Weekly Vulnerabilities Reports > January 18 to 24, 2016

Overview

265 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 140 products from 28 vendors including Oracle, Canonical, Opensuse, Redhat, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Resource Management Errors", and "Credentials Management".

  • 226 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 205 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 219 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 8 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

13 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-01-22 CVE-2015-6015 Oracle Local Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, and CVE-2016-0432.

10.0
2016-01-22 CVE-2015-6014 Oracle Local Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6015, and CVE-2016-0432.

10.0
2016-01-22 CVE-2015-6013 Oracle Local Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6014, CVE-2015-6015, and CVE-2016-0432.

10.0
2016-01-22 CVE-2016-1984 Harman Credentials Management vulnerability in Harman AMX Firmware 1.2.322/1.3.100

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362.

10.0
2016-01-22 CVE-2015-8362 Harman Credentials Management vulnerability in Harman AMX Firmware 1.2.322/1.3.100

The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2016-1984.

10.0
2016-01-22 CVE-2015-6435 Cisco OS Command Injection vulnerability in Cisco products

An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888.

10.0
2016-01-22 CVE-2015-6412 Cisco Credentials Management vulnerability in Cisco Modular Encoding Platform D9036 Software

Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070.

10.0
2016-01-21 CVE-2016-0494 Canonical
Oracle
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
10.0
2016-01-21 CVE-2016-0483 Oracle
Canonical
Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
10.0
2016-01-21 CVE-2016-0452 Oracle Arbitrary File Upload vulnerability in Oracle Goldengate 11.2/12.1.2

Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0451.

10.0
2016-01-21 CVE-2016-0451 Oracle Arbitrary File Upload vulnerability in Oracle Goldengate 11.2/12.1.2

Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0452.

10.0
2016-01-19 CVE-2015-8617 PHP Use of Externally-Controlled Format String vulnerability in PHP 7.0.1

Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling.

10.0
2016-01-21 CVE-2016-0499 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4794.

9.0

29 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-01-20 CVE-2016-1929 SAP Improper Input Validation vulnerability in SAP Hana

The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978.

8.5
2016-01-21 CVE-2016-0440 Oracle Remote Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to NFSv4.

7.8
2016-01-21 CVE-2016-0420 Oracle Remote Security vulnerability in Oracle JD Edwards products 9.1/9.2

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via unknown vectors related to Monitoring and Diagnostics.

7.8
2016-01-21 CVE-2016-0403 Oracle Remote Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB Utilities.

7.8
2016-01-20 CVE-2015-5516 F5 Resource Management Errors vulnerability in F5 products

Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before 11.5.3 HF2 and 11.6.0 before HF6, BIG-IP AFM and PEM 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Analytics 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP APM and ASM 10.1.0 through 10.2.4, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, and 11.3.0, BIG-IP PSM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, and 11.4.x before 11.4.1 HF, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 might allow remote attackers to cause a denial of service (memory consumption) via a large number of crafted UDP packets.

7.8
2016-01-18 CVE-2015-4988 IBM Path Traversal vulnerability in IBM Tealeaf Customer Experience

Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors.

7.8
2016-01-22 CVE-2015-7909 Hospira Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hospira Communication Engine and Lifecare PCA Infusion System

Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000.

7.5
2016-01-21 CVE-2015-8472 Apple
Libpng
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.

7.5
2016-01-21 CVE-2016-0577 Oracle Remote Security vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-0574.

7.5
2016-01-21 CVE-2016-0574 Oracle Remote Security vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-0577.

7.5
2016-01-21 CVE-2016-0573 Oracle Remote Security vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Java Messaging Service.

7.5
2016-01-21 CVE-2016-0572 Oracle Remote Security vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Coherence Container.

7.5
2016-01-21 CVE-2016-0522 Oracle Remote Security vulnerability in Oracle Retail Open Commerce Platform Cloud Service

Unspecified vulnerability in the Oracle Retail Open Commerce Platform Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Framework.

7.5
2016-01-21 CVE-2016-0500 Oracle Remote Security vulnerability in Oracle Retail Order Broker Cloud Service 4.0/4.1

Unspecified vulnerability in the Oracle Retail Order Broker Cloud Service component in Oracle Retail Applications 4.0 and 4.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to System Administration.

7.5
2016-01-20 CVE-2016-1928 SAP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Hana

Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978.

7.5
2016-01-20 CVE-2016-1901 Fedoraproject
Cgit Project
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow.

7.5
2016-01-19 CVE-2016-1904 PHP Numeric Errors vulnerability in PHP 7.0.0/7.0.1

Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow.

7.5
2016-01-19 CVE-2015-8616 PHP Unspecified vulnerability in PHP 7.0.0

Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array.

7.5
2016-01-19 CVE-2015-6833 PHP Path Traversal vulnerability in PHP

Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a ..

7.5
2016-01-21 CVE-2016-0423 Oracle Remote Security vulnerability in Oracle JD Edwards products 9.1/9.2

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Enterprise Infrastructure SEC.

7.3
2016-01-19 CVE-2015-6836 PHP Unspecified vulnerability in PHP

The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function.

7.3
2016-01-19 CVE-2015-6832 PHP Unspecified vulnerability in PHP

Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field.

7.3
2016-01-19 CVE-2015-6831 PHP
Debian
Use After Free vulnerability in multiple products

Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization.

7.3
2016-01-19 CVE-2015-6527 PHP Unspecified vulnerability in PHP 7.0.0

The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function.

7.3
2016-01-19 CVE-2015-5590 PHP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension.

7.3
2016-01-21 CVE-2016-0546 Canonical
Mariadb
Redhat
Oracle
Opensuse
Debian
Local Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client.

7.2
2016-01-21 CVE-2016-0414 Oracle Local Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0418.

7.2
2016-01-21 CVE-2016-0424 Oracle Remote Security vulnerability in Oracle JD Edwards products 9.1/9.2

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2016-0422.

7.1
2016-01-21 CVE-2016-0422 Oracle Remote Security vulnerability in Oracle JD Edwards products 9.1/9.2

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2016-0424.

7.1

184 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-01-22 CVE-2016-1570 XEN Improper Input Validation vulnerability in XEN

The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates.

6.9
2016-01-23 CVE-2015-6317 Cisco Improper Access Control vulnerability in Cisco Identity Services Engine Software

Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926.

6.8
2016-01-22 CVE-2016-1134 Buffalotech Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech products

Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to hijack the authentication of arbitrary users.

6.8
2016-01-21 CVE-2016-0505 Redhat
Oracle
Canonical
Debian
Opensuse
Mariadb
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options.

6.8
2016-01-21 CVE-2016-0504 Oracle
Canonical
Opensuse
Redhat
Remote Security vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503.

6.8
2016-01-21 CVE-2016-0441 Oracle Remote Security vulnerability in Oracle Fusion Middleware 3.1.2

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Embedded Server.

6.8
2016-01-21 CVE-2016-0415 Oracle Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1.0.1/12.1.0.4/12.1.0.5

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to UI Framework.

6.8
2016-01-21 CVE-2015-4919 Oracle Remote Security vulnerability in Oracle JD Edwards products 9.1/9.2

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Monitoring and Diagnostics SEC.

6.8
2016-01-20 CVE-2015-8704 ISC Improper Input Validation vulnerability in ISC Bind

apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record.

6.8
2016-01-20 CVE-2015-8705 ISC Improper Input Validation vulnerability in ISC Bind

buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option.

6.6
2016-01-21 CVE-2016-0489 Oracle Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps.

6.5
2016-01-21 CVE-2016-0442 Oracle Remote Security vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.4/12.1.0.5

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Loader Service.

6.5
2016-01-21 CVE-2015-4925 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.4

Unspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.2.0.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.5
2016-01-21 CVE-2016-0589 Oracle Remote Security vulnerability in Oracle Application Object Library 11.5.10.2

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.

6.4
2016-01-21 CVE-2016-0581 Oracle Remote Security vulnerability in Oracle Approvals Management 11.5.10.2

Unspecified vulnerability in the Oracle Approvals Management component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to AME Page rendering.

6.4
2016-01-21 CVE-2016-0578 Oracle Remote Security vulnerability in Oracle Customer Relationship Management Technical Foundation 11.5.10.2

Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components.

6.4
2016-01-21 CVE-2016-0576 Oracle Remote Security vulnerability in Oracle Application Object Library 11.5.10.2

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to ICX LOVs.

6.4
2016-01-21 CVE-2016-0563 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Techstack.

6.4
2016-01-21 CVE-2016-0560 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0552, and CVE-2016-0559.

6.4
2016-01-21 CVE-2016-0559 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0552, and CVE-2016-0560.

6.4
2016-01-21 CVE-2016-0554 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Interaction Center Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Business Intelligence.

6.4
2016-01-21 CVE-2016-0553 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors.

6.4
2016-01-21 CVE-2016-0552 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0559, and CVE-2016-0560.

6.4
2016-01-21 CVE-2016-0551 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0552, CVE-2016-0559, and CVE-2016-0560.

6.4
2016-01-21 CVE-2016-0550 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to CRM HTML Administration.

6.4
2016-01-21 CVE-2016-0549 Oracle Remote Security vulnerability in Oracle E-Business Intelligence 11.5.10.2

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0511, CVE-2016-0547, and CVE-2016-0548.

6.4
2016-01-21 CVE-2016-0548 Oracle Remote Security vulnerability in Oracle E-Business Intelligence 11.5.10.2

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0511, CVE-2016-0547, and CVE-2016-0549.

6.4
2016-01-21 CVE-2016-0547 Oracle Remote Security vulnerability in Oracle E-Business Intelligence 11.5.10.2

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0511, CVE-2016-0548, and CVE-2016-0549.

6.4
2016-01-21 CVE-2016-0545 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0551, CVE-2016-0552, CVE-2016-0559, and CVE-2016-0560.

6.4
2016-01-21 CVE-2016-0544 Oracle Remote Security vulnerability in Oracle Marketing 11.5.10.2

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Architecture.

6.4
2016-01-21 CVE-2016-0543 Oracle Remote Security vulnerability in Oracle Marketing 11.5.10.2

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Preview.

6.4
2016-01-21 CVE-2016-0537 Oracle Remote Security vulnerability in Oracle Human Resources 11.5.10.2

Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Person.

6.4
2016-01-21 CVE-2016-0532 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security Assignments.

6.4
2016-01-21 CVE-2016-0530 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0528, and CVE-2016-0529.

6.4
2016-01-21 CVE-2016-0529 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0528, and CVE-2016-0530.

6.4
2016-01-21 CVE-2016-0528 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0529, and CVE-2016-0530.

6.4
2016-01-21 CVE-2016-0527 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0528, CVE-2016-0529, and CVE-2016-0530.

6.4
2016-01-21 CVE-2016-0525 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Work Provider Administration.

6.4
2016-01-21 CVE-2016-0524 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Work Provider Administration.

6.4
2016-01-21 CVE-2016-0518 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities, a different vulnerability than CVE-2016-0517.

6.4
2016-01-21 CVE-2016-0517 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities, a different vulnerability than CVE-2016-0518.

6.4
2016-01-21 CVE-2016-0516 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Quality component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to QA / Order Management Integration.

6.4
2016-01-21 CVE-2016-0515 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0514.

6.4
2016-01-21 CVE-2016-0514 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0515.

6.4
2016-01-21 CVE-2016-0512 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Self Service - Common Modules.

6.4
2016-01-21 CVE-2016-0511 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0547, CVE-2016-0548, and CVE-2016-0549.

6.4
2016-01-21 CVE-2016-0510 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Business Views Catalog.

6.4
2016-01-21 CVE-2016-0492 Oracle Authentication Bypass vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488.

6.4
2016-01-21 CVE-2016-0491 Oracle Remote Code Execution vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps.

6.4
2016-01-21 CVE-2016-0490 Oracle Remote Code Execution vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0487.

6.4
2016-01-21 CVE-2016-0488 Oracle Authentication Bypass vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0492.

6.4
2016-01-21 CVE-2016-0487 Oracle Authentication Bypass vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0490.

6.4
2016-01-19 CVE-2016-1903 PHP Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP

The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function.

6.4
2016-01-21 CVE-2016-0602 Oracle Local Security vulnerability in Oracle Virtualization

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer.

6.2
2016-01-21 CVE-2016-0418 Oracle Local Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0414.

6.1
2016-01-21 CVE-2016-0425 Oracle Remote Security vulnerability in Oracle JD Edwards products 9.1/9.2

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Monitoring and Diagnostics.

6.0
2016-01-21 CVE-2016-0475 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries.

5.8
2016-01-21 CVE-2016-0591 Oracle Remote Security vulnerability in Oracle Peoplesoft Supply Chain Management Purchasing 9.1/9.2

Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supplier Change.

5.5
2016-01-21 CVE-2016-0564 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0561.

5.5
2016-01-21 CVE-2016-0561 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0564.

5.5
2016-01-21 CVE-2016-0557 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Administration, a different vulnerability than CVE-2016-0556.

5.5
2016-01-21 CVE-2016-0556 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Administration, a different vulnerability than CVE-2016-0557.

5.5
2016-01-21 CVE-2016-0523 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Interaction Blending component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Blending Administration.

5.5
2016-01-21 CVE-2016-0472 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality and availability via unknown vectors.

5.5
2016-01-21 CVE-2016-0470 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.1.9/12.2.1

Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to BI Publisher Security.

5.5
2016-01-20 CVE-2015-5295 Openstack
Redhat
Oracle
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero.

5.4
2016-01-19 CVE-2016-1907 Openbsd Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openbsd Openssh

The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic.

5.3
2016-01-21 CVE-2016-0455 Oracle Local Security vulnerability in Oracle Enterprise Manager

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality and availability via unknown vectors related to Agent Next Gen.

5.2
2016-01-22 CVE-2015-6925 Wolfssl Resource Management Errors vulnerability in Wolfssl

wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message.

5.0
2016-01-21 CVE-2016-0585 Oracle Remote Security vulnerability in Oracle Application Object Library 11.5.10.2

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect availability via vectors related to ICX Error.

5.0
2016-01-21 CVE-2016-0580 Oracle Remote Security vulnerability in Oracle Report Manager 11.5.10.2

Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect availability via unknown vectors.

5.0
2016-01-21 CVE-2016-0571 Oracle Remote Security vulnerability in Oracle Balanced Scorecard 11.5.10.2/12.1

Unspecified vulnerability in the Oracle Balanced Scorecard component in Oracle E-Business Suite 11.5.10.2 and 12.1 allows remote attackers to affect confidentiality via unknown vectors.

5.0
2016-01-21 CVE-2016-0570 Oracle Remote Security vulnerability in Oracle Human Capital Management Configuration Workbench 12.1.1/12.1.2/12.1.3

Unspecified vulnerability in the Oracle HCM Configuration Workbench component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors.

5.0
2016-01-21 CVE-2016-0569 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors.

5.0
2016-01-21 CVE-2016-0568 Oracle Remote Security vulnerability in Oracle Email Center 12.1.1/12.1.2/12.1.3

Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Server Components.

5.0
2016-01-21 CVE-2016-0567 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Embedded Data Warehouse.

5.0
2016-01-21 CVE-2016-0566 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via unknown vectors related to Deliverables.

5.0
2016-01-21 CVE-2016-0565 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors.

5.0
2016-01-21 CVE-2016-0541 Oracle Remote Security vulnerability in Oracle Configurator 11.5.10.2/12.1/12.2

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0540.

5.0
2016-01-21 CVE-2016-0540 Oracle Remote Security vulnerability in Oracle Configurator 11.5.10.2/12.1/12.2

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0541.

5.0
2016-01-21 CVE-2016-0539 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors.

5.0
2016-01-21 CVE-2016-0538 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Financial Consolidation Hub component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Business Intelligence.

5.0
2016-01-21 CVE-2016-0526 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via unknown vectors related to Wireless Framework.

5.0
2016-01-21 CVE-2016-0501 Oracle Remote Security vulnerability in Oracle Secure Global Desktop 5.2

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.2 allows remote attackers to affect availability via vectors related to SGD Core.

5.0
2016-01-21 CVE-2016-0486 Oracle Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0482, and CVE-2016-0485.

5.0
2016-01-21 CVE-2016-0485 Oracle Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0482, and CVE-2016-0486.

5.0
2016-01-21 CVE-2016-0484 Oracle Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps.

5.0
2016-01-21 CVE-2016-0482 Oracle Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0485, and CVE-2016-0486.

5.0
2016-01-21 CVE-2016-0481 Oracle Directory Traversal vulnerability in Oracle Enterprise Manager Grid Control 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0482, CVE-2016-0485, and CVE-2016-0486.

5.0
2016-01-21 CVE-2016-0480 Oracle Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0481, CVE-2016-0482, CVE-2016-0485, and CVE-2016-0486.

5.0
2016-01-21 CVE-2016-0478 Oracle Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and CVE-2016-0477.

5.0
2016-01-21 CVE-2016-0477 Oracle Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and CVE-2016-0478.

5.0
2016-01-21 CVE-2016-0476 Oracle Directory Traversal vulnerability in Oracle Enterprise Manager Grid Control 12.4.0.2/12.5.0.2

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0477 and CVE-2016-0478.

5.0
2016-01-21 CVE-2016-0466 Canonical
Oracle
Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP.
5.0
2016-01-21 CVE-2016-0460 Oracle Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.55 allows remote attackers to affect integrity via unknown vectors related to Fluid Homepage and NavBar.

5.0
2016-01-21 CVE-2016-0457 Oracle Remote Security vulnerability in Oracle E-Business Suite 12.1/12.2

Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0456.

5.0
2016-01-21 CVE-2016-0456 Oracle Remote Security vulnerability in Oracle E-Business Suite 12.1/12.2

Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0457.

5.0
2016-01-21 CVE-2016-0450 Oracle Denial of Service vulnerability in Oracle Goldengate 11.2/12.1.2

Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect availability via unknown vectors.

5.0
2016-01-21 CVE-2016-0439 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.1.9

Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0430.

5.0
2016-01-21 CVE-2016-0421 Oracle Remote Security vulnerability in Oracle JD Edwards products 9.1/9.2

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Monitoring and Diagnostics SEC.

5.0
2016-01-21 CVE-2016-0416 Oracle Remote Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to System Archive Utility.

5.0
2016-01-21 CVE-2016-0402 Canonical
Oracle
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking.
5.0
2016-01-20 CVE-2016-1296 Cisco 7PK - Security Features vulnerability in Cisco web Security Appliance 8.5.3055/9.1.0000/9.5.0235

The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848.

5.0
2016-01-20 CVE-2015-4951 IBM Improper Input Validation vulnerability in IBM Tivoli Storage Manager

Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL.

5.0
2016-01-18 CVE-2015-4942 IBM Resource Management Errors vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1

IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4943.

5.0
2016-01-21 CVE-2016-0465 Oracle Local Security vulnerability in Oracle and SUN Systems Product Suite 3.3/4.0

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4 allows local users to affect availability via unknown vectors related to Resource Group Manager.

4.9
2016-01-21 CVE-2016-0428 Oracle Local Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Verified Boot.

4.9
2016-01-21 CVE-2016-0419 Oracle Local Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0431.

4.9
2016-01-22 CVE-2016-1571 Citrix
XEN
Code vulnerability in multiple products

The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check.

4.7
2016-01-22 CVE-2016-1572 Ecryptfs
Canonical
Opensuse
Debian
Fedoraproject
Improper Privilege Management vulnerability in multiple products

mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid.

4.6
2016-01-21 CVE-2016-0449 Oracle Local Security vulnerability in Oracle Enterprise Manager

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next Gen, a different vulnerability than CVE-2016-0444 and CVE-2016-0447.

4.6
2016-01-21 CVE-2016-0447 Oracle Local Security vulnerability in Oracle Enterprise Manager

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next Gen, a different vulnerability than CVE-2016-0444 and CVE-2016-0449.

4.6
2016-01-21 CVE-2016-0445 Oracle Local Security vulnerability in Oracle Enterprise Manager

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next Gen.

4.6
2016-01-21 CVE-2016-0417 Oracle Local Security vulnerability in Oracle Solaris Cluster 3.3/4.2

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.2 allows local users to affect confidentiality, integrity, and availability via vectors related to HA for MySQL.

4.6
2016-01-21 CVE-2016-0411 Oracle Local Security vulnerability in Oracle Enterprise Manager

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1 and 11.2.0.4 allows local users to affect confidentiality, integrity, and availability via vectors related to Agent Next Gen.

4.6
2016-01-21 CVE-2016-0444 Oracle Local Security vulnerability in Oracle Enterprise Manager

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next Gen, a different vulnerability than CVE-2016-0447 and CVE-2016-0449.

4.4
2016-01-22 CVE-2016-1135 Buffalotech Cross-site Scripting vulnerability in Buffalotech products

Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

4.3
2016-01-21 CVE-2016-0594 Opensuse
Oracle
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4.3
2016-01-21 CVE-2016-0590 Oracle Remote Security vulnerability in Oracle Peoplesoft Supply Chain Management Order Management 9.1/9.2

Unspecified vulnerability in the PeopleSoft Enterprise SCM Order Management component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors.

4.3
2016-01-21 CVE-2016-0588 Oracle Remote Security vulnerability in Oracle General Ledger 11.5.10.2

Unspecified vulnerability in the Oracle General Ledger component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Consolidation Hierarchy Viewer.

4.3
2016-01-21 CVE-2016-0586 Oracle Remote Security vulnerability in Oracle Application Object Library 11.5.10.2

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to iHelp.

4.3
2016-01-21 CVE-2016-0584 Oracle Remote Security vulnerability in Oracle Customer Relationship Management Technical Foundation 11.5.10.2

Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0579, CVE-2016-0582, and CVE-2016-0583.

4.3
2016-01-21 CVE-2016-0583 Oracle Remote Security vulnerability in Oracle CRM Technical Foundation 11.5.10.2

Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0579, CVE-2016-0582, and CVE-2016-0584.

4.3
2016-01-21 CVE-2016-0582 Oracle Remote Security vulnerability in Oracle Customer Relationship Management Technical Foundation 11.5.10.2

Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0579, CVE-2016-0583, and CVE-2016-0584.

4.3
2016-01-21 CVE-2016-0579 Oracle Remote Security vulnerability in Oracle Customer Relationship Management Technical Foundation 11.5.10.2

Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0582, CVE-2016-0583, and CVE-2016-0584.

4.3
2016-01-21 CVE-2016-0575 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Learning Management component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to OTA Self Service.

4.3
2016-01-21 CVE-2016-0558 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Service Contracts component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Renewals.

4.3
2016-01-21 CVE-2016-0555 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle CADView-3D component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Studio.

4.3
2016-01-21 CVE-2016-0542 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via unknown vectors related to Field Service Map.

4.3
2016-01-21 CVE-2016-0536 Oracle Remote Security vulnerability in Oracle Universal Work Queue 11.5.10.2

Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to error messages.

4.3
2016-01-21 CVE-2016-0535 Oracle Remote Security vulnerability in Oracle Solaris 10/11

Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to RPC.

4.3
2016-01-21 CVE-2016-0534 Oracle Remote Security vulnerability in Oracle Project Contracts 12.1.1/12.1.2/12.1.3

Unspecified vulnerability in the Oracle Project Contracts component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Printing.

4.3
2016-01-21 CVE-2016-0533 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Messaging.

4.3
2016-01-21 CVE-2016-0521 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Redirection.

4.3
2016-01-21 CVE-2016-0520 Oracle Remote Security vulnerability in Oracle Application Object Library 11.5.10.2

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to Java APIs.

4.3
2016-01-21 CVE-2016-0519 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle iReceivables component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AR Web Utilities, a different vulnerability than CVE-2016-0507.

4.3
2016-01-21 CVE-2016-0513 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components.

4.3
2016-01-21 CVE-2016-0509 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AP Web Utilities.

4.3
2016-01-21 CVE-2016-0508 Oracle Remote Security vulnerability in Oracle Ilearning 6.0/6.1

Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect integrity via unknown vectors related to Learner Administration.

4.3
2016-01-21 CVE-2016-0507 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2

Unspecified vulnerability in the Oracle iReceivables component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AR Web Utilities, a different vulnerability than CVE-2016-0519.

4.3
2016-01-21 CVE-2016-0506 Oracle Remote Security vulnerability in Oracle Retail Order Management System Cloud Service

Unspecified vulnerability in the Oracle Retail Order Management System Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, 5.0, and 15.0 allows remote attackers to affect confidentiality via unknown vectors related to Order Entry.

4.3
2016-01-21 CVE-2016-0497 Oracle Remote Security vulnerability in Oracle Agile Engineering Data Management 6.1.2.2/6.1.3.0/6.2.0.0

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Web Client.

4.3
2016-01-21 CVE-2016-0496 Oracle Remote Security vulnerability in Oracle MICROS CWDirect

Unspecified vulnerability in the MICROS CWDirect component in Oracle Retail Applications 12.5, 13.0, 14.0, 15.0, 16.0, 17.0, and 18.0 allows remote attackers to affect confidentiality via unknown vectors related to Order Entry.

4.3
2016-01-21 CVE-2016-0495 Oracle
Debian
Remote Security vulnerability in Oracle Virtualization

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core.

4.3
2016-01-21 CVE-2016-0471 Oracle Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.53/8.54

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect confidentiality via unknown vectors related to Multichannel Framework.

4.3
2016-01-21 CVE-2016-0464 Oracle Remote Security vulnerability in Oracle Fusion Middleware 10.3.6/12.1.2.0/12.1.3.0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to WLS-Console.

4.3
2016-01-21 CVE-2016-0463 Oracle Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.53/8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality via unknown vectors related to Portal.

4.3
2016-01-21 CVE-2016-0443 Oracle Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1.0.1/12.1.0.4/12.1.0.5

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentiality via unknown vectors related to Agent Next Gen.

4.3
2016-01-21 CVE-2016-0433 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.9

Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support.

4.3
2016-01-21 CVE-2016-0430 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.1.9

Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0439.

4.3
2016-01-21 CVE-2016-0429 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.1.9

Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect integrity via unknown vectors related to Scheduler, a different vulnerability than CVE-2016-0401.

4.3
2016-01-21 CVE-2016-0404 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.2

Unspecified vulnerability in the Oracle Identity Federation component in Oracle Fusion Middleware 11.1.2.2 allows remote attackers to affect integrity via vectors related to Admin.

4.3
2016-01-21 CVE-2016-0401 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.1.9

Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect integrity via unknown vectors related to Scheduler, a different vulnerability than CVE-2016-0429.

4.3
2016-01-21 CVE-2015-4885 Oracle Remote Security vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.4

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 allows remote attackers to affect confidentiality via vectors related to Agent Next Gen.

4.3
2016-01-20 CVE-2016-1900 Fedoraproject
Cgit Project
CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename.
4.3
2016-01-20 CVE-2016-1899 Fedoraproject
Cgit Project
CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c.
4.3
2016-01-20 CVE-2016-1867 Jasper Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jasper Project Jasper 1.900.1

The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image.

4.3
2016-01-18 CVE-2016-0201 IBM Information Exposure vulnerability in IBM Security Network Protection Firmware 5.3.1/5.3.2

GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision.

4.3
2016-01-18 CVE-2015-7886 Netapp Information Exposure vulnerability in Netapp Data Ontap

NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors.

4.3
2016-01-18 CVE-2015-5008 IBM Cross-site Scripting vulnerability in IBM Websphere Commerce

Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2016-01-18 CVE-2015-5002 IBM Cross-site Scripting vulnerability in IBM Host On-Demand

Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2016-01-18 CVE-2015-4959 IBM Cross-site Scripting vulnerability in IBM Tivoli Federated Identity Manager 6.2.2

Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2016-01-21 CVE-2016-0616 Redhat
Canonical
Mariadb
Oracle
Opensuse
Debian
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4.0
2016-01-21 CVE-2016-0614 Oracle Remote Security vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.0.0

Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.

4.0
2016-01-21 CVE-2016-0611 Canonical
Oracle
Opensuse
Redhat
Improper Access Control vulnerability in multiple products

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4.0
2016-01-21 CVE-2016-0597 Redhat
Oracle
Opensuse
Canonical
Debian
Mariadb
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

4.0
2016-01-21 CVE-2016-0596 Redhat
Oracle
Debian
Opensuse
Canonical
Mariadb
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

4.0
2016-01-21 CVE-2016-0595 Redhat
Oracle
Canonical
Opensuse
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4.0
2016-01-21 CVE-2016-0587 Oracle Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.53/8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors related to File Processing.

4.0
2016-01-21 CVE-2016-0562 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Common Applications component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via vectors related to CRM User Management Framework.

4.0
2016-01-21 CVE-2016-0531 Oracle Remote Security vulnerability in Oracle Applications Manager 12.1.3

Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Oracle Diagnostics Interfaces.

4.0
2016-01-21 CVE-2016-0503 Canonical
Redhat
Opensuse
Oracle
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504.

4.0
2016-01-21 CVE-2016-0502 Opensuse
Oracle
Mariadb
Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
4.0
2016-01-21 CVE-2016-0467 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors.

4.0
2016-01-21 CVE-2016-0462 Oracle Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.53/8.54

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Multichannel Framework, a different vulnerability than CVE-2015-2650.

4.0
2016-01-21 CVE-2016-0461 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect availability via unknown vectors.

4.0
2016-01-21 CVE-2016-0459 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote authenticated users to affect integrity via unknown vectors related to Popup Windows.

4.0
2016-01-21 CVE-2016-0458 Oracle Local Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Kernel DAX.

4.0
2016-01-21 CVE-2016-0448 Oracle
Canonical
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX.
4.0
2016-01-21 CVE-2016-0427 Oracle Remote Security vulnerability in Oracle Enterprise Manager

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework.

4.0
2016-01-21 CVE-2016-0413 Oracle Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7

Unspecified vulnerability in the Oracle Identity Federation component in Oracle Fusion Middleware 11.1.1.7 allows remote authenticated users to affect integrity via vectors related to Federation protocol support.

4.0
2016-01-21 CVE-2016-0409 Oracle Unspecified vulnerability in Oracle Peoplesoft products 9.1/9.2

Unspecified vulnerability in the PeopleSoft Enterprise HCM Global Payroll Switzerland component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Security.

4.0
2016-01-21 CVE-2015-4923 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect availability via unknown vectors.

4.0
2016-01-21 CVE-2015-4921 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors.

4.0

39 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-01-21 CVE-2016-0426 Oracle Local Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality and availability via unknown vectors related to Solaris Kernel Zones.

3.6
2016-01-23 CVE-2015-7417 IBM Cross-site Scripting vulnerability in IBM Websphere Application Server

Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider.

3.5
2016-01-21 CVE-2016-0610 Oracle
Debian
Mariadb
Opensuse
Redhat
Canonical
Remote Security vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

3.5
2016-01-21 CVE-2016-0608 Oracle
Redhat
Debian
Canonical
Opensuse
Mariadb
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF.

3.5
2016-01-21 CVE-2016-0606 Debian
Redhat
Opensuse
Oracle
Canonical
Mariadb
Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption.
3.5
2016-01-21 CVE-2016-0601 Oracle Remote Security vulnerability in Oracle Mysql 5.7.9

Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition.

3.5
2016-01-21 CVE-2016-0600 Redhat
Debian
Oracle
Opensuse
Canonical
Mariadb
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

3.5
2016-01-21 CVE-2016-0599 Oracle Remote Security vulnerability in Oracle Mysql 5.7.9

Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

3.5
2016-01-21 CVE-2016-0598 Opensuse
Oracle
Redhat
Debian
Canonical
Mariadb
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML.

3.5
2016-01-21 CVE-2016-0474 Oracle Remote Security vulnerability in Oracle PeopleSoft Enterprise Peopletools 8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology.

3.5
2016-01-21 CVE-2016-0473 Oracle Remote Security vulnerability in Oracle PeopleSoft Enterprise Peopletools 8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect integrity via unknown vectors related to Fluid Core.

3.5
2016-01-21 CVE-2016-0412 Oracle Remote Security vulnerability in Oracle Peoplesoft Supply Chain Management Eprocurement 9.1/9.2

Unspecified vulnerability in the PeopleSoft Enterprise SCM eProcurement component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect integrity via unknown vectors related to Manage Requisition Status.

3.5
2016-01-21 CVE-2015-4924 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect integrity via vectors related to Security.

3.5
2016-01-18 CVE-2015-5009 IBM Cross-site Scripting vulnerability in IBM Websphere Commerce

Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.

3.5
2016-01-21 CVE-2016-0493 Oracle Local Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Kernel Cryptography.

3.3
2016-01-21 CVE-2016-0435 Oracle Local Security vulnerability in Oracle Retail Applications 13.4/14.0/14.1

Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality and integrity via vectors related to Mobile POS.

3.3
2016-01-21 CVE-2016-0406 Oracle Local Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via vectors related to Libc.

3.3
2016-01-21 CVE-2016-0607 Redhat
Oracle
Opensuse
Canonical
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication.

2.8
2016-01-22 CVE-2015-7744 Wolfssl
Opensuse
Mariadb
wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack.
2.6
2016-01-21 CVE-2015-4926 Oracle Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.1/12.2

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect integrity via vectors related to UIX.

2.6
2016-01-21 CVE-2016-0605 Redhat
Opensuse
Oracle
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors.

2.1
2016-01-21 CVE-2016-0592 Oracle
Debian
Local Security vulnerability in Oracle Virtualization

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core.

2.1
2016-01-21 CVE-2016-0454 Oracle Local Security vulnerability in Oracle E-Business Suite 12.1/12.2

Unspecified vulnerability in the Oracle Mobile Application Servlet component in Oracle E-Business Suite 12.1 and 12.2 allows local users to affect confidentiality via vectors related to MWA Server Manager.

2.1
2016-01-21 CVE-2016-0446 Oracle Local Security vulnerability in Oracle Enterprise Manager

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality via unknown vectors related to Agent Next Gen.

2.1
2016-01-21 CVE-2015-4922 Oracle Local Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Boot.

2.1
2016-01-21 CVE-2015-4920 Oracle Local Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via vectors related to NDMP Backup Service.

2.1
2016-01-20 CVE-2015-8777 GNU 7PK - Security Features vulnerability in GNU Glibc

The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable.

2.1
2016-01-21 CVE-2016-0438 Oracle Local Security vulnerability in Oracle Retail Applications 13.4/14.0/14.1

Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0436, and CVE-2016-0437.

1.9
2016-01-21 CVE-2016-0437 Oracle Local Security vulnerability in Oracle Retail Applications 13.4/14.0/14.1

Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0436, and CVE-2016-0438.

1.9
2016-01-21 CVE-2016-0436 Oracle Local Security vulnerability in Oracle Retail Applications 13.4/14.0/14.1

Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0437, and CVE-2016-0438.

1.9
2016-01-21 CVE-2016-0434 Oracle Local Security vulnerability in Oracle Retail Applications 13.4/14.0/14.1

Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0436, CVE-2016-0437, and CVE-2016-0438.

1.9
2016-01-21 CVE-2016-0432 Oracle Local Security vulnerability in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, and CVE-2015-6015.

1.9
2016-01-21 CVE-2015-4808 Oracle Local Security vulnerability in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In Filters, a different vulnerability than CVE-2015-6013, CVE-2015-6014, CVE-2015-6015, and CVE-2016-0432.

1.9
2016-01-21 CVE-2016-0453 Oracle Remote Security vulnerability in Oracle Fusion Middleware 3.1.2

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote attackers to affect integrity via unknown vectors related to Embedded Server.

1.8
2016-01-21 CVE-2016-0609 Oracle
Redhat
Debian
Opensuse
Canonical
Mariadb
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges.

1.7
2016-01-21 CVE-2016-0405 Oracle Local Security vulnerability in Oracle and SUN Systems Product Suite 3.3/4.0

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4 allows local users to affect confidentiality via vectors related to Cluster Manageability and Serviceability.

1.7
2016-01-21 CVE-2016-0498 Oracle Local Security vulnerability in Oracle Agile Engineering Data Management 6.1.2.2/6.1.3.0/6.2.0.0

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows local users to affect confidentiality via unknown vectors related to Install.

1.5
2016-01-21 CVE-2016-0618 Oracle Local Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones.

1.4
2016-01-21 CVE-2016-0431 Oracle Local Security vulnerability in Oracle Solaris 11

Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0419.

1.2