Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-1423 1 Cisco 1 Email Security Appliance 2017-07-29 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. The malicious link could be used to facilitate a cross-site scripting (XSS) or HTML injection attack. More Information: CSCuz02235. Known Affected Releases: 8.0.2-069. Known Fixed Releases: 9.1.1-038 9.7.2-047.
CVE-2016-5594 1 Oracle 1 Flexcube Universal Banking 2017-07-29 4.0 MEDIUM 5.0 MEDIUM
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality via vectors related to INFRA.
CVE-2016-5596 1 Oracle 1 Customer Relationship Management Technical Foundation 2017-07-29 4.0 MEDIUM 4.3 MEDIUM
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality via unknown vectors.
CVE-2016-5538 1 Oracle 1 Vm Virtualbox 2017-07-29 7.2 HIGH 6.7 MEDIUM
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability via vectors related to Core, a different vulnerability than CVE-2016-5501.
CVE-2016-5600 1 Oracle 1 Peoplesoft Enterprise Supply Chain Management Services Procurement 2017-07-29 5.5 MEDIUM 5.4 MEDIUM
Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
CVE-2016-5602 1 Oracle 1 Data Integrator 2017-07-29 3.5 LOW 5.7 MEDIUM
Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine.
CVE-2016-5530 1 Oracle 1 Peoplesoft Enterprise Peopletools 2017-07-29 5.8 MEDIUM 6.1 MEDIUM
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-8293.
CVE-2016-5603 1 Oracle 1 Flexcube Universal Banking 2017-07-29 4.0 MEDIUM 4.3 MEDIUM
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5621.
CVE-2016-5604 1 Oracle 1 Enterprise Manager Base Platform 2017-07-29 3.3 LOW 6.3 MEDIUM
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 12.1.0.5 allows local users to affect confidentiality and integrity via vectors related to Security Framework, a different vulnerability than CVE-2016-3563.
CVE-2016-3495 2 Mariadb, Oracle 2 Mariadb, Mysql 2017-07-29 6.8 MEDIUM 4.9 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
CVE-2016-5479 1 Oracle 1 Flexcube Universal Banking 2017-07-29 4.0 MEDIUM 4.3 MEDIUM
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 allows remote authenticated users to affect confidentiality via vectors related to INFRA.
CVE-2016-5502 1 Oracle 1 Flexcube Universal Banking 2017-07-29 5.5 MEDIUM 5.4 MEDIUM
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA.
CVE-2016-5505 1 Oracle 1 Database Server 2017-07-29 2.1 LOW 5.5 MEDIUM
Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows local users to affect confidentiality via unknown vectors.
CVE-2016-5606 1 Oracle 1 Solaris 2017-07-29 5.6 MEDIUM 6.1 MEDIUM
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Kernel Zones.
CVE-2016-5620 1 Oracle 1 Flexcube Universal Banking 2017-07-29 5.5 MEDIUM 5.4 MEDIUM
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA, a different vulnerability than CVE-2016-5619.
CVE-2016-5631 2 Mariadb, Oracle 2 Mariadb, Mysql 2017-07-29 4.0 MEDIUM 4.9 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.
CVE-2016-5621 1 Oracle 1 Flexcube Universal Banking 2017-07-29 4.0 MEDIUM 4.3 MEDIUM
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 and 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5603.
CVE-2016-5622 1 Oracle 1 Flexcube Universal Banking 2017-07-29 7.8 HIGH 6.1 MEDIUM
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote attackers to affect confidentiality and integrity via vectors related to INFRA.
CVE-2016-5628 2 Mariadb, Oracle 2 Mariadb, Mysql 2017-07-29 4.0 MEDIUM 4.9 MEDIUM
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.
CVE-2016-5529 1 Oracle 1 Peoplesoft Enterprise Peopletools 2017-07-29 5.8 MEDIUM 6.1 MEDIUM
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5530 and CVE-2016-8293.
CVE-2016-5511 1 Oracle 1 Webcenter Sites 2017-07-29 4.3 MEDIUM 4.3 MEDIUM
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors.
CVE-2016-5516 1 Oracle 1 Database Server 2017-07-29 4.7 MEDIUM 6.0 MEDIUM
Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect availability via unknown vectors.
CVE-2016-8564 1 Siemens 1 Automation License Manager 2017-07-29 6.4 MEDIUM 6.5 MEDIUM
SQL injection vulnerability in Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to execute arbitrary SQL commands via crafted traffic to TCP port 4410.
CVE-2016-3014 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2017-07-29 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Quality Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Team Concert 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational DOORS Next Generation 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17, and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11 and 5.0 before 5.0.2 iFix17 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-2479 1 Cerulean Studios 1 Trillian 2017-07-29 7.1 HIGH 5.9 MEDIUM
Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers to obtain potentially sensitive information via long CTCP PING messages that contain UTF-8 characters, which generates a malformed response that is not truncated by a newline, which can cause portions of a server message to be sent to the attacker.
CVE-2017-11327 1 Tilde Cms Project 1 Tilde Cms 2017-07-28 4.0 MEDIUM 6.5 MEDIUM
An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve sensitive data by using direct references. A low-privileged user can load PHP resources such as admin/content.php and admin/content.php?method=ftp_upload.
CVE-2017-2241 2 Apple, Hammock 2 Mac Os X, Assetview 2017-07-28 6.5 MEDIUM 6.3 MEDIUM
SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to execute arbitrary SQL commands via "File Transfer Web Service".
CVE-2017-2240 2 Apple, Hammock 2 Mac Os X, Assetview 2017-07-28 4.0 MEDIUM 6.5 MEDIUM
Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and earlier versions allows remote attackers to read arbitrary files via "File Transfer Web Service".
CVE-2017-6755 1 Cisco 1 Prime Collaboration Provisioning 2017-07-28 4.3 MEDIUM 6.1 MEDIUM
A vulnerability in the web portal of the Cisco Prime Collaboration Provisioning (PCP) Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. More Information: CSCvc90312. Known Affected Releases: 12.1.
CVE-2017-11581 1 Finecms 1 Finecms 2017-07-28 4.3 MEDIUM 6.1 MEDIUM
dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php via a payload in the username field that does not begin with a '<' character.
CVE-2017-11617 1 Atmail 1 Atmail 2017-07-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in atmail prior to version 7.8.0.2 allows remote attackers to inject arbitrary web script or HTML within the body of an email via an IMG element with both single quotes and double quotes.
CVE-2017-1287 1 Ibm 1 Rhapsody Design Manager 2017-07-28 4.9 MEDIUM 5.4 MEDIUM
IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim.
CVE-2017-1249 1 Ibm 1 Rhapsody Design Manager 2017-07-28 3.5 LOW 5.4 MEDIUM
IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2017-11586 1 Finecms 1 Finecms 2017-07-28 5.8 MEDIUM 6.1 MEDIUM
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to controllers/Weixin.php.
CVE-2017-11530 1 Imagemagick 1 Imagemagick 2017-07-28 7.1 HIGH 6.5 MEDIUM
The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-11527 1 Imagemagick 1 Imagemagick 2017-07-28 7.1 HIGH 6.5 MEDIUM
The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (memory consumption) via a crafted file.
CVE-2017-11526 1 Imagemagick 1 Imagemagick 2017-07-28 7.1 HIGH 6.5 MEDIUM
The ReadOneMNGImage function in coders/png.c in ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1 allows remote attackers to cause a denial of service (large loop and CPU consumption) via a crafted file.
CVE-2016-9373 2 Debian, Wireshark 2 Debian Linux, Wireshark 2017-07-28 4.3 MEDIUM 5.9 MEDIUM
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector could crash with a use-after-free, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dcerpc-nt.c and epan/dissectors/packet-dcerpc-spoolss.c by using the wmem file scope for private strings.
CVE-2016-9375 2 Debian, Wireshark 2 Debian Linux, Wireshark 2017-07-28 4.3 MEDIUM 5.9 MEDIUM
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could go into an infinite loop, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-dtn.c by checking whether SDNV evaluation was successful.
CVE-2016-9384 1 Xen 1 Xen 2017-07-28 2.1 LOW 6.5 MEDIUM
Xen 4.7 allows local guest OS users to obtain sensitive host information by loading a 32-bit ELF symbol table.
CVE-2016-9378 1 Xen 1 Xen 2017-07-28 2.1 LOW 5.5 MEDIUM
Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when emulating instructions that generate software interrupts, allows local HVM guest OS users to cause a denial of service (guest crash) by leveraging an incorrect choice for software interrupt delivery.
CVE-2016-9284 1 Exponentcms 1 Exponent Cms 2017-07-28 5.0 MEDIUM 5.3 MEDIUM
getUsersByJSON in framework/modules/users/controllers/usersController.php in Exponent CMS v2.4.0 allows remote attackers to read user information via users/getUsersByJSON/sort/ and a trailing string.
CVE-2016-9376 2 Debian, Wireshark 2 Debian Linux, Wireshark 2017-07-28 4.3 MEDIUM 5.9 MEDIUM
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-openflow_v5.c by ensuring that certain length values were sufficiently large.
CVE-2016-6462 1 Cisco 1 Email Security Appliance Firmware 2017-07-28 5.0 MEDIUM 5.3 MEDIUM
A vulnerability in the email filtering functionality of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenticated, remote attacker to bypass Advanced Malware Protection (AMP) filters that are configured for an affected device. This vulnerability affects all releases prior to the first fixed release of Cisco AsyncOS Software for both virtual and hardware versions of Cisco Email Security Appliances, if the AMP feature is configured to scan incoming email attachments. More Information: CSCva13456. Known Affected Releases: 10.0.0-082 10.0.0-125 9.7.1-066. Known Fixed Releases: 10.0.0-203 9.7.2-131.
CVE-2016-9374 2 Debian, Wireshark 2 Debian Linux, Wireshark 2017-07-28 4.3 MEDIUM 5.9 MEDIUM
In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector could crash with a buffer over-read, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet-alljoyn.c by ensuring that a length variable properly tracked the state of a signature variable.
CVE-2016-9818 1 Xen 1 Xen 2017-07-28 4.9 MEDIUM 6.5 MEDIUM
Xen through 4.7.x allows local ARM guest OS users to cause a denial of service (host crash) via vectors involving an asynchronous abort while at HYP.
CVE-2016-9372 1 Wireshark 1 Wireshark 2017-07-28 4.3 MEDIUM 5.9 MEDIUM
In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop excessively, triggered by network traffic or a capture file. This was addressed in plugins/profinet/packet-pn-rtc-one.c by rejecting input with too many I/O objects.
CVE-2016-2939 1 Ibm 2 Domino, Inotes 2017-07-28 4.3 MEDIUM 6.1 MEDIUM
IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
CVE-2015-8796 1 Apache 1 Solr 2017-07-28 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in webapp/web/js/scripts/schema-browser.js in the Admin UI in Apache Solr before 5.3 allows remote attackers to inject arbitrary web script or HTML via a crafted schema-browse URL.
CVE-2016-2926 1 Ibm 7 Rational Collaborative Lifecycle Management, Rational Doors Next Generation, Rational Engineering Lifecycle Manager and 4 more 2017-07-28 3.5 LOW 5.4 MEDIUM
Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Quality Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Team Concert 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational DOORS Next Generation 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Engineering Lifecycle Manager 4.x before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; Rational Rhapsody Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3; and Rational Software Architect Design Manager 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix19, and 6.0 before 6.0.2 iFix3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.