Total
1059 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-5700 | 1 F5 | 8 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 5 more | 2016-11-28 | 9.3 HIGH | 9.8 CRITICAL |
| Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the system configuration, read system files, and possibly execute arbitrary code via unspecified vectors. | |||||
| CVE-2016-5661 | 1 Accela | 1 Civic Platform Citizen Access Portal | 2016-11-28 | 6.5 MEDIUM | 8.8 HIGH |
| Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads, which allows remote authenticated users to execute arbitrary code via modified _EventArgument and filename parameters. | |||||
| CVE-2016-5650 | 1 Zmodo | 2 Zp-ibh-13w, Zp-ne-14-s | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows remote attackers to trigger association with an arbitrary access point by using a recognized SSID value. | |||||
| CVE-2016-5645 | 1 Rockwellautomation | 6 1766-l32awa, 1766-l32awaa, 1766-l32bwa and 3 more | 2016-11-28 | 7.5 HIGH | 7.3 HIGH |
| Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L32AWAA, and 1766-L32BXBA devices have a hardcoded SNMP community, which makes it easier for remote attackers to load arbitrary firmware updates by leveraging knowledge of this community. | |||||
| CVE-2016-5673 | 1 Ultravnc | 1 Repeater | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows remote attackers to obtain open-proxy functionality by using a :: substring in between the IP address and port number. | |||||
| CVE-2016-5560 | 1 Oracle | 1 Siebel Customer Order Management | 2016-11-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality and integrity via vectors related to OpenUI. | |||||
| CVE-2016-5599 | 1 Oracle | 1 Advanced Supply Chain Planning | 2016-11-28 | 6.4 MEDIUM | 9.1 CRITICAL |
| Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and integrity via vectors related to MscObieeSrvlt. | |||||
| CVE-2016-5580 | 1 Oracle | 1 Secure Global Desktop | 2016-11-28 | 5.5 MEDIUM | 9.6 CRITICAL |
| Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through Web Services. | |||||
| CVE-2016-5565 | 1 Oracle | 1 Hospitality Opera 5 Property Services | 2016-11-28 | 4.0 MEDIUM | 7.7 HIGH |
| Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated users to affect confidentiality via vectors related to OPERA. | |||||
| CVE-2016-5521 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2016-11-28 | 7.5 HIGH | 6.5 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5512. | |||||
| CVE-2016-5526 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2016-11-28 | 7.5 HIGH | 7.3 HIGH |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Apache Tomcat. | |||||
| CVE-2016-5534 | 1 Oracle | 1 Siebel User Interface Framework | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| Unspecified vulnerability in the Siebel Apps - Customer Order Management component in Oracle Siebel CRM 16.1 allows remote authenticated users to affect confidentiality via unknown vectors. | |||||
| CVE-2016-5482 | 1 Oracle | 1 Commerce Guided Search | 2016-11-28 | 5.8 MEDIUM | 8.2 HIGH |
| Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-5527 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2016-11-28 | 4.3 MEDIUM | 5.9 MEDIUM |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5524. | |||||
| CVE-2016-5533 | 1 Oracle | 1 Primavera P6 Enterprise Project Portfolio Management | 2016-11-28 | 5.5 MEDIUM | 5.4 MEDIUM |
| Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.4, 15.x, and 16.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-5492 | 1 Oracle | 1 Sun Zfs Storage Appliance Kit | 2016-11-28 | 3.6 LOW | 7.1 HIGH |
| Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality and integrity via vectors related to SMB Users. | |||||
| CVE-2016-5491 | 1 Oracle | 1 Commerce Service Center | 2016-11-28 | 5.8 MEDIUM | 8.2 HIGH |
| Unspecified vulnerability in the Oracle Commerce Service Center component in Oracle Commerce 10.0.3.5 and 10.2.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors. | |||||
| CVE-2016-5101 | 2 Microsoft, Opera | 2 Windows, Opera Mail | 2016-11-28 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message. | |||||
| CVE-2016-4551 | 1 Sap | 3 Netweaver, Sap Aba, Sap Basis | 2016-11-28 | 5.0 MEDIUM | 7.5 HIGH |
| The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP NetWeaver 2004s might allow remote attackers to spoof IP addresses written to the Security Audit Log via vectors related to the network landscape, aka SAP Security Note 2190621. | |||||
| CVE-2016-4407 | 1 Sap | 1 Sapcryptolib | 2016-11-28 | 4.0 MEDIUM | 6.5 MEDIUM |
| The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not properly check signatures, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors, aka SAP Security Note 2223008. | |||||