Total
1465 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5526 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2016-11-28 | 7.5 HIGH | 7.3 HIGH |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Apache Tomcat. | |||||
| CVE-2016-5527 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5524. | |||||
| CVE-2016-5492 | 1 Oracle | 1 Sun Zfs Storage Appliance Kit | 2016-11-28 | 3.6 LOW | 7.1 HIGH |
| Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality and integrity via vectors related to SMB Users. | |||||
| CVE-2016-5491 | 1 Oracle | 1 Commerce Service Center | 2016-11-28 | 5.8 MEDIUM | 8.2 HIGH |
| Unspecified vulnerability in the Oracle Commerce Service Center component in Oracle Commerce 10.0.3.5 and 10.2.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-5534 | 1 Oracle | 1 Siebel User Interface Framework | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Siebel Apps - Customer Order Management component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2016-5101 | 2 Microsoft, Opera | 2 Windows, Opera Mail | 2016-11-28 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message. | |||||
| CVE-2016-4551 | 1 Sap | 3 Netweaver, Sap Aba, Sap Basis | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. | |||||
| CVE-2016-4373 | 1 Hp | 1 Operations Manager | 2016-11-28 | 7.5 HIGH | 9.8 CRITICAL |
| The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, Unix, and Solaris allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library. | |||||
| CVE-2016-4407 | 1 Sap | 1 Sapcryptolib | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | |||||
| CVE-2016-3925 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to cause a denial of service (blocked Wi-Fi usage) via a crafted application, aka internal bug 30230534. | |||||
| CVE-2016-4064 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2016-11-28 | 6.8 MEDIUM | 7.8 HIGH |
| Use-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call. | |||||
| CVE-2016-3882 | 1 Google | 1 Android | 2016-11-28 | 6.1 MEDIUM | 6.5 MEDIUM |
| Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows remote attackers to cause a denial of service (reboot) via an access point that provides a crafted (1) Venue Group or (2) Venue Type value, aka internal bug 29464811. | |||||
| CVE-2016-3923 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| The Accessibility services in Android 7.0 before 2016-10-01 mishandle motion events, which allows attackers to conduct touchjacking attacks and consequently gain privileges via a crafted application, aka internal bug 30647115. | |||||
| CVE-2016-3839 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth process, aka internal bug 28885210. | |||||
| CVE-2016-3838 | 1 Google | 1 Android | 2016-11-28 | 4.3 MEDIUM | 5.5 MEDIUM |
| Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672. | |||||
| CVE-2016-3635 | 1 Sap | 1 Netweaver | 2016-11-28 | 6.0 MEDIUM | 7.5 HIGH |
| SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | |||||
| CVE-2016-3060 | 1 Ibm | 1 Financial Transaction Manager | 2016-11-28 | 3.5 LOW | 5.7 MEDIUM |
| Payments Director in IBM Financial Transaction Manager (FTM) for ACH Services, Check Services, and Corporate Payment Services (CPS) 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to conduct clickjacking attacks via a crafted web site. | |||||
| CVE-2016-2048 | 1 Djangoproject | 1 Django | 2016-11-28 | 6.0 MEDIUM | 5.5 MEDIUM |
| Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option when editing objects and leveraging the "change" permission. | |||||
| CVE-2016-1200 | 1 Lockon | 1 Ec-cube | 2016-11-28 | 6.5 MEDIUM | 6.3 MEDIUM |
| The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2016-1199. | |||||
| CVE-2016-1237 | 1 Linux | 1 Linux Kernel | 2016-11-28 | 4.9 MEDIUM | 5.5 MEDIUM |
| nfsd in the Linux kernel through 4.6.3 allows local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c. | |||||