Weekly Vulnerabilities Reports > July 18 to 24, 2016

Overview

288 new vulnerabilities reported during this period, including 47 critical vulnerabilities and 49 high severity vulnerabilities. This weekly summary report vulnerabilities in 124 products from 24 vendors including Oracle, Apple, Google, Canonical, and Redhat. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", "Use After Free", and "Improper Access Control".

  • 245 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 223 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 196 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 39 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

47 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-07-22 CVE-2016-5743 Siemens Improper Input Validation vulnerability in Siemens Simatic Batch, Simatic Openpcs 7 and Simatic Wincc

Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.

10.0
2016-07-22 CVE-2016-4629 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image.

10.0
2016-07-21 CVE-2016-3613 Oracle Remote Security vulnerability in Oracle Secure Global Desktop 4.63/4.71/5.2

Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to OpenSSL.

10.0
2016-07-21 CVE-2016-3607 Oracle Multiple vulnerability in Oracle July 2016 Critical Patch Update

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container.

10.0
2016-07-21 CVE-2016-3586 Oracle Remote Code Execution vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.0.0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3510.

10.0
2016-07-21 CVE-2016-3556 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to EM Integration.

10.0
2016-07-21 CVE-2016-3510 Oracle Remote Code Execution vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.0.0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.

10.0
2016-07-21 CVE-2016-3499 Oracle Arbitrary File Upload vulnerability in Oracle WebLogic Server 12.1.3.0.0/12.2.1.0.0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0 and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container.

10.0
2016-07-21 CVE-2016-3493 Oracle Remote Security vulnerability in Oracle Hyperion Financial Reporting 11.1.2.4

Unspecified vulnerability in the Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Security Models.

10.0
2016-07-21 CVE-2016-3487 Oracle Remote Security vulnerability in Oracle Webcenter Sites 11.1.1.8/12.2.1.0

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

10.0
2016-07-21 CVE-2016-3468 Oracle Remote Security vulnerability in Oracle Agile Engineering Data Management 6.1.3.0/6.2.0.0

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install.

10.0
2016-07-21 CVE-2016-3444 Oracle Remote Security vulnerability in Oracle Retail Integration Bus

Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install.

10.0
2016-07-19 CVE-2016-5080 Objective Systems Heap Based Buffer Overflow vulnerability in Objective Systems ASN1C

Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.

10.0
2016-07-21 CVE-2016-3546 Oracle Remote Security vulnerability in Oracle Advanced Collections 12.1.1/12.1.2/12.1.3

Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Report JSPs.

9.4
2016-07-21 CVE-2016-3543 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks.

9.4
2016-07-21 CVE-2016-3541 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Notes.

9.4
2016-07-21 CVE-2016-3527 Oracle Remote Security vulnerability in Oracle Demand Planning 12.1/12.2

Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 12.1 and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to ODPDA Servlet.

9.4
2016-07-23 CVE-2016-1706 Google Improper Input Validation vulnerability in Google Chrome

The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.

9.3
2016-07-22 CVE-2016-4641 Apple Improper Input Validation vulnerability in Apple mac OS X

Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion."

9.3
2016-07-22 CVE-2016-4640 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-07-22 CVE-2016-4638 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion."

9.3
2016-07-22 CVE-2016-4621 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

9.3
2016-07-21 CVE-2016-3610 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Linux

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.

9.3
2016-07-21 CVE-2016-3598 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Linux

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.

9.3
2016-07-21 CVE-2016-3587 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Linux

Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.

9.3
2016-07-21 CVE-2016-3564 Oracle Multiple vulnerability in Oracle Toplink 12.1.3.0/12.2.1.0/12.2.1.1

Unspecified vulnerability in the Oracle TopLink component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JPA-RS.

9.3
2016-07-21 CVE-2016-5474 Oracle Remote Security vulnerability in Oracle Retail Service Backbone 14.0/14.1/15.0

Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RSB Kernel.

9.0
2016-07-21 CVE-2016-5457 Oracle Remote Security vulnerability in Oracle Integrated Lights OUT Manager Firmware 3.0/3.1/3.2

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to LUMAIN.

9.0
2016-07-21 CVE-2016-3596 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3595.

9.0
2016-07-21 CVE-2016-3595 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3594 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3593 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3592 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3591 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3590 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3583 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3582 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3581 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3580 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3579 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3578 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3577 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3576 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3575 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3574 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.0/8.5.1/8.5.2

Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.

9.0
2016-07-21 CVE-2016-3554 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to PC / BOM, MCAD, and Design.

9.0
2016-07-21 CVE-2016-0635 Oracle Remote Security vulnerability in Multiple Oracle Products

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Master Person Index component in Oracle Health Sciences Applications 2.0.12, 3.0.0, and 4.0.1; the Oracle Documaker component in Oracle Insurance Applications before 12.5; the Oracle Insurance Calculation Engine component in Oracle Insurance Applications 9.7.1, 10.1.2, and 10.2.2; the Oracle Insurance Policy Administration J2EE and Oracle Insurance Rules Palette components in Oracle Insurance Applications 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0, and 10.2.2; the Oracle Retail Integration Bus component in Oracle Retail Applications 15.0; the Oracle Retail Order Broker component in Oracle Retail Applications 5.1, 5.2, and 15.0; the Primavera Contract Management component in Oracle Primavera Products Suite 14.2; the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.2, 8.3, 8.4, 15.1, 15.2, and 16.1; the Oracle Financial Services Analytical Applications Infrastructure component in Oracle Financial Services Applications 8.0.0, 8.0.1, 8.0.2, and 8.0.3; the Oracle Commerce Guided Search / Oracle Commerce Experience Manager component in Oracle Commerce 3.1.1, 3.1.2, 11.0, 11.1, and 11.2; the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5; the Oracle Communications BRM - Elastic Charging Engine 11.2.0.0.0 and 11.3.0.0.0; the Oracle Enterprise Repository Enterprise Repository 12.1.3.0.0; the Oracle Financial Services Behavior Detection Platform 8.0.1 and 8.0.2; the Oracle Hyperion Essbase 12.2.1.1; the Oracle Tuxedo System and Applications Monitor (TSAM) 11.1.1.2.0, 11.1.1.2.1, 11.1.1.2.1, 12.1.1.1.0, 12.1.3.0.0, and 12.2.2.0.0; the Oracle Communications WebRTC Session Controller component of Oracle Communications Applications (subcomponent: Security (Spring)) 7.0, 7.1 and 7.2; the Oracle Endeca Information Discovery Integrator 3.2; the Converged Commerce component of Oracle Retail Applications 16.0.1; the Oracle Identity Manager 11.1.2.3.0; Oracle Enterprise Manager for MySQL Database 12.1.0.4; Oracle Retail Invoice Matching 12.0, 13.0, 13.1, 13.2, 14.0, and 14.1; Oracle Communications Performance Intelligence Center (PIC) Software Prior to 10.2.1 and the Oracle Knowledge component of Oracle Siebel CRM (subcomponent: AnswerFlow (Spring Framework)) version 8.5.1.0 - 8.5.1.7 and 8.6.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

9.0

49 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-07-21 CVE-2016-3609 Oracle Remote Security vulnerability in Oracle Database 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

8.5
2016-07-21 CVE-2016-3542 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality and integrity via unknown vectors.

8.5
2016-07-21 CVE-2016-3522 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Application Service.

8.5
2016-07-21 CVE-2016-3491 Oracle Remote Security vulnerability in Oracle CRM Technical Foundation 12.1.3

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless Framework.

8.5
2016-07-19 CVE-2016-5654 Misys Permissions, Privileges, and Access Controls vulnerability in Misys Fusioncapital Opics Plus

Misys FusionCapital Opics Plus allows remote authenticated users to gain privileges via a man-in-the-middle attack that modifies the xmlMessageOut parameter.

8.5
2016-07-21 CVE-2016-5475 Oracle Remote Security vulnerability in Oracle Retail Service Backbone 14.0/14.1/15.0

Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install.

8.0
2016-07-22 CVE-2016-4591 Apple Improper Access Control vulnerability in Apple Webkit

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.

7.8
2016-07-21 CVE-2016-3535 Oracle Remote Security vulnerability in Oracle CRM Technical Foundation 12.1.3

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Remote Launch.

7.8
2016-07-21 CVE-2016-3532 Oracle Remote Security vulnerability in Oracle Advanced Inbound Telephony 12.1.1/12.1.2/12.1.3

Unspecified vulnerability in the Oracle Advanced Inbound Telephony component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to SDK client integration.

7.8
2016-07-21 CVE-2016-3528 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect availability via vectors related to Expenses Admin Utilities.

7.8
2016-07-21 CVE-2016-3526 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3529 and CVE-2016-3560.

7.8
2016-07-21 CVE-2016-3515 Oracle Remote Security vulnerability in Oracle Enterprise Communications Broker

Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote attackers to affect confidentiality via unknown vectors.

7.8
2016-07-21 CVE-2016-3512 Oracle Remote Security vulnerability in Oracle Customer Interaction History 12.1.1/12.1.2/12.1.3

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Function Security.

7.8
2016-07-21 CVE-2016-3479 Oracle Remote Security vulnerability in Oracle Database 11.2.0.4/12.1.0.2

Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.

7.8
2016-07-22 CVE-2016-4616 Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4615, and CVE-2016-4619.

7.5
2016-07-22 CVE-2016-4615 Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4616, and CVE-2016-4619.

7.5
2016-07-22 CVE-2016-4614 Apple Out-of-bounds Write vulnerability in Apple products

libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4615, CVE-2016-4616, and CVE-2016-4619.

7.5
2016-07-22 CVE-2016-4610 Xmlsoft
Apple
Fedoraproject
Debian
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.

7.5
2016-07-22 CVE-2016-4609 Xmlsoft
Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.

7.5
2016-07-22 CVE-2016-4608 Xmlsoft
Apple
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.

7.5
2016-07-22 CVE-2016-4607 Xmlsoft
Apple
Microsoft
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.

7.5
2016-07-21 CVE-2016-5453 Oracle Remote Security vulnerability in Oracle Integrated Lights OUT Manager Firmware 3.0/3.1/3.2

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI.

7.5
2016-07-21 CVE-2016-5446 Oracle Remote Security vulnerability in Oracle Integrated Lights OUT Manager Firmware 3.0/3.1/3.2

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Infrastructure.

7.5
2016-07-21 CVE-2016-5445 Oracle Remote Security vulnerability in Oracle Integrated Lights OUT Manager Firmware 3.0/3.1/3.2

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2016-07-21 CVE-2016-3561 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SDK.

7.5
2016-07-21 CVE-2016-3539 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3538.

7.5
2016-07-21 CVE-2016-3538 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3539.

7.5
2016-07-21 CVE-2016-3530 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to PGC / Import.

7.5
2016-07-21 CVE-2016-3504 Oracle Remote Security vulnerability in Oracle JDeveloper

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces.

7.5
2016-07-21 CVE-2016-3470 Oracle Remote Security vulnerability in Oracle Transportation Management 6.4.1

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.4.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Install.

7.5
2016-07-21 CVE-2016-3446 Oracle Remote Security vulnerability in Oracle Business Intelligence Enterprise Edition

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Analytics Web Administration.

7.5
2016-07-19 CVE-2015-8947 Harfbuzz Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Harfbuzz Project Harfbuzz

hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.

7.5
2016-07-22 CVE-2016-4653 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.

7.2
2016-07-22 CVE-2016-4647 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.

7.2
2016-07-22 CVE-2016-4634 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.

7.2
2016-07-22 CVE-2016-4627 Apple NULL Pointer Dereference vulnerability in Apple Iphone OS, Tvos and Watchos

IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

7.2
2016-07-22 CVE-2016-4626 Apple NULL Pointer Dereference vulnerability in Apple products

IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.

7.2
2016-07-22 CVE-2016-4625 Apple Use After Free vulnerability in Apple mac OS X

Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.

7.2
2016-07-22 CVE-2016-4582 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.

7.2
2016-07-22 CVE-2016-1863 Apple Use After Free vulnerability in Apple products

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.

7.2
2016-07-22 CVE-2014-9862 Apple Integer Overflow or Wraparound vulnerability in Apple mac OS X

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.

7.2
2016-07-21 CVE-2016-5472 Oracle Local Security vulnerability in Oracle PeopleSoft Enterprise Peopletools 8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows local users to affect confidentiality, integrity, and availability via vectors related to Install and Packaging.

7.2
2016-07-21 CVE-2016-3489 Oracle Local Security vulnerability in Oracle Database 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

7.2
2016-07-22 CVE-2016-4605 Apple NULL Pointer Dereference vulnerability in Apple Iphone OS

Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation.

7.1
2016-07-22 CVE-2016-4592 Apple
Webkitgtk
Resource Exhaustion vulnerability in multiple products

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site.

7.1
2016-07-21 CVE-2016-5470 Oracle Remote Security vulnerability in Oracle PeopleSoft Enterprise Peopletools 8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality via vectors related to Application Designer.

7.1
2016-07-21 CVE-2016-3471 Oracle
Redhat
Local Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.

7.1
2016-07-21 CVE-2016-3544 Oracle Remote Security vulnerability in Oracle Business Intelligence 11.1.1.7.0/11.1.1.9.0/11.2.1.0.0

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 11.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web General.

7.0
2016-07-21 CVE-2016-3536 Oracle Remote Security vulnerability in Oracle Marketing 12.1.1/12.1.2/12.1.3

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Deliverables.

7.0

168 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-07-22 CVE-2016-4633 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.

6.9
2016-07-21 CVE-2016-3511 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.

6.9
2016-07-23 CVE-2016-5136 Google Use After Free vulnerability in Google Chrome

Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.

6.8
2016-07-23 CVE-2016-5132 Google 7PK - Security Features vulnerability in Google Chrome

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.

6.8
2016-07-23 CVE-2016-5131 Google
Xmlsoft
Apple
Canonical
Redhat
Opensuse
Suse
Debian
Use After Free vulnerability in Google Chrome

Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.

6.8
2016-07-23 CVE-2016-5129 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome and V8

Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.

6.8
2016-07-23 CVE-2016-5128 Google 7PK - Security Features vulnerability in Google Chrome

objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

6.8
2016-07-23 CVE-2016-5127 Google Use After Free vulnerability in Google Chrome

Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.

6.8
2016-07-23 CVE-2016-1711 Google Improper Authorization vulnerability in Google Chrome

WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

6.8
2016-07-23 CVE-2016-1710 Google Improper Authorization vulnerability in Google Chrome

The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

6.8
2016-07-23 CVE-2016-1709 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Chrome and Sfntly

Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font.

6.8
2016-07-23 CVE-2016-1708 Google Use After Free vulnerability in Google Chrome

The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.

6.8
2016-07-23 CVE-2016-1705 Google Multiple Security vulnerability in Google Chrome Prior to 52.0.2743.82

Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

6.8
2016-07-22 CVE-2016-4637 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.

6.8
2016-07-22 CVE-2016-4631 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.

6.8
2016-07-22 CVE-2016-4630 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression.

6.8
2016-07-22 CVE-2016-4624 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.

6.8
2016-07-22 CVE-2016-4623 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624.

6.8
2016-07-22 CVE-2016-4622 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.

6.8
2016-07-22 CVE-2016-4602 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4600.

6.8
2016-07-22 CVE-2016-4601 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SGI image.

6.8
2016-07-22 CVE-2016-4600 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602.

6.8
2016-07-22 CVE-2016-4599 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.

6.8
2016-07-22 CVE-2016-4598 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.

6.8
2016-07-22 CVE-2016-4597 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602.

6.8
2016-07-22 CVE-2016-4596 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple mac OS X

QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.

6.8
2016-07-22 CVE-2016-4594 Apple Improper Input Validation vulnerability in Apple products

The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.

6.8
2016-07-22 CVE-2016-4589 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Webkit

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.

6.8
2016-07-22 CVE-2016-4588 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Webkit

WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8
2016-07-22 CVE-2016-4586 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Safari and Tvos

WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8
2016-07-22 CVE-2016-4584 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Iphone OS, Safari and Tvos

The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.

6.8
2016-07-21 CVE-2016-3606 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Linux

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.

6.8
2016-07-21 CVE-2016-3537 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-5473.

6.8
2016-07-21 CVE-2016-3521 IBM
Mariadb
Oracle
Debian
Canonical
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.

6.8
2016-07-21 CVE-2016-3520 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via vectors related to AOL Diagnostic tests.

6.8
2016-07-21 CVE-2016-3518 Oracle Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

6.8
2016-07-21 CVE-2016-3514 Oracle Multiple vulnerability in Oracle July 2016 Critical Patch Update

Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3516.

6.8
2016-07-21 CVE-2016-3513 Oracle Multiple vulnerability in Oracle Communications Operations Monitor 3.3.92.0.0

Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure.

6.8
2016-07-21 CVE-2016-3506 Oracle Remote Security vulnerability in Oracle Jdbc 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2; the Oracle Retail Xstore Point of Service 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, and 16.0; the Oracle Retail Warehouse Management System 14.04, 14.1.3, and 15.0.1; the Oracle Retail Workforce Management 1.60.7, and 1.64.0; the Oracle Retail Clearance Optimization Engine 13.4; the Oracle Retail Markdown Optimization 13.4 and 14.0; and Oracle Retail Merchandising System 16.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

6.8
2016-07-21 CVE-2016-3486 Oracle
Canonical
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.

6.8
2016-07-19 CVE-2016-5386 Fedoraproject
Oracle
Redhat
Golang
Improper Access Control vulnerability in multiple products

The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

6.8
2016-07-21 CVE-2016-5476 Oracle Remote Security vulnerability in Oracle Retail Integration Bus

Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install.

6.5
2016-07-21 CVE-2016-5447 Oracle Remote Security vulnerability in Oracle Integrated Lights OUT Manager Firmware 3.0/3.1/3.2

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.5
2016-07-21 CVE-2016-3565 Oracle Unspecified vulnerability in Oracle Retail Order Broker 5.1/5.2

Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 5.1 and 5.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to System Administration.

6.5
2016-07-21 CVE-2016-5448 Oracle Remote Security vulnerability in Oracle Integrated Lights OUT Manager Firmware 3.0/3.1/3.2

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP.

6.4
2016-07-21 CVE-2016-3483 Oracle Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.53/8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and availability via vectors related to File Processing.

6.4
2016-07-21 CVE-2016-3476 Oracle Remote Security vulnerability in Oracle Knowledge 8.5

Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console.

6.4
2016-07-21 CVE-2016-5456 Oracle Remote Security vulnerability in Oracle Siebel CRM

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Services.

6.3
2016-07-21 CVE-2016-3552 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.

6.2
2016-07-21 CVE-2016-3494 Oracle Remote Security vulnerability in Oracle Enterprise Manager OPS Center 12.1.4/12.2.2/12.3.2

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2 allows remote attackers to affect availability via vectors related to OS Provisioning.

6.1
2016-07-21 CVE-2016-3502 Oracle Remote Security vulnerability in Oracle Webcenter Sites 11.1.1.8/12.2.1.0

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

6.0
2016-07-22 CVE-2016-4604 Apple Open Redirect vulnerability in Apple Safari

Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.

5.8
2016-07-21 CVE-2016-5465 Oracle Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.53/8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Panel Processor.

5.8
2016-07-21 CVE-2016-3611 Oracle Remote Security vulnerability in Oracle Retail Order Broker Cloud Service 15.0

Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 15.0 allows remote attackers to affect confidentiality and integrity via vectors related to System Administration.

5.8
2016-07-21 CVE-2016-3585 Oracle Remote Security vulnerability in Oracle Integrated Lights OUT Manager Firmware 3.0/3.1/3.2

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex.

5.8
2016-07-21 CVE-2016-3573 Oracle Remote Security vulnerability in Oracle Primavera Products

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3571.

5.8
2016-07-21 CVE-2016-3571 Oracle Remote Security vulnerability in Oracle Primavera Products

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3573.

5.8
2016-07-21 CVE-2016-3570 Oracle Remote Security vulnerability in Oracle Primavera Products

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3571, and CVE-2016-3573.

5.8
2016-07-21 CVE-2016-3569 Oracle Remote Security vulnerability in Oracle Primavera Products

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573.

5.8
2016-07-21 CVE-2016-3568 Oracle Remote Security vulnerability in Oracle Primavera Products

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3569, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573.

5.8
2016-07-21 CVE-2016-3566 Oracle Remote Security vulnerability in Oracle Primavera Products

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573.

5.8
2016-07-21 CVE-2016-3557 Oracle Multiple vulnerability in Oracle July 2016 Critical Patch Update

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to File Load.

5.8
2016-07-21 CVE-2016-3555 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to PGC / Excel Plugin.

5.8
2016-07-21 CVE-2016-3448 Oracle Remote Security vulnerability in Oracle Application Express

Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors.

5.8
2016-07-21 CVE-2016-5468 Oracle Remote Security vulnerability in Oracle Siebel UI Framework

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5451.

5.5
2016-07-21 CVE-2016-5467 Oracle Remote Security vulnerability in Oracle Peoplesoft Enterprise SCM Eprocurement 9.1/9.2

Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to eProcurement.

5.5
2016-07-21 CVE-2016-5458 Oracle Remote Security vulnerability in Oracle Communications Eagle Application Processor 16.0

Unspecified vulnerability in the Oracle Communications EAGLE Application Processor component in Oracle Communications Applications 16.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to APPL.

5.5
2016-07-21 CVE-2016-5451 Oracle Remote Security vulnerability in Oracle Siebel UI Framework

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5468.

5.5
2016-07-21 CVE-2016-3572 Oracle Remote Security vulnerability in Oracle Primavera Products

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web Access.

5.5
2016-07-21 CVE-2016-3553 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality and integrity via vectors related to PC Core.

5.5
2016-07-21 CVE-2016-3524 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Configuration.

5.5
2016-07-21 CVE-2016-5454 Oracle Local Security vulnerability in Oracle Solaris 11.3

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot.

5.4
2016-07-21 CVE-2016-3563 Oracle Local Security vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-5604.

5.4
2016-07-21 CVE-2016-3525 Oracle Remote Security vulnerability in Oracle Applications Manager 12.1.3

Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality via vectors related to Cookie Management.

5.4
2016-07-19 CVE-2016-5388 Redhat
HP
Oracle
Apache
Improper Access Control vulnerability in multiple products

Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

5.1
2016-07-19 CVE-2016-5387 Oracle
Apache
Redhat
HP
Fedoraproject
Improper Access Control vulnerability in multiple products

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

5.1
2016-07-19 CVE-2016-5385 Oracle
Fedoraproject
HP
PHP
Redhat
Debian
Opensuse
Drupal
Improper Access Control vulnerability in multiple products

PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.

5.1
2016-07-22 CVE-2016-5874 Siemens Improper Input Validation vulnerability in Siemens Simatic NET Pc-Software

Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets.

5.0
2016-07-22 CVE-2016-5744 Siemens Information Exposure vulnerability in Siemens Simatic Wincc 7.0/7.2

Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets.

5.0
2016-07-22 CVE-2016-4632 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple products

ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.

5.0
2016-07-21 CVE-2016-5477 Oracle Remote Security vulnerability in Oracle GlassFish Server 2.1.1/3.0.1

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.

5.0
2016-07-21 CVE-2016-5455 Oracle Remote Security vulnerability in Oracle Communications Messaging Server 6.3/7.0/8.0

Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors related to Multiplexor.

5.0
2016-07-21 CVE-2016-5449 Oracle Remote Security vulnerability in Oracle Integrated Lights OUT Manager Firmware 3.0/3.1/3.2

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection.

5.0
2016-07-21 CVE-2016-3608 Oracle Remote Security vulnerability in Oracle Glassfish Server 3.0.1

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.

5.0
2016-07-21 CVE-2016-3560 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3526 and CVE-2016-3529.

5.0
2016-07-21 CVE-2016-3549 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle E-Business Suite Secure Enterprise Search component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Search Integration Engine.

5.0
2016-07-21 CVE-2016-3548 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Marketing activity collateral.

5.0
2016-07-21 CVE-2016-3547 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Content Manager.

5.0
2016-07-21 CVE-2016-3545 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Web based help screens.

5.0
2016-07-21 CVE-2016-3529 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3526 and CVE-2016-3560.

5.0
2016-07-21 CVE-2016-3508 Oracle Unspecified vulnerability in Oracle products

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.

5.0
2016-07-21 CVE-2016-3500 Oracle Unspecified vulnerability in Oracle products

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.

5.0
2016-07-21 CVE-2016-3498 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX.

5.0
2016-07-21 CVE-2016-3482 Oracle Remote Security vulnerability in Oracle HTTP Server 11.1.1.9/12.1.3.0

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module.

5.0
2016-07-21 CVE-2016-3467 Oracle Remote Security vulnerability in Oracle Application Express

Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors.

5.0
2016-07-21 CVE-2016-3445 Oracle Remote Security vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-5488.

5.0
2016-07-22 CVE-2016-4648 Apple Information Exposure vulnerability in Apple mac OS X

Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.

4.9
2016-07-22 CVE-2016-4628 Apple Information Exposure vulnerability in Apple Iphone OS and Watchos

IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.

4.9
2016-07-22 CVE-2016-1865 Apple NULL Pointer Dereference vulnerability in Apple products

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

4.9
2016-07-21 CVE-2016-3588 Oracle Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.

4.9
2016-07-21 CVE-2016-3567 Oracle Remote Security vulnerability in Oracle Primavera Products

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web access.

4.9
2016-07-21 CVE-2016-3509 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality and integrity via vectors related to File Folders / URL Attachment.

4.9
2016-07-21 CVE-2016-3497 Oracle Local Security vulnerability in Oracle Solaris 11.3

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471.

4.9
2016-07-21 CVE-2016-3488 Oracle Local Security vulnerability in Oracle Database 12.1.0.2

Unspecified vulnerability in the DB Sharding component in Oracle Database Server 12.1.0.2 allows local users to affect integrity via unknown vectors.

4.9
2016-07-21 CVE-2016-3480 Oracle Local Security vulnerability in Oracle Solaris Cluster 3.3/4.3

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect confidentiality via vectors related to HA for Postgresql.

4.9
2016-07-21 CVE-2016-3453 Oracle Local Security vulnerability in Oracle Solaris 10

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel.

4.9
2016-07-21 CVE-2016-3433 Oracle Remote Security vulnerability in Oracle Business Intelligence Enterprise Edition

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web Administration.

4.9
2016-07-21 CVE-2016-3432 Oracle Remote Security vulnerability in Oracle BI Publisher 11.1.1.7.0/11.1.1.9.0

Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web Server.

4.9
2016-07-22 CVE-2016-4639 Apple Multiple Security vulnerability in Apple Mac OS X APPLE-SA-2016-07-18-1

Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors.

4.4
2016-07-21 CVE-2016-3584 Oracle Local Security vulnerability in Oracle Solaris 11.3

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Libadimalloc.

4.4
2016-07-21 CVE-2016-3503 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.

4.4
2016-07-23 CVE-2016-5137 Google Information Exposure vulnerability in Google Chrome

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.

4.3
2016-07-23 CVE-2016-5135 Google Improper Input Validation vulnerability in Google Chrome

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.

4.3
2016-07-23 CVE-2016-5134 Google Information Exposure vulnerability in Google Chrome

net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.

4.3
2016-07-23 CVE-2016-5133 Google Improper Authentication vulnerability in Google Chrome

Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.

4.3
2016-07-23 CVE-2016-5130 Google Improper Access Control vulnerability in Google Chrome

content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.

4.3
2016-07-23 CVE-2016-1707 Google Improper Input Validation vulnerability in Google Chrome

ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.

4.3
2016-07-22 CVE-2016-6204 Siemens Cross-site Scripting vulnerability in Siemens Sinema Remote Connect Server

Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.

4.3
2016-07-22 CVE-2016-4651 Apple Cross-site Scripting vulnerability in Apple Iphone OS and Safari

Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability.

4.3
2016-07-22 CVE-2016-4646 Apple Information Exposure vulnerability in Apple mac OS X

Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.

4.3
2016-07-22 CVE-2016-4603 Apple 7PK - Security Features vulnerability in Apple Iphone OS

Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.

4.3
2016-07-22 CVE-2016-4590 Apple Improper Input Validation vulnerability in Apple Safari and Webkit

WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

4.3
2016-07-22 CVE-2016-4587 Apple Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apple Webkit

WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.

4.3
2016-07-22 CVE-2016-4585 Apple Cross-site Scripting vulnerability in Apple Webkit

Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.

4.3
2016-07-21 CVE-2016-5466 Oracle Remote Security vulnerability in Oracle Siebel CRM

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5460.

4.3
2016-07-21 CVE-2016-5460 Oracle Remote Security vulnerability in Oracle Siebel CRM

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5466.

4.3
2016-07-21 CVE-2016-5459 Oracle Remote Security vulnerability in Oracle Siebel CRM

Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to iHelp.

4.3
2016-07-21 CVE-2016-5450 Oracle Remote Security vulnerability in Oracle Siebel UI Framework

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to UIF Open UI.

4.3
2016-07-21 CVE-2016-5444 Oracle
Mariadb
IBM
Redhat
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection.

4.3
2016-07-21 CVE-2016-3615 Oracle
Mariadb
IBM
Debian
Canonical
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: DML.

4.3
2016-07-21 CVE-2016-3612 Oracle Remote Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allows remote attackers to affect confidentiality via vectors related to Core.

4.3
2016-07-21 CVE-2016-3589 Oracle Remote Security vulnerability in Oracle Flexcube Direct Banking 12.0.1/12.0.2/12.0.3

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Applications 12.0.1, 12.0.2, and 12.0.3 allows remote attackers to affect confidentiality and integrity via unknown vectors.

4.3
2016-07-21 CVE-2016-3559 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Email Center Agent Console, a different vulnerability than CVE-2016-3558.

4.3
2016-07-21 CVE-2016-3558 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Email Center Agent Console, a different vulnerability than CVE-2016-3559.

4.3
2016-07-21 CVE-2016-3550 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Linux

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot.

4.3
2016-07-21 CVE-2016-3540 Oracle Remote Security vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5/13.1.0.0

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0 allows remote attackers to affect confidentiality via vectors related to UI Framework.

4.3
2016-07-21 CVE-2016-3534 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Engineering Change Order.

4.3
2016-07-21 CVE-2016-3533 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Search.

4.3
2016-07-21 CVE-2016-3523 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Application Service.

4.3
2016-07-21 CVE-2016-3519 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to PC / Get Shortcut.

4.3
2016-07-21 CVE-2016-3517 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to PC / Get Shortcut.

4.3
2016-07-21 CVE-2016-3507 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to WebClient / Admin.

4.3
2016-07-21 CVE-2016-3496 Oracle Remote Security vulnerability in Oracle Enterprise Manager for Fusion Middleware 11.1.1.7/11.1.1.9

Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Enterprise Manager Grid Control 11.1.1.7, and 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to SOA Topology Viewer.

4.3
2016-07-21 CVE-2016-3478 Oracle Remote Security vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.53/8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to File Processing.

4.3
2016-07-21 CVE-2016-3474 Oracle Remote Security vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.0.0

Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality via vectors related to Security.

4.3
2016-07-21 CVE-2016-3458 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Linux

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.

4.3
2016-07-21 CVE-2016-3452 Redhat
Oracle
Mariadb
IBM
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.

4.3
2016-07-21 CVE-2016-3451 Oracle Remote Security vulnerability in Oracle Integrated Lights OUT Manager Firmware 3.0/3.1/3.2

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web.

4.3
2016-07-21 CVE-2016-3450 Oracle Remote Security vulnerability in Oracle Siebel CRM

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-5460 and CVE-2016-5466.

4.3
2016-07-19 CVE-2016-5655 Misys Multiple Security vulnerability in Misys FusionCapital Opics Plus VU#682704

Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.

4.3
2016-07-19 CVE-2016-2775 HP
ISC
Fedoraproject
Redhat
Improper Input Validation vulnerability in multiple products

ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.

4.3
2016-07-21 CVE-2016-3477 IBM
Oracle
Mariadb
Debian
Canonical
Local Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.

4.1
2016-07-21 CVE-2016-5462 Oracle Remote Security vulnerability in Oracle Siebel CRM

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote administrators to affect confidentiality via vectors related to Workspaces.

4.0
2016-07-21 CVE-2016-5461 Oracle Remote Security vulnerability in Oracle Siebel CRM

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Object Manager.

4.0
2016-07-21 CVE-2016-5442 Oracle Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.

4.0
2016-07-21 CVE-2016-5441 Oracle Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.

4.0
2016-07-21 CVE-2016-5440 IBM
Mariadb
Oracle
Debian
Canonical
Redhat
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR.

4.0
2016-07-21 CVE-2016-5439 Oracle
Canonical
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.

4.0
2016-07-21 CVE-2016-5437 Oracle Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.

4.0
2016-07-21 CVE-2016-5436 Oracle Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

4.0
2016-07-21 CVE-2016-3516 Oracle Remote Security vulnerability in Oracle Enterprise Communications Broker

Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3514.

4.0
2016-07-21 CVE-2016-3501 Oracle
Canonical
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

4.0
2016-07-21 CVE-2016-3481 Oracle Remote Security vulnerability in Oracle Integrated Lights OUT Manager Firmware 3.0/3.1/3.2

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect availability via vectors related to Web.

4.0
2016-07-21 CVE-2016-3475 Oracle Remote Security vulnerability in Oracle Knowledge 8.5

Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console.

4.0
2016-07-21 CVE-2016-3459 Mariadb
Oracle
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via vectors related to Server: InnoDB.

4.0
2016-07-21 CVE-2016-3440 Oracle Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

4.0
2016-07-21 CVE-2016-3424 Oracle Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.

4.0
2016-07-19 CVE-2016-5653 Misys SQL Injection vulnerability in Misys Fusioncapital Opics Plus

Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter.

4.0

24 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-07-22 CVE-2016-4635 Apple Information Exposure vulnerability in Apple Iphone OS and mac OS X

FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.

3.5
2016-07-21 CVE-2016-5473 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3537.

3.5
2016-07-21 CVE-2016-5464 Oracle Remote Security vulnerability in Oracle Siebel UI Framework

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-5463.

3.5
2016-07-21 CVE-2016-5463 Oracle Remote Security vulnerability in Oracle Siebel UI Framework

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-5464.

3.5
2016-07-21 CVE-2016-3614 Oracle
Canonical
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.

3.5
2016-07-21 CVE-2016-3531 Oracle Remote Security vulnerability in Oracle Agile PLM

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to PC / Notification.

3.5
2016-07-21 CVE-2016-3490 Oracle Remote Security vulnerability in Oracle Transportation Management

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, and 6.4.1 allows remote authenticated users to affect confidentiality via vectors related to Database.

3.5
2016-07-21 CVE-2016-3472 Oracle Remote Security vulnerability in Oracle Siebel CRM

Unspecified vulnerability in the Siebel Engineering - Installer and Deployment component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Web Server.

3.5
2016-07-22 CVE-2016-4652 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors.

3.3
2016-07-21 CVE-2016-3484 Oracle Local Security vulnerability in Oracle Database 11.2.0.4/12.1.0.1/12.1.0.2

Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors.

3.2
2016-07-22 CVE-2016-4583 Apple
Webkitgtk
Race Condition vulnerability in multiple products

WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.

2.6
2016-07-22 CVE-2016-6224 Ecryptfs
Canonical
Improper Input Validation vulnerability in multiple products

ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors.

2.1
2016-07-22 CVE-2015-8946 Canonical
Ecryptfs
Improper Input Validation vulnerability in multiple products

ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.

2.1
2016-07-22 CVE-2016-4649 Apple NULL Pointer Dereference vulnerability in Apple mac OS X

Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.

2.1
2016-07-22 CVE-2016-4645 Apple Information Exposure vulnerability in Apple mac OS X

CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.

2.1
2016-07-22 CVE-2016-4595 Apple Information Exposure vulnerability in Apple mac OS X

Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.

2.1
2016-07-22 CVE-2016-4593 Apple Information Exposure vulnerability in Apple Iphone OS

The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.

2.1
2016-07-21 CVE-2016-5471 Oracle Local Security vulnerability in Oracle Solaris 11.3

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469.

2.1
2016-07-21 CVE-2016-5469 Oracle Local Security vulnerability in Oracle Solaris 11.3

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471.

2.1
2016-07-21 CVE-2016-5452 Oracle Local Security vulnerability in Oracle Solaris 11.3

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.

2.1
2016-07-21 CVE-2016-3597 Oracle Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core.

2.1
2016-07-21 CVE-2016-3485 Oracle Unspecified vulnerability in Oracle Jdk, JRE and Jrockit

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.

2.1
2016-07-21 CVE-2016-3469 Oracle Local Security vulnerability in Oracle Siebel CRM

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows local users to affect confidentiality via vectors related to Services.

2.1
2016-07-21 CVE-2016-5443 Oracle Local Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.

1.2