CVE Daily
← All years

Uncategorized 2016

Page 7/19.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2016-07-21
High

CVE-2016-3532

Unspecified vulnerability in the Oracle Advanced Inbound Telephony component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via…

CVSS: 8.2CWE: N/A
Read more
Low

CVE-2016-3531

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to PC…

CVSS: 3.5CWE: N/A
Read more
High

CVE-2016-3530

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect integrity and availability via vectors re…

CVSS: 7.1CWE: N/A
Read more
Medium

CVE-2016-3529

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a diffe…

CVSS: 5.8CWE: N/A
Read more
High

CVE-2016-3528

Unspecified vulnerability in the Oracle Internet Expenses component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect availability via ve…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2016-3527

Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 12.1 and 12.2 allows remote attackers to affect confidentiality and integrity via vectors relat…

CVSS: 9.1CWE: N/A
Read more
High

CVE-2016-3526

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via vectors related to SDK, a diffe…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2016-3525

Unspecified vulnerability in the Oracle Applications Manager component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality via vectors related to Cookie Management.

CVSS: 5.9CWE: N/A
Read more
Medium

CVE-2016-3524

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and int…

CVSS: 5.4CWE: N/A
Read more
Medium

CVE-2016-3523

Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vec…

CVSS: 4.7CWE: N/A
Read more
High

CVE-2016-3522

Unspecified vulnerability in the Oracle Web Applications Desktop Integrator component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality a…

CVSS: 8.2CWE: N/A
Read more
Medium

CVE-2016-3521

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote auth…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2016-3520

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via v…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2016-3519

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related t…

CVSS: 6.1CWE: N/A
Read more
Medium

CVE-2016-3518

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2016-3517

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to PC / Get Shortcut.

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2016-3516

Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiali…

CVSS: 3.1CWE: N/A
Read more
High

CVE-2016-3515

Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote attackers to affect confidentiality via unk…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2016-3514

Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiali…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2016-3513

Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality…

CVSS: 6.5CWE: N/A
Read more
High

CVE-2016-3512

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity vi…

CVSS: 8.2CWE: N/A
Read more
High

CVE-2016-3511

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.

CVSS: 7.7CWE: N/A
Read more
Critical

CVE-2016-3510

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availa…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2016-3509

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality and integrity via vectors…

CVSS: 5.4CWE: N/A
Read more
Medium

CVE-2016-3508

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different…

CVSS: 5.3CWE: N/A
Read more
Medium

CVE-2016-3507

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect integrity via vectors related to WebClient / Admin.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2016-3506

Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2; the Oracle Retail Xstore Point of Service 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, and 16.0; the Orac…

CVSS: 8.1CWE: N/A
Read more
Critical

CVE-2016-3504

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiali…

CVSS: 9.8CWE: N/A
Read more
High

CVE-2016-3503

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.

CVSS: 7.7CWE: N/A
Read more
Medium

CVE-2016-3502

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availab…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2016-3501

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2016-3500

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows remote attackers to affect availability via vectors related to JAXP, a different…

CVSS: 5.3CWE: N/A
Read more
Critical

CVE-2016-3499

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0 and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2016-3498

Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows remote attackers to affect availability via vectors related to JavaFX.

CVSS: 5.3CWE: N/A
Read more
Medium

CVE-2016-3497

Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via vectors related to Kernel, a different vulnerability than CVE-2016-5469 and CVE-2016-5471.

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2016-3496

Unspecified vulnerability in the Enterprise Manager for Fusion Middleware component in Oracle Enterprise Manager Grid Control 11.1.1.7, and 11.1.1.9 allows remote attackers to affect confidentiality…

CVSS: 4.7CWE: N/A
Read more
Medium

CVE-2016-3494

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2 allows remote attackers to affect availability via vector…

CVSS: 6.5CWE: N/A
Read more
Critical

CVE-2016-3493

Unspecified vulnerability in the Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related…

CVSS: 9.8CWE: N/A
Read more
High

CVE-2016-3491

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wir…

CVSS: 8.2CWE: N/A
Read more
Low

CVE-2016-3490

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.4.0, and 6.4.1 allows remot…

CVSS: 3.0CWE: N/A
Read more
Medium

CVE-2016-3489

Unspecified vulnerability in the Data Pump Import component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via un…

CVSS: 6.7CWE: N/A
Read more
Medium

CVE-2016-3488

Unspecified vulnerability in the DB Sharding component in Oracle Database Server 12.1.0.2 allows local users to affect integrity via unknown vectors.

CVSS: 4.4CWE: N/A
Read more
High

CVE-2016-3487

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via…

CVSS: 8.1CWE: N/A
Read more
Medium

CVE-2016-3486

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.

CVSS: 6.5CWE: N/A
Read more
Low

CVE-2016-3485

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; Java SE Embedded 8u91; and JRockit R28.3.10 allows local users to affect integrity via vectors related to Networking.

CVSS: 2.9CWE: N/A
Read more
Low

CVE-2016-3484

Unspecified vulnerability in the Database Vault component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality and integrity via unknown vectors.

CVSS: 3.4CWE: N/A
Read more
High

CVE-2016-3483

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and availability via…

CVSS: 7.2CWE: N/A
Read more
Low

CVE-2016-3482

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module.

CVSS: 3.7CWE: N/A
Read more
High

CVE-2016-3481

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect availability via vectors related to Web.

CVSS: 7.7CWE: N/A
Read more
Medium

CVE-2016-3480

Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect confidentiality via vectors related to HA for Postgresql.

CVSS: 4.4CWE: N/A
Read more
High

CVE-2016-3479

Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2016-3478

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vec…

CVSS: 6.1CWE: N/A
Read more
High

CVE-2016-3477

Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows local users…

CVSS: 8.1CWE: N/A
Read more
Medium

CVE-2016-3476

Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Conso…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2016-3475

Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote authenticated users to affect confidentiality via vectors related to Information Manager Console.

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2016-3474

Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality v…

CVSS: 3.7CWE: N/A
Read more
Medium

CVE-2016-3472

Unspecified vulnerability in the Siebel Engineering - Installer and Deployment component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect conf…

CVSS: 5.7CWE: N/A
Read more
High

CVE-2016-3471

Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and 5.6.26 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Option.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2016-3470

Unspecified vulnerability in the Oracle Transportation Management component in Oracle Supply Chain Products Suite 6.4.1 allows remote authenticated users to affect confidentiality and integrity via v…

CVSS: 7.1CWE: N/A
Read more
Low

CVE-2016-3469

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows local users to affect confidentiality via vectors relate…

CVSS: 3.3CWE: N/A
Read more
Critical

CVE-2016-3468

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integr…

CVSS: 9.8CWE: N/A
Read more
Medium

CVE-2016-3467

Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors.

CVSS: 5.8CWE: N/A
Read more
Medium

CVE-2016-3459

Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier and MariaDB 10.0.x before 10.0.25 and 10.1.x before 10.1.14 allows remote administrators to affect availability via…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2016-3458

Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; and Java SE Embedded 8u91 allows remote attackers to affect integrity via vectors related to CORBA.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2016-3453

Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to Kernel.

CVSS: 5.5CWE: N/A
Read more
Low

CVE-2016-3452

Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote atta…

CVSS: 3.7CWE: N/A
Read more
Medium

CVE-2016-3451

Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web.

CVSS: 4.7CWE: N/A
Read more
Low

CVE-2016-3450

Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect confidentiality via vectors r…

CVSS: 3.7CWE: N/A
Read more
Medium

CVE-2016-3448

Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors.

CVSS: 6.1CWE: N/A
Read more
High

CVE-2016-3446

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality, int…

CVSS: 8.3CWE: N/A
Read more
Medium

CVE-2016-3445

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container…

CVSS: 5.3CWE: N/A
Read more
Critical

CVE-2016-3444

Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote attackers to affect confidentiality, integr…

CVSS: 9.8CWE: N/A
Read more
High

CVE-2016-3440

Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.

CVSS: 7.7CWE: N/A
Read more
Medium

CVE-2016-3433

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidenti…

CVSS: 5.4CWE: N/A
Read more
Medium

CVE-2016-3432

Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote authenticated users to affect confidentiality and…

CVSS: 5.4CWE: N/A
Read more
Medium

CVE-2016-3424

Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer.

CVSS: 4.9CWE: N/A
Read more
High

CVE-2016-0635

Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component…

CVSS: 8.8CWE: N/A
Read more
2016-07-19
Medium

CVE-2016-5655

Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive information via a crafted certificate.

CVSS: 5.9CWE: N/A
Read more
High

CVE-2016-5654

Misys FusionCapital Opics Plus allows remote authenticated users to gain privileges via a man-in-the-middle attack that modifies the xmlMessageOut parameter.

CVSS: 7.5CWE: CWE-264
Read more
Critical

CVE-2016-5080

Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C++ before 7.0.2 allows context-dependent attackers to execute arbitrary code or cause a denial of se…

CVSS: 9.8CWE: N/A
Read more
High

CVE-2016-5387

The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, wh…

CVSS: 8.1CWE: N/A
Read more
2016-07-17
High

CVE-2016-3039

IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated users to read arbitrary files or cause a denial of service (memory consumption) via XML data containing an external entity declara…

CVSS: 8.1CWE: N/A
Read more
Medium

CVE-2016-1459

Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSC…

CVSS: 5.3CWE: CWE-399
Read more
2016-07-15
High

CVE-2016-0330

IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.1 before 7.0.1-ISS-SIM-FP0003 mishandles password creation, which makes it easier for remote attackers to obtain access by…

CVSS: 7.3CWE: CWE-255
Read more
High

CVE-2016-5790

Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to bypass authentication and restart the software via unspecified vectors.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2016-4529

An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors,…

CVSS: 7.3CWE: N/A
Read more
Critical

CVE-2016-4520

Schneider Electric Pelco Digital Sentry Video Management System with firmware before 7.14 has hardcoded credentials, which allows remote attackers to obtain access, and consequently execute arbitrary…

CVSS: 9.8CWE: N/A
Read more
High

CVE-2016-1456

The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721.

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-1426

Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote attackers to cause a denial of service (timer consumption and Route Processor reload) via crafted SSH traffic, aka Bug ID CSCux76819.

CVSS: 7.5CWE: CWE-399
Read more
2016-07-13
High

CVE-2016-5821

Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-4255

Use-after-free vulnerability in Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on…

CVSS: 8.8CWE: N/A
Read more
High

CVE-2016-4216

XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, rela…

CVSS: 7.5CWE: N/A
Read more
Critical

CVE-2016-4215

Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attacker…

CVSS: 9.8CWE: CWE-254
Read more
Medium

CVE-2016-3287

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative acc…

CVSS: 4.4CWE: CWE-254
Read more
High

CVE-2016-3286

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.3CWE: CWE-264
Read more
Medium

CVE-2016-3279

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2…

CVSS: 5.5CWE: CWE-254
Read more
Medium

CVE-2016-3258

Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanis…

CVSS: 4.7CWE: CWE-264
Read more
High

CVE-2016-3254

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3252

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.3CWE: CWE-264
Read more
High

CVE-2016-3250

The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

CVSS: 7.3CWE: CWE-264
Read more
High

CVE-2016-3249

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a…

CVSS: 7.3CWE: CWE-264
Read more
High

CVE-2016-3239

The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3238

The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511…

CVSS: 8.1CWE: CWE-254
Read more
2016-07-12
High

CVE-2016-6174

applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.…

CVSS: 8.1CWE: N/A
Read more
High

CVE-2016-5774

The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use o…

CVSS: 8.1CWE: CWE-310
Read more
High

CVE-2016-4831

Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory.

CVSS: 7.8CWE: N/A
Read more
Medium

CVE-2016-2206

The management console in Symantec Workspace Streaming (SWS) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.6 HF5 and Symantec Workspace Virtualization (SWV) 7.5.x before 7.5 SP1 HF9 and 7.6.0 before 7.…

CVSS: 5.7CWE: CWE-264
Read more
Medium

CVE-2016-1445

Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 allows remote attackers to bypass intended ICMP Echo Reply ACLs via vectors related to subtypes.

CVSS: 5.3CWE: N/A
Read more
2016-07-11
High

CVE-2016-3811

The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556.

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3808

The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009.

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3807

The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196.

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3806

The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3805

The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3804

The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3803

The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434.

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3802

The kernel filesystem implementation in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28271368.

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3801

The MediaTek GPS driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174914 and MediaTek internal bug…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3800

The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175027 and MediaTek internal bu…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3799

The MediaTek video driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28175025 and MediaTek internal bu…

CVSS: 7.8CWE: CWE-264
Read more
High

CVE-2016-3798

The MediaTek hardware sensor driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28174490 and MediaTek i…

CVSS: 7.8CWE: CWE-264
Read more
>