": "ORACLE:CPUJAN2016-2367955", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - January 2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:15:56", "bulletinFamily": "software", "cvelist": ["CVE-2013-1739", "CVE-2013-1740", "CVE-2013-1741", "CVE-2013-2186", "CVE-2013-5605", "CVE-2013-5606", "CVE-2013-5704", "CVE-2013-5855", "CVE-2014-0050", "CVE-2014-0107", "CVE-2014-1490", "CVE-2014-1491", "CVE-2014-1492", "CVE-2014-3581", "CVE-2014-3583", "CVE-2014-8109", "CVE-2015-0204", "CVE-2015-0207", "CVE-2015-0208", "CVE-2015-0209", "CVE-2015-0235", "CVE-2015-0285", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0290", "CVE-2015-0291", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-1787", "CVE-2015-1788", "CVE-2015-1789", "CVE-2015-1790", "CVE-2015-1791", "CVE-2015-1792", "CVE-2015-1793", "CVE-2015-3153", "CVE-2015-3183", "CVE-2015-3195", "CVE-2015-4000", "CVE-2015-4808", "CVE-2015-4852", "CVE-2015-4885", "CVE-2015-4919", "CVE-2015-4920", "CVE-2015-4921", "CVE-2015-4922", "CVE-2015-4923", "CVE-2015-4924", "CVE-2015-4925", "CVE-2015-4926", "CVE-2015-5307", "CVE-2015-6013", "CVE-2015-6014", "CVE-2015-6015", "CVE-2015-7183", "CVE-2015-7575", "CVE-2015-7744", "CVE-2015-8104", "CVE-2015-8126", "CVE-2015-8370", "CVE-2015-8472", "CVE-2016-0401", "CVE-2016-0402", "CVE-2016-0403", "CVE-2016-0404", "CVE-2016-0405", "CVE-2016-0406", "CVE-2016-0409", "CVE-2016-0411", "CVE-2016-0412", "CVE-2016-0413", "CVE-2016-0414", "CVE-2016-0415", "CVE-2016-0416", "CVE-2016-0417", "CVE-2016-0418", "CVE-2016-0419", "CVE-2016-0420", "CVE-2016-0421", "CVE-2016-0422", "CVE-2016-0423", "CVE-2016-0424", "CVE-2016-0425", "CVE-2016-0426", "CVE-2016-0427", "CVE-2016-0428", "CVE-2016-0429", "CVE-2016-0430", "CVE-2016-0431", "CVE-2016-0432", "CVE-2016-0433", "CVE-2016-0434", "CVE-2016-0435", "CVE-2016-0436", "CVE-2016-0437", "CVE-2016-0438", "CVE-2016-0439", "CVE-2016-0440", "CVE-2016-0441", "CVE-2016-0442", "CVE-2016-0443", "CVE-2016-0444", "CVE-2016-0445", "CVE-2016-0446", "CVE-2016-0447", "CVE-2016-0448", "CVE-2016-0449", "CVE-2016-0450", "CVE-2016-0451", "CVE-2016-0452", "CVE-2016-0453", "CVE-2016-0454", "CVE-2016-0455", "CVE-2016-0456", "CVE-2016-0457", "CVE-2016-0458", "CVE-2016-0459", "CVE-2016-0460", "CVE-2016-0461", "CVE-2016-0462", "CVE-2016-0463", "CVE-2016-0464", "CVE-2016-0465", "CVE-2016-0466", "CVE-2016-0467", "CVE-2016-0470", "CVE-2016-0471", "CVE-2016-0472", "CVE-2016-0473", "CVE-2016-0474", "CVE-2016-0475", "CVE-2016-0476", "CVE-2016-0477", "CVE-2016-0478", "CVE-2016-0480", "CVE-2016-0481", "CVE-2016-0482", "CVE-2016-0483", "CVE-2016-0484", "CVE-2016-0485", "CVE-2016-0486", "CVE-2016-0487", "CVE-2016-0488", "CVE-2016-0489", "CVE-2016-0490", "CVE-2016-0491", "CVE-2016-0492", "CVE-2016-0493", "CVE-2016-0494", "CVE-2016-0495", "CVE-2016-0496", "CVE-2016-0497", "CVE-2016-0498", "CVE-2016-0499", "CVE-2016-0500", "CVE-2016-0501", "CVE-2016-0502", "CVE-2016-0503", "CVE-2016-0504", "CVE-2016-0505", "CVE-2016-0506", "CVE-2016-0507", "CVE-2016-0508", "CVE-2016-0509", "CVE-2016-0510", "CVE-2016-0511", "CVE-2016-0512", "CVE-2016-0513", "CVE-2016-0514", "CVE-2016-0515", "CVE-2016-0516", "CVE-2016-0517", "CVE-2016-0518", "CVE-2016-0519", "CVE-2016-0520", "CVE-2016-0521", "CVE-2016-0522", "CVE-2016-0523", "CVE-2016-0524", "CVE-2016-0525", "CVE-2016-0526", "CVE-2016-0527", "CVE-2016-0528", "CVE-2016-0529", "CVE-2016-0530", "CVE-2016-0531", "CVE-2016-0532", "CVE-2016-0533", "CVE-2016-0534", "CVE-2016-0535", "CVE-2016-0536", "CVE-2016-0537", "CVE-2016-0538", "CVE-2016-0539", "CVE-2016-0540", "CVE-2016-0541", "CVE-2016-0542", "CVE-2016-0543", "CVE-2016-0544", "CVE-2016-0545", "CVE-2016-0546", "CVE-2016-0547", "CVE-2016-0548", "CVE-2016-0549", "CVE-2016-0550", "CVE-2016-0551", "CVE-2016-0552", "CVE-2016-0553", "CVE-2016-0554", "CVE-2016-0555", "CVE-2016-0556", "CVE-2016-0557", "CVE-2016-0558", "CVE-2016-0559", "CVE-2016-0560", "CVE-2016-0561", "CVE-2016-0562", "CVE-2016-0563", "CVE-2016-0564", "CVE-2016-0565", "CVE-2016-0566", "CVE-2016-0567", "CVE-2016-0568", "CVE-2016-0569", "CVE-2016-0570", "CVE-2016-0571", "CVE-2016-0572", "CVE-2016-0573", "CVE-2016-0574", "CVE-2016-0575", "CVE-2016-0576", "CVE-2016-0577", "CVE-2016-0578", "CVE-2016-0579", "CVE-2016-0580", "CVE-2016-0581", "CVE-2016-0582", "CVE-2016-0583", "CVE-2016-0584", "CVE-2016-0585", "CVE-2016-0586", "CVE-2016-0587", "CVE-2016-0588", "CVE-2016-0589", "CVE-2016-0590", "CVE-2016-0591", "CVE-2016-0592", "CVE-2016-0594", "CVE-2016-0595", "CVE-2016-0596", "CVE-2016-0597", "CVE-2016-0598", "CVE-2016-0599", "CVE-2016-0600", "CVE-2016-0601", "CVE-2016-0602", "CVE-2016-0605", "CVE-2016-0606", "CVE-2016-0607", "CVE-2016-0608", "CVE-2016-0609", "CVE-2016-0610", "CVE-2016-0611", "CVE-2016-0614", "CVE-2016-0616", "CVE-2016-0618"], "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\nCritical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 248 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n**Please note that on November 10, 2015, Oracle released Security Alert for CVE-2015-4852. Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-4852. **\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: https://www.oracle.com/security-alerts/cpufaq.html#CVRF.\n", "modified": "2016-02-12T00:00:00", "published": "2016-01-19T00:00:00", "id": "ORACLE:CPUJAN2016", "href": "", "type": "oracle", "title": "Oracle Critical Patch Update - January 2016", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}