Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0676 | 1 Oracle | 1 Solaris | 2016-12-03 | 4.0 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel. | |||||
| CVE-2016-0680 | 1 Oracle | 1 Peoplesoft Supply Chain Management Eprocurement | 2016-12-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise SCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Services Procurement. | |||||
| CVE-2016-0673 | 1 Oracle | 1 Siebel Ui Framework | 2016-12-03 | 4.9 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to UIF Open UI. | |||||
| CVE-2016-0674 | 1 Oracle | 1 Siebel Core-common Components | 2016-12-03 | 3.2 LOW | 4.4 MEDIUM |
| Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality and integrity via vectors related to Email. | |||||
| CVE-2016-0677 | 1 Oracle | 1 Database | 2016-12-03 | 5.0 MEDIUM | 5.9 MEDIUM |
| Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.1 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. | |||||
| CVE-2016-0698 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-12-03 | 4.3 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Rich Text Editor, a different vulnerability than CVE-2016-3423. | |||||
| CVE-2016-0697 | 1 Oracle | 1 Application Object Library | 2016-12-03 | 3.6 LOW | 6.0 MEDIUM |
| Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows local users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-0669 | 1 Oracle | 1 Solaris | 2016-12-03 | 5.2 MEDIUM | 6.0 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Fwflash. | |||||
| CVE-2016-0672 | 1 Oracle | 1 Flexcube Direct Banking | 2016-12-03 | 5.0 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to Pre-Login. | |||||
| CVE-2016-0667 | 1 Oracle | 1 Mysql | 2016-12-03 | 2.8 LOW | 4.4 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking. | |||||
| CVE-2016-0678 | 1 Oracle | 1 Vm Virtualbox | 2016-12-03 | 4.1 MEDIUM | 6.7 MEDIUM |
| Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core. | |||||
| CVE-2016-0683 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-12-03 | 4.0 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Search Framework. | |||||
| CVE-2016-0685 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-12-03 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to File Processing. | |||||
| CVE-2016-0684 | 1 Oracle | 1 Micros Arspos | 2016-12-03 | 6.8 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle Retail MICROS ARS POS component in Oracle Retail Applications 1.5 allows remote authenticated users to affect confidentiality via vectors related to POS. | |||||
| CVE-2016-0211 | 1 Ibm | 2 Db2, Db2 Connect | 2016-12-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service (daemon crash) via a crafted DRDA message. | |||||
| CVE-2016-0659 | 1 Oracle | 1 Mysql | 2016-12-03 | 3.5 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Optimizer. | |||||
| CVE-2016-0657 | 1 Oracle | 1 Mysql | 2016-12-03 | 3.5 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect confidentiality via vectors related to JSON. | |||||
| CVE-2016-0283 | 1 Ibm | 1 Websphere Application Server | 2016-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) client web application in IBM WebSphere Application Server (WAS) Liberty Profile 8.5.5 before 8.5.5.9 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0658 | 1 Oracle | 1 Mysql | 2016-12-03 | 3.5 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Optimizer. | |||||
| CVE-2016-0227 | 1 Ibm | 1 Business Process Manager | 2016-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the document-list control implementation in IBM Business Process Manager (BPM) 8.0 through 8.0.1.3, 8.5.0 through 8.5.0.2, and 8.5.5 and 8.5.6 through 8.5.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2016-0623 | 1 Oracle | 1 Solaris | 2016-12-03 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer sub-component. | |||||
| CVE-2016-0653 | 1 Oracle | 1 Mysql | 2016-12-03 | 3.5 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to FTS. | |||||
| CVE-2016-0654 | 1 Oracle | 1 Mysql | 2016-12-03 | 3.5 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0656. | |||||
| CVE-2016-0469 | 1 Oracle | 1 Micros C2 | 2016-12-03 | 4.6 MEDIUM | 5.5 MEDIUM |
| Unspecified vulnerability in the Oracle Retail MICROS C2 component in Oracle Retail Applications 9.89.0.0 allows local users to affect confidentiality via vectors related to POS. | |||||
| CVE-2016-0652 | 1 Oracle | 1 Mysql | 2016-12-03 | 3.5 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML. | |||||
| CVE-2016-0656 | 1 Oracle | 1 Mysql | 2016-12-03 | 3.5 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0654. | |||||
| CVE-2016-0408 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2016-12-03 | 4.3 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 through 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to the Activity Guide sub-component. | |||||
| CVE-2016-0663 | 1 Oracle | 1 Mysql | 2016-12-03 | 3.5 LOW | 4.7 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema. | |||||
| CVE-2016-0662 | 1 Oracle | 1 Mysql | 2016-12-03 | 3.5 LOW | 5.5 MEDIUM |
| Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Partition. | |||||
| CVE-2016-0479 | 1 Oracle | 1 Business Intelligence | 2016-12-03 | 5.8 MEDIUM | 6.1 MEDIUM |
| Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality and integrity via vectors related to Analytics Scorecard. | |||||
| CVE-2016-0468 | 1 Oracle | 1 Business Intelligence | 2016-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web General. | |||||
| CVE-2016-0407 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Human Resources | 2016-12-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Fusion HR Talent Integration. | |||||
| CVE-2015-8791 | 1 Matroska | 1 Libebml | 2016-12-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 allows context-dependent attackers to obtain sensitive information from process heap memory via a crafted length value in an EBML id, which triggers an invalid memory access. | |||||
| CVE-2015-8816 | 2 Linux, Novell | 9 Linux Kernel, Suse Linux Enterprise Debuginfo, Suse Linux Enterprise Desktop and 6 more | 2016-12-03 | 7.2 HIGH | 6.8 MEDIUM |
| The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device. | |||||
| CVE-2015-7560 | 1 Samba | 1 Samba | 2016-12-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, 4.2.x before 4.2.9, 4.3.x before 4.3.6, and 4.4.x before 4.4.0rc4 allows remote authenticated users to modify arbitrary ACLs by using a UNIX SMB1 call to create a symlink, and then using a non-UNIX SMB1 call to write to the ACL content. | |||||
| CVE-2015-8524 | 1 Ibm | 1 Business Process Manager | 2016-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Process Portal in IBM Business Process Manager 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | |||||
| CVE-2015-7454 | 1 Ibm | 2 Business Process Manager, Websphere Process Server | 2016-12-03 | 4.0 MEDIUM | 4.3 MEDIUM |
| Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 and Business Process Manager Advanced 7.5.x through 7.5.1.2, 8.0.x through 8.0.1.3, 8.5.0.x through 8.5.0.2, 8.5.5.x through 8.5.5.0, and 8.5.6.x through 8.5.6.2 allows remote authenticated users to bypass intended access restrictions and create an arbitrary page or space via unspecified vectors. | |||||
| CVE-2015-5370 | 2 Canonical, Samba | 2 Ubuntu Linux, Samba | 2016-12-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not properly implement the DCE-RPC layer, which allows remote attackers to perform protocol-downgrade attacks, cause a denial of service (application crash or CPU consumption), or possibly execute arbitrary code on a client system via unspecified vectors. | |||||
| CVE-2015-2344 | 2 Linux, Vmware | 2 Linux Kernel, Vrealize Automation | 2016-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in VMware vRealize Automation 6.x before 6.2.4 on Linux allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2014-9759 | 1 Mantisbt | 1 Mantisbt | 2016-12-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| Incomplete blacklist vulnerability in the config_is_private function in config_api.php in MantisBT 1.3.x before 1.3.0 allows remote attackers to obtain sensitive master salt configuration information via a SOAP API request. | |||||
| CVE-2013-7447 | 2 Canonical, Gtk | 2 Ubuntu Linux, Gtk\\\+ | 2016-12-03 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image file, which triggers a large memory allocation. | |||||
| CVE-2016-8501 | 1 Yandex | 1 Yandex Browser | 2016-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled. | |||||
| CVE-2016-8504 | 1 Yandex | 1 Yandex Browser | 2016-12-02 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF of synchronization form in Yandex Browser for desktop before version 16.6 could be used by remote attacker to steal saved data in browser profile. | |||||
| CVE-2016-8506 | 1 Yandex | 1 Yandex Browser | 2016-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code. | |||||
| CVE-2016-8505 | 1 Yandex | 1 Yandex.browser | 2016-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. could be used by remote attacker for evaluation arbitrary javascript code. | |||||
| CVE-2016-8279 | 1 Huawei | 7 Honor6, Honor6 Firmware, Honor6 Plus and 4 more | 2016-12-02 | 7.1 HIGH | 5.5 MEDIUM |
| The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application. | |||||
| CVE-2016-8100 | 1 Intel | 1 Integrated Performance Primitives | 2016-12-02 | 2.1 LOW | 5.5 MEDIUM |
| Intel Integrated Performance Primitives (aka IPP) Cryptography before 9.0.4 makes it easier for local users to discover RSA private keys via a side-channel attack. | |||||
| CVE-2016-7917 | 1 Linux | 1 Linux Kernel | 2016-12-02 | 4.3 MEDIUM | 5.0 MEDIUM |
| The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel before 4.5 does not check whether a batch message's length field is large enough, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability. | |||||
| CVE-2016-4567 | 2 Mediaelementjs, Wordpress | 2 Mediaelement.js, Wordpress | 2016-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn." | |||||
| CVE-2016-4566 | 2 Plupload, Wordpress | 2 Plupload, Wordpress | 2016-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack. | |||||