Weekly Vulnerabilities Reports > October 24 to 30, 2016

Overview

233 new vulnerabilities reported during this period, including 7 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 105 products from 31 vendors including Oracle, Cisco, Mariadb, Uclouvain, and Yandex. Vulnerabilities are notably categorized as "Improper Access Control", "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "Improper Input Validation".

  • 192 reported vulnerabilities are remotely exploitables.
  • 7 reported vulnerabilities have public exploit available.
  • 91 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 163 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 156 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

7 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-10-28 CVE-2016-6397 Cisco Improper Authentication vulnerability in Cisco IP Interoperability and Collaboration System

A vulnerability in the interdevice communications interface of the Cisco IP Interoperability and Collaboration System (IPICS) Universal Media Services (UMS) could allow an unauthenticated, remote attacker to modify configuration parameters of the UMS and cause the system to become unavailable.

10.0
2016-10-25 CVE-2016-3551 Oracle Remote Security vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAXWS Web Services Stack.

10.0
2016-10-27 CVE-2016-6432 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco Adaptive Security Appliance Software

A vulnerability in the Identity Firewall feature of Cisco ASA Software before 9.6(2.1) could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.

9.3
2016-10-25 CVE-2016-5582 Oracle Improper Access Control vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5573.

9.3
2016-10-25 CVE-2016-5568 Oracle Improper Access Control vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.

9.3
2016-10-25 CVE-2016-5556 Oracle Improper Access Control vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.

9.3
2016-10-25 CVE-2016-3505 Oracle Remote Security vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.0.0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to JavaServer Faces.

9.0

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-10-28 CVE-2016-4396 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP System Management Homepage

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

7.8
2016-10-28 CVE-2016-4395 HP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in HP System Management Homepage

HPE System Management Homepage before v7.6 allows remote attackers to have an unspecified impact via unknown vectors, related to a "Buffer Overflow" issue.

7.8
2016-10-28 CVE-2016-6356 Cisco Improper Input Validation vulnerability in Cisco Email Security Appliance

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition.

7.8
2016-10-28 CVE-2016-1486 Cisco Data Processing Errors vulnerability in Cisco Email Security Appliance

A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause an affected device to stop scanning and forwarding email messages due to a denial of service (DoS) condition.

7.8
2016-10-28 CVE-2016-1481 Cisco Improper Input Validation vulnerability in Cisco Email Security Appliance

A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.Affected Products: This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for Cisco Email Security Appliances, both virtual and hardware appliances, if the software is configured to apply a message filter that contains certain rules.

7.8
2016-10-25 CVE-2016-5622 Oracle Improper Access Control vulnerability in Oracle Flexcube Universal Banking

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote attackers to affect confidentiality and integrity via vectors related to INFRA.

7.8
2016-10-25 CVE-2016-5489 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via vectors related to Runtime Catalog.

7.8
2016-10-29 CVE-2016-7505 Artifex Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Artifex Mujs

A buffer overflow vulnerability was observed in divby function of Artifex Software, Inc.

7.5
2016-10-29 CVE-2016-7504 Artifex USE After Free vulnerability in Artifex Mujs

A use-after-free vulnerability was observed in Rp_toString function of Artifex Software, Inc.

7.5
2016-10-28 CVE-2016-8598 Libcsp Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libcsp Project Libcsp

Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp library v1.4 and earlier allows hostile computers connected via a zmq interface to execute arbitrary code via a long packet.

7.5
2016-10-28 CVE-2016-8597 Libcsp Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libcsp Project Libcsp

Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp library v1.4 and earlier allows hostile components with network access to the SFP underlying network layers to execute arbitrary code via specially crafted SFP packets.

7.5
2016-10-28 CVE-2016-8596 Libcsp Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libcsp Project Libcsp

Buffer overflow in the csp_can_process_frame in csp_if_can.c in the libcsp library v1.4 and earlier allows hostile components connected to the canbus to execute arbitrary code via a long csp packet.

7.5
2016-10-28 CVE-2016-8582 Alienvault SQL Injection vulnerability in Alienvault products

A vulnerability exists in gauge.php of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to execute an arbitrary SQL query and retrieve database information or read local system files via MySQL's LOAD_FILE.

7.5
2016-10-28 CVE-2016-8580 Alienvault Improper Access Control vulnerability in Alienvault products

PHP object injection vulnerabilities exist in multiple widget files in AlienVault OSSIM and USM before 5.3.2.

7.5
2016-10-28 CVE-2016-8339 Redislabs Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Redislabs Redis

A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code execution when a crafted command is sent.

7.5
2016-10-25 CVE-2016-5588 Oracle Improper Access Control vulnerability in Oracle Outside in Technology

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, and CVE-2016-5579.

7.5
2016-10-25 CVE-2016-5579 Oracle Improper Access Control vulnerability in Oracle Outside in Technology

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, and CVE-2016-5588.

7.5
2016-10-25 CVE-2016-5578 Oracle Improper Access Control vulnerability in Oracle Outside in Technology

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5577, CVE-2016-5579, and CVE-2016-5588.

7.5
2016-10-25 CVE-2016-5577 Oracle Improper Access Control vulnerability in Oracle Outside in Technology

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5574, CVE-2016-5578, CVE-2016-5579, and CVE-2016-5588.

7.5
2016-10-25 CVE-2016-5574 Oracle Improper Access Control vulnerability in Oracle Outside in Technology

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5558, CVE-2016-5577, CVE-2016-5578, CVE-2016-5579, and CVE-2016-5588.

7.5
2016-10-25 CVE-2016-5558 Oracle Remote Security vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-5574, CVE-2016-5577, CVE-2016-5578, CVE-2016-5579, and CVE-2016-5588.

7.5
2016-10-25 CVE-2016-5535 Oracle Remote Code Execution vulnerability in Oracle WebLogic Server

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

7.5
2016-10-25 CVE-2016-5531 Oracle Remote Security vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0/12.2.1.0.0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS-WebServices.

7.5
2016-10-25 CVE-2016-5526 Oracle Improper Access Control vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.4/9.3.5

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Apache Tomcat.

7.5
2016-10-25 CVE-2016-5521 Oracle Improper Access Control vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.4/9.3.5

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5512.

7.5
2016-10-25 CVE-2016-1000031 Apache Improper Access Control vulnerability in Apache Commons Fileupload

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution Per Apache: "Having reviewed your report we have concluded that it does not represent a valid vulnerability in Apache Commons File Upload.

7.5
2016-10-25 CVE-2016-5544 Oracle Local Security vulnerability in Oracle Solaris 10/11.3

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.

7.2
2016-10-25 CVE-2016-5538 Oracle Local Security vulnerability in Oracle VM Virtualbox 5.0.27/5.1.7

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501.

7.2
2016-10-25 CVE-2016-5501 Oracle Local Security vulnerability in Oracle VM VirtualBox

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5538.

7.2
2016-10-27 CVE-2016-6437 Cisco Resource Management Errors vulnerability in Cisco Wide Area Application Services

A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of disk space.

7.1
2016-10-27 CVE-2016-6431 Cisco Improper Input Validation vulnerability in Cisco Adaptive Security Appliance Software

A vulnerability in the local Certificate Authority (CA) feature of Cisco ASA Software before 9.6(1.5) could allow an unauthenticated, remote attacker to cause a reload of the affected system.

7.1

161 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-10-28 CVE-2016-8335 Iceni Buffer Errors vulnerability in Iceni Argus 6.6.04

An exploitable stack based buffer overflow vulnerability exists in the ipNameAdd functionality of Iceni Argus Version 6.6.04 (Sep 7 2012) NK - Linux x64 and Version 6.6.04 (Nov 14 2014) NK - Windows x64.

6.8
2016-10-28 CVE-2016-8333 Iceni Buffer Errors vulnerability in Iceni Argus 6.6.04

An exploitable stack-based buffer overflow vulnerability exists in the ipfSetColourStroke functionality of Iceni Argus version 6.6.04 A specially crafted pdf file can cause a buffer overflow resulting in arbitrary code execution.

6.8
2016-10-28 CVE-2016-8331 Libtiff Type Confusion Remote Code Execution vulnerability in Libtiff 4.0.6

An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6.

6.8
2016-10-28 CVE-2016-8332 Uclouvain Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Uclouvain Openjpeg 2.1.1

A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution when parsing a crafted image.

6.8
2016-10-27 CVE-2016-6444 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Meeting Server

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a Web Bridge user.

6.8
2016-10-27 CVE-2016-6442 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Finesse 11.0(1)Base

A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface.

6.8
2016-10-27 CVE-2016-5764 Microfocus Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microfocus Rumba FTP

Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow arbitrary code execution.

6.8
2016-10-25 CVE-2016-5598 Oracle Improper Access Control vulnerability in Oracle Mysql Connector/Python

Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier in Oracle MySQL allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Connector/Python.

6.8
2016-10-25 CVE-2016-5573 Oracle Permissions, Privileges, and Access Controls vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot, a different vulnerability than CVE-2016-5582.

6.8
2016-10-25 CVE-2016-5518 Oracle Remote Security vulnerability in Oracle Agile Engineering Data Management 6.1.3.0/6.2.0.0

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to webfileservices.

6.8
2016-10-25 CVE-2016-5507 Oracle
Mariadb
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

6.8
2016-10-25 CVE-2016-3495 Oracle
Mariadb
Remote Security vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

6.8
2016-10-25 CVE-2016-3492 Oracle
Mariadb
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

6.8
2016-10-25 CVE-2016-1000213 Ruckus Cross-Site Request Forgery (CSRF) vulnerability in Ruckus Wireless H500

Ruckus Wireless H500 web management interface CSRF

6.8
2016-10-27 CVE-2016-6443 Cisco SQL Injection vulnerability in Cisco products

A vulnerability in the Cisco Prime Infrastructure and Evolved Programmable Network Manager SQL database interface could allow an authenticated, remote attacker to impact system confidentiality by executing a subset of arbitrary SQL queries that can cause product instability.

6.5
2016-10-27 CVE-2016-1000122 Huge IT SQL Injection vulnerability in Huge-It Slider 1.0.9

XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension

6.5
2016-10-27 CVE-2016-1000120 Huge IT SQL Injection vulnerability in Huge-It Catalog 1.0.4

SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla

6.5
2016-10-25 CVE-2016-8281 Oracle Improper Access Control vulnerability in Oracle Platform Security FOR Java 12.1.3.0.0/12.2.1.0.0/12.2.1.1.0

Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-5536.

6.5
2016-10-25 CVE-2016-5607 Oracle Improper Access Control vulnerability in Oracle Flexcube Universal Banking

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to INFRA.

6.5
2016-10-25 CVE-2016-5564 Oracle Remote Security vulnerability in Oracle Hospitality Applications

Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to OPERA.

6.5
2016-10-25 CVE-2016-5555 Oracle Remote Security vulnerability in Oracle Database Server 11.2.0.4/12.1.0.2

Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality, integrity, and availability via unknown vectors.

6.5
2016-10-25 CVE-2016-5536 Oracle Improper Access Control vulnerability in Oracle Platform Security FOR Java 12.1.3.0.0/12.2.1.0.0/12.2.1.1.0

Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-8281.

6.5
2016-10-25 CVE-2016-5523 Oracle Remote Security vulnerability in Oracle Supply Chain Products Suite

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to AutoVue Java Applet.

6.5
2016-10-25 CVE-2016-5519 Oracle Remote Security vulnerability in Oracle Fusion Middleware

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Java Server Faces.

6.5
2016-10-25 CVE-2016-5515 Oracle Remote Security vulnerability in Oracle Supply Chain Products Suite

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RMIServlet.

6.5
2016-10-25 CVE-2016-5514 Oracle Remote Security vulnerability in Oracle Supply Chain Products Suite

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to ExportServlet.

6.5
2016-10-27 CVE-2016-6445 Cisco Improper Input Validation vulnerability in Cisco Meeting Server

A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) service of the Cisco Meeting Server (CMS) before 2.0.6 and Acano Server before 1.8.18 and 1.9.x before 1.9.6 could allow an unauthenticated, remote attacker to masquerade as a legitimate user.

6.4
2016-10-25 CVE-2016-5605 Oracle Improper Access Control vulnerability in Oracle VM Virtualbox

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE.

6.4
2016-10-25 CVE-2016-5599 Oracle Improper Access Control vulnerability in Oracle Advanced Supply Chain Planning 12.2.3/12.2.4/12.2.5

Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to MscObieeSrvlt.

6.4
2016-10-25 CVE-2016-5595 Oracle Improper Access Control vulnerability in Oracle Customer Interaction History

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5592.

6.4
2016-10-25 CVE-2016-5593 Oracle Improper Access Control vulnerability in Oracle Customer Interaction History

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5587 and CVE-2016-5591.

6.4
2016-10-25 CVE-2016-5592 Oracle Improper Access Control vulnerability in Oracle Customer Interaction History

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5595.

6.4
2016-10-25 CVE-2016-5591 Oracle Improper Access Control vulnerability in Oracle Customer Interaction History

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5587 and CVE-2016-5593.

6.4
2016-10-25 CVE-2016-5589 Oracle Improper Access Control vulnerability in Oracle Customer Relationship Management Technical Foundation

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and integrity via unknown vectors.

6.4
2016-10-25 CVE-2016-5587 Oracle Improper Access Control vulnerability in Oracle Customer Interaction History

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5591 and CVE-2016-5593.

6.4
2016-10-25 CVE-2016-5586 Oracle Improper Access Control vulnerability in Oracle Email Center

Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and integrity via unknown vectors.

6.4
2016-10-25 CVE-2016-5585 Oracle Improper Access Control vulnerability in Oracle Interaction Center Intelligence 12.1.1/12.1.2/12.1.3

Unspecified vulnerability in the Oracle Interaction Center Intelligence component in Oracle E-Business Suite 12.1.1 through 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors.

6.4
2016-10-25 CVE-2016-5563 Oracle Remote Security vulnerability in Oracle Hospitality Applications

Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote administrators to affect confidentiality, integrity, and availability via vectors related to OPERA.

6.0
2016-10-28 CVE-2016-4394 HP 7PK - Security Features vulnerability in HP System Management Homepage

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue.

5.8
2016-10-28 CVE-2016-9028 Citrix 7PK - Security Features vulnerability in Citrix Netscaler Application Delivery Controller Firmware

Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user via manipulation of Host header.

5.8
2016-10-25 CVE-2016-8293 Oracle Improper Access Control vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-5530.

5.8
2016-10-25 CVE-2016-8292 Oracle Improper Access Control vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Talent Acquisition Manager 9.2

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Talent Acquisition Manager.

5.8
2016-10-25 CVE-2016-8291 Oracle Improper Access Control vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Mobile Application Platform.

5.8
2016-10-25 CVE-2016-5557 Oracle Improper Access Control vulnerability in Oracle Advanced Pricing

Unspecified vulnerability in the Oracle Advanced Pricing component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and integrity via unknown vectors.

5.8
2016-10-25 CVE-2016-5543 Oracle Security vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.0.0/12.1.0

Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component in Oracle Financial Services Applications 12.0.0 and 12.1.0 allows remote attackers to affect confidentiality and integrity via vectors related to INFRA.

5.8
2016-10-25 CVE-2016-5530 Oracle Remote Security vulnerability in Oracle PeopleSoft Enterprise Peopletools 8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-8293.

5.8
2016-10-25 CVE-2016-5529 Oracle Remote Security vulnerability in Oracle PeopleSoft Enterprise Peopletools 8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5530 and CVE-2016-8293.

5.8
2016-10-25 CVE-2016-5491 Oracle Improper Access Control vulnerability in Oracle Commerce Service Center 10.0.3.5/10.2.0.5

Unspecified vulnerability in the Oracle Commerce Service Center component in Oracle Commerce 10.0.3.5 and 10.2.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors.

5.8
2016-10-25 CVE-2016-5482 Oracle Improper Access Control vulnerability in Oracle Commerce Guided Search

Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integrity via unknown vectors.

5.8
2016-10-25 CVE-2016-5606 Oracle Improper Access Control vulnerability in Oracle Solaris 11.3

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones.

5.6
2016-10-25 CVE-2016-5620 Oracle Improper Access Control vulnerability in Oracle Flexcube Universal Banking

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA, a different vulnerability than CVE-2016-5619.

5.5
2016-10-25 CVE-2016-5619 Oracle Improper Access Control vulnerability in Oracle Flexcube Universal Banking

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA, a different vulnerability than CVE-2016-5620.

5.5
2016-10-25 CVE-2016-5600 Oracle Improper Access Control vulnerability in Oracle Peoplesoft Enterprise Supply Chain Management Services Procurement 9.1/9.2

Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2016-10-25 CVE-2016-5580 Oracle Improper Access Control vulnerability in Oracle Secure Global Desktop 4.7/5.2

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services.

5.5
2016-10-25 CVE-2016-5571 Oracle Improper Access Control vulnerability in Oracle Applications DBA

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 and 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities, a different vulnerability than CVE-2016-5567.

5.5
2016-10-25 CVE-2016-5570 Oracle Improper Access Control vulnerability in Oracle Applications DBA

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities.

5.5
2016-10-25 CVE-2016-5569 Oracle Improper Access Control vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.0.0/12.1.0

Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component in Oracle Financial Services Applications 12.0.0 and 12.1.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2016-10-25 CVE-2016-5567 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 and 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via vectors related to AD Utilities, a different vulnerability than CVE-2016-5571.

5.5
2016-10-25 CVE-2016-5560 Oracle Improper Access Control vulnerability in Oracle Siebel Customer Order Management 16.1

Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to OpenUI.

5.5
2016-10-25 CVE-2016-5533 Oracle Improper Access Control vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.4, 15.x, and 16.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5
2016-10-25 CVE-2016-5502 Oracle Improper Access Control vulnerability in Oracle Flexcube Universal Banking

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA.

5.5
2016-10-30 CVE-2016-9118 Uclouvain Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Uclouvain Openjpeg 2.1.2

Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of convert.c:1719 in OpenJPEG 2.1.2.

5.0
2016-10-30 CVE-2016-9114 Uclouvain Null Pointer Dereference vulnerability in Uclouvain Openjpeg 2.1.2

There is a NULL Pointer Access in function imagetopnm of convert.c:1943(jp2) of OpenJPEG 2.1.2.

5.0
2016-10-30 CVE-2016-9113 Uclouvain Null Pointer Dereference vulnerability in Uclouvain Openjpeg 2.1.2

There is a NULL pointer dereference in function imagetobmp of convertbmp.c:980 of OpenJPEG 2.1.2.

5.0
2016-10-29 CVE-2016-9112 Uclouvain Divide BY Zero vulnerability in Uclouvain Openjpeg 2.1.2

Floating Point Exception (aka FPE or divide by zero) in opj_pi_next_cprl function in openjp2/pi.c:523 in OpenJPEG 2.1.2.

5.0
2016-10-29 CVE-2016-7506 Artifex Out-Of-Bounds Read vulnerability in Artifex Mujs

An out-of-bounds read vulnerability was observed in Sp_replace_regexp function of Artifex Software, Inc.

5.0
2016-10-28 CVE-2016-9017 Artifex Information Exposure vulnerability in Artifex Mujs

Artifex Software, Inc.

5.0
2016-10-28 CVE-2016-8867 Docker Permissions, Privileges, and Access Controls vulnerability in Docker 1.12.2

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies.

5.0
2016-10-28 CVE-2016-8600 Dotcms Permissions, Privileges, and Access Controls vulnerability in Dotcms 3.2.1

In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.

5.0
2016-10-28 CVE-2016-7919 Moodle Information Exposure vulnerability in Moodle 3.1.2

** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain sensitive information via unspecified vectors, related to a "SQL Injection" issue affecting the Administration panel function in the installation process component.

5.0
2016-10-28 CVE-2016-6372 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the email message and content filtering for malformed Multipurpose Internet Mail Extensions (MIME) headers of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass the filtering functionality of the targeted device.

5.0
2016-10-28 CVE-2016-6360 Cisco Improper Input Validation vulnerability in Cisco Email Security Appliance and web Security Appliance

A vulnerability in Advanced Malware Protection (AMP) for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition due to the AMP process unexpectedly restarting.

5.0
2016-10-28 CVE-2016-6358 Cisco Improper Input Validation vulnerability in Cisco Email Security Appliance

A vulnerability in local FTP to the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition when the FTP application unexpectedly quits.

5.0
2016-10-28 CVE-2016-6357 Cisco 7PK - Errors vulnerability in Cisco Email Security Appliance 9.7.1066/9.9.6026

A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass a configured drop filter by using an email with a corrupted attachment.

5.0
2016-10-28 CVE-2016-1480 Cisco 7PK - Errors vulnerability in Cisco Email Security Appliance

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauthenticated, remote attacker to bypass configured user filters on the device.

5.0
2016-10-27 CVE-2016-6446 Cisco Information Exposure vulnerability in Cisco Meeting Server

A vulnerability in Web Bridge for Cisco Meeting Server could allow an unauthenticated, remote attacker to retrieve memory from a connected server.

5.0
2016-10-26 CVE-2016-8503 Yandex 7PK - Security Features vulnerability in Yandex Browser 16.7.0.3342/16.7.1.20808/16.9.1.1131

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.

5.0
2016-10-26 CVE-2016-8502 Yandex 7PK - Security Features vulnerability in Yandex Browser 15.12.0.6151/15.12.1.6475/16.2.0.3539

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special JavaScript.

5.0
2016-10-26 CVE-2016-8501 Yandex Permissions, Privileges, and Access Controls vulnerability in Yandex Browser 15.10.2454.3845/15.12.0.6151/15.12.1.6475

Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.

5.0
2016-10-25 CVE-2016-5583 Oracle Remote Security vulnerability in Oracle E-Business Suite

Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect integrity via unknown vectors.

5.0
2016-10-25 CVE-2016-5575 Oracle Improper Access Control vulnerability in Oracle Common Applications

Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Resources Module.

5.0
2016-10-25 CVE-2016-5566 Oracle Improper Access Control vulnerability in Oracle Solaris 11.3

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiality via unknown vectors.

5.0
2016-10-25 CVE-2016-5532 Oracle Improper Access Control vulnerability in Oracle Shipping Execution

Unspecified vulnerability in the Oracle Shipping Execution component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Workflow Events.

5.0
2016-10-25 CVE-2016-5524 Oracle Information Exposure vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.4/9.3.5

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5527.

5.0
2016-10-25 CVE-2016-5510 Oracle Information Exposure vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.4/9.3.5

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors.

5.0
2016-10-25 CVE-2016-5500 Oracle Information Exposure vulnerability in Oracle Discoverer 11.1.1.7.0

Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to Viewer.

5.0
2016-10-25 CVE-2016-5495 Oracle Improper Access Control vulnerability in Oracle Discoverer 11.1.1.7.0

Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to EUL Code & Schema.

5.0
2016-10-25 CVE-2016-5488 Oracle Remote Security vulnerability in Oracle Weblogic Server 10.3.6.0.0/12.1.3.0.0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-3445.

5.0
2016-10-25 CVE-2016-1000215 Ruckus Unspecified vulnerability in Ruckus Wireless H500

Ruckus Wireless H500 web management interface denial of service

5.0
2016-10-25 CVE-2016-1000214 Ruckus Information Exposure vulnerability in Ruckus Wireless H500

Ruckus Wireless H500 web management interface authentication bypass

5.0
2016-10-25 CVE-2016-1000032 Python Improper Access Control vulnerability in Python Tgcaptcha2 0.3.0

TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times.

5.0
2016-10-25 CVE-2016-8296 Oracle Improper Access Control vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to LDAP.

4.9
2016-10-25 CVE-2016-8288 Oracle Improper Access Control vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.

4.9
2016-10-25 CVE-2016-8285 Oracle Improper Access Control vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Candidate Gateway 9.2

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway.

4.9
2016-10-25 CVE-2016-5576 Oracle Improper Access Control vulnerability in Oracle Solaris 11.3

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel Zones.

4.9
2016-10-25 CVE-2016-5562 Oracle Improper Access Control vulnerability in Oracle Iprocurement

Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

4.9
2016-10-25 CVE-2016-5493 Oracle Improper Access Control vulnerability in Oracle Flexcube Private Banking 12.0.1/12.0.2/12.0.3

Unspecified vulnerability in the Oracle FLEXCUBE Private Banking component in Oracle Financial Services Applications 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

4.9
2016-10-25 CVE-2016-5486 Oracle Information Management Errors vulnerability in Oracle SUN ZFS Storage Appliance KIT Ak2013

Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality via vectors related to Core Services.

4.9
2016-10-25 CVE-2016-5553 Oracle Local Security vulnerability in Oracle Solaris 10/11.3

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors.

4.7
2016-10-25 CVE-2016-5516 Oracle Local Security vulnerability in Oracle Database Server 12.1.0.2

Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors.

4.7
2016-10-25 CVE-2016-5504 Oracle Information Exposure vulnerability in Oracle Agile Product Supplier Collaboration for Process 6.1.0.4/6.1.1.6/6.2.0.0

Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in Oracle Supply Chain Products Suite 6.1.0.4, 6.1.1.6, and 6.2.0.0 allows local users to affect confidentiality via vectors related to Supplier Portal.

4.7
2016-10-25 CVE-2016-5610 Oracle Improper Access Control vulnerability in Oracle VM Virtualbox

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core.

4.6
2016-10-25 CVE-2016-5581 Oracle Improper Access Control vulnerability in Oracle Irecruitment

Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

4.6
2016-10-25 CVE-2016-5539 Oracle Local Security vulnerability in Oracle Micros Xstore Payment 1.0

Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality, integrity, and availability via unknown vectors.

4.6
2016-10-25 CVE-2016-5537 Oracle Local Security vulnerability in Oracle Netbeans 8.1

Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

4.6
2016-10-25 CVE-2016-5503 Oracle Local Security vulnerability in Oracle SUN ZFS Storage Appliance KIT Ak2013

Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality, integrity, and availability via vectors related to Core Services.

4.6
2016-10-25 CVE-2016-5487 Oracle Local Security vulnerability in Oracle Solaris 11.3

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

4.6
2016-10-25 CVE-2016-5625 Oracle
Mariadb
Local Security vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging.

4.4
2016-10-25 CVE-2016-5572 Oracle Permissions, Privileges, and Access Controls vulnerability in Oracle Database 12.1.0.2

Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

4.4
2016-10-25 CVE-2016-5497 Oracle Improper Access Control vulnerability in Oracle Database 12.1.0.2

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

4.4
2016-10-30 CVE-2016-9117 Uclouvain Null Pointer Dereference vulnerability in Uclouvain Openjpeg 2.1.2

NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in OpenJPEG 2.1.2.

4.3
2016-10-30 CVE-2016-9116 Uclouvain Null Pointer Dereference vulnerability in Uclouvain Openjpeg 2.1.2

NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in OpenJPEG 2.1.2.

4.3
2016-10-30 CVE-2016-9115 Uclouvain Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Uclouvain Openjpeg 2.1.2

Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in OpenJPEG 2.1.2.

4.3
2016-10-28 CVE-2016-9018 Realnetworks Null Pointer Dereference vulnerability in Realnetworks Realplayer 18.1.5.705

Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.

4.3
2016-10-28 CVE-2016-8583 Alienvault Cross-Site Scripting vulnerability in Alienvault products

Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS.

4.3
2016-10-28 CVE-2016-8581 Alienvault Cross-Site Scripting vulnerability in Alienvault products

A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator.

4.3
2016-10-28 CVE-2016-1423 Cisco Cross-Site Scripting vulnerability in Cisco Email Security Appliance

A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view.

4.3
2016-10-27 CVE-2016-6440 Cisco Improper Input Validation vulnerability in Cisco Unified Communications Manager 11.5(0.99838.4)

The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack.

4.3
2016-10-27 CVE-2016-6439 Cisco Resource Management Errors vulnerability in Cisco Firepower Management Center

A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to the Snort process unexpectedly restarting.

4.3
2016-10-27 CVE-2016-6438 Cisco Permissions, Privileges, and Access Controls vulnerability in Cisco IOS XE

A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line configuration on an affected device.

4.3
2016-10-27 CVE-2016-1592 Netiq Cross-Site Scripting vulnerability in Netiq Identity Manager

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI.

4.3
2016-10-27 CVE-2015-0787 Netiq Cross-Site Scripting vulnerability in Netiq Identity Manager

XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI.

4.3
2016-10-26 CVE-2016-8506 Yandex Cross-Site Scripting vulnerability in Yandex Browser

XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code.

4.3
2016-10-26 CVE-2016-8505 Yandex Cross-Site Scripting vulnerability in Yandex Yandex.Browser

XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6.

4.3
2016-10-26 CVE-2016-8504 Yandex Cross-Site Request Forgery (CSRF) vulnerability in Yandex Browser

CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile.

4.3
2016-10-25 CVE-2016-5597 Oracle Information Exposure vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality via vectors related to Networking.

4.3
2016-10-25 CVE-2016-5554 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.

4.3
2016-10-25 CVE-2016-5542 Oracle Unspecified vulnerability in Oracle JDK and JRE

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.

4.3
2016-10-25 CVE-2016-5527 Oracle Improper Access Control vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.4/9.3.5

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5524.

4.3
2016-10-25 CVE-2016-5512 Oracle Cross-Site Scripting vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.4/9.3.5

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5521.

4.3
2016-10-25 CVE-2016-5511 Oracle 7PK - Security Features vulnerability in Oracle Webcenter Sites 12.2.1.0.0/12.2.1.1.0/12.2.1.2.0

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors.

4.3
2016-10-25 CVE-2016-5481 Oracle Information Exposure vulnerability in Oracle SUN ZFS Storage Appliance KIT Ak2013

Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows remote attackers to affect confidentiality via vectors related to Core Services.

4.3
2016-10-25 CVE-2016-3562 Oracle Information Exposure vulnerability in Oracle Database Server 11.2.0.4/12.1.0.2

Unspecified vulnerability in the RDBMS Security and SQL*Plus components in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality via vectors related to DBA.

4.3
2016-10-25 CVE-2016-1000033 Gnome
Redhat
Improper Certificate Validation vulnerability in multiple products

Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.

4.3
2016-10-25 CVE-2016-8295 Oracle Information Exposure vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Time and Labor 9.2

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors.

4.0
2016-10-25 CVE-2016-8294 Oracle Information Exposure vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors.

4.0
2016-10-25 CVE-2016-8283 Oracle
Mariadb
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.

4.0
2016-10-25 CVE-2016-5635 Oracle
Mariadb
Remote Security vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.

4.0
2016-10-25 CVE-2016-5634 Oracle
Mariadb
Remote Security vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR.

4.0
2016-10-25 CVE-2016-5633 Oracle
Mariadb
Remote Security vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-8290.

4.0
2016-10-25 CVE-2016-5632 Oracle
Mariadb
Remote Security vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.

4.0
2016-10-25 CVE-2016-5631 Oracle
Mariadb
Remote Security vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.

4.0
2016-10-25 CVE-2016-5630 Oracle
Mariadb
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

4.0
2016-10-25 CVE-2016-5629 Oracle
Mariadb
Redhat
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

4.0
2016-10-25 CVE-2016-5628 Oracle
Mariadb
Remote Security vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.

4.0
2016-10-25 CVE-2016-5627 Oracle
Mariadb
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.

4.0
2016-10-25 CVE-2016-5626 Oracle
Mariadb
Redhat
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

4.0
2016-10-25 CVE-2016-5624 Oracle Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4.0
2016-10-25 CVE-2016-5621 Oracle Improper Access Control vulnerability in Oracle Flexcube Universal Banking

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 and 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5603.

4.0
2016-10-25 CVE-2016-5612 Oracle
Mariadb
Redhat
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4.0
2016-10-25 CVE-2016-5609 Oracle
Mariadb
Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

4.0
2016-10-25 CVE-2016-5603 Oracle Information Exposure vulnerability in Oracle Flexcube Universal Banking

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5621.

4.0
2016-10-25 CVE-2016-5596 Oracle Information Exposure vulnerability in Oracle Customer Relationship Management Technical Foundation

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality via unknown vectors.

4.0
2016-10-25 CVE-2016-5594 Oracle Improper Access Control vulnerability in Oracle Flexcube Universal Banking

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to INFRA.

4.0
2016-10-25 CVE-2016-5565 Oracle Improper Access Control vulnerability in Oracle Hospitality Opera 5 Property Services

Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality via vectors related to OPERA.

4.0
2016-10-25 CVE-2016-5559 Oracle Local Security vulnerability in Oracle Solaris 10/11.3

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel.

4.0
2016-10-25 CVE-2016-5534 Oracle Improper Access Control vulnerability in Oracle Siebel User Interface Framework 16.1

Unspecified vulnerability in the Siebel Apps - Customer Order Management component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality via unknown vectors.

4.0
2016-10-25 CVE-2016-5522 Oracle Information Exposure vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.4/9.3.5

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via unknown vectors.

4.0
2016-10-25 CVE-2016-5513 Oracle Information Exposure vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.4/9.3.5

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Manager.

4.0
2016-10-25 CVE-2016-5479 Oracle Information Exposure vulnerability in Oracle Flexcube Universal Banking 11.3.0/11.4.0/12.0.1

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 allows remote authenticated users to affect confidentiality via vectors related to INFRA.

4.0
2016-10-25 CVE-2016-3473 Oracle Information Exposure vulnerability in Oracle Business Intelligence Publisher 11.1.1.7.0/11.1.1.9.0/12.2.1.0.0

Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.

4.0

34 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2016-10-25 CVE-2016-5492 Oracle Improper Access Control vulnerability in Oracle SUN ZFS Storage Appliance KIT Ak2013

Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality and integrity via vectors related to SMB Users.

3.6
2016-10-29 CVE-2016-5920 IBM Cross-Site Scripting vulnerability in IBM Financial Transaction Manager

Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5
2016-10-29 CVE-2016-3060 IBM Improper Access Control vulnerability in IBM Financial Transaction Manager

Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site.

3.5
2016-10-28 CVE-2016-4393 HP Cross-Site Scripting vulnerability in HP System Management Homepage

HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue.

3.5
2016-10-27 CVE-2016-1000121 Huge IT Cross-Site Scripting vulnerability in Huge-It Slider 1.0.9

XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension

3.5
2016-10-27 CVE-2016-1598 Novell Cross-Site Scripting vulnerability in Novell products

XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages.

3.5
2016-10-25 CVE-2016-8290 Oracle Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-5633.

3.5
2016-10-25 CVE-2016-8287 Oracle Remote Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.

3.5
2016-10-25 CVE-2016-8286 Oracle Information Exposure vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.

3.5
2016-10-25 CVE-2016-5618 Oracle Information Exposure vulnerability in Oracle Data Integrator

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine.

3.5
2016-10-25 CVE-2016-5602 Oracle Information Exposure vulnerability in Oracle Data Integrator

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine.

3.5
2016-10-25 CVE-2016-5584 Oracle
Mariadb
Debian
Information Exposure vulnerability in multiple products

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.

3.5
2016-10-25 CVE-2016-8289 Oracle Permissions, Privileges, and Access Controls vulnerability in Oracle Mysql

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.

3.3
2016-10-25 CVE-2016-5604 Oracle Improper Access Control vulnerability in Oracle Enterprise Manager Base Platform 12.1.0.5

Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-3563.

3.3
2016-10-25 CVE-2016-5601 Oracle Improper Access Control vulnerability in Oracle Weblogic Server 12.1.3.0.0/12.2.1.0.0/12.2.1.1.0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows local users to affect confidentiality and integrity via vectors related to CIE Related Components.

3.3
2016-10-25 CVE-2016-5540 Oracle 7PK - Security Features vulnerability in Oracle Micros Xstore Payment 1.0

Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality and integrity via unknown vectors.

3.3
2016-10-25 CVE-2016-5506 Oracle Improper Access Control vulnerability in Oracle Identity Manager

Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server.

3.3
2016-10-25 CVE-2016-5561 Oracle Remote Security vulnerability in Oracle Solaris 11.3

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability via vectors related to IKE.

2.6
2016-10-28 CVE-2016-8889 Bitcoin Knots Project Information Exposure vulnerability in Bitcoin Knots Project Bitcoin Knots

In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history.

2.1
2016-10-28 CVE-2016-8871 Botan Project Information Exposure vulnerability in Botan Project Botan

In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding options had a detectable timing channel which could given sufficient queries be used to recover plaintext, aka an "OAEP side channel" attack.

2.1
2016-10-28 CVE-2016-8579 Docker2Aci Project Improper Input Validation vulnerability in Docker2Aci Project Docker2Aci 0.12.3

docker2aci <= 0.12.3 has an infinite loop when handling local images with cyclic dependency chain.

2.1
2016-10-25 CVE-2016-5615 Oracle Improper Access Control vulnerability in Oracle Solaris 11.3

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Lynx.

2.1
2016-10-25 CVE-2016-5613 Oracle Improper Access Control vulnerability in Oracle VM Virtualbox

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5608.

2.1
2016-10-25 CVE-2016-5611 Oracle Information Exposure vulnerability in Oracle VM Virtualbox

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core.

2.1
2016-10-25 CVE-2016-5608 Oracle Improper Access Control vulnerability in Oracle VM Virtualbox

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect availability via vectors related to Core, a different vulnerability than CVE-2016-5613.

2.1
2016-10-25 CVE-2016-5525 Oracle Improper Access Control vulnerability in Oracle Solaris Cluster 3.3/4.3

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files.

2.1
2016-10-25 CVE-2016-5517 Oracle Improper Access Control vulnerability in Oracle Applications DBA 12.1.3

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 allows local users to affect confidentiality via vectors related to AD Utilities.

2.1
2016-10-25 CVE-2016-5508 Oracle Information Exposure vulnerability in Oracle Solaris Cluster 4.3

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 4.3 allows local users to affect confidentiality via vectors related to Cluster Geo.

2.1
2016-10-25 CVE-2016-5505 Oracle Information Exposure vulnerability in Oracle Database Server 11.2.0.4/12.1.0.2

Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors.

2.1
2016-10-25 CVE-2016-5499 Oracle Permissions, Privileges, and Access Controls vulnerability in Oracle Database Server 11.2.0.4/12.1.0.2

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5498.

2.1
2016-10-25 CVE-2016-5498 Oracle Information Exposure vulnerability in Oracle Database Server 11.2.0.4/12.1.0.2

Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5499.

2.1
2016-10-25 CVE-2016-5490 Oracle Local Security vulnerability in Oracle Flexcube Universal Banking 11.4.0

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.4.0 allows local users to affect confidentiality via vectors related to INFRA.

2.1
2016-10-25 CVE-2016-5480 Oracle Local Security vulnerability in Oracle Solaris 10

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vectors related to Bash.

1.9
2016-10-25 CVE-2016-8284 Oracle Local Security vulnerability in Oracle MySQL

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.

1.2