Skip to main content
CVE-2016-3427 CRITICAL KEV PATCH THREAT Act Now

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 94.0%.

Java Oracle Authentication Bypass
NVD VulDB
CVSS 3.1
9.8
EPSS
94.0%
Threat
6.3
CVE-2016-2004 CRITICAL POC THREAT Emergency

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allow remote attackers to execute arbitrary code via unspecified vectors related to lack of authentication. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 92.7%.

RCE Authentication Bypass Data Protector
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
92.7%
Threat
6.2
CVE-2016-0638 CRITICAL PATCH Act Now

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 70.9%.

Information Disclosure Java Oracle Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
70.9%
Threat
4.1
CVE-2016-2007 CRITICAL Emergency

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3354. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 47.2% and no vendor patch available.

RCE Data Protector
NVD
CVSS 3.0
9.8
EPSS
47.2%
CVE-2016-2006 CRITICAL Emergency

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3353. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 47.2% and no vendor patch available.

RCE Data Protector
NVD
CVSS 3.0
9.8
EPSS
47.2%
CVE-2016-2005 CRITICAL Emergency

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors, aka ZDI-CAN-3352. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 47.2% and no vendor patch available.

RCE Data Protector
NVD
CVSS 3.0
9.8
EPSS
47.2%
CVE-2016-0639 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.3%.

Information Disclosure Oracle Enterprise Linux MySQL
NVD
CVSS 3.0
9.8
EPSS
15.3%
CVE-2016-2008 CRITICAL Act Now

HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before 9.06 allows remote attackers to execute arbitrary code via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 13.2% and no vendor patch available.

RCE Data Protector
NVD
CVSS 3.0
9.8
EPSS
13.2%
CVE-2016-1363 CRITICAL Act Now

Buffer overflow in the redirection functionality in Cisco Wireless LAN Controller (WLC) Software 7.2 through 7.4 before 7.4.140.0(MD) and 7.5 through 8.0 before 8.0.115.0(ED) allows remote attackers. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 11.6% and no vendor patch available.

Cisco RCE Buffer Overflow Wireless Lan Controller Software
NVD
CVSS 3.1
9.8
EPSS
11.6%
CVE-2016-3190 HIGH POC PATCH This Week

The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c in cairo before 1.14.2 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Opensuse Cairo
NVD
CVSS 3.0
7.5
EPSS
0.7%
CVE-2015-6360 HIGH Act Now

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.5% and no vendor patch available.

Denial Of Service Cisco Buffer Overflow Ios Xe Webex Meeting Center +12
NVD
CVSS 3.0
7.5
EPSS
18.5%
CVE-2016-0687 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 3.0
9.6
EPSS
5.2%
CVE-2016-0686 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 3.0
9.6
EPSS
5.2%
CVE-2016-0693 CRITICAL Act Now

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Solaris
NVD
CVSS 3.0
9.8
EPSS
2.1%
CVE-2016-3443 CRITICAL Act Now

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Java Oracle Jdk Jre
NVD
CVSS 3.0
9.6
EPSS
3.0%
CVE-2016-3454 CRITICAL Act Now

Unspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via. Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Java Oracle Database
NVD
CVSS 3.0
9.0
EPSS
1.2%
CVE-2016-0699 CRITICAL Act Now

Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Flexcube Direct Banking
NVD
CVSS 3.0
9.1
EPSS
0.7%
CVE-2016-3466 CRITICAL Act Now

Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Field Service
NVD
CVSS 3.0
9.1
EPSS
0.2%
CVE-2016-3449 HIGH This Week

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre
NVD
CVSS 3.0
8.3
EPSS
3.9%
CVE-2016-3455 HIGH This Week

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Outside In Technology
NVD
CVSS 3.0
8.6
EPSS
1.0%
CVE-2016-0679 HIGH This Week

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect integrity and availability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
8.7
EPSS
0.3%
CVE-2016-2293 HIGH This Week

The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Acuvim Iir Net Firmware Acuvim Ii Net Firmware
NVD
CVSS 3.0
8.6
EPSS
0.3%
CVE-2016-3438 HIGH This Week

Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Oracle Configurator
NVD
CVSS 3.0
8.2
EPSS
0.4%
CVE-2016-3439 HIGH This Week

Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Call Phone. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Crm Technical Foundation
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-3437 HIGH This Week

Unspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Person Address. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Crm Technical Foundation
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-3436 HIGH This Week

Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Common Applications Calendar
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-3456 HIGH This Week

Unspecified vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul component in Oracle Supply Chain Products Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Complex Maintenance Repair And Overhaul
NVD
CVSS 3.0
8.2
EPSS
0.2%
CVE-2016-0681 HIGH This Week

Unspecified vulnerability in the Oracle OLAP component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Oracle Olap
NVD
CVSS 3.0
7.8
EPSS
0.2%
CVE-2016-3418 HIGH PATCH This Week

Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Oracle Berkeley Db
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-0694 HIGH PATCH This Week

Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Oracle Berkeley Db
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-0692 HIGH PATCH This Week

Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Oracle Berkeley Db
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-0689 HIGH PATCH This Week

Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Oracle Berkeley Db
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-0682 HIGH PATCH This Week

Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Oracle Berkeley Db
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2016-3441 HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-1364 HIGH This Week

Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) and 7.5, 7.6, and 8.0 before 8.0.110.0(ED) allows remote attackers to cause a denial of service (device reload) via crafted. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Wireless Lan Controller Software
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-2294 HIGH This Week

The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover a cleartext mail-server password via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Acuvim Ii Net Firmware Acuvim Iir Net Firmware
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-1367 HIGH This Week

The DHCPv6 relay implementation in Cisco Adaptive Security Appliance (ASA) Software 9.4.1 allows remote attackers to cause a denial of service (device reload) via crafted DHCPv6 packets, aka Bug ID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Adaptive Security Appliance Software
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-2280 HIGH This Week

Buffer overflow in RDISERVER in Honeywell Uniformance Process History Database (PHD) R310, R320, and R321 allows remote attackers to cause a denial of service (service outage) via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Honeywell Uniformance Process History Database
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-1362 HIGH This Week

Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless LAN Controller (WLC) devices allows remote attackers to cause a denial of service (device reload) via a crafted HTTP request, aka. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Cisco Denial Of Service Aireos
NVD
CVSS 3.0
7.5
EPSS
0.2%
CVE-2016-3421 HIGH This Week

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality, integrity,. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
7.4
EPSS
0.3%
CVE-2016-3461 HIGH This Week

Unspecified vulnerability in the MySQL Enterprise Monitor component in Oracle MySQL 3.0.25 and earlier and 3.1.2 and earlier allows remote administrators to affect confidentiality, integrity, and. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Mysql Enterprise Monitor
NVD
CVSS 3.0
7.2
EPSS
0.9%
CVE-2016-3447 MEDIUM This Month

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confidentiality and integrity. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Oracle Applications Framework
NVD
CVSS 3.0
6.9
EPSS
0.2%
CVE-2016-0678 MEDIUM This Month

Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors. Rated medium severity (CVSS 6.7). No vendor patch available.

Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.0
6.7
EPSS
0.1%
CVE-2016-0684 MEDIUM This Month

Unspecified vulnerability in the Oracle Retail MICROS ARS POS component in Oracle Retail Applications 1.5 allows remote authenticated users to affect confidentiality via vectors related to POS. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Micros Arspos
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2016-0407 MEDIUM PATCH This Month

Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Peoplesoft Enterprise Human Capital Management Human Resources
NVD
CVSS 3.0
6.5
EPSS
0.2%
CVE-2013-7449 MEDIUM This Month

The ssl_do_connect function in common/server.c in HexChat before 2.10.2, XChat, and XChat-GNOME does not verify that the server hostname matches a domain name in the X.509 certificate, which allows. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ubuntu Linux Xchat Xchat Gnome Hexchat
NVD GitHub
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-0695 MEDIUM This Month

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 allows remote attackers to affect confidentiality via vectors related to Security. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Java Oracle Jdk Jre +10
NVD
CVSS 3.0
5.9
EPSS
2.9%
CVE-2016-3431 MEDIUM This Month

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect confidentiality and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Agile Product Lifecycle Management
NVD
CVSS 3.0
6.4
EPSS
0.1%
CVE-2016-3420 MEDIUM This Month

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect confidentiality and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Oracle Agile Product Lifecycle Management
NVD
CVSS 3.0
6.4
EPSS
0.1%
CVE-2016-0640 MEDIUM PATCH This Month

Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier and MariaDB before 5.5.48, 10.0.x before 10.0.24, and 10.1.x before 10.1.12 allows local users. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity.

Information Disclosure Oracle MySQL Linux Leap +4
NVD
CVSS 3.0
6.1
EPSS
0.2%
Page 1 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy