Original release date: July 25, 2016
The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information.
The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:
-
High – Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 – 10.0
-
Medium – Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 – 6.9
-
Low – Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 – 3.9
Entries may include additional information provided by organizations and efforts sponsored by US-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of US-CERT analysis.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| cisco — ios_xr | Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819. | 2016-07-15 | 7.8 | CVE-2016-1426 CISCO |
| cisco — ios_xr | The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721. | 2016-07-15 | 7.2 | CVE-2016-1456 CISCO |
| harfbuzz_project — harfbuzz | hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052. | 2016-07-19 | 7.5 | CVE-2015-8947 CONFIRM CONFIRM |
| hp — intelligent_management_center_application_performance_manager | HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | 2016-07-15 | 7.5 | CVE-2016-4372 CONFIRM |
| ibm — traveler | IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | 2016-07-17 | 8.5 | CVE-2016-3039 AIXAPAR CONFIRM |
| misys — fusioncapital_opics_plus | Misys FusionCapital Opics Plus allows remote authenticated users to gain privileges via a man-in-the-middle attack that modifies the xmlMessageOut parameter. | 2016-07-19 | 8.5 | CVE-2016-5654 CERT-VN |
| objective_systems — asn1c | Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data. | 2016-07-19 | 10.0 | CVE-2016-5080 CERT-VN MISC MISC |
| oracle — retail_integration_bus | Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install. | 2016-07-21 | 10.0 | CVE-2016-3444 CONFIRM |
| oracle — business_intelligence | Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Analytics Web Administration. | 2016-07-21 | 7.5 | CVE-2016-3446 CONFIRM |
| oracle — agile_engineering_data_management | Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install. | 2016-07-21 | 10.0 | CVE-2016-3468 CONFIRM |
| oracle — transportation_management | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.4.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Install. | 2016-07-21 | 7.5 | CVE-2016-3470 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option. | 2016-07-21 | 7.1 | CVE-2016-3471 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser. | 2016-07-21 | 7.2 | CVE-2016-3477 CONFIRM |
| oracle — database | Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. | 2016-07-21 | 7.8 | CVE-2016-3479 CONFIRM |
| oracle — webcenter_sites | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2016-07-21 | 10.0 | CVE-2016-3487 CONFIRM |
| oracle — database | Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | 2016-07-21 | 7.2 | CVE-2016-3489 CONFIRM |
| oracle — crm_technical_foundation | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless Framework. | 2016-07-21 | 8.5 | CVE-2016-3491 CONFIRM |
| oracle — hyperion_financial_reporting | Unspecified vulnerability in the Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Security Models. | 2016-07-21 | 10.0 | CVE-2016-3493 CONFIRM |
| oracle — weblogic_server | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0 and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container. | 2016-07-21 | 10.0 | CVE-2016-3499 CONFIRM |
| oracle — weblogic_server | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586. | 2016-07-21 | 10.0 | CVE-2016-3510 CONFIRM |
| oracle — customer_interaction_history | Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Function Security. | 2016-07-21 | 7.8 | CVE-2016-3512 CONFIRM |
| oracle — enterprise_communications_broker | Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote attackers to affect confidentiality via unknown vectors. | 2016-07-21 | 7.8 | CVE-2016-3515 CONFIRM |
| oracle — web_applications_desktop_integrator | Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Application Service. | 2016-07-21 | 8.5 | CVE-2016-3522 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3529 and CVE-2016-3560. | 2016-07-21 | 7.8 | CVE-2016-3526 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to PGC / Import. | 2016-07-21 | 7.5 | CVE-2016-3530 CONFIRM |
| oracle — advanced_inbound_telephony | Unspecified vulnerability in the Oracle Advanced Inbound Telephony component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to SDK client integration. | 2016-07-21 | 7.8 | CVE-2016-3532 CONFIRM |
| oracle — crm_technical_foundation | Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Remote Launch. | 2016-07-21 | 7.8 | CVE-2016-3535 CONFIRM |
| oracle — marketing | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Deliverables. | 2016-07-21 | 7.0 | CVE-2016-3536 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3539. | 2016-07-21 | 7.5 | CVE-2016-3538 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3538. | 2016-07-21 | 7.5 | CVE-2016-3539 CONFIRM |
| oracle — integrated_lights_out_manager_firmware | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2016-07-21 | 7.5 | CVE-2016-5445 CONFIRM |
| oracle — integrated_lights_out_manager_firmware | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Infrastructure. | 2016-07-21 | 7.5 | CVE-2016-5446 CONFIRM |
| oracle — integrated_lights_out_manager_firmware | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI. | 2016-07-21 | 7.5 | CVE-2016-5453 CONFIRM |
| oracle — peoplesoft_enterprise_peopletools | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows local users to affect confidentiality, integrity, and availability via vectors related to Install and Packaging. | 2016-07-21 | 7.2 | CVE-2016-5472 CONFIRM |
| schneider-electric — pelco_digital_sentry_video_management_system_firmware | Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors. | 2016-07-15 | 10.0 | CVE-2016-4520 CONFIRM MISC |
| schneider-electric — somachine_hvac_firmware | An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. | 2016-07-15 | 7.5 | CVE-2016-4529 CONFIRM MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| accela — civic_platform_citizen_access_portal | Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter. | 2016-07-15 | 4.3 | CVE-2016-5660 CERT-VN MISC |
| accela — civic_platform_citizen_access_portal | Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters. | 2016-07-15 | 6.5 | CVE-2016-5661 CERT-VN MISC |
| apache — http_server | The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an “httpoxy” issue. NOTE: the vendor states “This mitigation has been assigned the identifier CVE-2016-5387”; in other words, this is not a CVE ID for a vulnerability. | 2016-07-18 | 5.1 | CVE-2016-5387 CERT-VN MISC CONFIRM |
| apache — tomcat | Apache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an “httpoxy” issue. NOTE: the vendor states “A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388”; in other words, this is not a CVE ID for a vulnerability. | 2016-07-18 | 5.1 | CVE-2016-5388 CERT-VN MISC CONFIRM |
| cisco — webex_meetings_server | Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706. | 2016-07-17 | 6.8 | CVE-2016-1448 CISCO |
| cisco — meeting_server | Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922. | 2016-07-15 | 4.3 | CVE-2016-1451 CISCO |
| cisco — asr_5000_software | Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526. | 2016-07-15 | 6.4 | CVE-2016-1452 CISCO |
| cisco — ios | Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061. | 2016-07-17 | 4.9 | CVE-2016-1459 CISCO |
| general_electric — cimplicity | General Electric (GE) Digital Proficy HMI/SCADA – CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors. | 2016-07-15 | 4.6 | CVE-2016-5787 CONFIRM MISC |
| golang — go | The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an “httpoxy” issue. | 2016-07-18 | 5.1 | CVE-2016-5386 CERT-VN CONFIRM MISC |
| ibm — security_directory_server | Directory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. | 2016-07-15 | 5.0 | CVE-2015-1977 CONFIRM |
| ibm — security_identity_manager_adapter | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by leveraging an attack against the password algorithm. | 2016-07-15 | 5.0 | CVE-2016-0330 CONFIRM |
| ibm — security_identity_manager_adapter | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of “traffic records.” | 2016-07-15 | 4.3 | CVE-2016-0339 CONFIRM |
| ibm — security_identity_manager_adapter | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation. | 2016-07-15 | 4.4 | CVE-2016-0340 CONFIRM |
| ibm — security_identity_manager_adapter | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site. | 2016-07-15 | 4.3 | CVE-2016-0357 CONFIRM |
| ibm — maximo_asset_management | IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files. | 2016-07-17 | 5.0 | CVE-2016-0393 CONFIRM |
| ibm — rational_collaborative_lifecycle_management | The GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request. | 2016-07-15 | 4.0 | CVE-2016-2865 CONFIRM |
| isc — bind | ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol. | 2016-07-19 | 4.3 | CVE-2016-2775 CONFIRM |
| mirrorer — libbpg | The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandles the transquant_bypass_enable_flag value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted BPG image, related to a “type confusion” issue. | 2016-07-15 | 6.8 | CVE-2016-5637 CERT-VN |
| misys — fusioncapital_opics_plus | Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter. | 2016-07-19 | 4.0 | CVE-2016-5653 CERT-VN |
| misys — fusioncapital_opics_plus | Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate. | 2016-07-19 | 4.3 | CVE-2016-5655 CERT-VN |
| moxa — mgate_mb3170_router_firmware | Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value. | 2016-07-15 | 5.0 | CVE-2016-5804 MISC |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. | 2016-07-21 | 4.0 | CVE-2016-3424 CONFIRM |
| oracle — business_intelligence_publisher | Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web Server. | 2016-07-21 | 4.9 | CVE-2016-3432 CONFIRM |
| oracle — business_intelligence | Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web Administration. | 2016-07-21 | 4.9 | CVE-2016-3433 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | 2016-07-21 | 4.0 | CVE-2016-3440 CONFIRM |
| oracle — weblogic_server | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container. | 2016-07-21 | 5.0 | CVE-2016-3445 CONFIRM |
| oracle — application_express | Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors. | 2016-07-21 | 5.8 | CVE-2016-3448 CONFIRM |
| oracle — siebel_core-server_framework | Unspecified vulnerability in the Siebel Core – Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-5460 and CVE-2016-5466. | 2016-07-21 | 4.3 | CVE-2016-3450 CONFIRM |
|
oracle — integrated_lights_out_manager_firmware
|
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web. | 2016-07-21 | 4.3 | CVE-2016-3451 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption. | 2016-07-21 | 4.3 | CVE-2016-3452 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel. | 2016-07-21 | 4.9 | CVE-2016-3453 CONFIRM |
| oracle — java | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA. | 2016-07-21 | 4.3 | CVE-2016-3458 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | 2016-07-21 | 4.0 | CVE-2016-3459 CONFIRM |
| oracle — application_express | Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors. | 2016-07-21 | 5.0 | CVE-2016-3467 CONFIRM |
| oracle — business_intelligence_publisher | Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality via vectors related to Security. | 2016-07-21 | 4.3 | CVE-2016-3474 CONFIRM |
| oracle — knowledge | Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console. | 2016-07-21 | 4.0 | CVE-2016-3475 CONFIRM |
| oracle — knowledge | Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console. | 2016-07-21 | 6.4 | CVE-2016-3476 CONFIRM |
| oracle — peoplesoft_enterprise_peopletools | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to File Processing. | 2016-07-21 | 4.3 | CVE-2016-3478 CONFIRM |
| oracle — solaris_cluster | Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect confidentiality via vectors related to HA for Postgresql. | 2016-07-21 | 4.9 | CVE-2016-3480 CONFIRM |
| oracle — integrated_lights_out_manager_firmware | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect availability via vectors related to Web. | 2016-07-21 | 4.0 | CVE-2016-3481 CONFIRM |
| oracle — http_server | Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module. | 2016-07-21 | 5.0 | CVE-2016-3482 CONFIRM |
| oracle — peoplesoft_enterprise_peopletools | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and availability via vectors related to File Processing. | 2016-07-21 | 6.4 | CVE-2016-3483 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS. | 2016-07-21 | 6.8 | CVE-2016-3486 CONFIRM |
| oracle — database | Unspecified vulnerability in the DB Sharding component in Oracle Database Server 12.1.0.2 allows local users to affect integrity via unknown vectors. | 2016-07-21 | 4.9 | CVE-2016-3488 CONFIRM |
| oracle — enterprise_manager_ops_center | Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2 allows remote attackers to affect availability via vectors related to OS Provisioning. | 2016-07-21 | 6.1 | CVE-2016-3494 CONFIRM |
| oracle — enterprise_manager_for_fusion_middleware | Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Enterprise Manager Grid Control 11.1.1.7, and 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to SOA Topology Viewer. | 2016-07-21 | 4.3 | CVE-2016-3496 CONFIRM |
| oracle — java | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508. | 2016-07-21 | 5.0 | CVE-2016-3500 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | 2016-07-21 | 4.0 | CVE-2016-3501 CONFIRM |
| oracle — webcenter_sites | Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2016-07-21 | 6.0 | CVE-2016-3502 CONFIRM |
| oracle — java | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install. | 2016-07-21 | 4.4 | CVE-2016-3503 CONFIRM |
| oracle — jdeveloper | Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to ADF Faces. | 2016-07-21 | 6.5 | CVE-2016-3504 CONFIRM |
| oracle — jdbc | Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | 2016-07-21 | 6.8 | CVE-2016-3506 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to WebClient / Admin. | 2016-07-21 | 4.3 | CVE-2016-3507 CONFIRM |
| oracle — java | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500. | 2016-07-21 | 5.0 | CVE-2016-3508 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality and integrity via vectors related to File Folders / URL Attachment. | 2016-07-21 | 4.9 | CVE-2016-3509 CONFIRM |
| oracle — communications_operations_monitor | Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure. | 2016-07-21 | 6.8 | CVE-2016-3513 CONFIRM |
| oracle — enterprise_communications_broker | Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3516. | 2016-07-21 | 6.8 | CVE-2016-3514 CONFIRM |
| oracle — enterprise_communications_broker | Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3514. | 2016-07-21 | 4.0 | CVE-2016-3516 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to PC / Get Shortcut. | 2016-07-21 | 4.3 | CVE-2016-3517 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer. | 2016-07-21 | 6.8 | CVE-2016-3518 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to PC / Get Shortcut. | 2016-07-21 | 4.3 | CVE-2016-3519 CONFIRM |
| oracle — e-business_suite | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via vectors related to AOL Diagnostic tests. | 2016-07-21 | 6.8 | CVE-2016-3520 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. | 2016-07-21 | 6.8 | CVE-2016-3521 CONFIRM |
| oracle — web_applications_desktop_integrator | Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Application Service. | 2016-07-21 | 4.3 | CVE-2016-3523 CONFIRM |
| oracle — e-business_suite | Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Configuration. | 2016-07-21 | 5.5 | CVE-2016-3524 CONFIRM |
| oracle — applications_manager | Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality via vectors related to Cookie Management. | 2016-07-21 | 5.4 | CVE-2016-3525 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3526 and CVE-2016-3560. | 2016-07-21 | 5.0 | CVE-2016-3529 CONFIRM |
| oracle — knowledge_management | Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Search. | 2016-07-21 | 4.3 | CVE-2016-3533 CONFIRM |
| oracle — installed_base | Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Engineering Change Order. | 2016-07-21 | 4.3 | CVE-2016-3534 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-5473. | 2016-07-21 | 6.8 | CVE-2016-3537 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Libadimalloc. | 2016-07-21 | 4.4 | CVE-2016-3584 CONFIRM |
| oracle — integrated_lights_out_manager_firmware | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex. | 2016-07-21 | 5.8 | CVE-2016-3585 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB. | 2016-07-21 | 4.9 | CVE-2016-3588 CONFIRM |
| oracle — vm_virtualbox | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allows remote attackers to affect confidentiality via vectors related to Core. | 2016-07-21 | 4.3 | CVE-2016-3612 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: DML. | 2016-07-21 | 4.3 | CVE-2016-3615 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. | 2016-07-21 | 4.0 | CVE-2016-5436 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log. | 2016-07-21 | 4.0 | CVE-2016-5437 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. | 2016-07-21 | 4.0 | CVE-2016-5439 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: RBR. | 2016-07-21 | 4.0 | CVE-2016-5440 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. | 2016-07-21 | 4.0 | CVE-2016-5441 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption. | 2016-07-21 | 4.0 | CVE-2016-5442 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows remote attackers to affect confidentiality via vectors related to Server: Connection. | 2016-07-21 | 4.3 | CVE-2016-5444 CONFIRM |
| oracle — integrated_lights_out_manager_firmware | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2016-07-21 | 6.5 | CVE-2016-5447 CONFIRM |
| oracle — integrated_lights_out_manager_firmware | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. | 2016-07-21 | 6.4 | CVE-2016-5448 CONFIRM |
| oracle — integrated_lights_out_manager_firmware | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection. | 2016-07-21 | 5.0 | CVE-2016-5449 CONFIRM |
| oracle — siebel_ui_framework | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to UIF Open UI. | 2016-07-21 | 4.3 | CVE-2016-5450 CONFIRM |
| oracle — siebel_ui_framework | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5468. | 2016-07-21 | 5.5 | CVE-2016-5451 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot. | 2016-07-21 | 5.4 | CVE-2016-5454 CONFIRM |
| oracle — communications_messaging_server | Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors related to Multiplexor. | 2016-07-21 | 5.0 | CVE-2016-5455 CONFIRM |
| oracle — siebel_core-server_framework | Unspecified vulnerability in the Siebel Core – Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Object Manager. | 2016-07-21 | 4.0 | CVE-2016-5461 CONFIRM |
| oracle — siebel_core-server_framework | Unspecified vulnerability in the Siebel Core – Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote administrators to affect confidentiality via vectors related to Workspaces. | 2016-07-21 | 4.0 | CVE-2016-5462 CONFIRM |
| oracle — peoplesoft_enterprise_peopletools | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Panel Processor. | 2016-07-21 | 5.8 | CVE-2016-5465 CONFIRM |
| oracle — siebel_core-server_framework | Unspecified vulnerability in the Siebel Core – Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5460. | 2016-07-21 | 4.3 | CVE-2016-5466 CONFIRM |
| oracle — peoplesoft_enterprise_scm_eprocurement | Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to eProcurement. | 2016-07-21 | 5.5 | CVE-2016-5467 CONFIRM |
| oracle — retail_integration_bus | Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install. | 2016-07-21 | 6.5 | CVE-2016-5476 CONFIRM |
| oracle — glassfish_server | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. | 2016-07-21 | 5.0 | CVE-2016-5477 CONFIRM |
| php — php | PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application’s outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv(‘HTTP_PROXY’) call or (2) a CGI configuration of PHP, aka an “httpoxy” issue. | 2016-07-18 | 5.1 | CVE-2016-5385 CERT-VN CONFIRM MISC |
| tollgrade — lighthouse_sms | Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to bypass authentication and restart the software via unspecified vectors. | 2016-07-15 | 5.0 | CVE-2016-5790 MISC |
| tollgrade — lighthouse_sms | Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of attempts. | 2016-07-15 | 5.0 | CVE-2016-5797 MISC |
| tollgrade — lighthouse_sms | Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request. | 2016-07-15 | 5.5 | CVE-2016-5807 MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| ibm — bigfix_platform | Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 2016-07-15 | 3.5 | CVE-2016-0269 CONFIRM |
| ibm — personal_communications | IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script. | 2016-07-17 | 2.1 | CVE-2016-0321 AIXAPAR CONFIRM |
| ibm — security_identity_manager_adapter | IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2) examining a process. | 2016-07-15 | 2.1 | CVE-2016-0338 CONFIRM |
| oracle — siebel_core-server_framework | Unspecified vulnerability in the Siebel Core – Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows local users to affect confidentiality via vectors related to Services. | 2016-07-21 | 2.1 | CVE-2016-3469 CONFIRM |
| oracle — siebel_engineering-installer_and_deployment | Unspecified vulnerability in the Siebel Engineering – Installer and Deployment component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Web Server. | 2016-07-21 | 3.5 | CVE-2016-3472 CONFIRM |
| oracle — database | Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors. | 2016-07-21 | 3.2 | CVE-2016-3484 CONFIRM |
| oracle — java | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking. | 2016-07-21 | 2.1 | CVE-2016-3485 CONFIRM |
| oracle — transportation_management | Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, and 6.4.1 allows remote authenticated users to affect confidentiality via vectors related to Database. | 2016-07-21 | 3.5 | CVE-2016-3490 CONFIRM |
| oracle — agile_product_lifecycle_management_framework | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to PC / Notification. | 2016-07-21 | 3.5 | CVE-2016-3531 CONFIRM |
| oracle — vm_virtualbox | Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core. | 2016-07-21 | 2.1 | CVE-2016-3597 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption. | 2016-07-21 | 3.5 | CVE-2016-3614 CONFIRM |
| oracle — mysql | Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection. | 2016-07-21 | 1.2 | CVE-2016-5443 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot. | 2016-07-21 | 2.1 | CVE-2016-5452 CONFIRM |
| oracle — siebel_ui_framework | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-5464. | 2016-07-21 | 3.5 | CVE-2016-5463 CONFIRM |
| oracle — siebel_ui_framework | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-5463. | 2016-07-21 | 3.5 | CVE-2016-5464 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471. | 2016-07-21 | 2.1 | CVE-2016-5469 CONFIRM |
| oracle — solaris | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469. | 2016-07-21 | 2.1 | CVE-2016-5471 CONFIRM |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apple — ios | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623. | 2016-07-21 |
Not yet calculated |
CVE-2016-4624 APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM |
| apple — ios | The Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors. | 2016-07-21 |
Not yet calculated |
CVE-2016-4593 APPLE CONFIRM |
| apple — ios | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors. | 2016-07-21 |
Not yet calculated |
CVE-2016-4591 APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM |
| apple — ios | WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 2016-07-21 |
Not yet calculated |
CVE-2016-4590 APPLE APPLE CONFIRM CONFIRM |
| apple — ios | The WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 2016-07-21 | Not yet calculated | CVE-2016-4584 APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM |
| apple — ios | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document. | 2016-07-21 | Not yet calculated | CVE-2016-4583 APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM |
| apple — ios | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site. | 2016-07-21 |
Not yet calculated |
CVE-2016-4592 APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM |
| apple — ios | Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number. | 2016-07-21 |
Not yet calculated |
CVE-2016-4604 APPLE CONFIRM |
| apple — ios | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582. | 2016-07-21 |
Not yet calculated |
CVE-2016-4653 APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — ios | IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | 2016-07-21 |
Not yet calculated |
CVE-2016-4627 APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM |
| apple — ios | Cross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a “cross-protocol cross-site scripting (XPXSS)” vulnerability. | 2016-07-21 |
Not yet calculated |
CVE-2016-4651 APPLE APPLE CONFIRM CONFIRM |
| apple — ios | IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors. | 2016-07-21 |
Not yet calculated |
CVE-2016-4628 APPLE APPLE CONFIRM CONFIRM |
| apple — ios | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4615, and CVE-2016-4616. | 2016-07-21 |
Not yet calculated |
CVE-2016-4619 APPLE APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — ios | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | 2016-07-21 | Not yet calculated | CVE-2016-1865 APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — ios | Cross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari. | 2016-07-21 |
Not yet calculated |
CVE-2016-4585 APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM |
| apple — ios | The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call. | 2016-07-21 |
Not yet calculated |
CVE-2016-4594 APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — ios | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4610. | 2016-07-21 |
Not yet calculated |
CVE-2016-4612 APPLE APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — ios | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. | 2016-07-21 |
Not yet calculated |
CVE-2016-4608 APPLE APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — ios | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4616, and CVE-2016-4619. | 2016-07-21 |
Not yet calculated |
CVE-2016-4615 APPLE APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — ios | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612. | 2016-07-21 |
Not yet calculated |
CVE-2016-4609 APPLE APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — ios | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612. | 2016-07-21 |
Not yet calculated |
CVE-2016-4607 APPLE APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — ios | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624. | 2016-07-21 |
Not yet calculated |
apple — N/A |
| apple — ios | WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site. | 2016-07-21 |
Not yet calculated |
CVE-2016-4587 APPLE APPLE CONFIRM CONFIRM |
| apple — ios | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624. | 2016-07-21 |
Not yet calculated |
CVE-2016-4622 APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM |
| apple — ios | libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612. | 2016-07-21 |
Not yet calculated |
CVE-2016-4610 APPLE APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — ios | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4615, CVE-2016-4616, and CVE-2016-4619. | 2016-07-21 |
Not yet calculated |
CVE-2016-4614 APPLE APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — ios | WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624. | 2016-07-21 |
Not yet calculated |
CVE-2016-4623 APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM |
| apple — ios | Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation. | 2016-07-21 |
Not yet calculated |
CVE-2016-4605 APPLE CONFIRM |
| apple — ios | Web Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior. | 2016-07-21 |
Not yet calculated |
CVE-2016-4603 APPLE CONFIRM |
| apple — ios | libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4615, and CVE-2016-4619. | 2016-07-21 |
Not yet calculated |
CVE-2016-4616 APPLE APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — ios | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653. | 2016-07-21 | Not yet calculated | CVE-2016-4582 APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — os_x | libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-07-21 |
Not yet calculated |
CVE-2016-4621 APPLE CONFIRM |
| apple — os_x | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602. | 2016-07-21 |
Not yet calculated |
CVE-2016-4600 APPLE CONFIRM |
| apple — os_x | Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | 2016-07-21 |
Not yet calculated |
CVE-2016-4633 APPLE MISC CONFIRM |
| apple — os_x | ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image. | 2016-07-21 |
Not yet calculated |
CVE-2016-4629 APPLE MISC CONFIRM |
| apple — os_x | The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | 2016-07-21 |
Not yet calculated |
CVE-2016-4634 APPLE CONFIRM |
| apple — os_x | ImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression. | 2016-07-21 |
Not yet calculated |
apple — N/Aapple — N/A |
| apple — os_x | IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors. | 2016-07-21 |
Not yet calculated |
CVE-2016-4626 APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — os_x | Login Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors. | 2016-07-21 |
Not yet calculated |
CVE-2016-4639 APPLE MISC CONFIRM |
| apple — os_x | FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors. | 2016-07-21 |
Not yet calculated |
CVE-2016-4635 APPLE APPLE CONFIRM CONFIRM |
| apple — os_x | ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | 2016-07-21 |
Not yet calculated |
CVE-2016-4632 APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — os_x | Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a “type confusion.” | 2016-07-21 |
Not yet calculated |
CVE-2016-4638 APPLE CONFIRM |
| apple — os_x | CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image. | 2016-07-21 |
Not yet calculated |
CVE-2016-4637 APPLE APPLE APPLE APPLE MISC CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — os_x | Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors. | 2016-07-21 |
Not yet calculated |
CVE-2016-4625 APPLE CONFIRM |
| apple — os_x | Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app. | 2016-07-21 |
Not yet calculated |
CVE-2016-4640 APPLE MISC CONFIRM |
| apple — os_x | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4600. | 2016-07-21 |
Not yet calculated |
CVE-2016-4602 APPLE CONFIRM |
| apple — os_x | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602. | 2016-07-21 |
Not yet calculated |
CVE-2016-4597 APPLE CONFIRM |
| apple — os_x | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602. | 2016-07-21 |
Not yet calculated |
CVE-2016-4596 APPLE CONFIRM |
| apple — os_x | Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file. | 2016-07-21 |
Not yet calculated |
CVE-2016-4647 APPLE MISC MISC CONFIRM |
| apple — os_x | Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a “type confusion.” | 2016-07-21 |
Not yet calculated |
CVE-2016-4641 APPLE MISC CONFIRM |
| apple — os_x | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image. | 2016-07-21 |
Not yet calculated |
CVE-2016-4598 APPLE CONFIRM |
| apple — os_x | Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure. | 2016-07-21 |
Not yet calculated |
CVE-2016-4595 APPLE CONFIRM |
| apple — os_x | ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file. | 2016-07-21 |
Not yet calculated |
CVE-2016-4631 APPLE APPLE APPLE APPLE MISC CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — os_x | Audio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors. | 2016-07-21 |
Not yet calculated |
CVE-2016-4649 APPLE CONFIRM |
| apple — os_x | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653. | 2016-07-21 | Not yet calculated | CVE-2016-1863 APPLE APPLE APPLE APPLE CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — os_x | CFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors. | 2016-07-21 |
Not yet calculated |
CVE-2016-4645 APPLE CONFIRM |
| apple — os_x | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SGI image. | 2016-07-21 |
Not yet calculated |
CVE-2016-4601 APPLE CONFIRM |
| apple — os_x | Audio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file. | 2016-07-21 |
Not yet calculated |
CVE-2016-4646 APPLE MISC CONFIRM |
| apple — os_x | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document. | 2016-07-21 |
Not yet calculated |
CVE-2016-4599 APPLE CONFIRM |
| apple — os_x | Audio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors. | 2016-07-21 |
Not yet calculated |
CVE-2016-4648 APPLE CONFIRM |
| apple — os_x | Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file. | 2016-07-21 | Not yet calculated | CVE-2014-9862 APPLE CONFIRM CONFIRM CONFIRM CONFIRM |
| apple — ox_x | CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors. | 2016-07-21 |
Not yet calculated |
CVE-2016-4652 APPLE MISC CONFIRM |
| apple — safari | WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 2016-07-21 |
Not yet calculated |
CVE-2016-4586 APPLE APPLE CONFIRM CONFIRM |
| apple — tvos | WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | 2016-07-21 |
Not yet calculated |
CVE-2016-4588 APPLE CONFIRM |
| eCryptfs — ecryptfs_setup_swap | ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946. | 2016-07-22 |
Not yet calculated |
CVE-2016-6224 MLIST MLIST UBUNTU CONFIRM CONFIRM CONFIRM |
| ecryptfs — ecryptfs_setup_swap | ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors. | 2016-07-22 | CVE-2015-8946 MLIST MLIST UBUNTU CONFIRM CONFIRM |
|
| google — chrome | ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site. | 2016-07-23 | Not yet calculated | CVE-2016-1707 CONFIRM CONFIRM CONFIRM |
| google — chrome | The Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site. | 2016-07-23 | Not yet calculated | CVE-2016-1708 CONFIRM CONFIRM CONFIRM |
| google — chrome | Heap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font. | 2016-07-23 | Not yet calculated | CVE-2016-1709 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | 2016-07-23 | Not yet calculated | CVE-2016-1705 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution. | 2016-07-23 |
Not yet calculated |
CVE-2016-5137 CONFIRM CONFIRM CONFIRM |
| google — chrome | Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion. | 2016-07-23 |
Not yet calculated |
CVE-2016-5136 CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 2016-07-23 | Not yet calculated | CVE-2016-1711 CONFIRM CONFIRM CONFIRM |
| google — chrome | The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element. | 2016-07-23 |
Not yet calculated |
CVE-2016-5132 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a “Content-Security-Policy: referrer origin-when-cross-origin” header that overrides a “<META name=’referrer’ content=’no-referrer’>” element. | 2016-07-23 |
Not yet calculated |
CVE-2016-5135 CONFIRM CONFIRM CONFIRM |
| google — chrome | content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site. | 2016-07-23 |
Not yet calculated |
CVE-2016-5130 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element. | 2016-07-23 |
Not yet calculated |
CVE-2016-5127 CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 2016-07-23 |
Not yet calculated |
CVE-2016-5128 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763. | 2016-07-23 |
Not yet calculated |
CVE-2016-5134 CONFIRM CONFIRM CONFIRM |
| google — chrome | Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream. | 2016-07-23 |
Not yet calculated |
CVE-2016-5133 CONFIRM CONFIRM CONFIRM |
| google — chrome | The PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc. | 2016-07-23 | Not yet calculated | CVE-2016-1706 CONFIRM CONFIRM CONFIRM |
| google — chrome | Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function. | 2016-07-23 |
Not yet calculated |
CVE-2016-5131 CONFIRM CONFIRM CONFIRM CONFIRM |
| google — chrome | The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | 2016-07-23 | Not yet calculated | CVE-2016-1710 CONFIRM CONFIRM CONFIRM |
| google –chrome | Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code. | 2016-07-23 |
Not yet calculated |
CVE-2016-5129 CONFIRM CONFIRM CONFIRM CONFIRM CONFIRM |
| oracle — java_se | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. | 2016-07-21 | Not yet calculated | CVE-2016-3587 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3574 CONFIRM |
| oracle — agile_plm | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality and integrity via vectors related to PC Core. | 2016-07-21 | Not yet calculated | CVE-2016-3553 CONFIRM |
| oracle — communications_eagle_application | Unspecified vulnerability in the Oracle Communications EAGLE Application Processor component in Oracle Communications Applications 16.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to APPL. | 2016-07-21 |
Not yet calculated |
CVE-2016-5458 CONFIRM |
| oracle — database | Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2016-07-21 | Not yet calculated | CVE-2016-3609 CONFIRM |
| oracle — one_to_one_fulfillment | Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Content Manager. | 2016-07-21 | Not yet calculated | CVE-2016-3547 CONFIRM |
| oracle — application_object_library | Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Web based help screens. | 2016-07-21 | Not yet calculated | CVE-2016-3545 CONFIRM |
| oracle — email_center | Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Email Center Agent Console, a different vulnerability than CVE-2016-3558. | 2016-07-21 | Not yet calculated | CVE-2016-3559 CONFIRM |
| oracle — e_business_suite | Unspecified vulnerability in the Oracle E-Business Suite Secure Enterprise Search component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Search Integration Engine. | 2016-07-21 | Not yet calculated | CVE-2016-3549 CONFIRM |
| oracle — marketing | Unspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Marketing activity collateral. | 2016-07-21 | Not yet calculated | CVE-2016-3548 CONFIRM |
| oracle — advanced_collections | Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Report JSPs. | 2016-07-21 | Not yet calculated | CVE-2016-3546 CONFIRM |
| oracle — knowledge_management | Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality and integrity via unknown vectors. | 2016-07-21 | Not yet calculated | CVE-2016-3542 CONFIRM |
| oracle — common_applications_calendar | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Notes. | 2016-07-21 | Not yet calculated | CVE-2016-3541 CONFIRM |
| oracle — email_center | Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Email Center Agent Console, a different vulnerability than CVE-2016-3559. | 2016-07-21 | Not yet calculated | CVE-2016-3558 CONFIRM |
| oracle — internet_expenses | Unspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect availability via vectors related to Expenses Admin Utilities. | 2016-07-21 | Not yet calculated | CVE-2016-3528 CONFIRM |
| oracle — common_applications_calendar | Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks. | 2016-07-21 | Not yet calculated | CVE-2016-3543 CONFIRM |
| oracle — enterprise_manager_grid_control | Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Master Person Index component in Oracle Health Sciences Applications 2.0.12, 3.0.0, and 4.0.1; the Oracle Documaker component in Oracle Insurance Applications before 12.5; the Oracle Insurance Calculation Engine component in Oracle Insurance Applications 9.7.1, 10.1.2, and 10.2.2; the Oracle Insurance Policy Administration J2EE and Oracle Insurance Rules Palette components in Oracle Insurance Applications 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0, and 10.2.2; the Oracle Retail Integration Bus component in Oracle Retail Applications 15.0; the Oracle Retail Order Broker component in Oracle Retail Applications 5.1, 5.2, and 15.0; the Primavera Contract Management component in Oracle Primavera Products Suite 14.2; and the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.2, 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 2016-07-21 | Not yet calculated | CVE-2016-0635 CONFIRM |
| oracle — enterprise_manager_grid_control | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0 allows remote attackers to affect confidentiality via vectors related to UI Framework. | 2016-07-21 | Not yet calculated | CVE-2016-3540 CONFIRM |
| oracle — enterprise_manager_grid_control | Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework. | 2016-07-21 | Not yet calculated | CVE-2016-3563 CONFIRM |
| oracle — financial_services | Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Applications 12.0.1, 12.0.2, and 12.0.3 allows remote attackers to affect confidentiality and integrity via unknown vectors. | 2016-07-21 | Not yet calculated | CVE-2016-3589 CONFIRM |
| oracle — toplink | Unspecified vulnerability in the Oracle TopLink component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JPA-RS. | 2016-07-21 | Not yet calculated | CVE-2016-3564 CONFIRM |
| oracle — glassfish | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container. | 2016-07-21 | Not yet calculated | CVE-2016-3607 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3591 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3590 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3592 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3595. | 2016-07-21 | Not yet calculated | CVE-2016-3596 CONFIRM |
| oracle — weblogic | Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3510. | 2016-07-21 | Not yet calculated | CVE-2016-3586 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3594 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3595 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3580 CONFIRM |
| oracle — glassfish | Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. | 2016-07-21 | Not yet calculated | CVE-2016-3608 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3578 CONFIRM |
| oracle — business_intelligence_enterprise_edition | Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 11.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web General. | 2016-07-21 | Not yet calculated | CVE-2016-3544 CONFIRM |
| Oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3576 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3582 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3575 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3577 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3583 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3581 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3593 CONFIRM |
| oracle — outside_in_technology | Unspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596. | 2016-07-21 | Not yet calculated | CVE-2016-3579 CONFIRM |
| oracle — java | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598. | 2016-07-21 | Not yet calculated | CVE-2016-3610 CONFIRM |
| oracle — java | Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610. | 2016-07-21 | Not yet calculated | CVE-2016-3598 CONFIRM |
| oracle — java | Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install. | 2016-07-21 | Not yet calculated | CVE-2016-3552 CONFIRM |
| oracle — java | Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX. | 2016-07-21 | Not yet calculated | CVE-2016-3498 CONFIRM |
| oracle — java | Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot. | 2016-07-21 | Not yet calculated | CVE-2016-3550 CONFIRM |
| oracle — java | Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot. | 2016-07-21 | Not yet calculated | CVE-2016-3606 CONFIRM |
| oracle — java | Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment. | 2016-07-21 | Not yet calculated | CVE-2016-3511 CONFIRM |
| oracle — peoplesoft_enterprise_peopletools | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality via vectors related to Application Designer. | 2016-07-21 |
Not yet calculated |
CVE-2016-5470 CONFIRM |
| oracle — primavera_p6_enterprise_project_portfolio_man | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3573. | 2016-07-21 | Not yet calculated | CVE-2016-3571 CONFIRM |
| oracle — primavera_products_suite | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web access. | 2016-07-21 | Not yet calculated | CVE-2016-3567 CONFIRM |
| oracle — primavera_products_suite | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573. | 2016-07-21 | Not yet calculated | CVE-2016-3566 CONFIRM |
| oracle — primavera_products_suite | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3571. | 2016-07-21 | Not yet calculated | CVE-2016-3573 CONFIRM |
| oracle — primavera_products_suite | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573. | 2016-07-21 | Not yet calculated | CVE-2016-3569 CONFIRM |
| oracle — primavera_products_suite | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web Access. | 2016-07-21 | Not yet calculated | CVE-2016-3572 CONFIRM |
| oracle — primavera_products_suite | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3571, and CVE-2016-3573. | 2016-07-21 | Not yet calculated | CVE-2016-3570 CONFIRM |
| oracle — primavera_products_suite | Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3569, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573. | 2016-07-21 | Not yet calculated | CVE-2016-3568 CONFIRM |
| oracle — retail_applications | Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 5.1 and 5.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to System Administration. | 2016-07-21 | Not yet calculated | CVE-2016-3565 CONFIRM |
| oracle — retail_applications | Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install. | 2016-07-21 |
Not yet calculated |
CVE-2016-5475 CONFIRM |
| oracle — retail_applications | Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 15.0 allows remote attackers to affect confidentiality and integrity via vectors related to System Administration. | 2016-07-21 | Not yet calculated | CVE-2016-3611 CONFIRM |
| oracle — retail_applications | Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RSB Kernel. | 2016-07-21 |
Not yet calculated |
CVE-2016-5474 CONFIRM |
| oracle — siebel_crm | Unspecified vulnerability in the Siebel Core – Common Components component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to iHelp. | 2016-07-21 |
Not yet calculated |
CVE-2016-5459 CONFIRM |
| oracle — siebel_crm | Unspecified vulnerability in the Siebel Core – Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5466. | 2016-07-21 |
Not yet calculated |
CVE-2016-5460 CONFIRM |
| oracle — siebel_crm | Unspecified vulnerability in the Siebel Core – Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Services. | 2016-07-21 |
Not yet calculated |
CVE-2016-5456 CONFIRM |
| oracle — siebel_crm | Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5451. | 2016-07-21 |
Not yet calculated |
CVE-2016-5468 CONFIRM |
| oracle — sun_solaris | Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471. | 2016-07-21 | Not yet calculated | CVE-2016-3497 CONFIRM |
| oracle — integrated_lights_out_manager_firmware | Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to LUMAIN. | 2016-07-21 |
Not yet calculated |
CVE-2016-5457 CONFIRM |
| oracle — agile_plm | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to File Load. | 2016-07-21 | Not yet calculated | CVE-2016-3557 CONFIRM |
| oracle — demand_planning | Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 12.1 and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to ODPDA Servlet. | 2016-07-21 | Not yet calculated | CVE-2016-3527 CONFIRM |
| oracle — agile_plm | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to EM Integration. | 2016-07-21 | Not yet calculated | CVE-2016-3556 CONFIRM |
| oracle — agile_plm | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SDK. | 2016-07-21 | Not yet calculated | CVE-2016-3561 CONFIRM |
| oracle — agile_plm | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3526 and CVE-2016-3529. | 2016-07-21 | Not yet calculated | CVE-2016-3560 CONFIRM |
| oracle — agile_plm | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3537. | 2016-07-21 |
Not yet calculated |
CVE-2016-5473 CONFIRM |
| oracle — agile_plm | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to PC / BOM, MCAD, and Design. | 2016-07-21 | Not yet calculated | CVE-2016-3554 CONFIRM |
| oracle — agile_plm | Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to PGC / Excel Plugin. | 2016-07-21 | Not yet calculated | CVE-2016-3555 CONFIRM |
| oracle — virtualization | Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to OpenSSL. | 2016-07-21 | Not yet calculated | CVE-2016-3613 CONFIRM |
| siemens — simatic_wincc | Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets. | 2016-07-22 |
Not yet calculated |
CVE-2016-5743 CONFIRM |
| siemens — simatic_wincc | Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets. | 2016-07-22 |
Not yet calculated |
CVE-2016-5744 CONFIRM |
| siemens — simatic_net_pc | Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets. | 2016-07-22 |
Not yet calculated |
CVE-2016-5874 CONFIRM |
| siemens — sinema_remote_connect_server | Cross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 2016-07-22 |
Not yet calculated |
CVE-2016-6204 CONFIRM |
This product is provided subject to this Notification and this Privacy & Use policy.