Weekly Vulnerabilities Reports > January 18 to 24, 2016
Overview
265 new vulnerabilities reported during this period, including 13 critical vulnerabilities and 29 high severity vulnerabilities. This weekly summary report vulnerabilities in 140 products from 28 vendors including Oracle, Canonical, Opensuse, Redhat, and Debian. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", "Improper Input Validation", "Resource Management Errors", and "Credentials Management".
- 226 reported vulnerabilities are remotely exploitables.
- 4 reported vulnerabilities have public exploit available.
- 11 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 205 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 219 reported vulnerabilities.
- Oracle has the most reported critical vulnerabilities, with 8 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
13 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-01-22 | CVE-2015-6015 | Oracle | Local Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, and CVE-2016-0432. | 10.0 |
2016-01-22 | CVE-2015-6014 | Oracle | Local Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6015, and CVE-2016-0432. | 10.0 |
2016-01-22 | CVE-2015-6013 | Oracle | Local Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6014, CVE-2015-6015, and CVE-2016-0432. | 10.0 |
2016-01-22 | CVE-2016-1984 | Harman | Credentials Management vulnerability in Harman AMX Firmware 1.2.322/1.3.100 The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 has a hardcoded password for the 1MB@tMaN account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2015-8362. | 10.0 |
2016-01-22 | CVE-2015-8362 | Harman | Credentials Management vulnerability in Harman AMX Firmware 1.2.322/1.3.100 The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 has a hardcoded password for the BlackWidow account, which makes it easier for remote attackers to obtain access via a (1) SSH or (2) HTTP session, a different vulnerability than CVE-2016-1984. | 10.0 |
2016-01-22 | CVE-2015-6435 | Cisco | OS Command Injection vulnerability in Cisco products An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower 9000 devices and Cisco Unified Computing System (UCS) Manager before 2.2(4b), 2.2(5) before 2.2(5a), and 3.0 before 3.0(2e) allows remote attackers to execute arbitrary shell commands via a crafted HTTP request, aka Bug ID CSCur90888. | 10.0 |
2016-01-22 | CVE-2015-6412 | Cisco | Credentials Management vulnerability in Cisco Modular Encoding Platform D9036 Software Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070. | 10.0 |
2016-01-21 | CVE-2016-0494 | Canonical Oracle | Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. | 10.0 |
2016-01-21 | CVE-2016-0483 | Oracle Canonical | Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. | 10.0 |
2016-01-21 | CVE-2016-0452 | Oracle | Arbitrary File Upload vulnerability in Oracle Goldengate 11.2/12.1.2 Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0451. | 10.0 |
2016-01-21 | CVE-2016-0451 | Oracle | Arbitrary File Upload vulnerability in Oracle Goldengate 11.2/12.1.2 Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0452. | 10.0 |
2016-01-19 | CVE-2015-8617 | PHP | Use of Externally-Controlled Format String vulnerability in PHP 7.0.1 Format string vulnerability in the zend_throw_or_error function in Zend/zend_execute_API.c in PHP 7.x before 7.0.1 allows remote attackers to execute arbitrary code via format string specifiers in a string that is misused as a class name, leading to incorrect error handling. | 10.0 |
2016-01-21 | CVE-2016-0499 | Oracle | Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2 Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2015-4794. | 9.0 |
29 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-01-20 | CVE-2016-1929 | SAP | Improper Input Validation vulnerability in SAP Hana The XS engine in SAP HANA allows remote attackers to spoof log entries in trace files and consequently cause a denial of service (disk consumption and process crash) via a crafted HTTP request, related to an unspecified debug function, aka SAP Security Note 2241978. | 8.5 |
2016-01-21 | CVE-2016-0440 | Oracle | Remote Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to NFSv4. | 7.8 |
2016-01-21 | CVE-2016-0420 | Oracle | Remote Security vulnerability in Oracle JD Edwards products 9.1/9.2 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via unknown vectors related to Monitoring and Diagnostics. | 7.8 |
2016-01-21 | CVE-2016-0403 | Oracle | Remote Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB Utilities. | 7.8 |
2016-01-20 | CVE-2015-5516 | F5 | Resource Management Errors vulnerability in F5 products Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and Link Controller 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.x before HF6, BIG-IP AAM 11.4.x, 11.5.x before 11.5.3 HF2 and 11.6.0 before HF6, BIG-IP AFM and PEM 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Analytics 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP APM and ASM 10.1.0 through 10.2.4, 11.x before 11.2.1 HF15, 11.3.x, 11.4.x, 11.5.x before 11.5.3 HF2, and 11.6.0 before HF6, BIG-IP Edge Gateway, WebAccelerator, and WOM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, and 11.3.0, BIG-IP PSM 10.1.x, 10.2.x before 10.2.4 HF13, 11.x before 11.2.1 HF15, 11.3.x, and 11.4.x before 11.4.1 HF, Enterprise Manager 3.0.0 through 3.1.1, BIG-IQ Cloud and Security 4.0.0 through 4.5.0, BIG-IQ Device 4.2.0 through 4.5.0, and BIG-IQ ADC 4.5.0 might allow remote attackers to cause a denial of service (memory consumption) via a large number of crafted UDP packets. | 7.8 |
2016-01-18 | CVE-2015-4988 | IBM | Path Traversal vulnerability in IBM Tealeaf Customer Experience Directory traversal vulnerability in the replay server in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 before 8.8.0.9026, 9.0.0, 9.0.0A, 9.0.1 before 9.0.1.1083, 9.0.1A before 9.0.1.5073, 9.0.2 before 9.0.2.1095, and 9.0.2A before 9.0.2.5144 allows remote attackers to read arbitrary files via unspecified vectors. | 7.8 |
2016-01-22 | CVE-2015-7909 | Hospira | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Hospira Communication Engine and Lifecare PCA Infusion System Stack-based buffer overflow in Hospira Communication Engine (CE) before 1.2 in LifeCare PCA Infusion System 5.07, Plum A+ Infusion System 13.40, and Plum A+3 Infusion System 13.40 allows remote attackers to cause a denial of service or possibly have unspecified other impact via traffic on TCP port 5000. | 7.5 |
2016-01-21 | CVE-2015-8472 | Apple Libpng | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55, 1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image. | 7.5 |
2016-01-21 | CVE-2016-0577 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-0574. | 7.5 |
2016-01-21 | CVE-2016-0574 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-0577. | 7.5 |
2016-01-21 | CVE-2016-0573 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Java Messaging Service. | 7.5 |
2016-01-21 | CVE-2016-0572 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Coherence Container. | 7.5 |
2016-01-21 | CVE-2016-0522 | Oracle | Remote Security vulnerability in Oracle Retail Open Commerce Platform Cloud Service Unspecified vulnerability in the Oracle Retail Open Commerce Platform Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, and 5.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Framework. | 7.5 |
2016-01-21 | CVE-2016-0500 | Oracle | Remote Security vulnerability in Oracle Retail Order Broker Cloud Service 4.0/4.1 Unspecified vulnerability in the Oracle Retail Order Broker Cloud Service component in Oracle Retail Applications 4.0 and 4.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to System Administration. | 7.5 |
2016-01-20 | CVE-2016-1928 | SAP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in SAP Hana Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows remote attackers to cause a denial of service or execute arbitrary code via a crafted HTTP request, related to JSON, aka SAP Security Note 2241978. | 7.5 |
2016-01-20 | CVE-2016-1901 | Fedoraproject Cgit Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Integer overflow in the authenticate_post function in CGit before 0.12 allows remote attackers to have unspecified impact via a large value in the Content-Length HTTP header, which triggers a buffer overflow. | 7.5 |
2016-01-19 | CVE-2016-1904 | PHP | Numeric Errors vulnerability in PHP 7.0.0/7.0.1 Multiple integer overflows in ext/standard/exec.c in PHP 7.x before 7.0.2 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a long string to the (1) php_escape_shell_cmd or (2) php_escape_shell_arg function, leading to a heap-based buffer overflow. | 7.5 |
2016-01-19 | CVE-2015-8616 | PHP | Unspecified vulnerability in PHP 7.0.0 Use-after-free vulnerability in the Collator::sortWithSortKeys function in ext/intl/collator/collator_sort.c in PHP 7.x before 7.0.1 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact by leveraging the relationships between a key buffer and a destroyed array. | 7.5 |
2016-01-19 | CVE-2015-6833 | PHP | Path Traversal vulnerability in PHP Directory traversal vulnerability in the PharData class in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to write to arbitrary files via a .. | 7.5 |
2016-01-21 | CVE-2016-0423 | Oracle | Remote Security vulnerability in Oracle JD Edwards products 9.1/9.2 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Enterprise Infrastructure SEC. | 7.3 |
2016-01-19 | CVE-2015-6836 | PHP | Unspecified vulnerability in PHP The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 does not properly manage headers, which allows remote attackers to execute arbitrary code via crafted serialized data that triggers a "type confusion" in the serialize_function_call function. | 7.3 |
2016-01-19 | CVE-2015-6832 | PHP | Unspecified vulnerability in PHP Use-after-free vulnerability in the SPL unserialize implementation in ext/spl/spl_array.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers to execute arbitrary code via crafted serialized data that triggers misuse of an array field. | 7.3 |
2016-01-19 | CVE-2015-6831 | PHP Debian | Use After Free vulnerability in multiple products Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allow remote attackers to execute arbitrary code via vectors involving (1) ArrayObject, (2) SplObjectStorage, and (3) SplDoublyLinkedList, which are mishandled during unserialization. | 7.3 |
2016-01-19 | CVE-2015-6527 | PHP | Unspecified vulnerability in PHP 7.0.0 The php_str_replace_in_subject function in ext/standard/string.c in PHP 7.x before 7.0.0 allows remote attackers to execute arbitrary code via a crafted value in the third argument to the str_ireplace function. | 7.3 |
2016-01-19 | CVE-2015-5590 | PHP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP Stack-based buffer overflow in the phar_fix_filepath function in ext/phar/phar.c in PHP before 5.4.43, 5.5.x before 5.5.27, and 5.6.x before 5.6.11 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value, as demonstrated by mishandling of an e-mail attachment by the imap PHP extension. | 7.3 |
2016-01-21 | CVE-2016-0546 | Canonical Mariadb Redhat Oracle Opensuse Debian | Local Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Client. | 7.2 |
2016-01-21 | CVE-2016-0414 | Oracle | Local Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0418. | 7.2 |
2016-01-21 | CVE-2016-0424 | Oracle | Remote Security vulnerability in Oracle JD Edwards products 9.1/9.2 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2016-0422. | 7.1 |
2016-01-21 | CVE-2016-0422 | Oracle | Remote Security vulnerability in Oracle JD Edwards products 9.1/9.2 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2016-0424. | 7.1 |
184 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-01-22 | CVE-2016-1570 | XEN | Improper Input Validation vulnerability in XEN The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, and 4.1.x through 4.6.x allows local PV guests to obtain sensitive information, cause a denial of service, gain privileges, or have unspecified other impact via a crafted page identifier (MFN) to the (1) MMUEXT_MARK_SUPER or (2) MMUEXT_UNMARK_SUPER sub-op in the HYPERVISOR_mmuext_op hypercall or (3) unknown vectors related to page table updates. | 6.9 |
2016-01-23 | CVE-2015-6317 | Cisco | Improper Access Control vulnerability in Cisco Identity Services Engine Software Cisco Identity Services Engine (ISE) before 2.0 allows remote authenticated users to bypass intended web-resource access restrictions via a direct request, aka Bug ID CSCuu45926. | 6.8 |
2016-01-22 | CVE-2016-1134 | Buffalotech | Cross-Site Request Forgery (CSRF) vulnerability in Buffalotech products Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to hijack the authentication of arbitrary users. | 6.8 |
2016-01-21 | CVE-2016-0505 | Redhat Oracle Canonical Debian Opensuse Mariadb | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Options. | 6.8 |
2016-01-21 | CVE-2016-0504 | Oracle Canonical Opensuse Redhat | Remote Security vulnerability in Oracle Mysql Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0503. | 6.8 |
2016-01-21 | CVE-2016-0441 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 3.1.2 Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Embedded Server. | 6.8 |
2016-01-21 | CVE-2016-0415 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1.0.1/12.1.0.4/12.1.0.5 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to UI Framework. | 6.8 |
2016-01-21 | CVE-2015-4919 | Oracle | Remote Security vulnerability in Oracle JD Edwards products 9.1/9.2 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Monitoring and Diagnostics SEC. | 6.8 |
2016-01-20 | CVE-2015-8704 | ISC | Improper Input Validation vulnerability in ISC Bind apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before 9.10.3-P3 allows remote authenticated users to cause a denial of service (INSIST assertion failure and daemon exit) via a malformed Address Prefix List (APL) record. | 6.8 |
2016-01-20 | CVE-2015-8705 | ISC | Improper Input Validation vulnerability in ISC Bind buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug logging is enabled, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit, or daemon crash) or possibly have unspecified other impact via (1) OPT data or (2) an ECS option. | 6.6 |
2016-01-21 | CVE-2016-0489 | Oracle | Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Test Manager for Web Apps. | 6.5 |
2016-01-21 | CVE-2016-0442 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.4/12.1.0.5 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 and 12.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Loader Service. | 6.5 |
2016-01-21 | CVE-2015-4925 | Oracle | Remote Security vulnerability in Oracle Database Server 11.2.0.4 Unspecified vulnerability in the Workspace Manager component in Oracle Database Server 11.2.0.4 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 6.5 |
2016-01-21 | CVE-2016-0589 | Oracle | Remote Security vulnerability in Oracle Application Object Library 11.5.10.2 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. | 6.4 |
2016-01-21 | CVE-2016-0581 | Oracle | Remote Security vulnerability in Oracle Approvals Management 11.5.10.2 Unspecified vulnerability in the Oracle Approvals Management component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to AME Page rendering. | 6.4 |
2016-01-21 | CVE-2016-0578 | Oracle | Remote Security vulnerability in Oracle Customer Relationship Management Technical Foundation 11.5.10.2 Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components. | 6.4 |
2016-01-21 | CVE-2016-0576 | Oracle | Remote Security vulnerability in Oracle Application Object Library 11.5.10.2 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to ICX LOVs. | 6.4 |
2016-01-21 | CVE-2016-0563 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Techstack. | 6.4 |
2016-01-21 | CVE-2016-0560 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0552, and CVE-2016-0559. | 6.4 |
2016-01-21 | CVE-2016-0559 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0552, and CVE-2016-0560. | 6.4 |
2016-01-21 | CVE-2016-0554 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Interaction Center Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Business Intelligence. | 6.4 |
2016-01-21 | CVE-2016-0553 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors. | 6.4 |
2016-01-21 | CVE-2016-0552 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0551, CVE-2016-0559, and CVE-2016-0560. | 6.4 |
2016-01-21 | CVE-2016-0551 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0545, CVE-2016-0552, CVE-2016-0559, and CVE-2016-0560. | 6.4 |
2016-01-21 | CVE-2016-0550 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to CRM HTML Administration. | 6.4 |
2016-01-21 | CVE-2016-0549 | Oracle | Remote Security vulnerability in Oracle E-Business Intelligence 11.5.10.2 Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0511, CVE-2016-0547, and CVE-2016-0548. | 6.4 |
2016-01-21 | CVE-2016-0548 | Oracle | Remote Security vulnerability in Oracle E-Business Intelligence 11.5.10.2 Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0511, CVE-2016-0547, and CVE-2016-0549. | 6.4 |
2016-01-21 | CVE-2016-0547 | Oracle | Remote Security vulnerability in Oracle E-Business Intelligence 11.5.10.2 Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0511, CVE-2016-0548, and CVE-2016-0549. | 6.4 |
2016-01-21 | CVE-2016-0545 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Customer Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0551, CVE-2016-0552, CVE-2016-0559, and CVE-2016-0560. | 6.4 |
2016-01-21 | CVE-2016-0544 | Oracle | Remote Security vulnerability in Oracle Marketing 11.5.10.2 Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Architecture. | 6.4 |
2016-01-21 | CVE-2016-0543 | Oracle | Remote Security vulnerability in Oracle Marketing 11.5.10.2 Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Preview. | 6.4 |
2016-01-21 | CVE-2016-0537 | Oracle | Remote Security vulnerability in Oracle Human Resources 11.5.10.2 Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Person. | 6.4 |
2016-01-21 | CVE-2016-0532 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Security Assignments. | 6.4 |
2016-01-21 | CVE-2016-0530 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0528, and CVE-2016-0529. | 6.4 |
2016-01-21 | CVE-2016-0529 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0528, and CVE-2016-0530. | 6.4 |
2016-01-21 | CVE-2016-0528 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0527, CVE-2016-0529, and CVE-2016-0530. | 6.4 |
2016-01-21 | CVE-2016-0527 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to User GUI, a different vulnerability than CVE-2016-0528, CVE-2016-0529, and CVE-2016-0530. | 6.4 |
2016-01-21 | CVE-2016-0525 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Work Provider Administration. | 6.4 |
2016-01-21 | CVE-2016-0524 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Work Provider Administration. | 6.4 |
2016-01-21 | CVE-2016-0518 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities, a different vulnerability than CVE-2016-0517. | 6.4 |
2016-01-21 | CVE-2016-0517 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to General utilities, a different vulnerability than CVE-2016-0518. | 6.4 |
2016-01-21 | CVE-2016-0516 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Quality component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to QA / Order Management Integration. | 6.4 |
2016-01-21 | CVE-2016-0515 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0514. | 6.4 |
2016-01-21 | CVE-2016-0514 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0515. | 6.4 |
2016-01-21 | CVE-2016-0512 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Human Resources component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Self Service - Common Modules. | 6.4 |
2016-01-21 | CVE-2016-0511 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Common Components, a different vulnerability than CVE-2016-0547, CVE-2016-0548, and CVE-2016-0549. | 6.4 |
2016-01-21 | CVE-2016-0510 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Business Views Catalog. | 6.4 |
2016-01-21 | CVE-2016-0492 | Oracle | Authentication Bypass vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488. | 6.4 |
2016-01-21 | CVE-2016-0491 | Oracle | Remote Code Execution vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. | 6.4 |
2016-01-21 | CVE-2016-0490 | Oracle | Remote Code Execution vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0487. | 6.4 |
2016-01-21 | CVE-2016-0488 | Oracle | Authentication Bypass vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0492. | 6.4 |
2016-01-21 | CVE-2016-0487 | Oracle | Authentication Bypass vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0490. | 6.4 |
2016-01-19 | CVE-2016-1903 | PHP | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in PHP The gdImageRotateInterpolated function in ext/gd/libgd/gd_interpolation.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and application crash) via a large bgd_color argument to the imagerotate function. | 6.4 |
2016-01-21 | CVE-2016-0602 | Oracle | Local Security vulnerability in Oracle Virtualization Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.14 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Installer. | 6.2 |
2016-01-21 | CVE-2016-0418 | Oracle | Local Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0414. | 6.1 |
2016-01-21 | CVE-2016-0425 | Oracle | Remote Security vulnerability in Oracle JD Edwards products 9.1/9.2 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Monitoring and Diagnostics. | 6.0 |
2016-01-21 | CVE-2016-0475 | Oracle | Unspecified vulnerability in Oracle Jdk, JRE and Jrockit Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Libraries. | 5.8 |
2016-01-21 | CVE-2016-0591 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Supply Chain Management Purchasing 9.1/9.2 Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supplier Change. | 5.5 |
2016-01-21 | CVE-2016-0564 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0561. | 5.5 |
2016-01-21 | CVE-2016-0561 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-0564. | 5.5 |
2016-01-21 | CVE-2016-0557 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Administration, a different vulnerability than CVE-2016-0556. | 5.5 |
2016-01-21 | CVE-2016-0556 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Administration, a different vulnerability than CVE-2016-0557. | 5.5 |
2016-01-21 | CVE-2016-0523 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Interaction Blending component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Blending Administration. | 5.5 |
2016-01-21 | CVE-2016-0472 | Oracle | Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2 Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality and availability via unknown vectors. | 5.5 |
2016-01-21 | CVE-2016-0470 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.1.9/12.2.1 Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to BI Publisher Security. | 5.5 |
2016-01-20 | CVE-2015-5295 | Openstack Redhat Oracle Fedoraproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products The template-validate command in OpenStack Orchestration API (Heat) before 2015.1.3 (kilo) and 5.0.x before 5.0.1 (liberty) allows remote authenticated users to cause a denial of service (memory consumption) or determine the existence of local files via the resource type in a template, as demonstrated by file:///dev/zero. | 5.4 |
2016-01-19 | CVE-2016-1907 | Openbsd | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Openbsd Openssh The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted network traffic. | 5.3 |
2016-01-21 | CVE-2016-0455 | Oracle | Local Security vulnerability in Oracle Enterprise Manager Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality and availability via unknown vectors related to Agent Next Gen. | 5.2 |
2016-01-22 | CVE-2015-6925 | Wolfssl | Resource Management Errors vulnerability in Wolfssl wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to cause a denial of service (resource consumption or traffic amplification) via a crafted DTLS cookie in a ClientHello message. | 5.0 |
2016-01-21 | CVE-2016-0585 | Oracle | Remote Security vulnerability in Oracle Application Object Library 11.5.10.2 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect availability via vectors related to ICX Error. | 5.0 |
2016-01-21 | CVE-2016-0580 | Oracle | Remote Security vulnerability in Oracle Report Manager 11.5.10.2 Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect availability via unknown vectors. | 5.0 |
2016-01-21 | CVE-2016-0571 | Oracle | Remote Security vulnerability in Oracle Balanced Scorecard 11.5.10.2/12.1 Unspecified vulnerability in the Oracle Balanced Scorecard component in Oracle E-Business Suite 11.5.10.2 and 12.1 allows remote attackers to affect confidentiality via unknown vectors. | 5.0 |
2016-01-21 | CVE-2016-0570 | Oracle | Remote Security vulnerability in Oracle Human Capital Management Configuration Workbench 12.1.1/12.1.2/12.1.3 Unspecified vulnerability in the Oracle HCM Configuration Workbench component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors. | 5.0 |
2016-01-21 | CVE-2016-0569 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors. | 5.0 |
2016-01-21 | CVE-2016-0568 | Oracle | Remote Security vulnerability in Oracle Email Center 12.1.1/12.1.2/12.1.3 Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Server Components. | 5.0 |
2016-01-21 | CVE-2016-0567 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle E-Business Intelligence component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Embedded Data Warehouse. | 5.0 |
2016-01-21 | CVE-2016-0566 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via unknown vectors related to Deliverables. | 5.0 |
2016-01-21 | CVE-2016-0565 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors. | 5.0 |
2016-01-21 | CVE-2016-0541 | Oracle | Remote Security vulnerability in Oracle Configurator 11.5.10.2/12.1/12.2 Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0540. | 5.0 |
2016-01-21 | CVE-2016-0540 | Oracle | Remote Security vulnerability in Oracle Configurator 11.5.10.2/12.1/12.2 Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect confidentiality via unknown vectors related to UI Servlet, a different vulnerability than CVE-2016-0541. | 5.0 |
2016-01-21 | CVE-2016-0539 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Report Manager component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality via unknown vectors. | 5.0 |
2016-01-21 | CVE-2016-0538 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Financial Consolidation Hub component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality via unknown vectors related to Business Intelligence. | 5.0 |
2016-01-21 | CVE-2016-0526 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via unknown vectors related to Wireless Framework. | 5.0 |
2016-01-21 | CVE-2016-0501 | Oracle | Remote Security vulnerability in Oracle Secure Global Desktop 5.2 Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 5.2 allows remote attackers to affect availability via vectors related to SGD Core. | 5.0 |
2016-01-21 | CVE-2016-0486 | Oracle | Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0482, and CVE-2016-0485. | 5.0 |
2016-01-21 | CVE-2016-0485 | Oracle | Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0482, and CVE-2016-0486. | 5.0 |
2016-01-21 | CVE-2016-0484 | Oracle | Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps. | 5.0 |
2016-01-21 | CVE-2016-0482 | Oracle | Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0485, and CVE-2016-0486. | 5.0 |
2016-01-21 | CVE-2016-0481 | Oracle | Directory Traversal vulnerability in Oracle Enterprise Manager Grid Control 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0482, CVE-2016-0485, and CVE-2016-0486. | 5.0 |
2016-01-21 | CVE-2016-0480 | Oracle | Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0481, CVE-2016-0482, CVE-2016-0485, and CVE-2016-0486. | 5.0 |
2016-01-21 | CVE-2016-0478 | Oracle | Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and CVE-2016-0477. | 5.0 |
2016-01-21 | CVE-2016-0477 | Oracle | Directory Traversal vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0476 and CVE-2016-0478. | 5.0 |
2016-01-21 | CVE-2016-0476 | Oracle | Directory Traversal vulnerability in Oracle Enterprise Manager Grid Control 12.4.0.2/12.5.0.2 Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0477 and CVE-2016-0478. | 5.0 |
2016-01-21 | CVE-2016-0466 | Canonical Oracle | Unspecified vulnerability in the Java SE, Java SE Embedded, and JRockit components in Oracle Java SE 6u105, 7u91, and 8u66; Java SE Embedded 8u65; and JRockit R28.3.8 allows remote attackers to affect availability via vectors related to JAXP. | 5.0 |
2016-01-21 | CVE-2016-0460 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.55 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.55 allows remote attackers to affect integrity via unknown vectors related to Fluid Homepage and NavBar. | 5.0 |
2016-01-21 | CVE-2016-0457 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 12.1/12.2 Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0456. | 5.0 |
2016-01-21 | CVE-2016-0456 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 12.1/12.2 Unspecified vulnerability in the Application Mgmt Pack for E-Business Suite component in Oracle E-Business Suite 12.1 and 12.2 allows remote attackers to affect confidentiality via vectors related to REST Framework, a different vulnerability than CVE-2016-0457. | 5.0 |
2016-01-21 | CVE-2016-0450 | Oracle | Denial of Service vulnerability in Oracle Goldengate 11.2/12.1.2 Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect availability via unknown vectors. | 5.0 |
2016-01-21 | CVE-2016-0439 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.1.9 Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0430. | 5.0 |
2016-01-21 | CVE-2016-0421 | Oracle | Remote Security vulnerability in Oracle JD Edwards products 9.1/9.2 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Monitoring and Diagnostics SEC. | 5.0 |
2016-01-21 | CVE-2016-0416 | Oracle | Remote Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to System Archive Utility. | 5.0 |
2016-01-21 | CVE-2016-0402 | Canonical Oracle | Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking. | 5.0 |
2016-01-20 | CVE-2016-1296 | Cisco | 7PK - Security Features vulnerability in Cisco web Security Appliance 8.5.3055/9.1.0000/9.5.0235 The proxy engine on Cisco Web Security Appliance (WSA) devices with software 8.5.3-055, 9.1.0-000, and 9.5.0-235 allows remote attackers to bypass intended proxy restrictions via a malformed HTTP method, aka Bug ID CSCux00848. | 5.0 |
2016-01-20 | CVE-2015-4951 | IBM | Improper Input Validation vulnerability in IBM Tivoli Storage Manager Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 and 6.x before 6.3.2.5, 6.4 before 6.4.3.1, and 7.1 before 7.1.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted Web client URL. | 5.0 |
2016-01-18 | CVE-2015-4942 | IBM | Resource Management Errors vulnerability in IBM Websphere MQ Light 1.0/1.0.0.1 IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to cause a denial of service (MQXR service crash) via a series of connect and disconnect actions, a different vulnerability than CVE-2015-4943. | 5.0 |
2016-01-21 | CVE-2016-0465 | Oracle | Local Security vulnerability in Oracle and SUN Systems Product Suite 3.3/4.0 Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4 allows local users to affect availability via unknown vectors related to Resource Group Manager. | 4.9 |
2016-01-21 | CVE-2016-0428 | Oracle | Local Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Verified Boot. | 4.9 |
2016-01-21 | CVE-2016-0419 | Oracle | Local Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0431. | 4.9 |
2016-01-22 | CVE-2016-1571 | Citrix XEN | Code vulnerability in multiple products The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x through 4.6.x, when using shadow mode paging or nested virtualization is enabled, allows local HVM guest users to cause a denial of service (host crash) via a non-canonical guest address in an INVVPID instruction, which triggers a hypervisor bug check. | 4.7 |
2016-01-22 | CVE-2016-1572 | Ecryptfs Canonical Opensuse Debian Fedoraproject | Improper Privilege Management vulnerability in multiple products mount.ecryptfs_private.c in eCryptfs-utils does not validate mount destination filesystem types, which allows local users to gain privileges by mounting over a nonstandard filesystem, as demonstrated by /proc/$pid. | 4.6 |
2016-01-21 | CVE-2016-0449 | Oracle | Local Security vulnerability in Oracle Enterprise Manager Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next Gen, a different vulnerability than CVE-2016-0444 and CVE-2016-0447. | 4.6 |
2016-01-21 | CVE-2016-0447 | Oracle | Local Security vulnerability in Oracle Enterprise Manager Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next Gen, a different vulnerability than CVE-2016-0444 and CVE-2016-0449. | 4.6 |
2016-01-21 | CVE-2016-0445 | Oracle | Local Security vulnerability in Oracle Enterprise Manager Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next Gen. | 4.6 |
2016-01-21 | CVE-2016-0417 | Oracle | Local Security vulnerability in Oracle Solaris Cluster 3.3/4.2 Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.2 allows local users to affect confidentiality, integrity, and availability via vectors related to HA for MySQL. | 4.6 |
2016-01-21 | CVE-2016-0411 | Oracle | Local Security vulnerability in Oracle Enterprise Manager Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1 and 11.2.0.4 allows local users to affect confidentiality, integrity, and availability via vectors related to Agent Next Gen. | 4.6 |
2016-01-21 | CVE-2016-0444 | Oracle | Local Security vulnerability in Oracle Enterprise Manager Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Agent Next Gen, a different vulnerability than CVE-2016-0447 and CVE-2016-0449. | 4.4 |
2016-01-22 | CVE-2016-1135 | Buffalotech | Cross-site Scripting vulnerability in Buffalotech products Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and earlier, WHR-600D devices with firmware 1.90 and earlier, WMR-300 devices with firmware 1.90 and earlier, WMR-433 devices with firmware 1.01 and earlier, and WSR-1166DHP devices with firmware 1.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2016-01-21 | CVE-2016-0594 | Opensuse Oracle | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows remote authenticated users to affect availability via vectors related to DML. | 4.3 |
2016-01-21 | CVE-2016-0590 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Supply Chain Management Order Management 9.1/9.2 Unspecified vulnerability in the PeopleSoft Enterprise SCM Order Management component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote attackers to affect integrity via unknown vectors. | 4.3 |
2016-01-21 | CVE-2016-0588 | Oracle | Remote Security vulnerability in Oracle General Ledger 11.5.10.2 Unspecified vulnerability in the Oracle General Ledger component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Consolidation Hierarchy Viewer. | 4.3 |
2016-01-21 | CVE-2016-0586 | Oracle | Remote Security vulnerability in Oracle Application Object Library 11.5.10.2 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to iHelp. | 4.3 |
2016-01-21 | CVE-2016-0584 | Oracle | Remote Security vulnerability in Oracle Customer Relationship Management Technical Foundation 11.5.10.2 Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0579, CVE-2016-0582, and CVE-2016-0583. | 4.3 |
2016-01-21 | CVE-2016-0583 | Oracle | Remote Security vulnerability in Oracle CRM Technical Foundation 11.5.10.2 Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0579, CVE-2016-0582, and CVE-2016-0584. | 4.3 |
2016-01-21 | CVE-2016-0582 | Oracle | Remote Security vulnerability in Oracle Customer Relationship Management Technical Foundation 11.5.10.2 Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0579, CVE-2016-0583, and CVE-2016-0584. | 4.3 |
2016-01-21 | CVE-2016-0579 | Oracle | Remote Security vulnerability in Oracle Customer Relationship Management Technical Foundation 11.5.10.2 Unspecified vulnerability in the Oracle CRM Technology Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components, a different vulnerability than CVE-2016-0582, CVE-2016-0583, and CVE-2016-0584. | 4.3 |
2016-01-21 | CVE-2016-0575 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Learning Management component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to OTA Self Service. | 4.3 |
2016-01-21 | CVE-2016-0558 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Service Contracts component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Renewals. | 4.3 |
2016-01-21 | CVE-2016-0555 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle CADView-3D component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Studio. | 4.3 |
2016-01-21 | CVE-2016-0542 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via unknown vectors related to Field Service Map. | 4.3 |
2016-01-21 | CVE-2016-0536 | Oracle | Remote Security vulnerability in Oracle Universal Work Queue 11.5.10.2 Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to error messages. | 4.3 |
2016-01-21 | CVE-2016-0535 | Oracle | Remote Security vulnerability in Oracle Solaris 10/11 Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows remote attackers to affect availability via vectors related to RPC. | 4.3 |
2016-01-21 | CVE-2016-0534 | Oracle | Remote Security vulnerability in Oracle Project Contracts 12.1.1/12.1.2/12.1.3 Unspecified vulnerability in the Oracle Project Contracts component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Printing. | 4.3 |
2016-01-21 | CVE-2016-0533 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Messaging. | 4.3 |
2016-01-21 | CVE-2016-0521 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to Redirection. | 4.3 |
2016-01-21 | CVE-2016-0520 | Oracle | Remote Security vulnerability in Oracle Application Object Library 11.5.10.2 Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to Java APIs. | 4.3 |
2016-01-21 | CVE-2016-0519 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle iReceivables component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AR Web Utilities, a different vulnerability than CVE-2016-0507. | 4.3 |
2016-01-21 | CVE-2016-0513 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via vectors related to BIS Common Components. | 4.3 |
2016-01-21 | CVE-2016-0509 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AP Web Utilities. | 4.3 |
2016-01-21 | CVE-2016-0508 | Oracle | Remote Security vulnerability in Oracle Ilearning 6.0/6.1 Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 6.0 and 6.1 allows remote attackers to affect integrity via unknown vectors related to Learner Administration. | 4.3 |
2016-01-21 | CVE-2016-0507 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2 Unspecified vulnerability in the Oracle iReceivables component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors related to AR Web Utilities, a different vulnerability than CVE-2016-0519. | 4.3 |
2016-01-21 | CVE-2016-0506 | Oracle | Remote Security vulnerability in Oracle Retail Order Management System Cloud Service Unspecified vulnerability in the Oracle Retail Order Management System Cloud Service component in Oracle Retail Applications 3.5, 4.5, 4.7, 5.0, and 15.0 allows remote attackers to affect confidentiality via unknown vectors related to Order Entry. | 4.3 |
2016-01-21 | CVE-2016-0497 | Oracle | Remote Security vulnerability in Oracle Agile Engineering Data Management 6.1.2.2/6.1.3.0/6.2.0.0 Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Web Client. | 4.3 |
2016-01-21 | CVE-2016-0496 | Oracle | Remote Security vulnerability in Oracle MICROS CWDirect Unspecified vulnerability in the MICROS CWDirect component in Oracle Retail Applications 12.5, 13.0, 14.0, 15.0, 16.0, 17.0, and 18.0 allows remote attackers to affect confidentiality via unknown vectors related to Order Entry. | 4.3 |
2016-01-21 | CVE-2016-0495 | Oracle Debian | Remote Security vulnerability in Oracle Virtualization Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and 5.0.14 allows remote attackers to affect availability via unknown vectors related to Core. | 4.3 |
2016-01-21 | CVE-2016-0471 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.53/8.54 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote attackers to affect confidentiality via unknown vectors related to Multichannel Framework. | 4.3 |
2016-01-21 | CVE-2016-0464 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 10.3.6/12.1.2.0/12.1.3.0 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to WLS-Console. | 4.3 |
2016-01-21 | CVE-2016-0463 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.53/8.54/8.55 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality via unknown vectors related to Portal. | 4.3 |
2016-01-21 | CVE-2016-0443 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Grid Control 11.1.0.1/12.1.0.4/12.1.0.5 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentiality via unknown vectors related to Agent Next Gen. | 4.3 |
2016-01-21 | CVE-2016-0433 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.9 Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support. | 4.3 |
2016-01-21 | CVE-2016-0430 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.1.9 Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0439. | 4.3 |
2016-01-21 | CVE-2016-0429 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.1.9 Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect integrity via unknown vectors related to Scheduler, a different vulnerability than CVE-2016-0401. | 4.3 |
2016-01-21 | CVE-2016-0404 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.2.2 Unspecified vulnerability in the Oracle Identity Federation component in Oracle Fusion Middleware 11.1.2.2 allows remote attackers to affect integrity via vectors related to Admin. | 4.3 |
2016-01-21 | CVE-2016-0401 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7.0/11.1.1.9 Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect integrity via unknown vectors related to Scheduler, a different vulnerability than CVE-2016-0429. | 4.3 |
2016-01-21 | CVE-2015-4885 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Grid Control 12.1.0.4 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.4 allows remote attackers to affect confidentiality via vectors related to Agent Next Gen. | 4.3 |
2016-01-20 | CVE-2016-1900 | Fedoraproject Cgit Project | CRLF injection vulnerability in the cgit_print_http_headers function in ui-shared.c in CGit before 0.12 allows remote attackers with permission to write to a repository to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via newline characters in a filename. | 4.3 |
2016-01-20 | CVE-2016-1899 | Fedoraproject Cgit Project | CRLF injection vulnerability in the ui-blob handler in CGit before 0.12 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks or cross-site scripting (XSS) attacks via CRLF sequences in the mimetype parameter, as demonstrated by a request to blob/cgit.c. | 4.3 |
2016-01-20 | CVE-2016-1867 | Jasper Project | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Jasper Project Jasper 1.900.1 The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG 2000 image. | 4.3 |
2016-01-18 | CVE-2016-0201 | IBM | Information Exposure vulnerability in IBM Security Network Protection Firmware 5.3.1/5.3.2 GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and 5.3.2 allows remote attackers to discover credentials by triggering an MD5 collision. | 4.3 |
2016-01-18 | CVE-2015-7886 | Netapp | Information Exposure vulnerability in Netapp Data Ontap NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are enabled, allows remote attackers to obtain sensitive volume information via unspecified vectors. | 4.3 |
2016-01-18 | CVE-2015-5008 | IBM | Cross-site Scripting vulnerability in IBM Websphere Commerce Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2016-01-18 | CVE-2015-5002 | IBM | Cross-site Scripting vulnerability in IBM Host On-Demand Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 through 11.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2016-01-18 | CVE-2015-4959 | IBM | Cross-site Scripting vulnerability in IBM Tivoli Federated Identity Manager 6.2.2 Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before FP16 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 4.3 |
2016-01-21 | CVE-2016-0616 | Redhat Canonical Mariadb Oracle Opensuse Debian | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | 4.0 |
2016-01-21 | CVE-2016-0614 | Oracle | Remote Security vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.0.0 Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors. | 4.0 |
2016-01-21 | CVE-2016-0611 | Canonical Oracle Opensuse Redhat | Improper Access Control vulnerability in multiple products Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | 4.0 |
2016-01-21 | CVE-2016-0597 | Redhat Oracle Opensuse Canonical Debian Mariadb | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | 4.0 |
2016-01-21 | CVE-2016-0596 | Redhat Oracle Debian Opensuse Canonical Mariadb | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and 5.6.27 and earlier and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. | 4.0 |
2016-01-21 | CVE-2016-0595 | Redhat Oracle Canonical Opensuse | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows remote authenticated users to affect availability via vectors related to DML. | 4.0 |
2016-01-21 | CVE-2016-0587 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.53/8.54/8.55 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors related to File Processing. | 4.0 |
2016-01-21 | CVE-2016-0562 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Common Applications component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via vectors related to CRM User Management Framework. | 4.0 |
2016-01-21 | CVE-2016-0531 | Oracle | Remote Security vulnerability in Oracle Applications Manager 12.1.3 Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Oracle Diagnostics Interfaces. | 4.0 |
2016-01-21 | CVE-2016-0503 | Canonical Redhat Opensuse Oracle | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via vectors related to DML, a different vulnerability than CVE-2016-0504. | 4.0 |
2016-01-21 | CVE-2016-0502 | Opensuse Oracle Mariadb | Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | 4.0 |
2016-01-21 | CVE-2016-0467 | Oracle | Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2 Unspecified vulnerability in the Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors. | 4.0 |
2016-01-21 | CVE-2016-0462 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.53/8.54 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Multichannel Framework, a different vulnerability than CVE-2015-2650. | 4.0 |
2016-01-21 | CVE-2016-0461 | Oracle | Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2 Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect availability via unknown vectors. | 4.0 |
2016-01-21 | CVE-2016-0459 | Oracle | Remote Security vulnerability in Oracle E-Business Suite Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote authenticated users to affect integrity via unknown vectors related to Popup Windows. | 4.0 |
2016-01-21 | CVE-2016-0458 | Oracle | Local Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Kernel DAX. | 4.0 |
2016-01-21 | CVE-2016-0448 | Oracle Canonical | Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX. | 4.0 |
2016-01-21 | CVE-2016-0427 | Oracle | Remote Security vulnerability in Oracle Enterprise Manager Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework. | 4.0 |
2016-01-21 | CVE-2016-0413 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 11.1.1.7 Unspecified vulnerability in the Oracle Identity Federation component in Oracle Fusion Middleware 11.1.1.7 allows remote authenticated users to affect integrity via vectors related to Federation protocol support. | 4.0 |
2016-01-21 | CVE-2016-0409 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 9.1/9.2 Unspecified vulnerability in the PeopleSoft Enterprise HCM Global Payroll Switzerland component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Security. | 4.0 |
2016-01-21 | CVE-2015-4923 | Oracle | Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2 Unspecified vulnerability in the XML Developer's Kit for C component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect availability via unknown vectors. | 4.0 |
2016-01-21 | CVE-2015-4921 | Oracle | Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.1/12.1.0.2 Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors. | 4.0 |
39 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2016-01-21 | CVE-2016-0426 | Oracle | Local Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality and availability via unknown vectors related to Solaris Kernel Zones. | 3.6 |
2016-01-23 | CVE-2015-7417 | IBM | Cross-site Scripting vulnerability in IBM Websphere Application Server Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider. | 3.5 |
2016-01-21 | CVE-2016-0610 | Oracle Debian Mariadb Opensuse Redhat Canonical | Remote Security vulnerability in Oracle Mysql Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and MariaDB before 10.0.22 and 10.1.x before 10.1.9 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 3.5 |
2016-01-21 | CVE-2016-0608 | Oracle Redhat Debian Canonical Opensuse Mariadb | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF. | 3.5 |
2016-01-21 | CVE-2016-0606 | Debian Redhat Opensuse Oracle Canonical Mariadb | Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect integrity via unknown vectors related to encryption. | 3.5 |
2016-01-21 | CVE-2016-0601 | Oracle | Remote Security vulnerability in Oracle Mysql 5.7.9 Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Partition. | 3.5 |
2016-01-21 | CVE-2016-0600 | Redhat Debian Oracle Opensuse Canonical Mariadb | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to InnoDB. | 3.5 |
2016-01-21 | CVE-2016-0599 | Oracle | Remote Security vulnerability in Oracle Mysql 5.7.9 Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer. | 3.5 |
2016-01-21 | CVE-2016-0598 | Opensuse Oracle Redhat Debian Canonical Mariadb | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to DML. | 3.5 |
2016-01-21 | CVE-2016-0474 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise Peopletools 8.54/8.55 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect integrity via vectors related to PIA Core Technology. | 3.5 |
2016-01-21 | CVE-2016-0473 | Oracle | Remote Security vulnerability in Oracle PeopleSoft Enterprise Peopletools 8.54/8.55 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect integrity via unknown vectors related to Fluid Core. | 3.5 |
2016-01-21 | CVE-2016-0412 | Oracle | Remote Security vulnerability in Oracle Peoplesoft Supply Chain Management Eprocurement 9.1/9.2 Unspecified vulnerability in the PeopleSoft Enterprise SCM eProcurement component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect integrity via unknown vectors related to Manage Requisition Status. | 3.5 |
2016-01-21 | CVE-2015-4924 | Oracle | Remote Security vulnerability in Oracle Agile PLM Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect integrity via vectors related to Security. | 3.5 |
2016-01-18 | CVE-2015-5009 | IBM | Cross-site Scripting vulnerability in IBM Websphere Commerce Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 through FP11, 6.0 Feature Pack 4, 7.0 through FP9, 7.0 Feature Pack 5 through 8, and 8.0 before 8.0.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 3.5 |
2016-01-21 | CVE-2016-0493 | Oracle | Local Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via unknown vectors related to Kernel Cryptography. | 3.3 |
2016-01-21 | CVE-2016-0435 | Oracle | Local Security vulnerability in Oracle Retail Applications 13.4/14.0/14.1 Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality and integrity via vectors related to Mobile POS. | 3.3 |
2016-01-21 | CVE-2016-0406 | Oracle | Local Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via vectors related to Libc. | 3.3 |
2016-01-21 | CVE-2016-0607 | Redhat Oracle Opensuse Canonical | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to replication. | 2.8 |
2016-01-22 | CVE-2015-7744 | Wolfssl Opensuse Mariadb | wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults associated with the Chinese Remainder Theorem (CRT) process when allowing ephemeral key exchange without low memory optimizations on a server, which makes it easier for remote attackers to obtain private RSA keys by capturing TLS handshakes, aka a Lenstra attack. | 2.6 |
2016-01-21 | CVE-2015-4926 | Oracle | Remote Security vulnerability in Oracle E-Business Suite 11.5.10.2/12.1/12.2 Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.1, and 12.2 allows remote attackers to affect integrity via vectors related to UIX. | 2.6 |
2016-01-21 | CVE-2016-0605 | Redhat Opensuse Oracle | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows remote authenticated users to affect availability via unknown vectors. | 2.1 |
2016-01-21 | CVE-2016-0592 | Oracle Debian | Local Security vulnerability in Oracle Virtualization Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.36 and before 5.0.14 allows local users to affect availability via unknown vectors related to Core. | 2.1 |
2016-01-21 | CVE-2016-0454 | Oracle | Local Security vulnerability in Oracle E-Business Suite 12.1/12.2 Unspecified vulnerability in the Oracle Mobile Application Servlet component in Oracle E-Business Suite 12.1 and 12.2 allows local users to affect confidentiality via vectors related to MWA Server Manager. | 2.1 |
2016-01-21 | CVE-2016-0446 | Oracle | Local Security vulnerability in Oracle Enterprise Manager Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows local users to affect confidentiality via unknown vectors related to Agent Next Gen. | 2.1 |
2016-01-21 | CVE-2015-4922 | Oracle | Local Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via vectors related to Boot. | 2.1 |
2016-01-21 | CVE-2015-4920 | Oracle | Local Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity via vectors related to NDMP Backup Service. | 2.1 |
2016-01-20 | CVE-2015-8777 | GNU | 7PK - Security Features vulnerability in GNU Glibc The process_envvars function in elf/rtld.c in the GNU C Library (aka glibc or libc6) before 2.23 allows local users to bypass a pointer-guarding protection mechanism via a zero value of the LD_POINTER_GUARD environment variable. | 2.1 |
2016-01-21 | CVE-2016-0438 | Oracle | Local Security vulnerability in Oracle Retail Applications 13.4/14.0/14.1 Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0436, and CVE-2016-0437. | 1.9 |
2016-01-21 | CVE-2016-0437 | Oracle | Local Security vulnerability in Oracle Retail Applications 13.4/14.0/14.1 Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0436, and CVE-2016-0438. | 1.9 |
2016-01-21 | CVE-2016-0436 | Oracle | Local Security vulnerability in Oracle Retail Applications 13.4/14.0/14.1 Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0437, and CVE-2016-0438. | 1.9 |
2016-01-21 | CVE-2016-0434 | Oracle | Local Security vulnerability in Oracle Retail Applications 13.4/14.0/14.1 Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0436, CVE-2016-0437, and CVE-2016-0438. | 1.9 |
2016-01-21 | CVE-2016-0432 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, and CVE-2015-6015. | 1.9 |
2016-01-21 | CVE-2015-4808 | Oracle | Local Security vulnerability in Oracle Fusion Middleware 8.5.0/8.5.1/8.5.2 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via vectors related to Outside In Filters, a different vulnerability than CVE-2015-6013, CVE-2015-6014, CVE-2015-6015, and CVE-2016-0432. | 1.9 |
2016-01-21 | CVE-2016-0453 | Oracle | Remote Security vulnerability in Oracle Fusion Middleware 3.1.2 Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.1.2 allows remote attackers to affect integrity via unknown vectors related to Embedded Server. | 1.8 |
2016-01-21 | CVE-2016-0609 | Oracle Redhat Debian Opensuse Canonical Mariadb | Remote Security vulnerability in Oracle MySQL Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via unknown vectors related to privileges. | 1.7 |
2016-01-21 | CVE-2016-0405 | Oracle | Local Security vulnerability in Oracle and SUN Systems Product Suite 3.3/4.0 Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4 allows local users to affect confidentiality via vectors related to Cluster Manageability and Serviceability. | 1.7 |
2016-01-21 | CVE-2016-0498 | Oracle | Local Security vulnerability in Oracle Agile Engineering Data Management 6.1.2.2/6.1.3.0/6.2.0.0 Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.2.2, 6.1.3.0, and 6.2.0.0 allows local users to affect confidentiality via unknown vectors related to Install. | 1.5 |
2016-01-21 | CVE-2016-0618 | Oracle | Local Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality via unknown vectors related to Zones. | 1.4 |
2016-01-21 | CVE-2016-0431 | Oracle | Local Security vulnerability in Oracle Solaris 11 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0419. | 1.2 |