Oracle Database Server Unspecified Vulnerability -05 Jan16

2016-01-25T00:00:00

Description

This host is running Oracle Database Server and is prone to an unspecified vulnerability.

{"id": "OPENVAS:1361412562310807045", "type": "openvas", "bulletinFamily": "scanner", "title": "Oracle Database Server Unspecified Vulnerability -05 Jan16", "description": "This host is running Oracle Database Server\n and is prone to an unspecified vulnerability.", "published": "2016-01-25T00:00:00", "modified": "2018-11-21T00:00:00", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310807045", "reporter": "Copyright (C) 2016 Greenbone Networks GmbH", "references": ["http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html"], "cvelist": ["CVE-2015-2585"], "lastseen": "2019-05-29T18:35:20", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-2585"]}, {"type": "kaspersky", "idList": ["KLA10639"]}, {"type": "nessus", "idList": ["ORACLE_RDBMS_CPU_JUL_2015.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2015", "ORACLE:CPUJUL2015-2367936"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14601"]}], "rev": 4}, "score": {"value": 5.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2015-2585"]}, {"type": "nessus", "idList": ["ORACLE_TNSLSNR_VERSION.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2015-2367936"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14601"]}]}, "exploitation": null, "vulnersScore": 5.9}, "pluginID": "1361412562310807045", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_oracle_db_unspecified_vuln05_jan16.nasl 12455 2018-11-21 09:17:27Z cfischer $\n#\n# Oracle Database Server Unspecified Vulnerability -05 Jan16\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2016 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:oracle:database_server\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.807045\");\n script_version(\"$Revision: 12455 $\");\n script_cve_id(\"CVE-2015-2585\");\n script_bugtraq_id(75845);\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:S/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-21 10:17:27 +0100 (Wed, 21 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2016-01-25 14:59:25 +0530 (Mon, 25 Jan 2016)\");\n script_name(\"Oracle Database Server Unspecified Vulnerability -05 Jan16\");\n\n script_tag(name:\"summary\", value:\"This host is running Oracle Database Server\n and is prone to an unspecified vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The flaw is due to an unspecified\n error in the Application Express component.\");\n\n script_tag(name:\"impact\", value:\"Successfully exploitation will allow remote\n authenticated attackers to affect availability via unknown vectors.\");\n\n script_tag(name:\"affected\", value:\"Oracle Database Server versions\n before 5\");\n\n script_tag(name:\"solution\", value:\"Apply the patches from the referenced advisory.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_xref(name:\"URL\", value:\"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\");\n script_copyright(\"Copyright (C) 2016 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_family(\"Databases\");\n script_dependencies(\"oracle_tnslsnr_version.nasl\");\n script_mandatory_keys(\"OracleDatabaseServer/installed\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\n\nif(!dbPort = get_app_port(cpe:CPE)){\n exit(0);\n}\n\nif(!dbVer = get_app_version(cpe:CPE, port:dbPort)){\n exit(0);\n}\n\nif(version_is_less(version:dbVer, test_version:\"5.0\"))\n{\n report = report_fixed_ver(installed_version:dbVer, fixed_version:\"Apply the appropriate patch\");\n security_message(data:report, port:dbPort);\n exit(0);\n}\n\nexit(99);\n", "naslFamily": "Databases", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{"cve": [{"lastseen": "2022-03-23T12:16:28", "description": "Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0 allows remote authenticated users to affect availability via unknown vectors.", "cvss3": {}, "published": "2015-07-16T10:59:00", "type": "cve", "title": "CVE-2015-2585", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:N/AC:H/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2585"], "modified": "2017-09-22T01:29:00", "cpe": ["cpe:/a:oracle:database_server:4.2.5"], "id": "CVE-2015-2585", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2585", "cvss": {"score": 2.1, "vector": "AV:N/AC:H/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:oracle:database_server:4.2.5:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2022-04-12T16:02:44", "description": "The remote Oracle database server is missing the July 2015 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities in the following components :\n\n - Application Express (CVE-2015-2655, CVE-2015-2585, CVE-2015-2586)\n - Core RDBMS (CVE-2015-0468)\n - Java VM (CVE-2015-2629)\n - Oracle OLAP (CVE-2015-2595)\n - RDBMS Partitioning (CVE-2015-4740)\n - RDBMS Scheduler (CVE-2015-2599)\n - RDBMS Security (CVE-2015-4755)\n - RDBMS Support Tools (CVE-2015-4753)", "cvss3": {"score": null, "vector": null}, "published": "2015-07-17T00:00:00", "type": "nessus", "title": "Oracle Database Multiple Vulnerabilities (July 2015 CPU)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0468", "CVE-2015-2585", "CVE-2015-2586", "CVE-2015-2595", "CVE-2015-2599", "CVE-2015-2629", "CVE-2015-2655", "CVE-2015-4740", "CVE-2015-4753", "CVE-2015-4755"], "modified": "2022-04-11T00:00:00", "cpe": ["cpe:/a:oracle:database_server"], "id": "ORACLE_RDBMS_CPU_JUL_2015.NASL", "href": "https://www.tenable.com/plugins/nessus/84822", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(84822);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/11\");\n\n script_cve_id(\n \"CVE-2015-0468\",\n \"CVE-2015-2585\",\n \"CVE-2015-2586\",\n \"CVE-2015-2595\",\n \"CVE-2015-2599\",\n \"CVE-2015-2629\",\n \"CVE-2015-2655\",\n \"CVE-2015-4740\",\n \"CVE-2015-4753\",\n \"CVE-2015-4755\"\n );\n script_bugtraq_id(\n 75838,\n 75839,\n 75845,\n 75851,\n 75852,\n 75853,\n 75864,\n 75865,\n 75879,\n 75882\n );\n\n script_name(english:\"Oracle Database Multiple Vulnerabilities (July 2015 CPU)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote database server is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle database server is missing the July 2015 Critical\nPatch Update (CPU). It is, therefore, affected by multiple\nvulnerabilities in the following components :\n\n - Application Express (CVE-2015-2655, CVE-2015-2585,\n CVE-2015-2586)\n - Core RDBMS (CVE-2015-0468)\n - Java VM (CVE-2015-2629)\n - Oracle OLAP (CVE-2015-2595)\n - RDBMS Partitioning (CVE-2015-4740)\n - RDBMS Scheduler (CVE-2015-2599)\n - RDBMS Security (CVE-2015-4755)\n - RDBMS Support Tools (CVE-2015-4753)\");\n # http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d18c2a85\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply the appropriate patch according to the July 2015 Oracle\nCritical Patch Update advisory.\");\n script_set_attribute(attribute:\"agent\", value:\"all\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/07/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"combined\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:oracle:database_server\");\n script_set_attribute(attribute:\"thorough_tests\", value:\"true\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Databases\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"oracle_rdbms_query_patch_info.nbin\", \"oracle_rdbms_patch_info.nbin\");\n\n exit(0);\n}\n\ninclude(\"oracle_rdbms_cpu_func.inc\");\n\n################################################################################\n# July 2015\npatches = make_nested_array();\n\n# RDBMS 12.1.0.2\npatches[\"12.1.0.2\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.2.4\", \"CPU\", \"20831110\");\npatches[\"12.1.0.2\"][\"db\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.2.7\", \"CPU\", \"21126814\");\n# RDBMS 12.1.0.1\npatches[\"12.1.0.1\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.1.8\", \"CPU\", \"20831107\");\npatches[\"12.1.0.1\"][\"db\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.1.20\", \"CPU\", \"21076681\");\n# RDBMS 11.2.0.4\npatches[\"11.2.0.4\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.4.7\", \"CPU\", \"20803583, 20760982\");\npatches[\"11.2.0.4\"][\"db\"][\"win\"] = make_array(\"patch_level\", \"11.2.0.4.19\", \"CPU\", \"21691487\");\n# RDBMS 11.2.0.3\npatches[\"11.2.0.3\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.3.15\", \"CPU\", \"20803576, 20760997\");\npatches[\"11.2.0.3\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"11.2.0.3.39\", \"CPU\", \"21104035\");\npatches[\"11.2.0.3\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"11.2.0.3.39\", \"CPU\", \"21104036\");\n# RDBMS 11.1.0.7\npatches[\"11.1.0.7\"][\"db\"][\"nix\"] = make_array(\"patch_level\", \"11.1.0.7.24\", \"CPU\", \"20803573, 20761024\");\npatches[\"11.1.0.7\"][\"db\"][\"win32\"] = make_array(\"patch_level\", \"11.1.0.7.61\", \"CPU\", \"21104029\");\npatches[\"11.1.0.7\"][\"db\"][\"win64\"] = make_array(\"patch_level\", \"11.1.0.7.61\", \"CPU\", \"21104030\");\n\n# JVM 12.1.0.2\npatches[\"12.1.0.2\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.2.4\", \"CPU\", \"21068507\");\npatches[\"12.1.0.2\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.2.3\", \"CPU\", \"21153530\");\n# JVM 12.1.0.1\npatches[\"12.1.0.1\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"12.1.0.1.4\", \"CPU\", \"21068523\");\npatches[\"12.1.0.1\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"12.1.0.1.4\", \"CPU\", \"21153513\");\n# JVM 11.2.0.4\npatches[\"11.2.0.4\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.4.4\", \"CPU\", \"21068539\");\npatches[\"11.2.0.4\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"11.2.0.4.4\", \"CPU\", \"21153498\");\n# JVM 11.2.0.3\npatches[\"11.2.0.3\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"11.2.0.3.4\", \"CPU\", \"21068553\");\npatches[\"11.2.0.3\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"11.2.0.3.4\", \"CPU\", \"21153470\");\n# JVM 11.1.0.7\npatches[\"11.1.0.7\"][\"ojvm\"][\"nix\"] = make_array(\"patch_level\", \"11.1.0.7.4\", \"CPU\", \"21068565\");\npatches[\"11.1.0.7\"][\"ojvm\"][\"win\"] = make_array(\"patch_level\", \"11.1.0.7.4\", \"CPU\", \"21153423\");\n\ncheck_oracle_database(patches:patches, high_risk:TRUE);\n", "cvss": {"score": 9, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2021-08-18T11:24:01", "description": "### *Detect date*:\n07/17/2015\n\n### *Severity*:\nCritical\n\n### *Description*:\nUnspecified vulnerabilities were found in Oracle Supply Chain Products Suite, Oracle Database Server, Oracle Commerce Platform and Oracle Enterprise Manager. By exploiting this vulnerability malicious users can affect confidentiality, integrity and availability. This vulnerabilities can be exploited via vectors related to Oracle Agile PLM Framework, Business Process Automation, Content Acquisition System, Content Management, RAC Management, Content Acquisition System, Security, Diagnostics and unknown vectors.\n\n### *Affected products*:\nOracle Supply Chain Products Suite versions 6.1, 6.2, 6.3.0 through 6.3.7, 9.3.3 and 9.3.4 \nOracle Database Server versions prior to 4.2.3.00.08, 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, 12.1.0.2 \nOracle Commerce Platform versions 3.0.2, 3.1.1, 3.1.2, 11.0, and 11.1 \nOracle Enterprise Manager Grid Control EM Base Platform version 11.1.0.1 \nOracle Enterprise Manager Grid Control EM Plugin for DB versions 12.1.0.5, 12.1.0.6, 12.1.0.7 \nOracle Enterprise Manager Grid Control EM DB Control versions 11.1.0.7, 11.2.0.3 and 11.2.0.4\n\n### *Solution*:\nUpdate to the latest version \n[Get latest versions](<tps://www.oracle.com/downloads/index.html>)\n\n### *Original advisories*:\n[Oracle bulletin](<http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Oracle Database](<https://threats.kaspersky.com/en/product/Oracle-Database/>)\n\n### *CVE-IDS*:\n[CVE-2015-2663](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2663>) \n[CVE-2015-2660](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2660>) \n[CVE-2015-2599](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2599>) \n[CVE-2015-2585](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2585>) \n[CVE-2015-2607](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2607>) \n[CVE-2015-4735](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4735>) \n[CVE-2015-2644](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2644>) \n[CVE-2015-2646](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2646>) \n[CVE-2015-2655](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2655>) \n[CVE-2015-2657](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2657>) \n[CVE-2015-2647](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2647>) \n[CVE-2015-2653](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2653>) \n[CVE-2015-2629](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2629>) \n[CVE-2015-4768](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4768>) \n[CVE-2015-4740](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4740>) \n[CVE-2015-2595](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2595>) \n[CVE-2015-2586](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2586>) \n[CVE-2015-4755](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4755>)", "cvss3": {}, "published": "2015-07-17T00:00:00", "type": "kaspersky", "title": "KLA10639 Multiple vulnerabilities in Oracle products", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-2585", "CVE-2015-2586", "CVE-2015-2595", "CVE-2015-2599", "CVE-2015-2607", "CVE-2015-2629", "CVE-2015-2644", "CVE-2015-2646", "CVE-2015-2647", "CVE-2015-2653", "CVE-2015-2655", "CVE-2015-2657", "CVE-2015-2660", "CVE-2015-2663", "CVE-2015-4735", "CVE-2015-4740", "CVE-2015-4755", "CVE-2015-4768"], "modified": "2018-12-04T00:00:00", "id": "KLA10639", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10639/", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T18:46:15", "description": "Quarterly CPU fixed over 170 different vulnerabilities.", "edition": 2, "cvss3": {}, "published": "2015-07-20T00:00:00", "title": "Oracle / Sun / PeopleSoft / MySQL multiple security vulnerabilities", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-1926", "CVE-2015-4000", "CVE-2015-2591", "CVE-2015-0443", "CVE-2015-1803", "CVE-2015-4771", "CVE-2015-2627", "CVE-2015-2615", "CVE-2014-3566", "CVE-2015-4764", "CVE-2015-4774", "CVE-2015-2601", "CVE-2015-4738", "CVE-2015-0235", "CVE-2015-4729", "CVE-2015-4751", "CVE-2015-0444", "CVE-2015-0445", "CVE-2015-4749", "CVE-2015-4758", "CVE-2014-7809", "CVE-2015-2643", "CVE-2015-4770", "CVE-2015-4747", "CVE-2015-2661", "CVE-2015-4778", "CVE-2015-2632", "CVE-2015-2625", "CVE-2015-2617", "CVE-2015-4784", "CVE-2015-2664", "CVE-2015-2605", "CVE-2015-2597", "CVE-2015-4785", "CVE-2015-4732", "CVE-2015-2653", "CVE-2014-0227", "CVE-2015-2595", "CVE-2015-4782", "CVE-2015-0286", "CVE-2015-2648", "CVE-2015-2657", "CVE-2014-0230", "CVE-2015-4789", "CVE-2015-0447", "CVE-2015-2581", "CVE-2015-2613", "CVE-2015-2658", "CVE-2014-3571", "CVE-2015-4736", "CVE-2015-2599", "CVE-2013-2251", "CVE-2013-5704", "CVE-2015-4739", "CVE-2015-4790", "CVE-2015-2589", "CVE-2010-1324", "CVE-2015-2623", "CVE-2015-2631", "CVE-2015-2596", "CVE-2015-4763", "CVE-2015-4783", "CVE-2015-2620", "CVE-2015-2650", "CVE-2015-0448", "CVE-2015-2654", "CVE-2015-2607", "CVE-2015-2639", "CVE-2015-2611", "CVE-2015-2645", "CVE-2015-2634", "CVE-2015-2594", "CVE-2015-3456", "CVE-2015-2584", "CVE-2015-2808", "CVE-2014-3570", "CVE-2015-2590", "CVE-2015-2656", "CVE-2015-2626", "CVE-2015-2628", "CVE-2015-4768", "CVE-2015-4761", "CVE-2015-4745", "CVE-2015-4750", "CVE-2015-2635", "CVE-2015-4756", "CVE-2015-2647", "CVE-2015-2600", "CVE-2015-2580", "CVE-2015-3152", "CVE-2015-2640", "CVE-2015-4733", "CVE-2015-2646", "CVE-2014-1568", "CVE-2015-2651", "CVE-2015-2603", "CVE-2015-2633", "CVE-2015-4765", "CVE-2015-2660", "CVE-2015-2604", "CVE-2015-0255", "CVE-2015-4772", "CVE-2015-2662", "CVE-2015-4735", "CVE-2015-4779", "CVE-2015-2585", "CVE-2013-2186", "CVE-2014-3567", "CVE-2015-2614", "CVE-2015-4766", "CVE-2015-4737", "CVE-2015-4776", "CVE-2015-4757", "CVE-2015-4728", "CVE-2015-2637", "CVE-2015-2606", "CVE-2015-4769", "CVE-2015-2621", "CVE-2015-4786", "CVE-2015-4787", "CVE-2015-2638", "CVE-2015-4740", "CVE-2015-2619", "CVE-2015-4731", "CVE-2015-4727", "CVE-2015-4741", "CVE-2015-2636", "CVE-2015-2659", "CVE-2015-2655", "CVE-2015-4775", "CVE-2015-4773", "CVE-2014-8102", "CVE-2015-4746", "CVE-2015-2629", "CVE-2015-4788", "CVE-2015-4755", "CVE-2015-2602", "CVE-2015-4748", "CVE-2015-2622", "CVE-2015-2610", "CVE-2012-0036", "CVE-2015-2663", "CVE-2015-4742", "CVE-2015-2652", "CVE-2015-4759", "CVE-2015-0446", "CVE-2015-2582", "CVE-2015-4780", "CVE-2014-1569", "CVE-2015-4781", "CVE-2015-2618", "CVE-2015-2641", "CVE-2015-2593", "CVE-2015-4744", "CVE-2015-2598", "CVE-2015-2587", "CVE-2015-2630", "CVE-2015-2592", "CVE-2015-4767", "CVE-2015-2616", "CVE-2015-2624", "CVE-2015-2609", "CVE-2015-4777", "CVE-2015-4754", "CVE-2015-2588", "CVE-2015-4760", "CVE-2015-2583", "CVE-2015-4743", "CVE-2015-4752", "CVE-2015-2586", "CVE-2015-4753", "CVE-2015-2649", "CVE-2015-2612", "CVE-2015-2644"], "modified": "2015-07-20T00:00:00", "id": "SECURITYVULNS:VULN:14601", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14601", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "oracle": [{"lastseen": "2021-06-08T18:53:03", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of malicious exploitation of vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that malicious attackers have been successful because customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 193 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\n** Please note that on May 15, 2015, Oracle released [Security Alert for CVE-2015-3456 (QEMU \"Venom\")](<http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-3456. **\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "cvss3": {}, "published": "2015-07-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update - July 2015", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2015-1926", "CVE-2015-1802", "CVE-2015-4000", "CVE-2015-2591", "CVE-2015-0443", "CVE-2015-1803", "CVE-2015-4771", "CVE-2015-2627", "CVE-2015-2615", "CVE-2014-3566", "CVE-2015-4764", "CVE-2015-4774", "CVE-2015-2601", "CVE-2015-4738", "CVE-2014-8098", "CVE-2015-0235", "CVE-2015-4729", "CVE-2015-1804", "CVE-2015-4751", "CVE-2015-0444", "CVE-2015-0445", "CVE-2015-4749", "CVE-2014-8092", "CVE-2015-4758", "CVE-2014-7809", "CVE-2015-2643", "CVE-2015-4770", "CVE-2015-4747", "CVE-2015-2661", "CVE-2015-4778", "CVE-2015-2632", "CVE-2015-2625", "CVE-2015-2617", "CVE-2015-4784", "CVE-2015-2664", "CVE-2015-2605", "CVE-2015-2597", "CVE-2015-4785", "CVE-2015-4732", "CVE-2015-2653", "CVE-2014-3572", "CVE-2014-3613", "CVE-2015-0206", "CVE-2014-0227", "CVE-2015-2595", "CVE-2015-4782", "CVE-2015-0286", "CVE-2015-3244", "CVE-2015-2648", "CVE-2015-2657", "CVE-2014-0230", "CVE-2014-8100", "CVE-2015-4789", "CVE-2015-2581", "CVE-2015-2613", "CVE-2015-2658", "CVE-2014-3571", "CVE-2015-4736", "CVE-2015-2599", "CVE-2013-2251", "CVE-2013-5704", "CVE-2015-4739", "CVE-2015-0288", "CVE-2015-4790", "CVE-2013-6422", "CVE-2015-2589", "CVE-2010-1324", "CVE-2015-2623", "CVE-2015-2631", "CVE-2010-4020", "CVE-2015-2596", "CVE-2015-4763", "CVE-2015-0285", "CVE-2015-4783", "CVE-2015-2620", "CVE-2015-2650", "CVE-2011-3389", "CVE-2015-2654", "CVE-2015-0207", "CVE-2015-2607", "CVE-2015-2639", "CVE-2015-2611", "CVE-2015-2645", "CVE-2015-2634", "CVE-2015-2594", "CVE-2014-8275", "CVE-2015-3456", "CVE-2015-0467", "CVE-2015-2584", "CVE-2015-0208", "CVE-2015-2808", "CVE-2013-0249", "CVE-2014-3570", "CVE-2015-2590", "CVE-2015-2656", "CVE-2015-2626", "CVE-2015-2628", "CVE-2015-4768", "CVE-2015-4761", "CVE-2015-4745", "CVE-2015-4750", "CVE-2014-0139", "CVE-2015-2635", "CVE-2015-4756", "CVE-2015-2647", "CVE-2014-3707", "CVE-2015-0293", "CVE-2015-2600", "CVE-2015-2580", "CVE-2014-8097", "CVE-2014-8101", "CVE-2015-2640", "CVE-2015-4733", "CVE-2015-2646", "CVE-2014-1568", "CVE-2015-2651", "CVE-2015-2603", "CVE-2014-8091", "CVE-2015-4765", "CVE-2015-2660", "CVE-2015-2604", "CVE-2015-0255", "CVE-2015-4772", "CVE-2015-2662", "CVE-2015-4735", "CVE-2015-0468", "CVE-2015-4779", "CVE-2015-0209", "CVE-2015-2585", "CVE-2013-2186", "CVE-2014-3567", "CVE-2015-2614", "CVE-2014-0015", "CVE-2015-4737", "CVE-2015-4776", "CVE-2015-4757", "CVE-2015-4728", "CVE-2015-2637", "CVE-2015-2606", "CVE-2015-4769", "CVE-2015-0204", "CVE-2015-2621", "CVE-2015-4786", "CVE-2015-4787", "CVE-2015-2638", "CVE-2015-4740", "CVE-2015-2619", "CVE-2015-4731", "CVE-2014-8095", "CVE-2015-4727", "CVE-2015-4741", "CVE-2015-2636", "CVE-2015-2659", "CVE-2015-2655", "CVE-2015-4775", "CVE-2015-4773", "CVE-2014-8102", "CVE-2015-0291", "CVE-2015-4746", "CVE-2015-2629", "CVE-2014-8096", "CVE-2015-4788", "CVE-2015-4755", "CVE-2015-2602", "CVE-2015-4748", "CVE-2015-0287", "CVE-2015-2622", "CVE-2015-2610", "CVE-2012-0036", "CVE-2013-2174", "CVE-2015-2663", "CVE-2015-4742", "CVE-2014-8093", "CVE-2015-0289", "CVE-2015-2652", "CVE-2015-4759", "CVE-2015-0446", "CVE-2015-0292", "CVE-2015-2582", "CVE-2015-4780", "CVE-2014-1569", "CVE-2015-4781", "CVE-2015-2618", "CVE-2015-2641", "CVE-2015-2593", "CVE-2015-4744", "CVE-2015-2598", "CVE-2014-0138", "CVE-2015-2587", "CVE-2015-2630", "CVE-2015-2592", "CVE-2015-4767", "CVE-2015-0290", "CVE-2015-2616", "CVE-2015-0205", "CVE-2015-2624", "CVE-2015-2609", "CVE-2015-4777", "CVE-2010-1323", "CVE-2015-1787", "CVE-2015-4754", "CVE-2014-3569", "CVE-2015-2588", "CVE-2015-4760", "CVE-2015-2583", "CVE-2015-4743", "CVE-2013-4545", "CVE-2015-4752", "CVE-2015-2586", "CVE-2015-4753", "CVE-2015-2649", "CVE-2015-2612", "CVE-2015-2644"], "modified": "2016-07-07T00:00:00", "id": "ORACLE:CPUJUL2015-2367936", "href": "https://www.oracle.com/security-alerts/cpujul2015.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-10-04T21:16:01", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to: Critical Patch Updates and Security Alerts for information about Oracle Security Advisories.\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\nThis Critical Patch Update contains 193 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at [ https://blogs.oracle.com/security](<https://blogs.oracle.com/security/>).\n\n**Please note that on May 15, 2015, Oracle released Security Alert for CVE-2015-3456 (QEMU \"Venom\") .Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-3456.**\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: https://www.oracle.com/security-alerts/cpufaq.html#CVRF.\n", "cvss3": {}, "published": "2015-07-14T00:00:00", "type": "oracle", "title": "Oracle Critical Patch Update Advisory - July 2015", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2010-1323", "CVE-2010-1324", "CVE-2010-4020", "CVE-2011-3389", "CVE-2012-0036", "CVE-2013-0249", "CVE-2013-2174", "CVE-2013-2186", "CVE-2013-2251", "CVE-2013-4545", "CVE-2013-5704", "CVE-2013-6422", "CVE-2014-0015", "CVE-2014-0138", "CVE-2014-0139", "CVE-2014-0227", "CVE-2014-0230", "CVE-2014-1568", "CVE-2014-1569", "CVE-2014-3566", "CVE-2014-3567", "CVE-2014-3569", "CVE-2014-3570", "CVE-2014-3571", "CVE-2014-3572", "CVE-2014-3613", "CVE-2014-3707", "CVE-2014-7809", "CVE-2014-8091", "CVE-2014-8092", "CVE-2014-8093", "CVE-2014-8095", "CVE-2014-8096", "CVE-2014-8097", "CVE-2014-8098", "CVE-2014-8100", "CVE-2014-8101", "CVE-2014-8102", "CVE-2014-8275", "CVE-2015-0204", "CVE-2015-0205", "CVE-2015-0206", "CVE-2015-0207", "CVE-2015-0208", "CVE-2015-0209", "CVE-2015-0235", "CVE-2015-0255", "CVE-2015-0285", "CVE-2015-0286", "CVE-2015-0287", "CVE-2015-0288", "CVE-2015-0289", "CVE-2015-0290", "CVE-2015-0291", "CVE-2015-0292", "CVE-2015-0293", "CVE-2015-0443", "CVE-2015-0444", "CVE-2015-0445", "CVE-2015-0446", "CVE-2015-0467", "CVE-2015-0468", "CVE-2015-1787", "CVE-2015-1802", "CVE-2015-1803", "CVE-2015-1804", "CVE-2015-1926", "CVE-2015-2580", "CVE-2015-2581", "CVE-2015-2582", "CVE-2015-2583", "CVE-2015-2584", "CVE-2015-2585", "CVE-2015-2586", "CVE-2015-2587", "CVE-2015-2588", "CVE-2015-2589", "CVE-2015-2590", "CVE-2015-2591", "CVE-2015-2592", "CVE-2015-2593", "CVE-2015-2594", "CVE-2015-2595", "CVE-2015-2596", "CVE-2015-2597", "CVE-2015-2598", "CVE-2015-2599", "CVE-2015-2600", "CVE-2015-2601", "CVE-2015-2602", "CVE-2015-2603", "CVE-2015-2604", "CVE-2015-2605", "CVE-2015-2606", "CVE-2015-2607", "CVE-2015-2609", "CVE-2015-2610", "CVE-2015-2611", "CVE-2015-2612", "CVE-2015-2613", "CVE-2015-2614", "CVE-2015-2615", "CVE-2015-2616", "CVE-2015-2617", "CVE-2015-2618", "CVE-2015-2619", "CVE-2015-2620", "CVE-2015-2621", "CVE-2015-2622", "CVE-2015-2623", "CVE-2015-2624", "CVE-2015-2625", "CVE-2015-2626", "CVE-2015-2627", "CVE-2015-2628", "CVE-2015-2629", "CVE-2015-2630", "CVE-2015-2631", "CVE-2015-2632", "CVE-2015-2634", "CVE-2015-2635", "CVE-2015-2636", "CVE-2015-2637", "CVE-2015-2638", "CVE-2015-2639", "CVE-2015-2640", "CVE-2015-2641", "CVE-2015-2643", "CVE-2015-2644", "CVE-2015-2645", "CVE-2015-2646", "CVE-2015-2647", "CVE-2015-2648", "CVE-2015-2649", "CVE-2015-2650", "CVE-2015-2651", "CVE-2015-2652", "CVE-2015-2653", "CVE-2015-2654", "CVE-2015-2655", "CVE-2015-2656", "CVE-2015-2657", "CVE-2015-2658", "CVE-2015-2659", "CVE-2015-2660", "CVE-2015-2661", "CVE-2015-2662", "CVE-2015-2663", "CVE-2015-2664", "CVE-2015-2808", "CVE-2015-3244", "CVE-2015-3456", "CVE-2015-4000", "CVE-2015-4727", "CVE-2015-4728", "CVE-2015-4729", "CVE-2015-4731", "CVE-2015-4732", "CVE-2015-4733", "CVE-2015-4735", "CVE-2015-4736", "CVE-2015-4737", "CVE-2015-4738", "CVE-2015-4739", "CVE-2015-4740", "CVE-2015-4741", "CVE-2015-4742", "CVE-2015-4743", "CVE-2015-4744", "CVE-2015-4745", "CVE-2015-4746", "CVE-2015-4747", "CVE-2015-4748", "CVE-2015-4749", "CVE-2015-4750", "CVE-2015-4751", "CVE-2015-4752", "CVE-2015-4753", "CVE-2015-4754", "CVE-2015-4755", "CVE-2015-4756", "CVE-2015-4757", "CVE-2015-4758", "CVE-2015-4759", "CVE-2015-4760", "CVE-2015-4761", "CVE-2015-4763", "CVE-2015-4764", "CVE-2015-4765", "CVE-2015-4767", "CVE-2015-4768", "CVE-2015-4769", "CVE-2015-4770", "CVE-2015-4771", "CVE-2015-4772", "CVE-2015-4773", "CVE-2015-4774", "CVE-2015-4775", "CVE-2015-4776", "CVE-2015-4777", "CVE-2015-4778", "CVE-2015-4779", "CVE-2015-4780", "CVE-2015-4781", "CVE-2015-4782", "CVE-2015-4783", "CVE-2015-4784", "CVE-2015-4785", "CVE-2015-4786", "CVE-2015-4787", "CVE-2015-4788", "CVE-2015-4789", "CVE-2015-4790"], "modified": "2016-07-07T00:00:00", "id": "ORACLE:CPUJUL2015", "href": "https://www.oracle.com/security-alerts/cpujul2015.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}