10/31/2016 09:55 AM EDT – Original release date: October 31, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
- High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
- Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
- Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| adobe — acrobat | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7853, and CVE-2016-7854. | 2016-10-21 | 10.0 | CVE-2016-7852 CONFIRM |
| adobe — acrobat | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7852, and CVE-2016-7854. | 2016-10-21 | 10.0 | CVE-2016-7853 CONFIRM |
| adobe — acrobat | Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-6940, CVE-2016-6941, CVE-2016-6942, CVE-2016-6943, CVE-2016-6947, CVE-2016-6948, CVE-2016-6950, CVE-2016-6951, CVE-2016-6954, CVE-2016-6955, CVE-2016-6956, CVE-2016-6959, CVE-2016-6960, CVE-2016-6966, CVE-2016-6970, CVE-2016-6972, CVE-2016-6973, CVE-2016-6974, CVE-2016-6975, CVE-2016-6976, CVE-2016-6977, CVE-2016-6978, CVE-2016-6995, CVE-2016-6996, CVE-2016-6997, CVE-2016-6998, CVE-2016-7000, CVE-2016-7001, CVE-2016-7002, CVE-2016-7003, CVE-2016-7004, CVE-2016-7005, CVE-2016-7006, CVE-2016-7007, CVE-2016-7008, CVE-2016-7009, CVE-2016-7010, CVE-2016-7011, CVE-2016-7012, CVE-2016-7013, CVE-2016-7014, CVE-2016-7015, CVE-2016-7016, CVE-2016-7017, CVE-2016-7018, CVE-2016-7019, CVE-2016-7852, and CVE-2016-7853. | 2016-10-21 | 10.0 | CVE-2016-7854 CONFIRM |
| apache — commons_fileupload | Apache Commons FileUpload DiskFileItem File Manipulation Remote Code Execution | 2016-10-25 | 7.5 | CVE-2016-1000031 MISC |
| cisco — email_security_appliance | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules. More Information: CSCux59873. Known Affected Releases: 8.5.6-106 9.1.0-032 9.7.0-125. Known Fixed Releases: 9.1.1-038 9.7.1-066. | 2016-10-28 | 7.8 | CVE-2016-1481 CONFIRM |
| cisco — email_security_appliance | A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects Cisco AsyncOS Software releases 9.7.1 and later, prior to the first fixed release, for both virtual and hardware Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCuy99453. Known Affected Releases: 9.7.1-066. Known Fixed Releases: 10.0.0-125 9.7.1-207 9.7.2-047. | 2016-10-28 | 7.8 | CVE-2016-1486 CONFIRM |
| cisco — email_security_appliance | A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter or content filter to incoming email attachments. The vulnerability is not limited to any specific rules or actions for a message filter or content filter. More Information: CSCuz63143. Known Affected Releases: 8.5.7-042 9.7.0-125. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. | 2016-10-28 | 7.8 | CVE-2016-6356 CONFIRM |
| cisco — ip_interoperability_and_collaboration_system | A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable. Affected Products: This vulnerability affects Cisco IPICS releases 4.8(1) to 4.10(1). More Information: CSCva46644. Known Affected Releases: 4.10(1) 4.8(1) 4.8(2) 4.9(1) 4.9(2). | 2016-10-28 | 10.0 | CVE-2016-6397 CONFIRM |
| cisco — adaptive_security_appliance | A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system. The vulnerability is due to improper handling of crafted packets during the enrollment operation. An attacker could exploit this vulnerability by sending a crafted enrollment request to the affected system. An exploit could allow the attacker to cause the reload of the affected system. Note: Only HTTPS packets directed to the Cisco ASA interface, where the local CA is allowing user enrollment, can be used to trigger this vulnerability. This vulnerability affects systems configured in routed firewall mode and in single or multiple context mode. | 2016-10-27 | 7.1 | CVE-2016-6431 CONFIRM |
| ibm — security_guardium_database_activity_monitor | IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to execute arbitrary commands with root privileges via the search field. | 2016-10-21 | 9.0 | CVE-2016-0236 CONFIRM |
| ibm — security_guardium_database_activity_monitor | IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain administrator privileges for command execution via unspecified vectors. | 2016-10-21 | 7.2 | CVE-2016-0328 CONFIRM |
| libcsp_project — libcsp | Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet. | 2016-10-28 | 7.5 | CVE-2016-8596 MISC |
| libcsp_project — libcsp | Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets. | 2016-10-28 | 7.5 | CVE-2016-8597 MISC |
| oracle — weblogic_server | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to JavaServer Faces. | 2016-10-25 | 9.0 | CVE-2016-3505 CONFIRM |
| oracle — weblogic_server | Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXWS Web Services Stack. | 2016-10-25 | 10.0 | CVE-2016-3551 CONFIRM |
| oracle — istore | Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via vectors related to Runtime Catalog. | 2016-10-25 | 7.8 | CVE-2016-5489 CONFIRM |
| oracle — vm_virtualbox | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538. | 2016-10-25 | 7.2 | CVE-2016-5501 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5512. | 2016-10-25 | 7.5 | CVE-2016-5521 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Apache Tomcat. | 2016-10-25 | 7.5 | CVE-2016-5526 CONFIRM |
| oracle — weblogic_server | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS-WebServices. | 2016-10-25 | 7.5 | CVE-2016-5531 CONFIRM |
| oracle — weblogic_server | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2016-10-25 | 7.5 | CVE-2016-5535 CONFIRM |
| oracle — vm_virtualbox | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501. | 2016-10-25 | 7.2 | CVE-2016-5538 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86. | 2016-10-25 | 7.2 | CVE-2016-5544 CONFIRM |
| oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. | 2016-10-25 | 9.3 | CVE-2016-5556 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, CVE-2016-5579, and CVE-2016-5588. | 2016-10-25 | 7.5 | CVE-2016-5558 CONFIRM |
| oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. | 2016-10-25 | 9.3 | CVE-2016-5568 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5577, CVE-2016-5578, CVE-2016-5579, and CVE-2016-5588. | 2016-10-25 | 7.5 | CVE-2016-5574 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5578, CVE-2016-5579, and CVE-2016-5588. | 2016-10-25 | 7.5 | CVE-2016-5577 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5579, and CVE-2016-5588. | 2016-10-25 | 7.5 | CVE-2016-5578 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, and CVE-2016-5588. | 2016-10-25 | 7.5 | CVE-2016-5579 CONFIRM |
| oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573. | 2016-10-25 | 9.3 | CVE-2016-5582 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, and CVE-2016-5579. | 2016-10-25 | 7.5 | CVE-2016-5588 CONFIRM |
| oracle — flexcube_universal_banking | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote attackers to affect confidentiality and integrity via vectors related to INFRA. | 2016-10-25 | 7.8 | CVE-2016-5622 CONFIRM |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco — email_security_appliance | A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047. | 2016-10-28 | 4.3 | CVE-2016-1423 CONFIRM |
| cisco — email_security_appliance | A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device. Affected Products: all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA, both virtual and hardware appliances, if the software is configured with message or content filters to scan incoming email attachments. More Information: CSCuw03606, CSCux59734. Known Affected Releases: 8.0.0-000 8.5.6-106 9.0.0-000 9.1.0-032 9.6.0-042 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.1.1-038 9.7.1-066. | 2016-10-28 | 5.0 | CVE-2016-1480 CONFIRM |
| cisco — email_security_appliance | A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment. More Information: CSCuz01651. Known Affected Releases: 10.0.9-015 9.7.1-066 9.9.6-026. | 2016-10-28 | 5.0 | CVE-2016-6357 CONFIRM |
| cisco — email_security_appliance | A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits. More Information: CSCux68539. Known Affected Releases: 9.1.0-032 9.7.1-000. Known Fixed Releases: 9.1.1-038. | 2016-10-28 | 5.0 | CVE-2016-6358 CONFIRM |
| cisco — email_security_appliance | A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting. Affected Products: Cisco AsyncOS Software for Email Security Appliances (ESA) versions 9.5 and later up to the first fixed release, Cisco AsyncOS Software for Web Security Appliances (WSA) all versions prior to the first fixed release. More Information: CSCux56406, CSCux59928. Known Affected Releases: 9.6.0-051 9.7.0-125 8.8.0-085 9.5.0-444 WSA10.0.0-000. Known Fixed Releases: 9.7.1-066 WSA10.0.0-233. | 2016-10-28 | 5.0 | CVE-2016-6360 CONFIRM |
| cisco — email_security_appliance | A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device. Emails that should have been quarantined could instead be processed. Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco ESA and Cisco WSA on both virtual and hardware appliances that are configured with message or content filters to scan incoming email attachments. More Information: CSCuy54740, CSCuy75174. Known Affected Releases: 9.7.1-066 9.5.0-575 WSA10.0.0-000. Known Fixed Releases: 10.0.0-125 9.1.1-038 9.7.2-047. | 2016-10-28 | 5.0 | CVE-2016-6372 CONFIRM |
| cisco — meeting_server | A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0. | 2016-10-27 | 5.0 | CVE-2016-6446 CONFIRM |
| citrix — netscaler_application_delivery_controller_firmware | Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header. | 2016-10-28 | 5.8 | CVE-2016-9028 CONFIRM |
| huge-it — catalog | SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla | 2016-10-27 | 6.5 | CVE-2016-1000120 MISC MISC |
| huge-it — slider | XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | 2016-10-27 | 6.5 | CVE-2016-1000122 MISC MISC |
| ibm — security_guardium_database_activity_monitor | IBM Security Guardium Database Activity Monitor 9.x through 9.5 before p700 and 10.x through 10.0.1 before p100 allows remote authenticated users to make HTTP requests with administrator privileges via unspecified vectors. | 2016-10-21 | 6.5 | CVE-2016-0239 CONFIRM |
| ibm — security_guardium_database_activity_monitor | IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 does not enable the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by leveraging use of HTTP. | 2016-10-21 | 4.3 | CVE-2016-0240 CONFIRM |
| ibm — security_guardium_database_activity_monitor | IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote authenticated users to spoof administrator accounts by sending a modified login request over HTTP. | 2016-10-21 | 6.5 | CVE-2016-0241 CONFIRM |
| ibm — security_guardium | IBM Security Guardium 10.x through 10.1 before p100 allows remote authenticated users to obtain sensitive information by reading an Application Error message. | 2016-10-21 | 4.0 | CVE-2016-0242 CONFIRM |
| ibm — security_guardium | Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2016-10-21 | 4.3 | CVE-2016-0246 CONFIRM |
| ibm — rational_collaborative_lifecycle_management | IBM Rational Quality Manager (RQM) and Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.x before 4.0.7 iFix11, 5.x before 5.0.2 iFix17, and 6.x before 6.0.1 ifix3 allow remote authenticated users to execute arbitrary OS commands via a crafted “HTML request.” | 2016-10-21 | 6.5 | CVE-2016-0326 CONFIRM |
| ibm — websphere_application_server | The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors. | 2016-10-21 | 4.0 | CVE-2016-0377 CONFIRM |
| microfocus — rumba_ftp | Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution. Fixed in: Rumba FTP 4.5 (HF 14668). This can only occur if a client connects to a malicious server. | 2016-10-27 | 6.8 | CVE-2016-5764 CONFIRM |
| novell — identity_manager | XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. | 2016-10-27 | 4.3 | CVE-2015-0787 CONFIRM |
| novell — identity_manager | XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. | 2016-10-27 | 4.3 | CVE-2016-1592 CONFIRM |
| oracle — business_intelligence_publisher | Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors. | 2016-10-25 | 4.0 | CVE-2016-3473 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | 2016-10-25 | 6.8 | CVE-2016-3492 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | 2016-10-25 | 6.8 | CVE-2016-3495 CONFIRM |
| oracle — database_server | Unspecified vulnerability in the RDBMS Security and SQL*Plus components in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality via vectors related to DBA. | 2016-10-25 | 4.3 | CVE-2016-3562 CONFIRM |
| oracle — flexcube_universal_banking | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 allows remote authenticated users to affect confidentiality via vectors related to INFRA. | 2016-10-25 | 4.0 | CVE-2016-5479 CONFIRM |
| oracle — sun_zfs_storage_appliance_kit | Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows remote attackers to affect confidentiality via vectors related to Core Services. | 2016-10-25 | 4.3 | CVE-2016-5481 CONFIRM |
| oracle — commerce_guided_search | Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. | 2016-10-25 | 5.8 | CVE-2016-5482 CONFIRM |
| oracle — sun_zfs_storage_appliance_kit | Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality via vectors related to Core Services. | 2016-10-25 | 4.9 | CVE-2016-5486 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | 2016-10-25 | 4.6 | CVE-2016-5487 CONFIRM |
| oracle — weblogic_server | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container. | 2016-10-25 | 5.0 | CVE-2016-5488 CONFIRM |
| oracle — commerce_service_center | Unspecified vulnerability in the Oracle Commerce Service Center component in Oracle Commerce 10.0.3.5 and 10.2.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors. | 2016-10-25 | 5.8 | CVE-2016-5491 CONFIRM |
| oracle — flexcube_private_banking | Unspecified vulnerability in the Oracle FLEXCUBE Private Banking component in Oracle Financial Services Applications 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2016-10-25 | 4.9 | CVE-2016-5493 CONFIRM |
| oracle — discoverer | Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to EUL Code & Schema. | 2016-10-25 | 5.0 | CVE-2016-5495 CONFIRM |
| oracle — database | Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | 2016-10-25 | 4.4 | CVE-2016-5497 CONFIRM |
| oracle — discoverer | Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to Viewer. | 2016-10-25 | 5.0 | CVE-2016-5500 CONFIRM |
| oracle — flexcube_universal_banking | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA. | 2016-10-25 | 5.5 | CVE-2016-5502 CONFIRM |
| oracle — sun_zfs_storage_appliance_kit | Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality, integrity, and availability via vectors related to Core Services. | 2016-10-25 | 4.6 | CVE-2016-5503 CONFIRM |
| oracle — agile_product_supplier_collaboration_for_process | Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect confidentiality via vectors related to Supplier Portal. | 2016-10-25 | 4.7 | CVE-2016-5504 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | 2016-10-25 | 6.8 | CVE-2016-5507 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors. | 2016-10-25 | 5.0 | CVE-2016-5510 CONFIRM |
| oracle — webcenter_sites | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors. | 2016-10-25 | 4.3 | CVE-2016-5511 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5521. | 2016-10-25 | 4.3 | CVE-2016-5512 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Manager. | 2016-10-25 | 4.0 | CVE-2016-5513 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to ExportServlet. | 2016-10-25 | 6.5 | CVE-2016-5514 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RMIServlet. | 2016-10-25 | 6.5 | CVE-2016-5515 CONFIRM |
| oracle — database_server | Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors. | 2016-10-25 | 4.7 | CVE-2016-5516 CONFIRM |
| oracle — agile_engineering_data_management | Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to webfileservices. | 2016-10-25 | 6.8 | CVE-2016-5518 CONFIRM |
| oracle — glassfish_server | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces. | 2016-10-25 | 6.5 | CVE-2016-5519 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via unknown vectors. | 2016-10-25 | 4.0 | CVE-2016-5522 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AutoVue Java Applet. | 2016-10-25 | 6.5 | CVE-2016-5523 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5527. | 2016-10-25 | 5.0 | CVE-2016-5524 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5524. | 2016-10-25 | 4.3 | CVE-2016-5527 CONFIRM |
| oracle — peoplesoft_enterprise_peopletools | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5530 and CVE-2016-8293. | 2016-10-25 | 5.8 | CVE-2016-5529 CONFIRM |
| oracle — peoplesoft_enterprise_peopletools | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-8293. | 2016-10-25 | 5.8 | CVE-2016-5530 CONFIRM |
| oracle — shipping_execution | Unspecified vulnerability in the Oracle Shipping Execution component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Workflow Events. | 2016-10-25 | 5.0 | CVE-2016-5532 CONFIRM |
| oracle — primavera_p6_enterprise_ project_portfolio_management |
Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.4, 15.x, and 16.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2016-10-25 | 5.5 | CVE-2016-5533 CONFIRM |
| oracle — siebel_user_interface_framework | Unspecified vulnerability in the Siebel Apps – Customer Order Management component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality via unknown vectors. | 2016-10-25 | 4.0 | CVE-2016-5534 CONFIRM |
| oracle — platform_security_for_java | Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2016-10-25 | 6.5 | CVE-2016-5536 CONFIRM |
| oracle — netbeans | Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | 2016-10-25 | 4.6 | CVE-2016-5537 CONFIRM |
| oracle — micros_xstore_payment | Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality, integrity, and availability via unknown vectors. | 2016-10-25 | 4.6 | CVE-2016-5539 CONFIRM |
| oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries. | 2016-10-25 | 4.3 | CVE-2016-5542 CONFIRM |
| oracle — flexcube_enterprise_limits_and_ collateral_management |
Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component in Oracle Financial Services Applications 12.0.0 and 12.1.0 allows remote attackers to affect confidentiality and integrity via vectors related to INFRA. | 2016-10-25 | 5.8 | CVE-2016-5543 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors. | 2016-10-25 | 4.7 | CVE-2016-5553 CONFIRM |
| oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX. | 2016-10-25 | 4.3 | CVE-2016-5554 CONFIRM |
| oracle — database_server | Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality, integrity, and availability via unknown vectors. | 2016-10-25 | 6.5 | CVE-2016-5555 CONFIRM |
| oracle — advanced_pricing | Unspecified vulnerability in the Oracle Advanced Pricing component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and integrity via unknown vectors. | 2016-10-25 | 5.8 | CVE-2016-5557 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel. | 2016-10-25 | 4.0 | CVE-2016-5559 CONFIRM |
| oracle — siebel_customer_order_management | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to OpenUI. | 2016-10-25 | 5.5 | CVE-2016-5560 CONFIRM |
| oracle — iprocurement | Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2016-10-25 | 4.9 | CVE-2016-5562 CONFIRM |
| oracle — hospitality_opera_5_property_services | Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote administrators to affect confidentiality, integrity, and availability via vectors related to OPERA. | 2016-10-25 | 6.0 | CVE-2016-5563 CONFIRM |
| oracle — hospitality_opera_5_property_services | Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to OPERA. | 2016-10-25 | 6.5 | CVE-2016-5564 CONFIRM |
| oracle — hospitality_opera_5_property_services | Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality via vectors related to OPERA. | 2016-10-25 | 4.0 | CVE-2016-5565 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiality via unknown vectors. | 2016-10-25 | 5.0 | CVE-2016-5566 CONFIRM |
| oracle — applications_dba | Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 and 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities, a different vulnerability than CVE-2016-5571. | 2016-10-25 | 5.5 | CVE-2016-5567 CONFIRM |
| oracle — flexcube_enterprise_limits_and_ collateral_management |
Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component in Oracle Financial Services Applications 12.0.0 and 12.1.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2016-10-25 | 5.5 | CVE-2016-5569 CONFIRM |
| oracle — applications_dba | Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities. | 2016-10-25 | 5.5 | CVE-2016-5570 CONFIRM |
| oracle — applications_dba | Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 and 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities, a different vulnerability than CVE-2016-5567. | 2016-10-25 | 5.5 | CVE-2016-5571 CONFIRM |
| oracle — database | Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | 2016-10-25 | 4.4 | CVE-2016-5572 CONFIRM |
| oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582. | 2016-10-25 | 6.8 | CVE-2016-5573 CONFIRM |
| oracle — common_applications | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Resources Module. | 2016-10-25 | 5.0 | CVE-2016-5575 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel Zones. | 2016-10-25 | 4.9 | CVE-2016-5576 CONFIRM |
| oracle — secure_global_desktop | Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services. | 2016-10-25 | 5.5 | CVE-2016-5580 CONFIRM |
| oracle — irecruitment | Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | 2016-10-25 | 4.6 | CVE-2016-5581 CONFIRM |
| oracle — one-to-one_fulfillment | Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect integrity via unknown vectors. | 2016-10-25 | 5.0 | CVE-2016-5583 CONFIRM |
| oracle — interaction_center_intelligence | Unspecified vulnerability in the Oracle Interaction Center Intelligence component in Oracle E-Business Suite 12.1.1 through 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors. | 2016-10-25 | 6.4 | CVE-2016-5585 CONFIRM |
| oracle — email_center | Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and integrity via unknown vectors. | 2016-10-25 | 6.4 | CVE-2016-5586 CONFIRM |
| oracle — customer_interaction_history | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5591 and CVE-2016-5593. | 2016-10-25 | 6.4 | CVE-2016-5587 CONFIRM |
| oracle — customer_relationship_ management_technical_foundation |
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and integrity via unknown vectors. | 2016-10-25 | 6.4 | CVE-2016-5589 CONFIRM |
| oracle — customer_interaction_history | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5587 and CVE-2016-5593. | 2016-10-25 | 6.4 | CVE-2016-5591 CONFIRM |
| oracle — customer_interaction_history | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5595. | 2016-10-25 | 6.4 | CVE-2016-5592 CONFIRM |
| oracle — customer_interaction_history | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5587 and CVE-2016-5591. | 2016-10-25 | 6.4 | CVE-2016-5593 CONFIRM |
| oracle — flexcube_universal_banking | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to INFRA. | 2016-10-25 | 4.0 | CVE-2016-5594 CONFIRM |
| oracle — customer_interaction_history | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5592. | 2016-10-25 | 6.4 | CVE-2016-5595 CONFIRM |
| oracle — customer_relationship_ management_technical_foundation |
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality via unknown vectors. | 2016-10-25 | 4.0 | CVE-2016-5596 CONFIRM |
| oracle — jdk | Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking. | 2016-10-25 | 4.3 | CVE-2016-5597 CONFIRM |
| oracle — mysql_connectors | Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python. | 2016-10-25 | 6.8 | CVE-2016-5598 CONFIRM |
| oracle — advanced_supply_chain_planning | Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to MscObieeSrvlt. | 2016-10-25 | 6.4 | CVE-2016-5599 CONFIRM |
| oracle — peoplesoft_enterprise_supply_chain_ management_services_procurement |
Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | 2016-10-25 | 5.5 | CVE-2016-5600 CONFIRM |
| oracle — flexcube_universal_banking | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5621. | 2016-10-25 | 4.0 | CVE-2016-5603 CONFIRM |
| oracle — vm_virtualbox | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE. | 2016-10-25 | 6.4 | CVE-2016-5605 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones. | 2016-10-25 | 5.6 | CVE-2016-5606 CONFIRM |
| oracle — flexcube_universal_banking | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to INFRA. | 2016-10-25 | 6.5 | CVE-2016-5607 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. | 2016-10-25 | 4.0 | CVE-2016-5609 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML. | 2016-10-25 | 4.0 | CVE-2016-5612 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: MyISAM. | 2016-10-25 | 4.4 | CVE-2016-5616 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Error Handling. | 2016-10-25 | 4.4 | CVE-2016-5617 CONFIRM |
| oracle — flexcube_universal_banking | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA, a different vulnerability than CVE-2016-5620. | 2016-10-25 | 5.5 | CVE-2016-5619 CONFIRM |
| oracle — flexcube_universal_banking | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA, a different vulnerability than CVE-2016-5619. | 2016-10-25 | 5.5 | CVE-2016-5620 CONFIRM |
| oracle — flexcube_universal_banking | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 and 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5603. | 2016-10-25 | 4.0 | CVE-2016-5621 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML. | 2016-10-25 | 4.0 | CVE-2016-5624 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging. | 2016-10-25 | 4.4 | CVE-2016-5625 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS. | 2016-10-25 | 4.0 | CVE-2016-5626 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB. | 2016-10-25 | 4.0 | CVE-2016-5627 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML. | 2016-10-25 | 4.0 | CVE-2016-5628 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated. | 2016-10-25 | 4.0 | CVE-2016-5629 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | 2016-10-25 | 4.0 | CVE-2016-5630 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached. | 2016-10-25 | 4.0 | CVE-2016-5631 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. | 2016-10-25 | 4.0 | CVE-2016-5632 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290. | 2016-10-25 | 4.0 | CVE-2016-5633 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR. | 2016-10-25 | 4.0 | CVE-2016-5634 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit. | 2016-10-25 | 4.0 | CVE-2016-5635 CONFIRM |
| oracle — platform_security_for_java | Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2016-10-25 | 6.5 | CVE-2016-8281 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. | 2016-10-25 | 4.0 | CVE-2016-8283 CONFIRM |
| oracle — peoplesoft_enterprise_human_capital_ management_candidate_gateway |
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway. | 2016-10-25 | 4.9 | CVE-2016-8285 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. | 2016-10-25 | 4.9 | CVE-2016-8288 CONFIRM |
| oracle — peoplesoft_enterprise_peopletools | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Mobile Application Platform. | 2016-10-25 | 5.8 | CVE-2016-8291 CONFIRM |
| oracle — peoplesoft_enterprise_human_capital_ management_talent_acquisition_manager |
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Talent Acquisition Manager. | 2016-10-25 | 5.8 | CVE-2016-8292 CONFIRM |
| oracle — peoplesoft_enterprise_peopletools | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-5530. | 2016-10-25 | 5.8 | CVE-2016-8293 CONFIRM |
| oracle — peoplesoft_enterprise_peopletools | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors. | 2016-10-25 | 4.0 | CVE-2016-8294 CONFIRM |
| oracle — peoplesoft_enterprise_human_capital_ management_time_and_labor |
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors. | 2016-10-25 | 4.0 | CVE-2016-8295 CONFIRM |
| oracle — peoplesoft_enterprise_peopletools | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to LDAP. | 2016-10-25 | 4.9 | CVE-2016-8296 CONFIRM |
| python — tgcaptcha2 | TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times. | 2016-10-25 | 5.0 | CVE-2016-1000032 MISC MISC |
| ruckus — wireless_h500 | Ruckus Wireless H500 web management interface CSRF | 2016-10-25 | 6.8 | CVE-2016-1000213 MISC |
| ruckus — wireless_h500 | Ruckus Wireless H500 web management interface authentication bypass | 2016-10-25 | 5.0 | CVE-2016-1000214 MISC |
| ruckus — wireless_h500 | Ruckus Wireless H500 web management interface denial of service | 2016-10-25 | 5.0 | CVE-2016-1000215 MISC |
| shotwell_project — shotwell | Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks. | 2016-10-25 | 4.3 | CVE-2016-1000033 MISC. MISC |
| yandex — yandex_browser | Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled. | 2016-10-26 | 5.0 | CVE-2016-8501 CONFIRM |
| yandex — yandex_browser | Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | 2016-10-26 | 5.0 | CVE-2016-8502 CONFIRM |
| yandex — yandex_browser | Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript. | 2016-10-26 | 5.0 | CVE-2016-8503 CONFIRM |
| yandex — yandex_browser | CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile. | 2016-10-26 | 4.3 | CVE-2016-8504 CONFIRM |
| yandex — yandex.browser | XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code. | 2016-10-26 | 4.3 | CVE-2016-8505 CONFIRM |
| yandex — yandex_browser | XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code. | 2016-10-26 | 4.3 | CVE-2016-8506 CONFIRM |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| huge-it — slider | XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | 2016-10-27 | 3.5 | CVE-2016-1000121 MISC MISC |
| ibm — security_guardium | IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, and 10.x through 10.1 before p100 allows local users to obtain sensitive cleartext information via unspecified vectors, as demonstrated by password information. | 2016-10-21 | 2.1 | CVE-2016-0247 CONFIRM |
| novell — identity_manager | XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages. | 2016-10-27 | 3.5 | CVE-2016-1598 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash. | 2016-10-25 | 1.9 | CVE-2016-5480 CONFIRM |
| oracle — flexcube_universal_banking | Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.4.0 allows local users to affect confidentiality via vectors related to INFRA. | 2016-10-25 | 2.1 | CVE-2016-5490 CONFIRM |
| oracle — sun_zfs_storage_appliance_kit | Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality and integrity via vectors related to SMB Users. | 2016-10-25 | 3.6 | CVE-2016-5492 CONFIRM |
| oracle — database_server | Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499. | 2016-10-25 | 2.1 | CVE-2016-5498 CONFIRM |
| oracle — database_server | Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5498. | 2016-10-25 | 2.1 | CVE-2016-5499 CONFIRM |
| oracle — database_server | Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors. | 2016-10-25 | 2.1 | CVE-2016-5505 CONFIRM |
| oracle — identity_manager | Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server. | 2016-10-25 | 3.3 | CVE-2016-5506 CONFIRM |
| oracle — solaris_cluster | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 4.3 allows local users to affect confidentiality via vectors related to Cluster Geo. | 2016-10-25 | 2.1 | CVE-2016-5508 CONFIRM |
| oracle — applications_dba | Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 allows local users to affect confidentiality via vectors related to AD Utilities. | 2016-10-25 | 2.1 | CVE-2016-5517 CONFIRM |
| oracle — solaris_cluster | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files. | 2016-10-25 | 2.1 | CVE-2016-5525 CONFIRM |
| oracle — micros_xstore_payment | Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality and integrity via unknown vectors. | 2016-10-25 | 3.3 | CVE-2016-5540 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability via vectors related to IKE. | 2016-10-25 | 2.6 | CVE-2016-5561 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. | 2016-10-25 | 3.5 | CVE-2016-5584 CONFIRM |
| oracle — weblogic_server | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows local users to affect confidentiality and integrity via vectors related to CIE Related Components. | 2016-10-25 | 3.3 | CVE-2016-5601 CONFIRM |
| oracle — data_integrator | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine. | 2016-10-25 | 3.5 | CVE-2016-5602 CONFIRM |
| oracle — enterprise_manager_base_platform | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework. | 2016-10-25 | 3.3 | CVE-2016-5604 CONFIRM |
| oracle — vm_virtualbox | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613. | 2016-10-25 | 2.1 | CVE-2016-5608 CONFIRM |
| oracle — vm_virtualbox | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core. | 2016-10-25 | 3.6 | CVE-2016-5610 CONFIRM |
| oracle — vm_virtualbox | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core. | 2016-10-25 | 2.1 | CVE-2016-5611 CONFIRM |
| oracle — vm_virtualbox | Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608. | 2016-10-25 | 2.1 | CVE-2016-5613 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx. | 2016-10-25 | 2.1 | CVE-2016-5615 CONFIRM |
| oracle — data_integrator | Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine. | 2016-10-25 | 3.5 | CVE-2016-5618 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication. | 2016-10-25 | 1.2 | CVE-2016-8284 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges. | 2016-10-25 | 3.5 | CVE-2016-8286 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. | 2016-10-25 | 3.5 | CVE-2016-8287 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB. | 2016-10-25 | 3.3 | CVE-2016-8289 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-5633. | 2016-10-25 | 3.5 | CVE-2016-8290 CONFIRM |
Severity Not Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alienvault — ossim_and_usm | A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator. | 2016-10-28 | not yet calculated | CVE-2016-8581 CONFIRM |
| alienvault — ossim_and_usm | A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL’s LOAD_FILE. | 2016-10-28 | not yet calculated | CVE-2016-8582 CONFIRM |
| alienvault — ossim_and_usm | Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS. | 2016-10-28 | not yet calculated | CVE-2016-8583 CONFIRM |
| alienvault — ossim_and_usm | PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2. These vulnerabilities allow arbitrary PHP code execution via magic methods in included classes. | 2016-10-28 | not yet calculated | CVE-2016-8580 CONFIRM |
| artifex — mujs | A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc. MuJS before 8c805b4eb19cf2af689c860b77e6111d2ee439d5. A successful exploitation of this issue can lead to code execution or denial of service condition. | 2016-10-28 | not yet calculated | CVE-2016-7505 CONFIRM |
| artifex — mujs | A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc. MuJS before 5c337af4b3df80cf967e4f9f6a21522de84b392a. A successful exploitation of this issue can lead to code execution or denial of service condition. | 2016-10-28 | not yet calculated | CVE-2016-7504 CONFIRM |
| artifex — mujs | An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc. MuJS before 5000749f5afe3b956fc916e407309de840997f4a. A successful exploitation of this issue can lead to code execution or denial of service condition. | 2016-10-28 | not yet calculated | CVE-2016-7506 CONFIRM |
| artifex — mujs | Artifex Software, Inc. MuJS before a5c747f1d40e8d6659a37a8d25f13fb5acf8e767 allows context-dependent attackers to obtain sensitive information by using the “opname in crafted JavaScript file” approach, related to an “Out-of-Bounds read” issue affecting the jsC_dumpfunction function in the jsdump.c component. | 2016-10-28 | not yet calculated | CVE-2016-9017 CONFIRM |
| bitcoin_core — bitcoin_knots | In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history. | 2016-10-28 | not yet calculated | CVE-2016-8889 CONFIRM CONFIRM |
| botan — botan | In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an “OAEP side channel” attack. | 2016-10-28 | not yet calculated | CVE-2016-8871 CONFIRM |
| cisco — asa_software | A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. The vulnerability is due to a buffer overflow in the affected code area. An attacker could exploit this vulnerability by sending a crafted NetBIOS packet in response to a NetBIOS probe sent by the ASA software. An exploit could allow the attacker to execute arbitrary code and obtain full control of the system or cause a reload of the affected system. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. This vulnerability affects systems configured in routed and transparent firewall mode and in single or multiple context mode. This vulnerability can be triggered by IPv4 traffic. | 2016-10-27 | not yet calculated | CVE-2016-6432 CONFIRM |
| cisco — finesse_agent_and_supervisor | A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface. More Information: CSCvb57213. Known Affected Releases: 11.0(1). | 2016-10-27 | not yet calculated | CVE-2016-6442 CONFIRM |
| cisco — firepower_system_software | A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting. The vulnerability is due to improper handling of an HTTP packet stream. An attacker could exploit this vulnerability by sending a crafted HTTP packet stream to the detection engine on the targeted device. An exploit could allow the attacker to cause a DoS condition if the Snort process restarts and traffic inspection is bypassed or traffic is dropped. | 2016-10-27 | not yet calculated | CVE-2016-6439 CONFIRM |
| cisco — ios_xe_software | A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device. This vulnerability affects the following releases of Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers: All 3.16S releases, All 3.17S releases, Release 3.18.0S, Release 3.18.1S, Release 3.18.0SP. More Information: CSCuz62815. Known Affected Releases: 15.5(3)S2.9, 15.6(2)SP. Known Fixed Releases: 15.6(1.7)SP1, 16.4(0.183), 16.5(0.1). | 2016-10-27 | not yet calculated | CVE-2016-6438 CONFIRM |
| cisco — meeting_server | A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user. More Information: CSCvb03308. Known Affected Releases: 1.8, 1.9, 2.0. | 2016-10-27 | not yet calculated | CVE-2016-6444 CONFIRM |
| cisco — meeting_server | A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user. This vulnerability is due to the XMPP service incorrectly processing a deprecated authentication scheme. A successful exploit could allow an attacker to access the system as another user. | 2016-10-27 | not yet calculated | CVE-2016-6445 CONFIRM |
| cisco — prime_infrastructure | A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability. More Information: CSCva27038, CSCva28335. Known Affected Releases: 3.1(0.128), 1.2(400), 2.0(1.0.34A). | 2016-10-27 | not yet calculated | CVE-2016-6443 CONFIRM |
| cisco — unified_communications_manager | The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack. More Information: CSCuz64683 CSCuz64698. Known Affected Releases: 11.0(1.10000.10), 11.5(1.10000.6), 11.5(0.99838.4). Known Fixed Releases: 11.0(1.22048.1), 11.5(0.98000.1070), 11.5(0.98000.284)11.5(0.98000.346), 11.5(0.98000.768), 11.5(1.10000.3), 11.5(1.10000.6), 11.5(2.10000.2). | 2016-10-27 | not yet calculated | CVE-2016-6440 CONFIRM |
| cisco — waas | A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space. The user would see a performance degradation. More Information: CSCva03095. Known Affected Releases: 5.3(5), 6.1(1), 6.2(1). Known Fixed Releases: 5.3(5g)1, 6.2(2.32). | 2016-10-27 | not yet calculated | CVE-2016-6437 CONFIRM |
| docker — docker2aci | docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain. | 2016-10-28 | not yet calculated | CVE-2016-8579 CONFIRM |
| docker_engine — container_filesystem | Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or mounted volumes. | 2016-10-28 | not yet calculated | CVE-2016-8867 CONFIRM |
| dotcms — dotcms | In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later. | 2016-10-28 | not yet calculated | CVE-2016-8600 MISC CONFIRM MISC |
| hpe — system_management_homepage | HPE System Management Homepage before v7.6 allows “remote authenticated” attackers to obtain sensitive information via unspecified vectors, related to an “XSS” issue. | 2016-10-28 | not yet calculated | CVE-2016-4393 CONFIRM |
| hpe — system_management_homepage | HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a “Buffer Overflow” issue. | 2016-10-28 | not yet calculated | CVE-2016-4395 CONFIRM |
| hpe — system_management_homepage | HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a “Buffer Overflow” issue. | 2016-10-28 | not yet calculated | CVE-2016-4396 CONFIRM |
| hpe — system_management_homepage | HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an “HSTS” issue. | 2016-10-28 | not yet calculated | CVE-2016-4394 CONFIRM |
| ibm — ftm | Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2016-10-28 | not yet calculated | CVE-2016-5920 AIXAPAR CONFIRM |
| ibm — ftm | Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | 2016-10-28 | not yet calculated | CVE-2016-3060 AIXAPAR AIXAPAR AIXAPAR CONFIRM |
| iceni — argus | An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version 6.6.04 (Sep 7 2012) NK – Linux x64 and Version 6.6.04 (Nov 14 2014) NK – Windows x64. A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can send/provide malicious pdf file to trigger this vulnerability. | 2016-10-28 | not yet calculated | CVE-2016-8335 MISC |
| iceni — argus | An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus version 6.6.04 A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution. An attacker can provide a malicious pdf file to trigger this vulnerability. | 2016-10-28 | not yet calculated | CVE-2016-8333 MISC |
| libcsp — csp_if_zmqhub.c | Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet. | 2016-10-28 | not yet calculated | CVE-2016-8598 MISC |
| libtiff — tiff | An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remote code execution. This vulnerability can be triggered via a TIFF file delivered to the application using LibTIFF’s tag extension functionality. | 2016-10-28 | not yet calculated | CVE-2016-8331 MISC |
| moodle — moodle | Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a “SQL Injection” issue affecting the Administration panel function in the installation process component. | 2016-10-28 | not yet calculated | CVE-2016-7919 MISC |
| openjpeg — jpeg2000 | A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image. An exploitable code execution vulnerability exists in the jpeg2000 image file format parser as implemented in the OpenJpeg library. A specially crafted jpeg2000 file can cause an out of bound heap write resulting in heap corruption leading to arbitrary code execution. For a successful attack, the target user needs to open a malicious jpeg2000 file. The jpeg2000 image file format is mostly used for embedding images inside PDF documents and the OpenJpeg library is used by a number of popular PDF renderers making PDF documents a likely attack vector. | 2016-10-28 | not yet calculated | CVE-2016-8332 MISC MISC |
| openpeg — openjp2/pi.c:523 | Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2. | 2016-10-29 | not yet calculated | CVE-2016-9112 MISC |
| realnetworks — realplayer | Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file. | 2016-10-28 | not yet calculated | CVE-2016-9018 MISC |
| redis — data_structure_store | A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent. An out of bounds write vulnerability exists in the handling of the client-output-buffer-limit option during the CONFIG SET command for the Redis data structure store. A crafted CONFIG SET command can lead to an out of bounds write potentially resulting in code execution. | 2016-10-28 | not yet calculated | CVE-2016-8339 MISC MISC |