Vulnerabilities > Oracle > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-08-06 CVE-2016-5696 Information Exposure vulnerability in multiple products
net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.
network
high complexity
google oracle linux CWE-200
4.8
2016-08-05 CVE-2016-5265 Information Exposure vulnerability in multiple products
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory.
local
high complexity
oracle mozilla CWE-200
5.5
2016-08-05 CVE-2016-5262 Cross-site Scripting vulnerability in multiple products
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
network
low complexity
mozilla oracle CWE-79
6.1
2016-08-05 CVE-2016-2837 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the ClearKey Content Decryption Module (CDM) in the Encrypted Media Extensions (EME) API in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 might allow remote attackers to execute arbitrary code by providing a malformed video and leveraging a Gecko Media Plugin (GMP) sandbox bypass.
network
low complexity
mozilla oracle CWE-119
6.3
2016-08-02 CVE-2016-5403 Resource Exhaustion vulnerability in multiple products
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion.
local
low complexity
canonical oracle qemu debian redhat CWE-400
5.5
2016-07-21 CVE-2016-5477 Unspecified vulnerability in Oracle Glassfish Server 2.1.1/3.0.1
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.
network
low complexity
oracle
5.8
2016-07-21 CVE-2016-5471 Unspecified vulnerability in Oracle Solaris 11.3
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469.
local
low complexity
oracle
5.5
2016-07-21 CVE-2016-5470 Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality via vectors related to Application Designer.
network
low complexity
oracle
6.5
2016-07-21 CVE-2016-5469 Unspecified vulnerability in Oracle Solaris 11.3
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471.
local
low complexity
oracle
5.5
2016-07-21 CVE-2016-5468 Unspecified vulnerability in Oracle Siebel UI Framework
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5451.
network
low complexity
oracle
5.4