Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-21 | CVE-2016-3451 | Unspecified vulnerability in Oracle Integrated Lights OUT Manager Firmware 3.0/3.1/3.2 Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web. | 4.7 |
| 2016-07-21 | CVE-2016-3448 | Unspecified vulnerability in Oracle Application Express Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors. | 6.1 |
| 2016-07-21 | CVE-2016-3445 | Unspecified vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-5488. | 5.3 |
| 2016-07-21 | CVE-2016-3433 | Unspecified vulnerability in Oracle Business Intelligence 11.1.1.7.0/11.1.1.9.0 Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web Administration. | 5.4 |
| 2016-07-21 | CVE-2016-3432 | Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0/11.1.1.9.0 Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web Server. | 5.4 |
| 2016-07-21 | CVE-2016-3424 | Unspecified vulnerability in Oracle Mysql Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. | 4.9 |
| 2016-07-05 | CVE-2016-4956 | ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a denial of service (interleaved-mode transition and time change) via a spoofed broadcast packet. | 5.3 |
| 2016-07-05 | CVE-2016-4955 | Race Condition vulnerability in multiple products ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote attackers to cause a denial of service (peer-variable clearing and association outage) by sending (1) a spoofed crypto-NAK packet or (2) a packet with an incorrect MAC value at a certain time. | 5.9 |
| 2016-06-27 | CVE-2016-4470 | The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is initialized, which allows local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command. | 5.5 |
| 2016-06-20 | CVE-2016-2178 | Information Exposure Through Discrepancy vulnerability in multiple products The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL through 1.0.2h does not properly ensure the use of constant-time operations, which makes it easier for local users to discover a DSA private key via a timing side-channel attack. | 5.5 |