Weekly Vulnerabilities Reports > January 23 to 29, 2017

Overview

454 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 96 high severity vulnerabilities. This weekly summary report vulnerabilities in 217 products from 104 vendors including Oracle, Tcpdump, Debian, Cisco, and Redhat. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Information Exposure", "Improper Input Validation", "Improper Access Control", and "Cross-site Scripting".

  • 407 reported vulnerabilities are remotely exploitables.
  • 16 reported vulnerabilities have public exploit available.
  • 72 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 390 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 235 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-01-27 CVE-2016-8411 Google Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Google Android

Buffer overflow vulnerability while processing QMI QOS TLVs.

10.0
2017-01-23 CVE-2016-2783 Avaya Data Processing Errors vulnerability in Avaya VSP Operating System Software 5.0.0.0

Avaya Fabric Connect Virtual Services Platform (VSP) Operating System Software (VOSS) before 4.2.3.0 and 5.x before 5.0.1.0 does not properly handle VLAN and I-SIS indexes, which allows remote attackers to obtain unauthorized access via crafted Ethernet frames.

10.0
2017-01-23 CVE-2016-2242 Exponentcms Code Injection vulnerability in Exponentcms Exponent CMS

Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to execute arbitrary code via the sc parameter to install/index.php.

10.0
2017-01-23 CVE-2014-8362 Vivint Improper Access Control vulnerability in Vivint SKY Control Panel Firmware 1.1.1.9926

Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable and disable the alarm system and modify other security settings via the Web-enabled interface.

10.0
2017-01-24 CVE-2017-2972 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable memory corruption vulnerability in the image conversion module related to JPEG parsing.

9.3
2017-01-24 CVE-2017-2971 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the JPEG decoder routine.

9.3
2017-01-24 CVE-2017-2970 Adobe
Apple
Microsoft
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe products

Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 and earlier, 11.0.18 and earlier have an exploitable heap overflow vulnerability in the XSLT engine related to template manipulation.

9.3
2017-01-23 CVE-2017-5554 Oneplus Improper Authentication vulnerability in Oneplus Oxygenos

An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before 4.0.2.

9.3
2017-01-28 CVE-2016-9554 Sophos Command Injection vulnerability in Sophos web Appliance 4.2.1.3

The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface.

9.0
2017-01-28 CVE-2016-9553 Sophos Command Injection vulnerability in Sophos web Appliance 4.2.1.3

The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface.

9.0
2017-01-23 CVE-2017-5539 B2Evolution Path Traversal vulnerability in B2Evolution 6.8.4

The patch for directory traversal (CVE-2017-5480) in b2evolution version 6.8.4-stable has a bypass vulnerability.

9.0

96 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-01-23 CVE-2016-7792 Ubiquiti Networks Improper Access Control vulnerability in Ubiquiti Networks Unifi AP AC Lite Firmware

Ubiquiti Networks UniFi 5.2.7 does not restrict access to the database, which allows remote attackers to modify the database by directly connecting to it.

8.3
2017-01-27 CVE-2016-5822 Huawei Resource Management Errors vulnerability in Huawei Oceanstor 5800 V3

Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service (CPU consumption) via a large number of crafted HTTP packets.

7.8
2017-01-24 CVE-2017-5495 Quagga Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Quagga

All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an unbounded memory allocation in the telnet 'vty' CLI, leading to a Denial-of-Service of Quagga daemons, or even the entire host.

7.8
2017-01-23 CVE-2016-4055 Moment Project
Tenable
Resource Management Errors vulnerability in multiple products

The duration function in the moment package before 2.11.2 for Node.js allows remote attackers to cause a denial of service (CPU consumption) via a long string, aka a "regular expression Denial of Service (ReDoS)."

7.8
2017-01-23 CVE-2015-8858 Uglifyjs Project Resource Management Errors vulnerability in Uglifyjs Project Uglifyjs

The uglify-js package before 2.6.0 for Node.js allows attackers to cause a denial of service (CPU consumption) via crafted input in a parse call, aka a "regular expression denial of service (ReDoS)."

7.8
2017-01-23 CVE-2015-8855 Nodejs Resource Management Errors vulnerability in Nodejs Node.Js

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

7.8
2017-01-23 CVE-2015-8854 Nodejs Resource Management Errors vulnerability in Nodejs Node.Js

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline rule," aka a "regular expression denial of service (ReDoS)."

7.8
2017-01-23 CVE-2015-8315 Nodejs Resource Management Errors vulnerability in Nodejs Node.Js

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

7.8
2017-01-23 CVE-2017-5182 Novell Path Traversal vulnerability in Novell Open Enterprise Server 11.0/2.0/2015

Remote Manager in Open Enterprise Server (OES) allows unauthenticated remote attackers to read any arbitrary file, via a specially crafted URL, that allows complete directory traversal and total information disclosure.

7.8
2017-01-28 CVE-2017-5486 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().

7.5
2017-01-28 CVE-2017-5485 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in addrtoname.c:lookup_nsap().

7.5
2017-01-28 CVE-2017-5484 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:sig_print().

7.5
2017-01-28 CVE-2017-5483 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in print-snmp.c:asn1_parse().

7.5
2017-01-28 CVE-2017-5482 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2016-8575.

7.5
2017-01-28 CVE-2017-5342 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, GRE, NSH, OTV, VXLAN and VXLAN GPE) could cause a buffer overflow in print-ether.c:ether_print().

7.5
2017-01-28 CVE-2017-5341 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The OTV parser in tcpdump before 4.9.0 has a buffer overflow in print-otv.c:otv_print().

7.5
2017-01-28 CVE-2017-5205 Tcpdump
Debian
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in print-isakmp.c:ikev2_e_print().

7.5
2017-01-28 CVE-2017-5204 Tcpdump
Debian
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in print-ip6.c:ip6_print().

7.5
2017-01-28 CVE-2017-5203 Tcpdump
Debian
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().

7.5
2017-01-28 CVE-2017-5202 Tcpdump
Debian
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in print-isoclns.c:clnp_print().

7.5
2017-01-28 CVE-2016-8575 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:q933_print(), a different vulnerability than CVE-2017-5482.

7.5
2017-01-28 CVE-2016-8574 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in print-fr.c:frf15_print().

7.5
2017-01-28 CVE-2016-7993 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause a buffer overflow in multiple protocol parsers (DNS, DVMRP, HSRP, IGMP, lightweight resolver protocol, PIM).

7.5
2017-01-28 CVE-2016-7992 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-cip.c:cip_if_print().

7.5
2017-01-28 CVE-2016-7986 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow in print-geonet.c, multiple functions.

7.5
2017-01-28 CVE-2016-7985 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in print-calm-fast.c:calm_fast_print().

7.5
2017-01-28 CVE-2016-7984 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in print-tftp.c:tftp_print().

7.5
2017-01-28 CVE-2016-7983 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in print-bootp.c:bootp_print().

7.5
2017-01-28 CVE-2016-7975 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The TCP parser in tcpdump before 4.9.0 has a buffer overflow in print-tcp.c:tcp_print().

7.5
2017-01-28 CVE-2016-7974 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The IP parser in tcpdump before 4.9.0 has a buffer overflow in print-ip.c, multiple functions.

7.5
2017-01-28 CVE-2016-7973 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in print-atalk.c, multiple functions.

7.5
2017-01-28 CVE-2016-7940 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The STP parser in tcpdump before 4.9.0 has a buffer overflow in print-stp.c, multiple functions.

7.5
2017-01-28 CVE-2016-7939 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The GRE parser in tcpdump before 4.9.0 has a buffer overflow in print-gre.c, multiple functions.

7.5
2017-01-28 CVE-2016-7938 Tcpdump Integer Overflow OR Wraparound vulnerability in Tcpdump

The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in print-zeromq.c:zmtp1_print_frame().

7.5
2017-01-28 CVE-2016-7937 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The VAT parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:vat_print().

7.5
2017-01-28 CVE-2016-7936 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The UDP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:udp_print().

7.5
2017-01-28 CVE-2016-7935 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The RTP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtp_print().

7.5
2017-01-28 CVE-2016-7934 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in print-udp.c:rtcp_print().

7.5
2017-01-28 CVE-2016-7933 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The PPP parser in tcpdump before 4.9.0 has a buffer overflow in print-ppp.c:ppp_hdlc_if_print().

7.5
2017-01-28 CVE-2016-7932 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The PIM parser in tcpdump before 4.9.0 has a buffer overflow in print-pim.c:pimv2_check_checksum().

7.5
2017-01-28 CVE-2016-7931 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in print-mpls.c:mpls_print().

7.5
2017-01-28 CVE-2016-7930 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in print-llc.c:llc_print().

7.5
2017-01-28 CVE-2016-7929 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-juniper.c:juniper_parse_header().

7.5
2017-01-28 CVE-2016-7928 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in print-ipcomp.c:ipcomp_print().

7.5
2017-01-28 CVE-2016-7927 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in print-802_11.c:ieee802_11_radio_print().

7.5
2017-01-28 CVE-2016-7926 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in print-ether.c:ethertype_print().

7.5
2017-01-28 CVE-2016-7925 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The compressed SLIP parser in tcpdump before 4.9.0 has a buffer overflow in print-sl.c:sl_if_print().

7.5
2017-01-28 CVE-2016-7924 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The ATM parser in tcpdump before 4.9.0 has a buffer overflow in print-atm.c:oam_print().

7.5
2017-01-28 CVE-2016-7923 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The ARP parser in tcpdump before 4.9.0 has a buffer overflow in print-arp.c:arp_print().

7.5
2017-01-28 CVE-2016-7922 Tcpdump Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Tcpdump

The AH parser in tcpdump before 4.9.0 has a buffer overflow in print-ah.c:ah_print().

7.5
2017-01-27 CVE-2017-3324 Oracle Remote Security vulnerability in Oracle Primavera Products

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access).

7.5
2017-01-27 CVE-2017-3293 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.2/8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ).

7.5
2017-01-27 CVE-2017-3271 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.2/8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ).

7.5
2017-01-27 CVE-2017-3266 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.2/8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

7.5
2017-01-27 CVE-2017-3250 Oracle Information Exposure vulnerability in Oracle Glassfish Server 2.1.1/3.0.1/3.1.2

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security).

7.5
2017-01-27 CVE-2017-3249 Oracle Remote Security vulnerability in Oracle GlassFish Server 2.1.1/3.0.1/3.1.2

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security).

7.5
2017-01-27 CVE-2017-3248 Oracle Remote Security vulnerability in Oracle WebLogic Server

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Core Components).

7.5
2017-01-27 CVE-2016-9636 Gstreamer
Redhat
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'write count' that goes beyond the initialized buffer.

7.5
2017-01-27 CVE-2016-9635 Gstreamer
Redhat
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by providing a 'skip count' that goes beyond initialized buffer.

7.5
2017-01-27 CVE-2016-9634 Gstreamer
Redhat
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the flx_decode_delta_fli function in gst/flx/gstflxdec.c in the FLIC decoder in GStreamer before 1.10.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via the start_line parameter.

7.5
2017-01-27 CVE-2016-8310 Oracle 7PK - Security Features vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core).

7.5
2017-01-26 CVE-2016-9054 Aerospike Buffer Errors vulnerability in Aerospike Database Server 3.10.0.3

An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3.

7.5
2017-01-26 CVE-2016-9052 Aerospike Buffer Errors vulnerability in Aerospike Database Server 3.10.0.3

An exploitable stack-based buffer overflow vulnerability exists in the querying functionality of Aerospike Database Server 3.10.0.3.

7.5
2017-01-26 CVE-2016-6912 Libgd Double Free vulnerability in Libgd

Double free vulnerability in the gdImageWebPtr function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to have unspecified impact via large width and height values.

7.5
2017-01-25 CVE-2016-9307 Autodesk Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Autodesk FBX Software Development KIT

Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed 3DS format files.

7.5
2017-01-25 CVE-2016-9306 Autodesk Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Autodesk FBX Software Development KIT

Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DAE format files.

7.5
2017-01-25 CVE-2016-9305 Autodesk Data Processing Errors vulnerability in Autodesk FBX Software Development KIT

Improper handling in the Autodesk FBX-SDK before 2017.1 of type mismatches and previously deleted objects related to reading and converting malformed FBX format files can allow attackers to gain access to uninitialized pointers.

7.5
2017-01-25 CVE-2016-9303 Autodesk Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Autodesk FBX Software Development KIT

Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code or cause an infinite loop condition when reading or converting malformed FBX format files.

7.5
2017-01-24 CVE-2016-10160 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP

Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch.

7.5
2017-01-23 CVE-2016-9081 Joomla Credentials Management vulnerability in Joomla Joomla!

Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors.

7.5
2017-01-23 CVE-2016-7567 Openslp Buffer Errors vulnerability in Openslp 2.0.0

Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.

7.5
2017-01-23 CVE-2016-7036 Python Jose Project 7PK - Time and State vulnerability in Python-Jose Project Python-Jose

python-jose before 1.3.2 allows attackers to have unspecified impact by leveraging failure to use a constant time comparison for HMAC keys.

7.5
2017-01-23 CVE-2016-6600 Zohocorp Path Traversal vulnerability in Zohocorp Webnms Framework 5.2

Directory traversal vulnerability in the file upload functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to upload and execute arbitrary JSP files via a ..

7.5
2017-01-23 CVE-2016-6517 Liferay Path Traversal vulnerability in Liferay 5.1.0

Directory traversal vulnerability in Liferay 5.1.0 allows remote attackers to have unspecified impact via a %2E%2E (encoded dot dot) in the minifierBundleDir parameter to barebone.jsp.

7.5
2017-01-23 CVE-2016-6164 Ffmpeg Integer Overflow OR Wraparound vulnerability in Ffmpeg

Integer overflow in the mov_build_index function in libavformat/mov.c in FFmpeg before 2.8.8, 3.0.x before 3.0.3 and 3.1.x before 3.1.1 allows remote attackers to have unspecified impact via vectors involving sample size.

7.5
2017-01-23 CVE-2016-5873 PHP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in PHP Pecl Http

Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attackers to execute arbitrary code via non-printable characters in a URL.

7.5
2017-01-23 CVE-2016-5742 Sixapart SQL Injection vulnerability in Sixapart Movable Type and Movable Type Open Source

SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1.3 and 6.2.x before 6.2.6 and Movable Type Open Source 5.2.13 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2017-01-23 CVE-2016-4010 Magento Injection vulnerability in Magento

Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data.

7.5
2017-01-23 CVE-2016-3177 Giflib Project USE After Free vulnerability in Giflib Project Giflib 5.1.2

Multiple use-after-free and double-free vulnerabilities in gifcolor.c in GIFLIB 5.1.2 have unspecified impact and attack vectors.

7.5
2017-01-23 CVE-2016-3147 Landesk Buffer Errors vulnerability in Landesk Management Suite 8.7/8.8/9.6

Buffer overflow in the collector.exe listener of the Landesk Management Suite 10.0.0.271 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large packet.

7.5
2017-01-23 CVE-2016-1925 LHA FOR Unix Project Integer Underflow (Wrap OR Wraparound) vulnerability in LHA FOR Unix Project LHA FOR Unix

Integer underflow in header.c in lha allows remote attackers to have unspecified impact via a large header size value for the (1) level0 or (2) level1 header in a lha archive, which triggers a buffer overflow.

7.5
2017-01-23 CVE-2015-8972 GNU Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU Chess

Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode.

7.5
2017-01-23 CVE-2015-8857 Lisperator 7PK - Security Features vulnerability in Lisperator Uglifyjs

The uglify-js package before 2.4.24 for Node.js does not properly account for non-boolean values when rewriting boolean expressions, which might allow attackers to bypass security mechanisms or possibly have unspecified other impact by leveraging improperly rewritten Javascript.

7.5
2017-01-23 CVE-2017-5569 Eclinicalworks SQL Injection vulnerability in Eclinicalworks Patient Portal 7.0

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13.

7.5
2017-01-23 CVE-2017-5575 Metalgenix SQL Injection vulnerability in Metalgenix Genixcms

SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS before 1.0.0 allows remote attackers to execute arbitrary SQL commands via the modules parameter.

7.5
2017-01-23 CVE-2017-5574 Metalgenix SQL Injection vulnerability in Metalgenix Genixcms

SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 allows unauthenticated users to execute arbitrary SQL commands via the activation parameter.

7.5
2017-01-23 CVE-2016-10157 Akamai Code Injection vulnerability in Akamai Netsession 1.9.3.1

Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to load CSUNSAPI.dll without supplying the complete path.

7.5
2017-01-27 CVE-2016-9795 CA
HP
IBM
Linux
Oracle
Improper Input Validation vulnerability in CA products

The casrvc program in CA Common Services, as used in CA Client Automation 12.8, 12.9, and 14.0; CA SystemEDGE 5.8.2 and 5.9; CA Systems Performance for Infrastructure Managers 12.8 and 12.9; CA Universal Job Management Agent 11.2; CA Virtual Assurance for Infrastructure Managers 12.8 and 12.9; CA Workload Automation AE 11, 11.3, 11.3.5, and 11.3.6 on AIX, HP-UX, Linux, and Solaris allows local users to modify arbitrary files and consequently gain root privileges via vectors related to insufficient validation.

7.2
2017-01-26 CVE-2016-8227 Lenovo Improper Access Control vulnerability in Lenovo Transition

Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges.

7.2
2017-01-23 CVE-2016-9383 XEN
Citrix
Improper Input Validation vulnerability in multiple products

Xen, when running on a 64-bit hypervisor, allows local x86 guest OS users to modify arbitrary memory and consequently obtain sensitive information, cause a denial of service (host crash), or execute arbitrary code on the host by leveraging broken emulation of bit test instructions.

7.2
2017-01-23 CVE-2016-5720 Microsoft Permissions, Privileges, and Access Controls vulnerability in Microsoft Skype

Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) msi.dll, (2) dpapi.dll, or (3) cryptui.dll that is located in the current working directory.

7.2
2017-01-23 CVE-2016-4484 Cryptsetup Project Improper Authentication vulnerability in Cryptsetup Project Cryptsetup

The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts with an invalid password.

7.2
2017-01-23 CVE-2016-9870 EMC Ldap Injection vulnerability in EMC Isilon Onefs

EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC Isilon OneFS 7.2.0.x, EMC Isilon OneFS 7.1.1.0 - 7.1.1.10, and EMC Isilon OneFS 7.1.0.x is affected by an LDAP injection vulnerability that could potentially be exploited by a malicious user to compromise the system.

7.2
2017-01-23 CVE-2016-10156 Systemd Project Permissions, Privileges, and Access Controls vulnerability in Systemd Project Systemd 228

A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root.

7.2
2017-01-26 CVE-2016-9317 Libgd Improper Input Validation vulnerability in Libgd

The gdImageCreate function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (system hang) via an oversized image.

7.1
2017-01-23 CVE-2017-5544 Fiberhomegroup Resource Exhaustion vulnerability in Fiberhomegroup Fengine S5800 Firmware V210R240

An issue was discovered on FiberHome Fengine S5800 switches V210R240.

7.1

306 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-01-23 CVE-2016-9381 Qemu
Citrix
Race Condition vulnerability in multiple products

Race condition in QEMU in Xen allows local x86 HVM guest OS administrators to gain privileges by changing certain data on shared rings, aka a "double fetch" vulnerability.

6.9
2017-01-27 CVE-2017-3346 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

6.8
2017-01-27 CVE-2017-3289 Oracle Remote Security vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Hotspot).

6.8
2017-01-27 CVE-2017-3272 Oracle Remote Security vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).

6.8
2017-01-27 CVE-2017-3241 Oracle Improper Input Validation vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: RMI).

6.8
2017-01-27 CVE-2016-5545 Oracle 7PK - Security Features vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI).

6.8
2017-01-27 CVE-2016-5528 Oracle Remote Security vulnerability in Oracle GlassFish Server 2.1.1/3.0.1/3.1.2

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Security).

6.8
2017-01-27 CVE-2016-9453 Libtiff
Opensuse
Debian
Out-Of-Bounds Write vulnerability in multiple products

The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a JPEG file with a TIFFTAG_JPEGTABLES of length one.

6.8
2017-01-26 CVE-2016-8710 Libbpg Project Out-Of-Bounds Write vulnerability in Libbpg Project Libbpg 0.9.4/0.9.7

An exploitable heap write out of bounds vulnerability exists in the decoding of BPG images in Libbpg library.

6.8
2017-01-26 CVE-2016-8226 Lenovo Data Processing Errors vulnerability in Lenovo products

The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure.

6.8
2017-01-26 CVE-2017-3794 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Webex Meetings Server 2.6.0

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against an administrative user.

6.8
2017-01-26 CVE-2016-9218 Cisco Cross-Site Request Forgery (CSRF) vulnerability in Cisco Hybrid Meeting Server 1.0Base

A vulnerability in Cisco Hybrid Meeting Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against the user of the web interface.

6.8
2017-01-25 CVE-2016-9304 Autodesk Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Autodesk FBX Software Development KIT

Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can allow attackers to execute arbitrary code when reading or converting malformed DFX format files.

6.8
2017-01-23 CVE-2016-9447 Gstreamer Project Out-Of-Bounds Read vulnerability in Gstreamer Project Gstreamer

The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote attackers to cause a denial of service (out-of-bounds read or write) and possibly execute arbitrary code via a crafted NSF music file.

6.8
2017-01-23 CVE-2016-6521 Gopivotal Cross-Site Request Forgery (CSRF) vulnerability in Gopivotal Grails 2.0.6

Cross-site request forgery (CSRF) vulnerability in Grails console (aka Grails Debug Console and Grails Web Console) 2.0.7, 1.5.10, and earlier allows remote attackers to hijack the authentication of users for requests that execute arbitrary Groovy code via unspecified vectors.

6.8
2017-01-23 CVE-2016-5091 Typo3 7PK - Security Features vulnerability in Typo3

Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.

6.8
2017-01-23 CVE-2016-4338 Zabbix SQL Injection vulnerability in Zabbix

The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.

6.8
2017-01-23 CVE-2016-1417 Snort Untrusted Search Path vulnerability in Snort 2.9.7.0

Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse tcapi.dll that is located in the same folder on a remote file share as a pcap file that is being processed.

6.8
2017-01-23 CVE-2017-5563 Libtiff Out-Of-Bounds Read vulnerability in Libtiff 4.0.7

LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in tif_lzw.c resulting in DoS or code execution via a crafted bmp image to tools/bmp2tiff.

6.8
2017-01-28 CVE-2017-5609 S9Y SQL Injection vulnerability in S9Y Serendipity 2.0.5

SQL injection vulnerability in include/functions_entries.inc.php in Serendipity 2.0.5 allows remote authenticated users to execute arbitrary SQL commands via the cat parameter.

6.5
2017-01-27 CVE-2016-8299 Oracle Improper Access Control vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core).

6.5
2017-01-27 CVE-2016-5590 Oracle Remote Security vulnerability in Oracle MySQL Enterprise Monitor

Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: Agent).

6.5
2017-01-26 CVE-2017-3796 Cisco OS Command Injection vulnerability in Cisco Webex Meetings Server 2.6.0

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to execute predetermined shell commands on other hosts.

6.5
2017-01-26 CVE-2017-3795 Cisco Improper Authentication vulnerability in Cisco Webex Meetings Server 2.6.0

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user.

6.5
2017-01-23 CVE-2016-9012 Arista Permissions, Privileges, and Access Controls vulnerability in Arista Cloudvision Portal

CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated users to gain access to the internal configuration mechanisms via the management plane, related to a request to /web/system/console/bundle.

6.5
2017-01-23 CVE-2016-4340 Gitlab Permissions, Privileges, and Access Controls vulnerability in Gitlab

The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.

6.5
2017-01-23 CVE-2016-0769 Elfden SQL Injection vulnerability in Elfden Eshop Plugin 6.3.14

Multiple SQL injection vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow (1) remote administrators to execute arbitrary SQL commands via the delid parameter or remote authenticated users to execute arbitrary SQL commands via the (2) view, (3) mark, or (4) change parameter.

6.5
2017-01-23 CVE-2017-5570 Eclinicalworks SQL Injection vulnerability in Eclinicalworks Patient Portal 7.0

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13.

6.5
2017-01-27 CVE-2016-8325 Oracle Improper Access Control vulnerability in Oracle One-To-One Fulfillment

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Internal Operations).

6.4
2017-01-26 CVE-2016-9050 Aerospike Out-Of-Bounds Read vulnerability in Aerospike Database Server 3.10.0.3

An exploitable out-of-bounds read vulnerability exists in the client message-parsing functionality of Aerospike Database Server 3.10.0.3.

6.4
2017-01-23 CVE-2016-6582 Doorkeeper Project 7PK - Security Features vulnerability in Doorkeeper Project Doorkeeper

The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers to conduct replay attacks or revoke arbitrary tokens by leveraging failure to implement the OAuth 2.0 Token Revocation specification.

6.4
2017-01-23 CVE-2016-6223 Libtiff Numeric Errors vulnerability in Libtiff

The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in libtiff before 4.0.7 allows remote attackers to cause a denial of service (crash) or possibly obtain sensitive information via a negative index in a file-content buffer.

6.4
2017-01-27 CVE-2017-3316 Oracle Improper Input Validation vulnerability in Oracle VM Virtualbox 5.0.30/5.1.12

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI).

6.0
2017-01-27 CVE-2017-3310 Oracle Remote Security vulnerability in Oracle Database 11.2.0.4/12.1.0.2

Vulnerability in the OJVM component of Oracle Database Server.

6.0
2017-01-27 CVE-2017-3443 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3442 Oracle Remote Unspecified vulnerability in Oracle Customer Interaction History 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3441 Oracle Remote Unspecified vulnerability in Oracle Customer Interaction History 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3440 Oracle Remote Security vulnerability in Oracle Customer Interaction History 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Customer Interaction History component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3439 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3438 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3437 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3436 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3435 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3433 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3431 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3430 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3429 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3428 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3427 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3426 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3425 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3424 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3423 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3422 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3421 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3420 Oracle Remote Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation 12.1.3

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3419 Oracle Remote Unspecified vulnerability in Oracle Customer Relationship Management Technical Foundation 12.1.3

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3418 Oracle Remote Security vulnerability in Oracle Customer Relationship Management Technical Foundation 12.1.3

Vulnerability in the Oracle CRM Technical Foundation component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3417 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3416 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3415 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Universal Work Queue component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3414 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3413 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3412 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3411 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3410 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3409 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3408 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3407 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3406 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3405 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3404 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3403 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3402 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3401 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3400 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3399 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3398 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3397 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3396 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3395 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3394 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3392 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3391 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3390 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3389 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3388 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3387 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3386 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3385 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3384 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3383 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3382 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3381 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3380 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3379 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3378 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3377 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3376 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3375 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3374 Oracle Remote Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3373 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3372 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Interaction Blending component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3371 Oracle Remote Unspecified vulnerability in Oracle Isupport 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3370 Oracle Remote Unspecified vulnerability in Oracle Isupport 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3369 Oracle Remote Security vulnerability in Oracle Isupport 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle iSupport component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3368 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: Address Book).

5.8
2017-01-27 CVE-2017-3367 Oracle Remote Unspecified vulnerability in Oracle Knowledge Management 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3366 Oracle Remote Unspecified vulnerability in Oracle Knowledge Management 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3365 Oracle Remote Unspecified vulnerability in Oracle Knowledge Management 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3364 Oracle Remote Unspecified vulnerability in Oracle Knowledge Management 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3363 Oracle Remote Unspecified vulnerability in Oracle Knowledge Management 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3362 Oracle Remote Security vulnerability in Oracle Knowledge Management 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Knowledge Management component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3361 Oracle Remote Security vulnerability in Oracle Installed Base 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Installed Base component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3360 Oracle Remote Security vulnerability in Oracle Customer Intelligence 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3359 Oracle Remote Security vulnerability in Oracle Customer Intelligence 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Customer Intelligence component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3358 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3357 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3354 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3353 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3352 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3351 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3350 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3349 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3348 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3344 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3343 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3341 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3340 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3339 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3338 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3336 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3335 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3334 Oracle Multiple Unspecified vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3333 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Marketing component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3328 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Resources Module).

5.8
2017-01-27 CVE-2017-3327 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Resources Module).

5.8
2017-01-27 CVE-2017-3326 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Common Applications component of Oracle E-Business Suite (subcomponent: Role Summary).

5.8
2017-01-27 CVE-2017-3325 Oracle Remote Security vulnerability in Oracle Siebel UI Framework 16.1

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: EAI).

5.8
2017-01-27 CVE-2017-3314 Oracle Remote Security vulnerability in Oracle Flexcube Universal Banking 12.0.0/12.1.0/12.2.0

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core).

5.8
2017-01-27 CVE-2017-3303 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle XML Gateway component of Oracle E-Business Suite (subcomponent: Oracle Transport Agent).

5.8
2017-01-27 CVE-2017-3300 Oracle Cross-Site Scripting vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Multichannel Framework).

5.8
2017-01-27 CVE-2017-3299 Oracle Remote Security vulnerability in Oracle PeopleSoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Search Functionality).

5.8
2017-01-27 CVE-2017-3298 Oracle Remote Security vulnerability in Oracle PeopleSoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: PIA Core Technology).

5.8
2017-01-27 CVE-2017-3287 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle iStore component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3285 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3284 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Service Fulfillment Manager component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3279 Oracle Remote Security vulnerability in Oracle Leads Management 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Leads Management component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3278 Oracle Remote Security vulnerability in Oracle One-To-One Fulfillment 12.1.3

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite (subcomponent: Request Confirmation).

5.8
2017-01-27 CVE-2017-3275 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2017-3274 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite (subcomponent: User Interface).

5.8
2017-01-27 CVE-2016-8329 Oracle 7PK - Security Features vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Mobile Application Platform).

5.8
2017-01-27 CVE-2016-8320 Oracle Improper Access Control vulnerability in Oracle Flexcube Enterprise Limits and Collateral Management 12.0.0/12.0.2

Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component of Oracle Financial Services Applications (subcomponent: Core).

5.8
2017-01-27 CVE-2016-8319 Oracle Improper Access Control vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core).

5.8
2017-01-27 CVE-2016-8312 Oracle Improper Access Control vulnerability in Oracle Flexcube Private Banking 12.0.1/2.0.1/2.2.0

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search).

5.8
2017-01-27 CVE-2016-8303 Oracle 7PK - Security Features vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core).

5.8
2017-01-27 CVE-2016-8282 Oracle Improper Access Control vulnerability in Oracle Flexcube Private Banking 12.0.1/2.0.1/2.2.0

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search).

5.8
2017-01-27 CVE-2016-5541 Oracle Remote Security vulnerability in Oracle MySQL Cluster

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI).

5.8
2017-01-26 CVE-2016-6908 Opera Open Redirect vulnerability in Opera Browser 37.0.2192.105088

Characters from languages are such as Arabic, Hebrew are displayed from RTL (Right To Left) order in Opera 37.0.2192.105088 for Android, due to mishandling of several unicode characters such as U+FE70, U+0622, U+0623 etc and how they are rendered combined with (first strong character) such as an IP address or alphabet could lead to a spoofed URL.

5.8
2017-01-26 CVE-2017-3799 Cisco Open Redirect vulnerability in Cisco Webex Meeting Center Wbs28Base

A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated, remote attacker to perform site redirection.

5.8
2017-01-23 CVE-2017-5556 Foxitsoftware
Microsoft
Out-Of-Bounds Read vulnerability in Foxitsoftware Foxit Reader and Phantompdf

The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF before 8.2 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted JPEG image.

5.8
2017-01-26 CVE-2017-3804 Cisco Denial of Service vulnerability in Multiple Cisco Nexus Devices

A vulnerability in Intermediate System-to-Intermediate System (IS-IS) protocol packet processing of Cisco Nexus 5000, 6000, and 7000 Series Switches software could allow an unauthenticated, adjacent attacker to cause a reload of the affected device.

5.7
2017-01-27 CVE-2017-3263 Oracle Remote Security vulnerability in Oracle Primavera Products

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Team Member).

5.5
2017-01-27 CVE-2016-8323 Oracle Improper Access Control vulnerability in Oracle Flexcube Core Banking 11.5.0/5.1.0/5.2.0

Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core).

5.5
2017-01-27 CVE-2016-8315 Oracle Improper Access Control vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure Code).

5.5
2017-01-27 CVE-2016-8306 Oracle 7PK - Security Features vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core).

5.5
2017-01-27 CVE-2016-8298 Oracle Improper Access Control vulnerability in Oracle Flexcube Private Banking 12.0.1/2.0.1/2.2.0

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search).

5.5
2017-01-27 CVE-2016-8297 Oracle Improper Access Control vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core).

5.5
2017-01-27 CVE-2016-5623 Oracle 7PK - Security Features vulnerability in Oracle Flexcube Private Banking 12.0.1/2.0.1/2.2.0

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search).

5.5
2017-01-27 CVE-2017-3260 Oracle Remote Security vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT).

5.1
2017-01-23 CVE-2016-5119 Keepass Improper Input Validation vulnerability in Keepass

The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execute arbitrary code by spoofing the version check response and supplying a crafted update.

5.1
2017-01-27 CVE-2017-5601 Libarchive Out-Of-Bounds Read vulnerability in Libarchive 3.2.2

An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.

5.0
2017-01-27 CVE-2017-5328 Palo Alto Networks Spoofing vulnerability in Palo Alto Networks Terminal Services Agent 6.0.0

Palo Alto Networks Terminal Services Agent before 7.0.7 allows attackers to spoof arbitrary users via unspecified vectors.

5.0
2017-01-27 CVE-2017-3311 Oracle Remote Security vulnerability in Oracle Application Testing Suite 12.4.0.2/12.5.0.2/12.5.0.3

Vulnerability in the Application Testing Suite component of Oracle Enterprise Manager Grid Control (subcomponent: Test Manager for Web Apps).

5.0
2017-01-27 CVE-2017-3295 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.2/8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ).

5.0
2017-01-27 CVE-2017-3294 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.2/8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters ).

5.0
2017-01-27 CVE-2017-3270 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.2/8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2017-01-27 CVE-2017-3269 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.2/8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2017-01-27 CVE-2017-3268 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.2/8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2017-01-27 CVE-2017-3267 Oracle Remote Security vulnerability in Oracle Outside in Technology 8.5.2/8.5.3

Vulnerability in the Oracle Outside In Technology component of Oracle Fusion Middleware (subcomponent: Outside In Filters).

5.0
2017-01-27 CVE-2017-3262 Oracle Remote Security vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control).

5.0
2017-01-27 CVE-2017-3255 Oracle Information Exposure vulnerability in Oracle Jdeveloper

Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: ADF Faces).

5.0
2017-01-27 CVE-2017-3253 Oracle Remote Security vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: 2D).

5.0
2017-01-27 CVE-2016-8324 Oracle Improper Access Control vulnerability in Oracle Flexcube Core Banking 11.5.0/5.1.0/5.2.0

Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core).

5.0
2017-01-27 CVE-2016-8307 Oracle Improper Access Control vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core).

5.0
2017-01-27 CVE-2016-6264 Uclibc NG Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Uclibc-Ng Project Uclibc-Ng

Integer signedness error in libc/string/arm/memset.S in uClibc and uClibc-ng before 1.0.16 allows context-dependent attackers to cause a denial of service (crash) via a negative length value to the memset function.

5.0
2017-01-27 CVE-2016-5827 Libical Project Out-Of-Bounds Read vulnerability in Libical Project Libical 0.47/1.0.0

The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted string to the icalparser_parse_string function.

5.0
2017-01-27 CVE-2016-5826 Libical Project Out-Of-Bounds Read vulnerability in Libical Project Libical 0.47/1.0

The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) by crafting a string to the icalparser_parse_string function.

5.0
2017-01-27 CVE-2016-5552 Oracle Remote Security vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking).

5.0
2017-01-27 CVE-2016-5547 Oracle Remote Security vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries).

5.0
2017-01-27 CVE-2016-5546 Oracle Remote Security vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries).

5.0
2017-01-27 CVE-2016-9448 Libtiff
Opensuse
Null Pointer Dereference vulnerability in multiple products

The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) by setting the tags TIFF_SETGET_C16ASCII or TIFF_SETGET_C32_ASCII to values that access 0-byte arrays.

5.0
2017-01-27 CVE-2016-10003 Squid Cache Information Exposure vulnerability in Squid-Cache Squid

Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 through 3.5.22, and 4.0.1 through 4.0.16 results in Collapsed Forwarding feature mistakenly identifying some private responses as being suitable for delivery to multiple clients.

5.0
2017-01-27 CVE-2016-10002 Debian
Squid Cache
Information Exposure vulnerability in multiple products

Incorrect processing of responses to If-None-Modified HTTP conditional requests in Squid HTTP Proxy 3.1.10 through 3.1.23, 3.2.0.3 through 3.5.22, and 4.0.1 through 4.0.16 leads to client-specific Cookie data being leaked to other clients.

5.0
2017-01-27 CVE-2017-5598 Eclinicalworks SQL Injection vulnerability in Eclinicalworks Patient Portal 8.0

An issue was discovered in eClinicalWorks healow@work 8.0 build 8.

5.0
2017-01-26 CVE-2017-3805 Cisco Information Exposure vulnerability in Cisco IOX 1.0(0)

A vulnerability in the web-based management interface of Cisco IOS and Cisco IOx Software could allow an unauthenticated, remote attacker to view confidential information that is displayed without authenticating to the device.

5.0
2017-01-26 CVE-2017-3800 Cisco Improper Input Validation vulnerability in Cisco Email Security Appliance 9.7.1066/9.7.1Hp2207/9.8.5085

A vulnerability in the content scanning engine of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to bypass configured message or content filters on the device.

5.0
2017-01-26 CVE-2017-3797 Cisco Information Exposure vulnerability in Cisco Webex Meetings Server 2.7.1/2.7Base

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view the fully qualified domain name of the Cisco WebEx administration server.

5.0
2017-01-26 CVE-2016-9216 Cisco Resource Management Errors vulnerability in Cisco ASR 5000 Series Software

An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr process of Cisco ASR 5000 Software could allow an unauthenticated, remote attacker to cause the ipsecmgr process to reload.

5.0
2017-01-25 CVE-2017-5597 Wireshark Integer Overflow OR Wraparound vulnerability in Wireshark

In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector could go into a large loop, triggered by packet injection or a malformed capture file.

5.0
2017-01-25 CVE-2017-5596 Wireshark Infinite Loop vulnerability in Wireshark

In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector could go into an infinite loop, triggered by packet injection or a malformed capture file.

5.0
2017-01-24 CVE-2016-10162 PHP Null Pointer Dereference vulnerability in PHP

The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x before 7.0.15 and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an inapplicable class name in a wddxPacket XML document, leading to mishandling in a wddx_deserialize call.

5.0
2017-01-24 CVE-2016-10161 PHP Out-Of-Bounds Read vulnerability in PHP

The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call.

5.0
2017-01-24 CVE-2016-10159 PHP Integer Overflow OR Wraparound vulnerability in PHP

Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive.

5.0
2017-01-24 CVE-2016-10158 PHP Numeric Errors vulnerability in PHP

The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1.

5.0
2017-01-23 CVE-2017-5372 SAP Information Exposure vulnerability in SAP Netweaver

The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the (1) getInformation, (2) getParameters, (3) getServiceInfo, (4) getStatistic, or (5) getClientStatistic function, aka SAP Security Note 2331908.

5.0
2017-01-23 CVE-2017-5371 Sybase Improper Input Validation vulnerability in Sybase Adaptive Server Enterprise 16.0

Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote attackers to cause a denial of service (process crash) via a series of crafted requests, aka SAP Security Note 2330422.

5.0
2017-01-23 CVE-2016-9446 Gstreamer Project
Redhat
Improper Initialization vulnerability in multiple products

The vmnc decoder in the gstreamer does not initialize the render canvas, which allows remote attackers to obtain sensitive information as demonstrated by thumbnailing a simple 1 frame vmnc movie that does not draw to the allocated render canvas.

5.0
2017-01-23 CVE-2016-9445 Gstreamer Project Integer Overflow OR Wraparound vulnerability in Gstreamer Project Gstreamer 1.10.0

Integer overflow in the vmnc decoder in the gstreamer allows remote attackers to cause a denial of service (crash) via large width and height values, which triggers a buffer overflow.

5.0
2017-01-23 CVE-2016-7037 JWT Project 7PK - Time and State vulnerability in JWT Project JWT

The verify function in Encryption/Symmetric.php in Malcolm Fell jwt before 1.0.3 does not use a timing-safe function for hash comparison, which allows attackers to spoof signatures via a timing attack.

5.0
2017-01-23 CVE-2016-6920 Ffmpeg Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ffmpeg

Heap-based buffer overflow in the decode_block function in libavcodec/exr.c in FFmpeg before 3.1.3 allows remote attackers to cause a denial of service (application crash) via vectors involving tile positions.

5.0
2017-01-23 CVE-2016-6668 Atlassian Information Exposure vulnerability in Atlassian Confluence and Jira Integration FOR Hipchat

The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 before 6.27.5, 6.28.0 before 7.3.7, and 7.4.0 before 7.8.17; Confluence HipChat plugin 6.26.0 before 7.8.17; and HipChat for JIRA plugin 6.26.0 before 7.8.17 allows remote attackers to obtain the secret key for communicating with HipChat instances by reading unspecified pages.

5.0
2017-01-23 CVE-2016-6603 Zohocorp Improper Input Validation vulnerability in Zohocorp Webnms Framework 5.2

ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to bypass authentication and impersonate arbitrary users via the UserName HTTP header.

5.0
2017-01-23 CVE-2016-6602 Zohocorp USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Zohocorp Webnms Framework 5.2

ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm to store passwords, which allows context-dependent attackers to obtain cleartext passwords by leveraging access to WEB-INF/conf/securitydbData.xml.

5.0
2017-01-23 CVE-2016-6601 Zohocorp Path Traversal vulnerability in Zohocorp Webnms Framework 5.2

Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a ..

5.0
2017-01-23 CVE-2016-6160 Appneta Resource Management Errors vulnerability in Appneta Tcpreplay

tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause a denial of service (segmentation fault) via a large frame, a related issue to CVE-2017-14266.

5.0
2017-01-23 CVE-2016-5697 Onelogin XML Injection (Aka Blind Xpath Injection) vulnerability in Onelogin Ruby-Saml

Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified vectors.

5.0
2017-01-23 CVE-2016-4793 Cakephp Improper Input Validation vulnerability in Cakephp

The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.

5.0
2017-01-23 CVE-2015-8860 Nodejs Link Following vulnerability in Nodejs Node.Js

The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive.

5.0
2017-01-23 CVE-2015-8859 Nodejs Information Exposure vulnerability in Nodejs Node.Js

The send package before 0.11.1 for Node.js allows attackers to obtain the root path via unspecified vectors.

5.0
2017-01-23 CVE-2015-4626 Treasuryxpress Numeric Errors vulnerability in Treasuryxpress C2Box

B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, which allows remote attackers to "corrupt the business logic" via a negative value in an overdraft.

5.0
2017-01-27 CVE-2017-3330 Oracle Remote Security vulnerability in Oracle Siebel UI Framework 16.1

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI).

4.9
2017-01-27 CVE-2017-3265 Oracle
Redhat
Debian
Local Security vulnerability in Oracle MySQL Server

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging).

4.9
2017-01-27 CVE-2016-8316 Oracle Improper Access Control vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core).

4.9
2017-01-27 CVE-2016-8304 Oracle Improper Access Control vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core).

4.9
2017-01-26 CVE-2016-10024 XEN
Citrix
Improper Input Validation vulnerability in multiple products

Xen through 4.8.x allows local x86 PV guest OS kernel administrators to cause a denial of service (host hang or crash) by modifying the instruction stream asynchronously while performing certain kernel operations.

4.9
2017-01-23 CVE-2016-9385 XEN
Citrix
Improper Input Validation vulnerability in multiple products

The x86 segment base write emulation functionality in Xen 4.4.x through 4.7.x allows local x86 PV guest OS administrators to cause a denial of service (host crash) by leveraging lack of canonical address checks.

4.9
2017-01-27 CVE-2017-5329 Palo Alto Networks Out-Of-Bounds Write vulnerability in Palo Alto Networks Terminal Services Agent 6.0.0

Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation.

4.6
2017-01-26 CVE-2016-8225 Lenovo Unquoted Search Path OR Element vulnerability in Lenovo Edge Keyboard Driver and Slim USB Keyboard Driver

Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges.

4.6
2017-01-26 CVE-2016-10013 XEN Permissions, Privileges, and Access Controls vulnerability in XEN

Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain privileges by leveraging mishandling of SYSCALL singlestep during emulation.

4.6
2017-01-25 CVE-2016-8214 EMC Permission Issues vulnerability in EMC Avamar Data Store and Avamar Virtual Edition

EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions 7.3.0 and 7.3.1 contain a vulnerability that may allow malicious administrators to compromise Avamar servers.

4.6
2017-01-23 CVE-2016-9386 Citrix
XEN
Permissions, Privileges, and Access Controls vulnerability in multiple products

The x86 emulator in Xen does not properly treat x86 NULL segments as unusable when accessing memory, which might allow local HVM guest users to gain privileges via vectors involving "unexpected" base/limit values.

4.6
2017-01-23 CVE-2016-9382 XEN
Citrix
Permissions, Privileges, and Access Controls vulnerability in multiple products

Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, which allows local 32-bit x86 HVM guest OS users to gain privileges or cause a denial of service (guest OS crash) by leveraging a guest operating system that uses hardware task switching and allows a new task to start in VM86 mode.

4.6
2017-01-23 CVE-2016-9380 XEN
Citrix
Improper Input Validation vulnerability in multiple products

The pygrub boot loader emulator in Xen, when nul-delimited output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via NUL bytes in the bootloader configuration file.

4.6
2017-01-23 CVE-2016-9379 XEN
Citrix
Improper Input Validation vulnerability in multiple products

The pygrub boot loader emulator in Xen, when S-expression output format is requested, allows local pygrub-using guest OS administrators to read or delete arbitrary files on the host via string quotes and S-expressions in the bootloader configuration file.

4.6
2017-01-23 CVE-2016-7102 Owncloud Code Injection vulnerability in Owncloud Desktop 2.2.2

ownCloud Desktop before 2.2.3 allows local users to execute arbitrary code and possibly gain privileges via a Trojan library in a "special path" in the C: drive.

4.6
2017-01-23 CVE-2015-8971 Debian
Enlightenment
Command Injection vulnerability in multiple products

Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.

4.6
2017-01-23 CVE-2016-1281 Idrix Untrusted Search Path vulnerability in Idrix Truecrypt and Veracrypt

Untrusted search path vulnerability in the installer for TrueCrypt 7.2 and 7.1a, VeraCrypt before 1.17-BETA, and possibly other products allows local users to execute arbitrary code with administrator privileges and conduct DLL hijacking attacks via a Trojan horse DLL in the "application directory", as demonstrated with the USP10.dll, RichEd20.dll, NTMarta.dll and SRClient.dll DLLs.

4.4
2017-01-28 CVE-2017-5608 Piwigo Cross-Site Scripting vulnerability in Piwigo

Cross-site scripting (XSS) vulnerability in the image upload function in Piwigo before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via a crafted image filename.

4.3
2017-01-27 CVE-2017-3323 Oracle Improper Input Validation vulnerability in Oracle Mysql Cluster

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General).

4.3
2017-01-27 CVE-2017-3322 Oracle Remote Security vulnerability in Oracle MySQL Cluster

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI).

4.3
2017-01-27 CVE-2017-3321 Oracle Improper Input Validation vulnerability in Oracle Mysql Cluster

Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: General).

4.3
2017-01-27 CVE-2017-3296 Oracle Information Exposure vulnerability in Oracle Commerce Platform 10.0.3.5/10.2.0.5/11.2.0.2

Vulnerability in the Oracle Commerce Platform component of Oracle Commerce (subcomponent: Dynamo Application Framework).

4.3
2017-01-27 CVE-2017-3283 Oracle Improper Input Validation vulnerability in Oracle Partner Management

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface).

4.3
2017-01-27 CVE-2017-3282 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface).

4.3
2017-01-27 CVE-2017-3281 Oracle Remote Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface).

4.3
2017-01-27 CVE-2017-3280 Oracle Improper Input Validation vulnerability in Oracle Partner Management

Vulnerability in the Oracle Partner Management component of Oracle E-Business Suite (subcomponent: User Interface).

4.3
2017-01-27 CVE-2017-3261 Oracle Remote Security vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).

4.3
2017-01-27 CVE-2017-3259 Oracle Remote Security vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment).

4.3
2017-01-27 CVE-2017-3247 Oracle Remote Security vulnerability in Oracle GlassFish Server 2.1.1/3.0.1/3.1.2

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Core).

4.3
2017-01-27 CVE-2017-3245 Oracle Information Exposure vulnerability in Oracle Flexcube Direct Banking 12.0.2/12.0.3

Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Pre-Login).

4.3
2017-01-27 CVE-2017-3236 Oracle Improper Input Validation vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core).

4.3
2017-01-27 CVE-2017-3231 Oracle Information Exposure vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking).

4.3
2017-01-27 CVE-2016-9298 Imagemagick Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Imagemagick

Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c in ImageMagick before 6.9.6-4 and 7.x before 7.0.3-6 allows remote attackers to cause a denial of service (crash) via a crafted image.

4.3
2017-01-27 CVE-2016-8330 Oracle Improper Access Control vulnerability in Oracle Solaris 11.3

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

4.3
2017-01-27 CVE-2016-8328 Oracle Remote Security vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java Mission Control).

4.3
2017-01-27 CVE-2016-8308 Oracle Remote Security vulnerability in Oracle Flexcube Private Banking 12.0.1/2.0.1/2.2.0

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search).

4.3
2017-01-27 CVE-2016-8301 Oracle Remote Security vulnerability in Oracle FLEXCUBE Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core).

4.3
2017-01-27 CVE-2016-7569 Docker2Aci Project Path Traversal vulnerability in Docker2Aci Project Docker2Aci

Directory traversal vulnerability in docker2aci before 0.13.0 allows remote attackers to write to arbitrary files via a ..

4.3
2017-01-27 CVE-2016-5825 Libical Project Out-Of-Bounds Read vulnerability in Libical Project Libical 0.47/1.0

The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted ics file.

4.3
2017-01-27 CVE-2016-5824 Libical Project
Canonical
Redhat
USE After Free vulnerability in multiple products

libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

4.3
2017-01-27 CVE-2016-5823 Libical Project USE After Free vulnerability in Libical Project Libical 0.47/1.0

The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics file.

4.3
2017-01-27 CVE-2016-5549 Oracle Remote Security vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).

4.3
2017-01-27 CVE-2016-5548 Oracle Remote Security vulnerability in Oracle JDK and JRE

Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries).

4.3
2017-01-27 CVE-2016-3996 Samsung Information Exposure vulnerability in Samsung Knox 1.0/2.3.0

ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application.

4.3
2017-01-27 CVE-2016-1920 Samsung Improper Access Control vulnerability in Samsung Knox 1.0

Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service.

4.3
2017-01-27 CVE-2017-5599 Eclinicalworks Cross-Site Scripting vulnerability in Eclinicalworks Patient Portal 7.0

An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13.

4.3
2017-01-26 CVE-2016-6911 Libgd Out-Of-Bounds Read vulnerability in Libgd

The dynamicGetbuf function in the GD Graphics Library (aka libgd) before 2.2.4 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted TIFF image.

4.3
2017-01-26 CVE-2017-3802 Cisco Cross-Site Scripting vulnerability in Cisco Unified Communications Manager 12.0(0.99000.9)

A vulnerability in Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system.

4.3
2017-01-26 CVE-2017-3798 Cisco Cross-Site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.12000.1)

A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to mount XSS attacks against a user of an affected device.

4.3
2017-01-26 CVE-2016-9222 Cisco Cross-Site Scripting vulnerability in Cisco Netflow Generation Appliance 1.0(2)

A vulnerability in the web-based management interface of Cisco NetFlow Generation Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

4.3
2017-01-25 CVE-2017-5594 Pagekit Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pagekit

An issue was discovered in Pagekit CMS before 1.0.11.

4.3
2017-01-25 CVE-2016-8215 EMC Cross-Site Scripting vulnerability in EMC RSA Security Analytics

EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a Reflected Cross-Site Scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system.

4.3
2017-01-24 CVE-2017-2929 Adobe
Microsoft
Cross-Site Scripting vulnerability in Adobe Acrobat 15.1.0.3

Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability.

4.3
2017-01-23 CVE-2016-7410 Libdwarf Project Out-Of-Bounds Read vulnerability in Libdwarf Project Libdwarf 20160613

The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf 20160613 allows attackers to cause a denial of service (buffer over-read) via a crafted file.

4.3
2017-01-23 CVE-2016-6484 Infoblox Crlf Injection vulnerability in Infoblox Netmri

CRLF injection vulnerability in Infoblox Network Automation NetMRI before 7.1.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the contentType parameter in a login action to config/userAdmin/login.tdf.

4.3
2017-01-23 CVE-2016-5876 Owncloud Permissions, Privileges, and Access Controls vulnerability in Owncloud

ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote attackers to download arbitrary images via a direct request.

4.3
2017-01-23 CVE-2016-4056 Typo3 Cross-Site Scripting vulnerability in Typo3

Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.

4.3
2017-01-23 CVE-2016-0765 Elfden Cross-Site Scripting vulnerability in Elfden Eshop Plugin 6.3.14

Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter.

4.3
2017-01-23 CVE-2015-8862 Mustache JS Project Cross-Site Scripting vulnerability in Mustache.Js Project Mustache.Js

mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.

4.3
2017-01-23 CVE-2015-8861 Handlebars JS Project Cross-Site Scripting vulnerability in Handlebars.Js Project Handlebars.Js

The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.

4.3
2017-01-23 CVE-2015-8856 Nodejs Cross-Site Scripting vulnerability in Nodejs Node.Js

Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.

4.3
2017-01-23 CVE-2014-9772 Nodejs Cross-Site Scripting vulnerability in Nodejs Node.Js

The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.

4.3
2017-01-23 CVE-2013-7454 Nodejs Cross-Site Scripting vulnerability in Nodejs Node.Js

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.

4.3
2017-01-23 CVE-2013-7453 Nodejs Cross-Site Scripting vulnerability in Nodejs Node.Js

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.

4.3
2017-01-23 CVE-2013-7452 Nodejs Cross-Site Scripting vulnerability in Nodejs Node.Js

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.

4.3
2017-01-23 CVE-2013-7451 Nodejs Cross-Site Scripting vulnerability in Nodejs Node.Js 1.0.4

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.

4.3
2017-01-23 CVE-2016-8213 EMC Cross-Site Scripting vulnerability in EMC products

EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.

4.3
2017-01-23 CVE-2016-10104 Hiteksoftware Inadequate Encryption Strength vulnerability in Hiteksoftware Automize

Information Disclosure can occur in sshProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users.

4.3
2017-01-23 CVE-2016-10103 Hiteksoftware Credentials Management vulnerability in Hiteksoftware Automize

Information Disclosure can occur in encryptionProfiles.jsd in Hitek Software's Automize because of the Read attribute being set for Users.

4.3
2017-01-23 CVE-2016-10102 Hiteksoftware Inadequate Encryption Strength vulnerability in Hiteksoftware Automize

hitek.jar in Hitek Software's Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords.

4.3
2017-01-23 CVE-2016-10101 Hiteksoftware Credentials Management vulnerability in Hiteksoftware Automize

Information Disclosure can occur in Hitek Software's Automize 10.x and 11.x passManager.jsd.

4.3
2017-01-27 CVE-2017-3315 Oracle Information Exposure vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Eperformance 9.2

Vulnerability in the PeopleSoft Enterprise HCM ePerformance component of Oracle PeopleSoft Products (subcomponent: Security).

4.0
2017-01-27 CVE-2017-3273 Oracle Improper Input Validation vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).

4.0
2017-01-27 CVE-2017-3258 Oracle Improper Input Validation vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DDL).

4.0
2017-01-27 CVE-2017-3257 Oracle Improper Privilege Management vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB).

4.0
2017-01-27 CVE-2017-3256 Oracle Improper Input Validation vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).

4.0
2017-01-27 CVE-2017-3251 Oracle Remote Security vulnerability in Oracle MySQL Server

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).

4.0
2017-01-27 CVE-2017-3244 Oracle
Debian
Remote Security vulnerability in Oracle MySQL Server

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML).

4.0
2017-01-27 CVE-2017-3238 Oracle
Debian
Remote Security vulnerability in Oracle MySQL Server

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer).

4.0
2017-01-27 CVE-2016-8322 Oracle Information Exposure vulnerability in Oracle Flexcube Core Banking 11.5.0/5.1.0/5.2.0

Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core).

4.0
2017-01-27 CVE-2016-8311 Oracle Improper Access Control vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core).

4.0
2017-01-27 CVE-2016-8309 Oracle Improper Access Control vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core).

4.0
2017-01-27 CVE-2016-8302 Oracle Information Exposure vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core).

4.0
2017-01-27 CVE-2016-5614 Oracle Information Exposure vulnerability in Oracle Flexcube Private Banking 12.0.1/2.0.1/2.2.0

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search).

4.0
2017-01-23 CVE-2015-7743 Paessler XXE vulnerability in Paessler Prtg Network Monitor

XML external entity vulnerability in PRTG Network Monitor before 16.2.23.3077/3078 allows remote authenticated users to read arbitrary files by creating a new HTTP XML/REST Value sensor that accesses a crafted XML file.

4.0

41 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2017-01-27 CVE-2017-3332 Oracle Local Security vulnerability in Oracle VM Virtualbox 5.0.30/5.1.12

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: VirtualBox SVGA Emulation).

3.6
2017-01-27 CVE-2017-3235 Oracle Local Security vulnerability in Oracle FLEXCUBE Universal Banking CVE-2017-3235

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core).

3.6
2017-01-27 CVE-2017-3320 Oracle Remote Security vulnerability in Oracle MySQL Server

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption).

3.5
2017-01-27 CVE-2017-3319 Oracle Information Exposure vulnerability in Oracle Mysql

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin).

3.5
2017-01-27 CVE-2017-3312 Oracle
Debian
Local Security vulnerability in Oracle MySQL Server

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging).

3.5
2017-01-27 CVE-2017-3297 Oracle Remote Security vulnerability in Oracle Flexcube Direct Banking 12.0.2/12.0.3

Vulnerability in the Oracle FLEXCUBE Direct Banking component of Oracle Financial Services Applications (subcomponent: Framework).

3.5
2017-01-27 CVE-2017-3292 Oracle Information Exposure vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.54/8.55

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker).

3.5
2017-01-27 CVE-2017-3291 Oracle Local Security vulnerability in Oracle MySQL Server

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Packaging).

3.5
2017-01-27 CVE-2017-3277 Oracle Information Exposure vulnerability in Oracle Applications Manager

Vulnerability in the Oracle Applications Manager component of Oracle E-Business Suite (subcomponent: OAM Client).

3.5
2017-01-27 CVE-2017-3264 Oracle Remote Security vulnerability in Oracle Siebel UI Framework 16.1

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM (subcomponent: Open UI).

3.5
2017-01-27 CVE-2017-3243 Oracle Remote Security vulnerability in Oracle MySQL Server

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Charsets).

3.5
2017-01-27 CVE-2016-8327 Oracle Remote Security vulnerability in Oracle MySQL Server

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Replication).

3.5
2017-01-27 CVE-2016-8318 Oracle Remote Security vulnerability in Oracle MySQL Server

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Security: Encryption).

3.5
2017-01-27 CVE-2016-8317 Oracle Improper Access Control vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust).

3.5
2017-01-27 CVE-2016-8314 Oracle 7PK - Security Features vulnerability in Oracle Flexcube Core Banking 11.5.0/5.1.0/5.2.0

Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core).

3.5
2017-01-27 CVE-2016-8313 Oracle Information Exposure vulnerability in Oracle Flexcube Private Banking 12.0.1/2.0.1/2.2.0

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search).

3.5
2017-01-27 CVE-2016-8300 Oracle Improper Access Control vulnerability in Oracle Flexcube Private Banking 12.0.1/2.0.1/2.2.0

Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search).

3.5
2017-01-27 CVE-2016-5509 Oracle Remote Security vulnerability in Oracle FLEXCUBE Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core).

3.5
2017-01-23 CVE-2017-5553 B2Evolution Cross-Site Scripting vulnerability in B2Evolution

Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.

3.5
2017-01-26 CVE-2017-3803 Cisco Missing Release of Resource After Effective Lifetime vulnerability in Cisco IOS 15.2(2)E3/15.2(4)E1

A vulnerability in the Cisco IOS Software forwarding queue of Cisco 2960X and 3750X switches could allow an unauthenticated, adjacent attacker to cause a memory leak in the software forwarding queue that would eventually lead to a partial denial of service (DoS) condition.

3.3
2017-01-26 CVE-2016-9221 Cisco Resource Management Errors vulnerability in Cisco Aironet Access Point Software 8.2(121.12)/8.4(1.82)

A Denial of Service Vulnerability in 802.11 ingress connection authentication handling for the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause authentication to fail.

3.3
2017-01-26 CVE-2016-9220 Cisco Resource Management Errors vulnerability in Cisco Aironet Access Point Software 8.2(130.0)

A Denial of Service Vulnerability in 802.11 ingress packet processing of the Cisco Mobility Express 2800 and 3800 Access Points (APs) could allow an unauthenticated, adjacent attacker to cause the connection table to be full of invalid connections and be unable to process new incoming requests.

3.3
2017-01-27 CVE-2017-3290 Oracle Local Security vulnerability in Oracle VM Virtualbox 5.0.30/5.1.12

Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Shared Folder).

3.2
2017-01-27 CVE-2017-3286 Oracle Local Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: Patching).

3.2
2017-01-27 CVE-2017-3246 Oracle Local Security vulnerability in Oracle E-Business Suite

Vulnerability in the Oracle Application Object Library component of Oracle E-Business Suite (subcomponent: Patching).

3.2
2017-01-27 CVE-2017-3276 Oracle Local Security vulnerability in Oracle Solaris 11.3

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel Zones virtualized block driver).

3.0
2017-01-27 CVE-2016-1551 NTP
Ntpsec
7PK - Security Features vulnerability in multiple products

ntpd in NTP 4.2.8p3 and NTPsec a5fb34b9cc89b92a8fef2f459004865c93bb7f92 relies on the underlying operating system to protect it from requests that impersonate reference clocks.

2.6
2017-01-27 CVE-2017-3252 Oracle Remote Security vulnerability in Oracle Jdk, JRE and Jrockit

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: JAAS).

2.1
2017-01-27 CVE-2017-3240 Oracle Information Exposure vulnerability in Oracle Database Server 12.1.0.2

Vulnerability in the RDBMS Security component of Oracle Database Server.

2.1
2017-01-27 CVE-2017-3239 Oracle Information Exposure vulnerability in Oracle Glassfish Server 3.0.1/3.1.2

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Administration).

2.1
2017-01-26 CVE-2016-9932 XEN Information Exposure vulnerability in XEN

CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows local HVM guest OS users to obtain sensitive information from host stack memory via a "supposedly-ignored" operand size prefix.

2.1
2017-01-26 CVE-2016-10025 XEN
Citrix
Null Pointer Dereference vulnerability in multiple products

VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD virtualization extensions (aka SVM) allows local HVM guest OS users to cause a denial of service (hypervisor crash) by leveraging a missing NULL pointer check.

2.1
2017-01-23 CVE-2016-9401 GNU
Debian
Redhat
USE After Free vulnerability in multiple products

popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.

2.1
2017-01-27 CVE-2017-3301 Oracle Local Security vulnerability in Oracle Solaris 11.3

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite (subcomponent: Kernel).

1.9
2017-01-27 CVE-2017-3242 Oracle Improper Input Validation vulnerability in Oracle VM Server 3.2/3.4

Vulnerability in the Oracle VM Server for Sparc component of Oracle Sun Systems Products Suite (subcomponent: LDOM Manager).

1.9
2017-01-27 CVE-2016-8305 Oracle Information Exposure vulnerability in Oracle Flexcube Universal Banking

Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core).

1.9
2017-01-27 CVE-2016-1919 Samsung Information Exposure vulnerability in Samsung Knox

Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack.

1.9
2017-01-23 CVE-2016-5237 Valvesoftware Permissions, Privileges, and Access Controls vulnerability in Valvesoftware Steamos

Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.

1.9
2017-01-27 CVE-2017-3317 Oracle
Debian
Local Security vulnerability in Oracle MySQL Server

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Logging).

1.5
2017-01-27 CVE-2017-3313 Oracle
Debian
Information Exposure vulnerability in multiple products

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: MyISAM).

1.5
2017-01-27 CVE-2017-3318 Oracle
Debian
Local Security vulnerability in Oracle MySQL Server

Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Error Handling).

1.0