Vulnerability Summary for the Week of July 18, 2016

Released
Jul 25, 2016
Document ID
SB16-207

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
cisco -- ios_xrCisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819.2016-07-157.8CVE-2016-1426
CISCO
cisco -- ios_xrThe CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721.2016-07-157.2CVE-2016-1456
CISCO
harfbuzz_project -- harfbuzzhb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote attackers to cause a denial of service (buffer over-read) or possibly have unspecified other impact via crafted data, a different vulnerability than CVE-2016-2052.2016-07-197.5CVE-2015-8947
CONFIRM
CONFIRM
hp -- intelligent_management_center_application_performance_managerHPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM before 7.2 E0401P04, iMC NTA before 7.2 E0401P01, iMC BIMS before 7.2 E0402P02, and iMC UAM_TAM before 7.2 E0405P05 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.2016-07-157.5CVE-2016-4372
CONFIRM
ibm -- travelerIBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.2016-07-178.5CVE-2016-3039
AIXAPAR
CONFIRM
misys -- fusioncapital_opics_plusMisys FusionCapital Opics Plus allows remote authenticated users to gain privileges via a man-in-the-middle attack that modifies the xmlMessageOut parameter.2016-07-198.5CVE-2016-5654
CERT-VN
objective_systems -- asn1cInteger overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow), on a system running an application compiled by ASN1C, via crafted ASN.1 data.2016-07-1910.0CVE-2016-5080
CERT-VN
MISC
MISC
oracle -- retail_integration_busUnspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install.2016-07-2110.0CVE-2016-3444
CONFIRM
oracle -- business_intelligenceUnspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Analytics Web Administration.2016-07-217.5CVE-2016-3446
CONFIRM
oracle -- agile_engineering_data_managementUnspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Install.2016-07-2110.0CVE-2016-3468
CONFIRM
oracle -- transportation_managementUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.4.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Install.2016-07-217.5CVE-2016-3470
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.2016-07-217.1CVE-2016-3471
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Parser.2016-07-217.2CVE-2016-3477
CONFIRM
oracle -- databaseUnspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.2016-07-217.8CVE-2016-3479
CONFIRM
oracle -- webcenter_sitesUnspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2016-07-2110.0CVE-2016-3487
CONFIRM
oracle -- databaseUnspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.2016-07-217.2CVE-2016-3489
CONFIRM
oracle -- crm_technical_foundationUnspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless Framework.2016-07-218.5CVE-2016-3491
CONFIRM
oracle -- hyperion_financial_reportingUnspecified vulnerability in the Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Security Models.2016-07-2110.0CVE-2016-3493
CONFIRM
oracle -- weblogic_serverUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0 and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container.2016-07-2110.0CVE-2016-3499
CONFIRM
oracle -- weblogic_serverUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3586.2016-07-2110.0CVE-2016-3510
CONFIRM
oracle -- customer_interaction_historyUnspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Function Security.2016-07-217.8CVE-2016-3512
CONFIRM
oracle -- enterprise_communications_brokerUnspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote attackers to affect confidentiality via unknown vectors.2016-07-217.8CVE-2016-3515
CONFIRM
oracle -- web_applications_desktop_integratorUnspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Application Service.2016-07-218.5CVE-2016-3522
CONFIRM
oracle -- agile_product_lifecycle_management_frameworkUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3529 and CVE-2016-3560.2016-07-217.8CVE-2016-3526
CONFIRM
oracle -- agile_product_lifecycle_management_frameworkUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to PGC / Import.2016-07-217.5CVE-2016-3530
CONFIRM
oracle -- advanced_inbound_telephonyUnspecified vulnerability in the Oracle Advanced Inbound Telephony component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to SDK client integration.2016-07-217.8CVE-2016-3532
CONFIRM
oracle -- crm_technical_foundationUnspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Remote Launch.2016-07-217.8CVE-2016-3535
CONFIRM
oracle -- marketingUnspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Deliverables.2016-07-217.0CVE-2016-3536
CONFIRM
oracle -- agile_product_lifecycle_management_frameworkUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3539.2016-07-217.5CVE-2016-3538
CONFIRM
oracle -- agile_product_lifecycle_management_frameworkUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3538.2016-07-217.5CVE-2016-3539
CONFIRM
oracle -- integrated_lights_out_manager_firmwareUnspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2016-07-217.5CVE-2016-5445
CONFIRM
oracle -- integrated_lights_out_manager_firmwareUnspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Infrastructure.2016-07-217.5CVE-2016-5446
CONFIRM
oracle -- integrated_lights_out_manager_firmwareUnspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI.2016-07-217.5CVE-2016-5453
CONFIRM
oracle -- peoplesoft_enterprise_peopletoolsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows local users to affect confidentiality, integrity, and availability via vectors related to Install and Packaging.2016-07-217.2CVE-2016-5472
CONFIRM
schneider-electric -- pelco_digital_sentry_video_management_system_firmwareSchneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary code, via unspecified vectors.2016-07-1510.0CVE-2016-4520
CONFIRM
MISC
schneider-electric -- somachine_hvac_firmwareAn unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag.2016-07-157.5CVE-2016-4529
CONFIRM
MISC

Back to top

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
accela -- civic_platform_citizen_access_portalCross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Access portal allows remote attackers to inject arbitrary web script or HTML via the iframeid parameter.2016-07-154.3CVE-2016-5660
CERT-VN
MISC
accela -- civic_platform_citizen_access_portalAccela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters.2016-07-156.5CVE-2016-5661
CERT-VN
MISC
apache -- http_serverThe Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability.2016-07-185.1CVE-2016-5387
CERT-VN
MISC
CONFIRM
apache -- tomcatApache Tomcat through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability.2016-07-185.1CVE-2016-5388
CERT-VN
MISC
CONFIRM
cisco -- webex_meetings_serverCross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706.2016-07-176.8CVE-2016-1448
CISCO
cisco -- meeting_serverCross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Meeting Server (formerly Acano Conferencing Server) 1.7 through 1.9 allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva19922.2016-07-154.3CVE-2016-1451
CISCO
cisco -- asr_5000_softwareCisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote attackers to make configuration changes over SNMP by leveraging knowledge of the read-write community, aka Bug ID CSCuz29526.2016-07-156.4CVE-2016-1452
CISCO
cisco -- iosCisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061.2016-07-174.9CVE-2016-1459
CISCO
general_electric -- cimplicityGeneral Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DACLs, which allows local users to modify a service configuration via unspecified vectors.2016-07-154.6CVE-2016-5787
CONFIRM
MISC
golang -- goThe net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.2016-07-185.1CVE-2016-5386
CERT-VN
CONFIRM
MISC
ibm -- security_directory_serverDirectory traversal vulnerability in the Web Administration tool in IBM Tivoli Directory Server (ITDS) before 6.1.0.74-ISS-ISDS-IF0074, 6.2.x before 6.2.0.50-ISS-ISDS-IF0050, and 6.3.x before 6.3.0.43-ISS-ISDS-IF0043 and IBM Security Directory Server (ISDS) before 6.3.1.18-ISS-ISDS-IF0018 and 6.4.x before 6.4.0.9-ISS-ISDS-IF0009 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.2016-07-155.0CVE-2015-1977
CONFIRM
ibm -- security_identity_manager_adapterIBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by leveraging an attack against the password algorithm.2016-07-155.0CVE-2016-0330
CONFIRM
ibm -- security_identity_manager_adapterIBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session identifiers after logout, which makes it easier for remote attackers to spoof users by leveraging knowledge of "traffic records."2016-07-154.3CVE-2016-0339
CONFIRM
ibm -- security_identity_manager_adapterIBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles session expiration, which allows remote attackers to hijack sessions by leveraging an unattended workstation.2016-07-154.4CVE-2016-0340
CONFIRM
ibm -- security_identity_manager_adapterIBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows remote attackers to conduct clickjacking attacks via a crafted web site.2016-07-154.3CVE-2016-0357
CONFIRM
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files.2016-07-175.0CVE-2016-0393
CONFIRM
ibm -- rational_collaborative_lifecycle_managementThe GIT Integration component in IBM Rational Team Concert (RTC) 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 and Rational Collaborative Lifecycle Management 5.x before 5.0.2 iFix14 and 6.x before 6.0.1 iFix5 allows remote authenticated users to obtain sensitive information via a malformed request.2016-07-154.0CVE-2016-2865
CONFIRM
isc -- bindISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x before 9.11.0b2, when lwresd or the named lwres option is enabled, allows remote attackers to cause a denial of service (daemon crash) via a long request that uses the lightweight resolver protocol.2016-07-194.3CVE-2016-2775
CONFIRM
mirrorer -- libbpgThe restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandles the transquant_bypass_enable_flag value, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted BPG image, related to a "type confusion" issue.2016-07-156.8CVE-2016-5637
CERT-VN
misys -- fusioncapital_opics_plusMultiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated users to execute arbitrary SQL commands via the (1) ID or (2) Branch parameter.2016-07-194.0CVE-2016-5653
CERT-VN
misys -- fusioncapital_opics_plusMisys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.2016-07-194.3CVE-2016-5655
CERT-VN
moxa -- mgate_mb3170_router_firmwareMoxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value.2016-07-155.0CVE-2016-5804
MISC
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.2016-07-214.0CVE-2016-3424
CONFIRM
oracle -- business_intelligence_publisherUnspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web Server.2016-07-214.9CVE-2016-3432
CONFIRM
oracle -- business_intelligenceUnspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web Administration.2016-07-214.9CVE-2016-3433
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.2016-07-214.0CVE-2016-3440
CONFIRM
oracle -- weblogic_serverUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container.2016-07-215.0CVE-2016-3445
CONFIRM
oracle -- application_expressUnspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors.2016-07-215.8CVE-2016-3448
CONFIRM
oracle -- siebel_core-server_frameworkUnspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-5460 and CVE-2016-5466.2016-07-214.3CVE-2016-3450
CONFIRM

oracle -- integrated_lights_out_manager_firmware

 

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web.2016-07-214.3CVE-2016-3451
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier allows remote attackers to affect confidentiality via vectors related to Server: Security: Encryption.2016-07-214.3CVE-2016-3452
CONFIRM
oracle -- solarisUnspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel.2016-07-214.9CVE-2016-3453
CONFIRM
oracle -- javaUnspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.2016-07-214.3CVE-2016-3458
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.2016-07-214.0CVE-2016-3459
CONFIRM
oracle -- application_expressUnspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors.2016-07-215.0CVE-2016-3467
CONFIRM
oracle -- business_intelligence_publisherUnspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality via vectors related to Security.2016-07-214.3CVE-2016-3474
CONFIRM
oracle -- knowledgeUnspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console.2016-07-214.0CVE-2016-3475
CONFIRM
oracle -- knowledgeUnspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console.2016-07-216.4CVE-2016-3476
CONFIRM
oracle -- peoplesoft_enterprise_peopletoolsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to File Processing.2016-07-214.3CVE-2016-3478
CONFIRM
oracle -- solaris_clusterUnspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect confidentiality via vectors related to HA for Postgresql.2016-07-214.9CVE-2016-3480
CONFIRM
oracle -- integrated_lights_out_manager_firmwareUnspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect availability via vectors related to Web.2016-07-214.0CVE-2016-3481
CONFIRM
oracle -- http_serverUnspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module.2016-07-215.0CVE-2016-3482
CONFIRM
oracle -- peoplesoft_enterprise_peopletoolsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and availability via vectors related to File Processing.2016-07-216.4CVE-2016-3483
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.2016-07-216.8CVE-2016-3486
CONFIRM
oracle -- databaseUnspecified vulnerability in the DB Sharding component in Oracle Database Server 12.1.0.2 allows local users to affect integrity via unknown vectors.2016-07-214.9CVE-2016-3488
CONFIRM
oracle -- enterprise_manager_ops_centerUnspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2 allows remote attackers to affect availability via vectors related to OS Provisioning.2016-07-216.1CVE-2016-3494
CONFIRM
oracle -- enterprise_manager_for_fusion_middlewareUnspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Enterprise Manager Grid Control 11.1.1.7, and 11.1.1.9 allows remote attackers to affect confidentiality via vectors related to SOA Topology Viewer.2016-07-214.3CVE-2016-3496
CONFIRM
oracle -- javaUnspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3508.2016-07-215.0CVE-2016-3500
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.2016-07-214.0CVE-2016-3501
CONFIRM
oracle -- webcenter_sitesUnspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.2016-07-216.0CVE-2016-3502
CONFIRM
oracle -- javaUnspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.2016-07-214.4CVE-2016-3503
CONFIRM
oracle -- jdeveloperUnspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to ADF Faces.2016-07-216.5CVE-2016-3504
CONFIRM
oracle -- jdbcUnspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2016-07-216.8CVE-2016-3506
CONFIRM
oracle -- agile_product_lifecycle_management_frameworkUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to WebClient / Admin.2016-07-214.3CVE-2016-3507
CONFIRM
oracle -- javaUnspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different vulnerability than CVE-2016-3500.2016-07-215.0CVE-2016-3508
CONFIRM
oracle -- agile_product_lifecycle_management_frameworkUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality and integrity via vectors related to File Folders / URL Attachment.2016-07-214.9CVE-2016-3509
CONFIRM
oracle -- communications_operations_monitorUnspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure.2016-07-216.8CVE-2016-3513
CONFIRM
oracle -- enterprise_communications_brokerUnspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3516.2016-07-216.8CVE-2016-3514
CONFIRM
oracle -- enterprise_communications_brokerUnspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3514.2016-07-214.0CVE-2016-3516
CONFIRM
oracle -- agile_product_lifecycle_management_frameworkUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to PC / Get Shortcut.2016-07-214.3CVE-2016-3517
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.2016-07-216.8CVE-2016-3518
CONFIRM
oracle -- agile_product_lifecycle_management_frameworkUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to PC / Get Shortcut.2016-07-214.3CVE-2016-3519
CONFIRM
oracle -- e-business_suiteUnspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via vectors related to AOL Diagnostic tests.2016-07-216.8CVE-2016-3520
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.2016-07-216.8CVE-2016-3521
CONFIRM
oracle -- web_applications_desktop_integratorUnspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Application Service.2016-07-214.3CVE-2016-3523
CONFIRM
oracle -- e-business_suiteUnspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Configuration.2016-07-215.5CVE-2016-3524
CONFIRM
oracle -- applications_managerUnspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality via vectors related to Cookie Management.2016-07-215.4CVE-2016-3525
CONFIRM
oracle -- agile_product_lifecycle_management_frameworkUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3526 and CVE-2016-3560.2016-07-215.0CVE-2016-3529
CONFIRM
oracle -- knowledge_managementUnspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Search.2016-07-214.3CVE-2016-3533
CONFIRM
oracle -- installed_baseUnspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Engineering Change Order.2016-07-214.3CVE-2016-3534
CONFIRM
oracle -- agile_product_lifecycle_management_frameworkUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-5473.2016-07-216.8CVE-2016-3537
CONFIRM
oracle -- solarisUnspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Libadimalloc.2016-07-214.4CVE-2016-3584
CONFIRM
oracle -- integrated_lights_out_manager_firmwareUnspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex.2016-07-215.8CVE-2016-3585
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect integrity and availability via vectors related to Server: InnoDB.2016-07-214.9CVE-2016-3588
CONFIRM
oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.22 allows remote attackers to affect confidentiality via vectors related to Core.2016-07-214.3CVE-2016-3612
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: DML.2016-07-214.3CVE-2016-3615
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.2016-07-214.0CVE-2016-5436
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log.2016-07-214.0CVE-2016-5437
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges.2016-07-214.0CVE-2016-5439
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: RBR.2016-07-214.0CVE-2016-5440
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.2016-07-214.0CVE-2016-5441
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption.2016-07-214.0CVE-2016-5442
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows remote attackers to affect confidentiality via vectors related to Server: Connection.2016-07-214.3CVE-2016-5444
CONFIRM
oracle -- integrated_lights_out_manager_firmwareUnspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.2016-07-216.5CVE-2016-5447
CONFIRM
oracle -- integrated_lights_out_manager_firmwareUnspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP.2016-07-216.4CVE-2016-5448
CONFIRM
oracle -- integrated_lights_out_manager_firmwareUnspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection.2016-07-215.0CVE-2016-5449
CONFIRM
oracle -- siebel_ui_frameworkUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to UIF Open UI.2016-07-214.3CVE-2016-5450
CONFIRM
oracle -- siebel_ui_frameworkUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5468.2016-07-215.5CVE-2016-5451
CONFIRM
oracle -- solarisUnspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot.2016-07-215.4CVE-2016-5454
CONFIRM
oracle -- communications_messaging_serverUnspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors related to Multiplexor.2016-07-215.0CVE-2016-5455
CONFIRM
oracle -- siebel_core-server_frameworkUnspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Object Manager.2016-07-214.0CVE-2016-5461
CONFIRM
oracle -- siebel_core-server_frameworkUnspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote administrators to affect confidentiality via vectors related to Workspaces.2016-07-214.0CVE-2016-5462
CONFIRM
oracle -- peoplesoft_enterprise_peopletoolsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Panel Processor.2016-07-215.8CVE-2016-5465
CONFIRM
oracle -- siebel_core-server_frameworkUnspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5460.2016-07-214.3CVE-2016-5466
CONFIRM
oracle -- peoplesoft_enterprise_scm_eprocurementUnspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to eProcurement.2016-07-215.5CVE-2016-5467
CONFIRM
oracle -- retail_integration_busUnspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install.2016-07-216.5CVE-2016-5476
CONFIRM
oracle -- glassfish_serverUnspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.2016-07-215.0CVE-2016-5477
CONFIRM
php -- phpPHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue.2016-07-185.1CVE-2016-5385
CERT-VN
CONFIRM
MISC
tollgrade -- lighthouse_smsTollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to bypass authentication and restart the software via unspecified vectors.2016-07-155.0CVE-2016-5790
MISC
tollgrade -- lighthouse_smsTollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authentication attempts depending on whether the username exists, which allows remote attackers to enumerate account names via a series of attempts.2016-07-155.0CVE-2016-5797
MISC
tollgrade -- lighthouse_smsTollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended administrative-authentication requirement, and read or change parameter values, via a direct request.2016-07-155.5CVE-2016-5807
MISC

Back to top

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
ibm -- bigfix_platformCross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x before 9.1.8 and 9.2.x before 9.2.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.2016-07-153.5CVE-2016-0269
CONFIRM
ibm -- personal_communicationsIBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x before 12.0.0.1 does not properly restrict credential extraction, which allows local users to discover passwords by leveraging access to the victim account and executing a PowerShell script.2016-07-172.1CVE-2016-0321
AIXAPAR
CONFIRM
ibm -- security_identity_manager_adapterIBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 allows local users to discover cleartext passwords by (1) reading a configuration file or (2) examining a process.2016-07-152.1CVE-2016-0338
CONFIRM
oracle -- siebel_core-server_frameworkUnspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows local users to affect confidentiality via vectors related to Services.2016-07-212.1CVE-2016-3469
CONFIRM
oracle -- siebel_engineering-installer_and_deploymentUnspecified vulnerability in the Siebel Engineering - Installer and Deployment component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Web Server.2016-07-213.5CVE-2016-3472
CONFIRM
oracle -- databaseUnspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors.2016-07-213.2CVE-2016-3484
CONFIRM
oracle -- javaUnspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.2016-07-212.1CVE-2016-3485
CONFIRM
oracle -- transportation_managementUnspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, and 6.4.1 allows remote authenticated users to affect confidentiality via vectors related to Database.2016-07-213.5CVE-2016-3490
CONFIRM
oracle -- agile_product_lifecycle_management_frameworkUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to PC / Notification.2016-07-213.5CVE-2016-3531
CONFIRM
oracle -- vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.26 allows local users to affect availability via vectors related to Core.2016-07-212.1CVE-2016-3597
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Security: Encryption.2016-07-213.5CVE-2016-3614
CONFIRM
oracle -- mysqlUnspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availability via vectors related to Server: Connection.2016-07-211.2CVE-2016-5443
CONFIRM
oracle -- solarisUnspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality via vectors related to Verified Boot.2016-07-212.1CVE-2016-5452
CONFIRM
oracle -- siebel_ui_frameworkUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-5464.2016-07-213.5CVE-2016-5463
CONFIRM
oracle -- siebel_ui_frameworkUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect integrity via vectors related to SWSE Server, a different vulnerability than CVE-2016-5463.2016-07-213.5CVE-2016-5464
CONFIRM
oracle -- solarisUnspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5471.2016-07-212.1CVE-2016-5469
CONFIRM
oracle -- solarisUnspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-3497 and CVE-2016-5469.2016-07-212.1CVE-2016-5471
CONFIRM

Back to top

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- iosWebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4623.2016-07-21

Not yet calculated

CVE-2016-4624
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple -- iosThe Siri Contacts component in Apple iOS before 9.3.3 allows physically proximate attackers to read arbitrary Contact card information via unspecified vectors.2016-07-21

Not yet calculated

CVE-2016-4593
APPLE
CONFIRM
apple -- iosWebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 mishandles the location variable, which allows remote attackers to access the local filesystem via unspecified vectors.2016-07-21

Not yet calculated

CVE-2016-4591
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple -- iosWebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.2016-07-21

Not yet calculated

CVE-2016-4590
APPLE
APPLE
CONFIRM
CONFIRM
apple -- iosThe WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.2016-07-21Not yet calculatedCVE-2016-4584
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple -- iosWebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document.2016-07-21Not yet calculatedCVE-2016-4583
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple -- iosWebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted web site.2016-07-21

Not yet calculated

CVE-2016-4592
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple -- iosSafari in Apple iOS before 9.3.3 allows remote attackers to spoof the displayed URL via an HTTP response specifying redirection to an invalid TCP port number.2016-07-21

Not yet calculated

CVE-2016-4604
APPLE
CONFIRM
apple -- iosThe kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4582.2016-07-21

Not yet calculated

CVE-2016-4653
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- iosIOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.2016-07-21

Not yet calculated

CVE-2016-4627
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple -- iosCross-site scripting (XSS) vulnerability in the WebKit JavaScript bindings in Apple iOS before 9.3.3 and Safari before 9.1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted HTTP/0.9 response, related to a "cross-protocol cross-site scripting (XPXSS)" vulnerability.2016-07-21

Not yet calculated

CVE-2016-4651
APPLE
APPLE
CONFIRM
CONFIRM
apple -- iosIOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 allows local users to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via unspecified vectors.2016-07-21

Not yet calculated

CVE-2016-4628
APPLE
APPLE
CONFIRM
CONFIRM
apple -- ioslibxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4615, and CVE-2016-4616.2016-07-21

Not yet calculated

CVE-2016-4619
APPLE
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- iosThe kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.2016-07-21Not yet calculatedCVE-2016-1865
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- iosCross-site scripting (XSS) vulnerability in the WebKit Page Loading implementation in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to inject arbitrary web script or HTML via an HTTP response specifying redirection that is mishandled by Safari.2016-07-21

Not yet calculated

CVE-2016-4585
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple -- iosThe Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an API call.2016-07-21

Not yet calculated

CVE-2016-4594
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- ioslibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4610.2016-07-21

Not yet calculated

CVE-2016-4612
APPLE
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- ioslibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.2016-07-21

Not yet calculated

CVE-2016-4608
APPLE
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- ioslibxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4616, and CVE-2016-4619.2016-07-21

Not yet calculated

CVE-2016-4615
APPLE
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- ioslibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4610, and CVE-2016-4612.2016-07-21

Not yet calculated

CVE-2016-4609
APPLE
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- ioslibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4608, CVE-2016-4609, CVE-2016-4610, and CVE-2016-4612.2016-07-21

Not yet calculated

CVE-2016-4607
APPLE
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- iosWebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4622, CVE-2016-4623, and CVE-2016-4624.2016-07-21

Not yet calculated

apple -- N/A
apple -- iosWebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote attackers to obtain sensitive information from uninitialized process memory via a crafted web site.2016-07-21

Not yet calculated

CVE-2016-4587
APPLE
APPLE
CONFIRM
CONFIRM
apple -- iosWebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4623, and CVE-2016-4624.2016-07-21

Not yet calculated

CVE-2016-4622
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple -- ioslibxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4607, CVE-2016-4608, CVE-2016-4609, and CVE-2016-4612.2016-07-21

Not yet calculated

CVE-2016-4610
APPLE
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- ioslibxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4615, CVE-2016-4616, and CVE-2016-4619.2016-07-21

Not yet calculated

CVE-2016-4614
APPLE
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- iosWebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2016-4589, CVE-2016-4622, and CVE-2016-4624.2016-07-21

Not yet calculated

CVE-2016-4623
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
apple -- iosCalendar in Apple iOS before 9.3.3 allows remote attackers to cause a denial of service (NULL pointer dereference and device restart) via a crafted invitation.2016-07-21

Not yet calculated

CVE-2016-4605
APPLE
CONFIRM
apple -- iosWeb Media in Apple iOS before 9.3.3 allows attackers to bypass the Private Browsing protection mechanism and obtain sensitive video URL information by leveraging Safari View Controller misbehavior.2016-07-21

Not yet calculated

CVE-2016-4603
APPLE
CONFIRM
apple -- ioslibxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before 12.4.2 on Windows, iCloud before 5.2.1 on Windows, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, a different vulnerability than CVE-2016-4614, CVE-2016-4615, and CVE-2016-4619.2016-07-21

Not yet calculated

CVE-2016-4616
APPLE
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- iosThe kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.2016-07-21Not yet calculatedCVE-2016-4582
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- os_xlibc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-07-21

Not yet calculated

CVE-2016-4621
APPLE
CONFIRM
apple -- os_xQuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4602.2016-07-21

Not yet calculated

CVE-2016-4600
APPLE
CONFIRM
apple -- os_xIntel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.2016-07-21

Not yet calculated

CVE-2016-4633
APPLE
MISC
CONFIRM
apple -- os_xImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted xStride and yStride values in an EXR image.2016-07-21

Not yet calculated

CVE-2016-4629
APPLE
MISC
CONFIRM
apple -- os_xThe Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.2016-07-21

Not yet calculated

CVE-2016-4634
APPLE
CONFIRM
apple -- os_xImageIO in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression.2016-07-21

Not yet calculated

apple -- N/Aapple -- N/A
apple -- os_xIOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vectors.2016-07-21

Not yet calculated

CVE-2016-4626
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- os_xLogin Window in Apple OS X before 10.11.6 does not properly initialize memory, which allows local users to cause a denial of service via unspecified vectors.2016-07-21

Not yet calculated

CVE-2016-4639
APPLE
MISC
CONFIRM
apple -- os_xFaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows man-in-the-middle attackers to spoof relayed-call termination, and obtain sensitive audio information in opportunistic circumstances, via unspecified vectors.2016-07-21

Not yet calculated

CVE-2016-4635
APPLE
APPLE
CONFIRM
CONFIRM
apple -- os_xImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors.2016-07-21

Not yet calculated

CVE-2016-4632
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- os_xLogin Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion."2016-07-21

Not yet calculated

CVE-2016-4638
APPLE
CONFIRM
apple -- os_xCoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted BMP image.2016-07-21

Not yet calculated

CVE-2016-4637
APPLE
APPLE
APPLE
APPLE
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- os_xUse-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.2016-07-21

Not yet calculated

CVE-2016-4625
APPLE
CONFIRM
apple -- os_xLogin Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a crafted app.2016-07-21

Not yet calculated

CVE-2016-4640
APPLE
MISC
CONFIRM
apple -- os_xQuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4597, and CVE-2016-4600.2016-07-21

Not yet calculated

CVE-2016-4602
APPLE
CONFIRM
apple -- os_xQuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4596, CVE-2016-4600, and CVE-2016-4602.2016-07-21

Not yet calculated

CVE-2016-4597
APPLE
CONFIRM
apple -- os_xQuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix bitmap image, a different vulnerability than CVE-2016-4597, CVE-2016-4600, and CVE-2016-4602.2016-07-21

Not yet calculated

CVE-2016-4596
APPLE
CONFIRM
apple -- os_xAudio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file.2016-07-21

Not yet calculated

CVE-2016-4647
APPLE
MISC
MISC
CONFIRM
apple -- os_xLogin Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or obtain sensitive user information via a crafted app that leverages a "type confusion."2016-07-21

Not yet calculated

CVE-2016-4641
APPLE
MISC
CONFIRM
apple -- os_xQuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image.2016-07-21

Not yet calculated

CVE-2016-4598
APPLE
CONFIRM
apple -- os_xSafari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.2016-07-21

Not yet calculated

CVE-2016-4595
APPLE
CONFIRM
apple -- os_xImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF file.2016-07-21

Not yet calculated

CVE-2016-4631
APPLE
APPLE
APPLE
APPLE
MISC
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- os_xAudio in Apple OS X before 10.11.6 allows local users to cause a denial of service (NULL pointer dereference) via unspecified vectors.2016-07-21

Not yet calculated

CVE-2016-4649
APPLE
CONFIRM
apple -- os_xThe kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4582 and CVE-2016-4653.2016-07-21Not yet calculatedCVE-2016-1863
APPLE
APPLE
APPLE
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- os_xCFNetwork in Apple OS X before 10.11.6 uses weak permissions for web-browser cookies, which allows local users to obtain sensitive information via unspecified vectors.2016-07-21

Not yet calculated

CVE-2016-4645
APPLE
CONFIRM
apple -- os_xQuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted SGI image.2016-07-21

Not yet calculated

CVE-2016-4601
APPLE
CONFIRM
apple -- os_xAudio in Apple OS X before 10.11.6 mishandles a size value, which allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read) via a crafted audio file.2016-07-21

Not yet calculated

CVE-2016-4646
APPLE
MISC
CONFIRM
apple -- os_xQuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document.2016-07-21

Not yet calculated

CVE-2016-4599
APPLE
CONFIRM
apple -- os_xAudio in Apple OS X before 10.11.6 allows local users to obtain sensitive kernel memory-layout information or cause a denial of service (out-of-bounds read) via unspecified vectors.2016-07-21

Not yet calculated

CVE-2016-4648
APPLE
CONFIRM
apple -- os_xInteger signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.2016-07-21Not yet calculatedCVE-2014-9862
APPLE
CONFIRM
CONFIRM
CONFIRM
CONFIRM
apple -- ox_xCoreGraphics in Apple OS X before 10.11.6 allows local users to obtain sensitive information from kernel memory and consequently gain privileges, or cause a denial of service (out-of-bounds read), via unspecified vectors.2016-07-21

Not yet calculated

CVE-2016-4652
APPLE
MISC
CONFIRM
apple -- safariWebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.2016-07-21

Not yet calculated

CVE-2016-4586
APPLE
APPLE
CONFIRM
CONFIRM
apple -- tvosWebKit in Apple tvOS before 9.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.2016-07-21

Not yet calculated

CVE-2016-4588
APPLE
CONFIRM
eCryptfs -- ecryptfs_setup_swapecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning on a (1) NVMe or (2) MMC drive, which allows local users to obtain sensitive information via unspecified vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-8946.2016-07-22

Not yet calculated

CVE-2016-6224
MLIST
MLIST
UBUNTU
CONFIRM
CONFIRM
CONFIRM
ecryptfs -- ecryptfs_setup_swapecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.2016-07-22 CVE-2015-8946
MLIST
MLIST
UBUNTU
CONFIRM
CONFIRM
google -- chromeios/web/web_state/ui/crw_web_controller.mm in Google Chrome before 52.0.2743.82 on iOS does not ensure that an invalid URL is replaced with the about:blank URL, which allows remote attackers to spoof the URL display via a crafted web site.2016-07-23Not yet calculatedCVE-2016-1707
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe Chrome Web Store inline-installation implementation in the Extensions subsystem in Google Chrome before 52.0.2743.82 does not properly consider object lifetimes during progress observation, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted web site.2016-07-23Not yet calculatedCVE-2016-1708
CONFIRM
CONFIRM
CONFIRM
google -- chromeHeap-based buffer overflow in the ByteArray::Get method in data/byte_array.cc in Google sfntly before 2016-06-10, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SFNT font.2016-07-23Not yet calculatedCVE-2016-1709
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeMultiple unspecified vulnerabilities in Google Chrome before 52.0.2743.82 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2016-07-23Not yet calculatedCVE-2016-1705
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after CVE-2016-1617 resolution.2016-07-23

Not yet calculated

CVE-2016-5137
CONFIRM
CONFIRM
CONFIRM
google -- chromeUse-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsystem in Google Chrome before 52.0.2743.82 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to script deletion.2016-07-23

Not yet calculated

CVE-2016-5136
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeWebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.2016-07-23Not yet calculatedCVE-2016-1711
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.2016-07-23

Not yet calculated

CVE-2016-5132
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeWebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.2016-07-23

Not yet calculated

CVE-2016-5135
CONFIRM
CONFIRM
CONFIRM
google -- chromecontent/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restrict multiple uses of a JavaScript forward method, which allows remote attackers to spoof the URL display via a crafted web site.2016-07-23

Not yet calculated

CVE-2016-5130
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeUse-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code involving an @import at-rule in a Cascading Style Sheets (CSS) token sequence in conjunction with a rel=import attribute of a LINK element.2016-07-23

Not yet calculated

CVE-2016-5127
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeobjects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.2016-07-23

Not yet calculated

CVE-2016-5128
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromenet/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743.82 does not ensure that URL information is restricted to a scheme, host, and port, which allows remote attackers to discover credentials by operating a server with a PAC script, a related issue to CVE-2016-3763.2016-07-23

Not yet calculated

CVE-2016-5134
CONFIRM
CONFIRM
CONFIRM
google -- chromeGoogle Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which allows man-in-the-middle attackers to spoof a proxy-authentication login prompt or trigger incorrect credential storage by modifying the client-server data stream.2016-07-23

Not yet calculated

CVE-2016-5133
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe PPAPI implementation in Google Chrome before 52.0.2743.82 does not validate the origin of IPC messages to the plugin broker process that should have come from the browser process, which allows remote attackers to bypass a sandbox protection mechanism via an unexpected message type, related to broker_process_dispatcher.cc, ppapi_plugin_process_host.cc, ppapi_thread.cc, and render_frame_message_filter.cc.2016-07-23Not yet calculatedCVE-2016-1706
CONFIRM
CONFIRM
CONFIRM
google -- chromeUse-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.2016-07-23

Not yet calculated

CVE-2016-5131
CONFIRM
CONFIRM
CONFIRM
CONFIRM
google -- chromeThe ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.2016-07-23Not yet calculatedCVE-2016-1710
CONFIRM
CONFIRM
CONFIRM
google --chromeGoogle V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process left-trimmed objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.2016-07-23

Not yet calculated

CVE-2016-5129
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
oracle -- java_seUnspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.2016-07-21Not yet calculatedCVE-2016-3587
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3574
CONFIRM
oracle -- agile_plmUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality and integrity via vectors related to PC Core.2016-07-21Not yet calculatedCVE-2016-3553
CONFIRM
oracle -- communications_eagle_applicationUnspecified vulnerability in the Oracle Communications EAGLE Application Processor component in Oracle Communications Applications 16.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to APPL.2016-07-21

Not yet calculated

CVE-2016-5458
CONFIRM
oracle -- databaseUnspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.2016-07-21Not yet calculatedCVE-2016-3609
CONFIRM
oracle -- one_to_one_fulfillmentUnspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Content Manager.2016-07-21Not yet calculatedCVE-2016-3547
CONFIRM
oracle -- application_object_libraryUnspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Web based help screens.2016-07-21Not yet calculatedCVE-2016-3545
CONFIRM
oracle -- email_centerUnspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Email Center Agent Console, a different vulnerability than CVE-2016-3558.2016-07-21Not yet calculatedCVE-2016-3559
CONFIRM
oracle -- e_business_suiteUnspecified vulnerability in the Oracle E-Business Suite Secure Enterprise Search component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Search Integration Engine.2016-07-21Not yet calculatedCVE-2016-3549
CONFIRM
oracle -- marketingUnspecified vulnerability in the Oracle Marketing component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality via vectors related to Marketing activity collateral.2016-07-21Not yet calculatedCVE-2016-3548
CONFIRM
oracle -- advanced_collectionsUnspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Report JSPs.2016-07-21Not yet calculatedCVE-2016-3546
CONFIRM
oracle -- knowledge_managementUnspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality and integrity via unknown vectors.2016-07-21Not yet calculatedCVE-2016-3542
CONFIRM
oracle -- common_applications_calendarUnspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Notes.2016-07-21Not yet calculatedCVE-2016-3541
CONFIRM
oracle -- email_centerUnspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Email Center Agent Console, a different vulnerability than CVE-2016-3559.2016-07-21Not yet calculatedCVE-2016-3558
CONFIRM
oracle -- internet_expensesUnspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect availability via vectors related to Expenses Admin Utilities.2016-07-21Not yet calculatedCVE-2016-3528
CONFIRM
oracle -- common_applications_calendarUnspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to Tasks.2016-07-21Not yet calculatedCVE-2016-3543
CONFIRM
oracle -- enterprise_manager_grid_controlUnspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle Healthcare Master Person Index component in Oracle Health Sciences Applications 2.0.12, 3.0.0, and 4.0.1; the Oracle Documaker component in Oracle Insurance Applications before 12.5; the Oracle Insurance Calculation Engine component in Oracle Insurance Applications 9.7.1, 10.1.2, and 10.2.2; the Oracle Insurance Policy Administration J2EE and Oracle Insurance Rules Palette components in Oracle Insurance Applications 9.6.1, 9.7.1, 10.0.1, 10.1.2, 10.2.0, and 10.2.2; the Oracle Retail Integration Bus component in Oracle Retail Applications 15.0; the Oracle Retail Order Broker component in Oracle Retail Applications 5.1, 5.2, and 15.0; the Primavera Contract Management component in Oracle Primavera Products Suite 14.2; and the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.2, 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.2016-07-21Not yet calculatedCVE-2016-0635
CONFIRM
oracle -- enterprise_manager_grid_controlUnspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 and 13.1.0.0 allows remote attackers to affect confidentiality via vectors related to UI Framework.2016-07-21Not yet calculatedCVE-2016-3540
CONFIRM
oracle -- enterprise_manager_grid_controlUnspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework.2016-07-21Not yet calculatedCVE-2016-3563
CONFIRM
oracle -- financial_servicesUnspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Applications 12.0.1, 12.0.2, and 12.0.3 allows remote attackers to affect confidentiality and integrity via unknown vectors.2016-07-21Not yet calculatedCVE-2016-3589
CONFIRM
oracle -- toplinkUnspecified vulnerability in the Oracle TopLink component in Oracle Fusion Middleware 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JPA-RS.2016-07-21Not yet calculatedCVE-2016-3564
CONFIRM
oracle -- glassfishUnspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Web Container.2016-07-21Not yet calculatedCVE-2016-3607
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3591
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3590
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3592
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3595.2016-07-21Not yet calculatedCVE-2016-3596
CONFIRM
oracle -- weblogicUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Core Components, a different vulnerability than CVE-2016-3510.2016-07-21Not yet calculatedCVE-2016-3586
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3594
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3595
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3580
CONFIRM
oracle -- glassfishUnspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration.2016-07-21Not yet calculatedCVE-2016-3608
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3578
CONFIRM
oracle -- business_intelligence_enterprise_editionUnspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 11.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web General.2016-07-21Not yet calculatedCVE-2016-3544
CONFIRM
Oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3576
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3582
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3575
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3577
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3583
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3581
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3579, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3593
CONFIRM
oracle -- outside_in_technologyUnspecified vulnerability in the Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters, a different vulnerability than CVE-2016-3574, CVE-2016-3575, CVE-2016-3576, CVE-2016-3577, CVE-2016-3578, CVE-2016-3580, CVE-2016-3581, CVE-2016-3582, CVE-2016-3583, CVE-2016-3590, CVE-2016-3591, CVE-2016-3592, CVE-2016-3593, CVE-2016-3594, CVE-2016-3595, and CVE-2016-3596.2016-07-21Not yet calculatedCVE-2016-3579
CONFIRM
oracle -- javaUnspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3598.2016-07-21Not yet calculatedCVE-2016-3610
CONFIRM
oracle -- javaUnspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different vulnerability than CVE-2016-3610.2016-07-21Not yet calculatedCVE-2016-3598
CONFIRM
oracle -- javaUnspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.2016-07-21Not yet calculatedCVE-2016-3552
CONFIRM
oracle -- javaUnspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX.2016-07-21Not yet calculatedCVE-2016-3498
CONFIRM
oracle -- javaUnspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality via vectors related to Hotspot.2016-07-21Not yet calculatedCVE-2016-3550
CONFIRM
oracle -- javaUnspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.2016-07-21Not yet calculatedCVE-2016-3606
CONFIRM
oracle -- javaUnspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.2016-07-21Not yet calculatedCVE-2016-3511
CONFIRM
oracle -- peoplesoft_enterprise_peopletoolsUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality via vectors related to Application Designer.2016-07-21

Not yet calculated

CVE-2016-5470
CONFIRM
oracle -- primavera_p6_enterprise_project_portfolio_manUnspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3573.2016-07-21Not yet calculatedCVE-2016-3571
CONFIRM
oracle -- primavera_products_suiteUnspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web access.2016-07-21Not yet calculatedCVE-2016-3567
CONFIRM
oracle -- primavera_products_suiteUnspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573.2016-07-21Not yet calculatedCVE-2016-3566
CONFIRM
oracle -- primavera_products_suiteUnspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3570, and CVE-2016-3571.2016-07-21Not yet calculatedCVE-2016-3573
CONFIRM
oracle -- primavera_products_suiteUnspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573.2016-07-21Not yet calculatedCVE-2016-3569
CONFIRM
oracle -- primavera_products_suiteUnspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to Web Access.2016-07-21Not yet calculatedCVE-2016-3572
CONFIRM
oracle -- primavera_products_suiteUnspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3568, CVE-2016-3569, CVE-2016-3571, and CVE-2016-3573.2016-07-21Not yet calculatedCVE-2016-3570
CONFIRM
oracle -- primavera_products_suiteUnspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.3, 8.4, 15.1, 15.2, and 16.1 allows remote attackers to affect confidentiality and integrity via vectors related to Web access, a different vulnerability than CVE-2016-3566, CVE-2016-3569, CVE-2016-3570, CVE-2016-3571, and CVE-2016-3573.2016-07-21Not yet calculatedCVE-2016-3568
CONFIRM
oracle -- retail_applicationsUnspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 5.1 and 5.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to System Administration.2016-07-21Not yet calculatedCVE-2016-3565
CONFIRM
oracle -- retail_applicationsUnspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install.2016-07-21

Not yet calculated

CVE-2016-5475
CONFIRM
oracle -- retail_applicationsUnspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 15.0 allows remote attackers to affect confidentiality and integrity via vectors related to System Administration.2016-07-21Not yet calculatedCVE-2016-3611
CONFIRM
oracle -- retail_applicationsUnspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applications 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RSB Kernel.2016-07-21

Not yet calculated

CVE-2016-5474
CONFIRM
oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to iHelp.2016-07-21

Not yet calculated

CVE-2016-5459
CONFIRM
oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors related to Services, a different vulnerability than CVE-2016-3450 and CVE-2016-5466.2016-07-21

Not yet calculated

CVE-2016-5460
CONFIRM
oracle -- siebel_crmUnspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Services.2016-07-21

Not yet calculated

CVE-2016-5456
CONFIRM
oracle -- siebel_crmUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5451.2016-07-21

Not yet calculated

CVE-2016-5468
CONFIRM
oracle -- sun_solarisUnspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471.2016-07-21Not yet calculatedCVE-2016-3497
CONFIRM
oracle -- integrated_lights_out_manager_firmwareUnspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to LUMAIN.2016-07-21

Not yet calculated

CVE-2016-5457
CONFIRM
oracle -- agile_plmUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to File Load.2016-07-21Not yet calculatedCVE-2016-3557
CONFIRM
oracle -- demand_planningUnspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 12.1 and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to ODPDA Servlet.2016-07-21Not yet calculatedCVE-2016-3527
CONFIRM
oracle -- agile_plmUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to EM Integration.2016-07-21Not yet calculatedCVE-2016-3556
CONFIRM
oracle -- agile_plmUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SDK.2016-07-21Not yet calculatedCVE-2016-3561
CONFIRM
oracle -- agile_plmUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a different vulnerability than CVE-2016-3526 and CVE-2016-3529.2016-07-21Not yet calculatedCVE-2016-3560
CONFIRM
oracle -- agile_plmUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-3537.2016-07-21

Not yet calculated

CVE-2016-5473
CONFIRM
oracle -- agile_plmUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to PC / BOM, MCAD, and Design.2016-07-21Not yet calculatedCVE-2016-3554
CONFIRM
oracle -- agile_plmUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to PGC / Excel Plugin.2016-07-21Not yet calculatedCVE-2016-3555
CONFIRM
oracle -- virtualizationUnspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to OpenSSL.2016-07-21Not yet calculatedCVE-2016-3613
CONFIRM
siemens -- simatic_winccSiemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Update 9 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.1 Update 3 as distributed in SIMATIC PCS 7 through 8.1 SP1, SIMATIC OpenPCS 7 before 8.2 Update 1 as distributed in SIMATIC PCS 7 8.2, and SIMATIC WinCC Runtime Professional before 13 SP1 Update 9 allow remote attackers to execute arbitrary code via crafted packets.2016-07-22

Not yet calculated

CVE-2016-5743
CONFIRM
siemens -- simatic_winccSiemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC station files via crafted packets.2016-07-22

Not yet calculated

CVE-2016-5744
CONFIRM
siemens -- simatic_net_pcSiemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (OPC UA service outage) via crafted TCP packets.2016-07-22

Not yet calculated

CVE-2016-5874
CONFIRM
siemens -- sinema_remote_connect_serverCross-site scripting (XSS) vulnerability in the integrated web server in Siemens SINEMA Remote Connect Server before 1.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.2016-07-22

Not yet calculated

CVE-2016-6204
CONFIRM

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.