CVE Daily
← All years

Uncategorized 2016

Page 2/19.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2016-11-25
High

CVE-2016-6731

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th…

CVSS: 7.3CWE: CWE-264
Read more
High

CVE-2016-6730

An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th…

CVSS: 7.3CWE: CWE-264
Read more
High

CVE-2016-6729

An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel.…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-6728

An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel.…

CVSS: 7.8CWE: CWE-264
Read more
Medium

CVE-2016-6719

An elevation of privilege vulnerability in the Bluetooth component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a…

CVSS: 5.5CWE: CWE-275
Read more
High

CVE-2016-6717

An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malic…

CVSS: 7.0CWE: CWE-264
Read more
Medium

CVE-2016-6715

An elevation of privilege vulnerability in the Framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could allow a local…

CVSS: 5.5CWE: CWE-275
Read more
Medium

CVE-2016-6708

An elevation of privilege in the System UI in Android 7.0 before 2016-11-01 could enable a local malicious user to bypass the security prompt of your work profile in Multi-Window mode. This issue is…

CVSS: 5.5CWE: CWE-254
Read more
High

CVE-2016-6707

An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the con…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-6705

An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application t…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-6704

An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malic…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-6700

An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code with…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3904

An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel.…

CVSS: 7.8CWE: CWE-264
Read more
Low

CVE-2016-5992

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to cause a denial of service via unspecified vectors.

CVSS: 2.5CWE: N/A
Read more
Medium

CVE-2016-5991

IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 on Windows allows local users to gain privileges via unspecified vectors.

CVSS: 4.5CWE: CWE-264
Read more
Critical

CVE-2016-5788

General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote attackers to obtain privileged access via…

CVSS: 10.0CWE: CWE-254
Read more
High

CVE-2016-3025

IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and Security Access Manager 9.x before 9.0.1.0 IF5 do not properly restrict failed login attempts, which makes it easier for remote attac…

CVSS: 8.1CWE: CWE-254
Read more
High

CVE-2016-2988

IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated…

CVSS: 8.5CWE: CWE-264
Read more
High

CVE-2016-2985

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via craf…

CVSS: 7.0CWE: CWE-264
Read more
High

CVE-2016-2984

IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and General Parallel File System (GPFS) 3.5.x before 3.5.0.32 and 4.1.x before 4.1.1.8 allow local users to gain privileges via craf…

CVSS: 7.0CWE: CWE-264
Read more
2016-11-22
High

CVE-2015-8978

In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with th…

CVSS: 7.5CWE: CWE-399
Read more
2016-11-19
High

CVE-2016-9151

Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted v…

CVSS: 7.8CWE: CWE-264
Read more
Medium

CVE-2016-9149

The Addresses Object parser in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 mishandles single qu…

CVSS: 6.5CWE: CWE-19
Read more
High

CVE-2016-6466

A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 Series routers could allow an unauthenticated, remote attacker to terminate all active IPsec VPN tunnels and prevent new tunnels fr…

CVSS: 7.5CWE: CWE-399
Read more
High

CVE-2016-6460

A vulnerability in the FTP Representational State Transfer Application Programming Interface (REST API) for Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass F…

CVSS: 7.5CWE: CWE-254
Read more
2016-11-18
High

CVE-2016-8562

A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Under special conditions it was possible to write SNMP variables on p…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2016-8561

A vulnerability has been identified in SIMATIC CP 1543-1 (All versions < V2.0.28), SIPLUS NET CP 1543-1 (All versions < V2.0.28). Users with elevated privileges to TIA-Portal and project data on the…

CVSS: 6.6CWE: CWE-264
Read more
2016-11-17
Medium

CVE-2016-9376

In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector could crash with memory exhaustion, triggered by network traffic or a capture file. This was addressed in epan/dissectors/packet…

CVSS: 5.9CWE: CWE-399
Read more
2016-11-15
Medium

CVE-2016-7165

A vulnerability has been identified in Primary Setup Tool (PST) (All versions < V4.2 HF1), SIMATIC IT Production Suite (All versions < V7.0 SP1 HFX 2), SIMATIC NET PC-Software (All versions < V14), S…

CVSS: 6.4CWE: CWE-254
Read more
Critical

CVE-2016-5763

Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 10992, OES2015 before Scheduled Maintenance Update 10990, OES11 SP3 before Scheduled Maintenance Update…

CVSS: 9.1CWE: CWE-254
Read more
2016-11-10
Critical

CVE-2016-7489

Teradata Virtual Machine Community Edition v15.10's perl script /opt/teradata/gsctools/bin/t2a.pl creates files in /tmp in an insecure manner, this may lead to elevated code execution.

CVSS: 9.8CWE: CWE-264
Read more
High

CVE-2016-7488

Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root.

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-7256

atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2016-7255

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 160…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2016-7254

Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS E…

CVSS: 8.8CWE: CWE-264
Read more
High

CVE-2016-7253

The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 SP2, and 2016 does not properly check the atxcore.dll ACL, which allows remote authenticated users to gain privileges via unspecif…

CVSS: 8.8CWE: CWE-264
Read more
High

CVE-2016-7250

Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL…

CVSS: 8.8CWE: CWE-264
Read more
High

CVE-2016-7249

Microsoft SQL Server 2016 does not properly perform a cast of an unspecified pointer, which allows remote authenticated users to gain privileges via unknown vectors, aka "SQL RDBMS Engine Elevation o…

CVSS: 8.8CWE: CWE-264
Read more
High

CVE-2016-7246

The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-7238

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-7222

Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to gain privileges via a crafted UNC pathname in a task, aka "Task Scheduler Elevation of Privil…

CVSS: 7.8CWE: CWE-254
Read more
High

CVE-2016-7221

Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-7215

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 160…

CVSS: 7.8CWE: CWE-264
Read more
2016-11-08
High

CVE-2016-8811

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-8810

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-8808

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-8807

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-8806

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-8805

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-7391

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-7390

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-7389

For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver on Linux R304 before 304.132, R340 before 340.98, R367 before 367.55, R361_93 before 361.93.03, and R370 before 370.…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-7388

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-7387

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-7385

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-7384

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where un…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-7383

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in a memory mapping API in the kernel mode layer…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-7382

For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU Display Driver contains a vulnerability in the kernel mode layer (nvlddmkm.sys for Windows or nvidia.ko for Linux) handler where a…

CVSS: 7.8CWE: CWE-275
Read more
High

CVE-2016-7381

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-5852

For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successf…

CVSS: 7.8CWE: N/A
Read more
High

CVE-2016-3161

For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service path vulnerabilities are examples of the unquoted service path vulnerability in Windows. A successf…

CVSS: 7.8CWE: N/A
Read more
2016-11-07
Medium

CVE-2016-9111

Incorrect access control mechanisms in Citrix Receiver Desktop Lock 4.5 allow an attacker to bypass the authentication requirement by leveraging physical access to a VDI for temporary disconnection o…

CVSS: 6.8CWE: CWE-254
Read more
2016-11-04
Medium

CVE-2016-8578

The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process cr…

CVSS: 6.0CWE: N/A
Read more
2016-11-03
High

CVE-2016-6455

A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series routers with Data Processing Card 2 (DPC2) could allow an unauthenticated, remote attacker to cause a subset of the subscriber sess…

CVSS: 7.5CWE: CWE-399
Read more
High

CVE-2016-6430

A vulnerability in the command-line interface of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an authenticated, local attacker to elevate the privilege level associated…

CVSS: 7.8CWE: CWE-264
Read more
Critical

CVE-2016-7402

SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own SourceDB and TargetDB databases to elevate privileges to sa (system administrator) via dbcc import_sproc SQL injection.

CVSS: 9.8CWE: CWE-264
Read more
Medium

CVE-2016-4025

Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier v11.x.x, Free Antivirus v11.x.x, Business Security v11.x.x, Endpoint Protection v8.x.x, Endpoint Protection Plus v8.x.x, Endpoint Prote…

CVSS: 5.5CWE: CWE-254
Read more
2016-10-31
High

CVE-2016-8856

Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux 2.1.0.0805 and earlier suffered from a vulnerability where weak file permissions could be exploited by attackers to execute arbi…

CVSS: 7.8CWE: CWE-275
Read more
High

CVE-2016-7991

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and…

CVSS: 7.5CWE: CWE-388
Read more
High

CVE-2016-7989

On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the…

CVSS: 7.5CWE: CWE-254
Read more
High

CVE-2016-7988

On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configur…

CVSS: 7.5CWE: CWE-275
Read more
2016-10-28
Medium

CVE-2016-4394

HPE System Management Homepage before v7.6 allows remote attackers to obtain sensitive information via unspecified vectors, related to an "HSTS" issue.

CVSS: 6.5CWE: CWE-254
Read more
High

CVE-2016-8331

An exploitable remote code execution vulnerability exists in the handling of TIFF images in LibTIFF version 4.0.6. A crafted TIFF document can lead to a type confusion vulnerability resulting in remo…

CVSS: 8.1CWE: N/A
Read more
High

CVE-2016-9028

Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 135.8, 10.5 61.11, 11.0 65.31/65.35F and 11.1 47.14 allows a remote attacker to steal session cookies of a legitimate AAA user…

CVSS: 8.8CWE: CWE-254
Read more
High

CVE-2016-8867

Docker Engine 1.12.2 enabled ambient capabilities with misconfigured capability policies. This allowed malicious images to bypass user permissions to access files within the container filesystem or m…

CVSS: 7.5CWE: CWE-264
Read more
High

CVE-2016-8600

In dotCMS 3.2.1, attacker can load captcha once, fill it with correct value and then this correct value is ok for forms with captcha check later.

CVSS: 7.5CWE: CWE-254
Read more
High

CVE-2016-6357

A vulnerability in the configured security policies, including drop email filtering, in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypas…

CVSS: 7.5CWE: CWE-388
Read more
High

CVE-2016-1486

A vulnerability in the email attachment scanning functionality of the Advanced Malware Protection (AMP) feature of Cisco AsyncOS Software for Cisco Email Security Appliances could allow an unauthenti…

CVSS: 7.5CWE: CWE-19
Read more
High

CVE-2016-1480

A vulnerability in the Multipurpose Internet Mail Extensions (MIME) scanner of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) and Web Security Appliances (WSA) could allow an unauth…

CVSS: 7.5CWE: CWE-388
Read more
2016-10-27
High

CVE-2016-6439

A vulnerability in the detection engine reassembly of HTTP packets for Cisco Firepower System Software before 6.0.1 could allow an unauthenticated, remote attacker to cause a denial of service (DoS)…

CVSS: 7.5CWE: CWE-399
Read more
Medium

CVE-2016-6438

A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause a configuration integrity change to the vty line c…

CVSS: 5.9CWE: CWE-264
Read more
Medium

CVE-2016-6437

A vulnerability in the SSL session cache management of Cisco Wide Area Application Services (WAAS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to…

CVSS: 5.9CWE: CWE-399
Read more
2016-10-26
High

CVE-2016-8503

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 16.7 to 16.9 could be used by remote attacker for brute-forcing passwords from important web-resource with special Java…

CVSS: 7.3CWE: CWE-254
Read more
High

CVE-2016-8502

Yandex Protect Anti-phishing warning in Yandex Browser for desktop from version 15.12.0 to 16.2 could be used by remote attacker for brute-forcing passwords from important web-resource with special J…

CVSS: 7.3CWE: CWE-254
Read more
Medium

CVE-2016-8501

Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 allows remote attacker to sniff traffic in open or WEP-protected wi-fi networks despite of special security mechanism is enabled.

CVSS: 5.3CWE: CWE-264
Read more
2016-10-25
Medium

CVE-2016-8290

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-…

CVSS: 4.4CWE: N/A
Read more
Medium

CVE-2016-8289

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB.

CVSS: 4.7CWE: CWE-264
Read more
Medium

CVE-2016-8287

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication.

CVSS: 4.5CWE: N/A
Read more
Low

CVE-2016-8284

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.

CVSS: 1.8CWE: N/A
Read more
Medium

CVE-2016-8283

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2016-5635

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Audit.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2016-5634

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to RBR.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2016-5633

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2016-5632

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2016-5631

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2016-5630

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2016-5629

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Federated.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2016-5628

Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: DML.

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2016-5627

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to Server: InnoDB.

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2016-5626

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to GIS.

CVSS: 6.5CWE: N/A
Read more
High

CVE-2016-5625

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging.

CVSS: 7.0CWE: N/A
Read more
Medium

CVE-2016-5624

Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2016-5612

Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2016-5609

Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote authenticated users to affect availability via vectors related to DML.

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2016-5584

Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security…

CVSS: 4.4CWE: N/A
Read more
Medium

CVE-2016-5583

Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect integrity via unk…

CVSS: 5.3CWE: N/A
Read more
High

CVE-2016-5573

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotsp…

CVSS: 8.3CWE: CWE-264
Read more
Medium

CVE-2016-5572

Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors.

CVSS: 6.4CWE: CWE-264
Read more
Medium

CVE-2016-5567

Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 and 12.2.3 through 12.2.6 allows remote administrators to affect confidentiality and integrity via…

CVSS: 6.5CWE: N/A
Read more
High

CVE-2016-5564

Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated us…

CVSS: 7.4CWE: N/A
Read more
High

CVE-2016-5563

Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote administrators t…

CVSS: 7.9CWE: N/A
Read more
Low

CVE-2016-5561

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability via vectors related to IKE.

CVSS: 3.1CWE: N/A
Read more
Medium

CVE-2016-5559

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity via vectors related to Kernel.

CVSS: 4.1CWE: N/A
Read more
High

CVE-2016-5558

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and ava…

CVSS: 8.6CWE: N/A
Read more
Critical

CVE-2016-5555

Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality, integrity, and availability via unknown vectors.

CVSS: 9.1CWE: N/A
Read more
Medium

CVE-2016-5554

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to JMX.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2016-5553

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2016-5544

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2016-5543

Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component in Oracle Financial Services Applications 12.0.0 and 12.1.0 allows remote attackers to affect co…

CVSS: 6.1CWE: N/A
Read more
Low

CVE-2016-5542

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect integrity via vectors related to Libraries.

CVSS: 3.1CWE: N/A
Read more
>