Skip to main content
CVE-2016-1000031 CRITICAL PATCH Act Now

Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 56.4%.

Apache RCE Authentication Bypass Commons Fileupload
NVD
CVSS 3.0
9.8
EPSS
56.4%
CVE-2016-3473 HIGH POC PATCH This Week

Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Oracle Business Intelligence Publisher
NVD Exploit-DB
CVSS 3.0
7.7
EPSS
2.8%
CVE-2016-5582 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Java Authentication Bypass Jdk Jre
NVD
CVSS 3.0
9.6
EPSS
5.2%
CVE-2016-3551 CRITICAL PATCH Act Now

Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2016-5535 CRITICAL PATCH Act Now

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
3.6%
CVE-2016-5531 CRITICAL PATCH Act Now

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2016-5556 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Java Authentication Bypass Jdk Jre
NVD
CVSS 3.0
9.6
EPSS
3.2%
CVE-2016-5568 CRITICAL PATCH Act Now

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Java Authentication Bypass Jdk Jre
NVD
CVSS 3.0
9.6
EPSS
0.9%
CVE-2016-5537 MEDIUM POC PATCH This Month

Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. Public exploit code available.

Path Traversal Oracle Netbeans
NVD Exploit-DB
CVSS 3.0
5.7
EPSS
0.1%
CVE-2016-5580 CRITICAL PATCH Act Now

Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Secure Global Desktop
NVD
CVSS 3.0
9.6
EPSS
0.5%
CVE-2016-5573 HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Java Oracle Jdk Jre
NVD
CVSS 3.0
8.3
EPSS
7.0%
CVE-2016-5555 CRITICAL PATCH Act Now

Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality, integrity, and availability via unknown vectors. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Database Server
NVD
CVSS 3.0
9.1
EPSS
0.9%
CVE-2016-5558 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Outside In Technology
NVD
CVSS 3.1
8.6
EPSS
3.4%
CVE-2016-3505 HIGH PATCH This Week

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2016-5599 CRITICAL PATCH Act Now

Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Advanced Supply Chain Planning
NVD
CVSS 3.0
9.1
EPSS
0.2%
CVE-2016-5605 CRITICAL PATCH Act Now

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Vm Virtualbox
NVD
CVSS 3.0
9.1
EPSS
0.2%
CVE-2016-5519 HIGH PATCH This Week

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Glassfish Server
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2016-5523 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Agile Product Lifecycle Management
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2016-5515 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Agile Product Lifecycle Management
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2016-5514 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Agile Product Lifecycle Management
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2016-5607 HIGH PATCH This Week

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Flexcube Universal Banking
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2016-1000213 HIGH This Week

Ruckus Wireless H500 web management interface CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wireless H500
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-5574 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Outside In Technology
NVD
CVSS 3.0
8.6
EPSS
0.9%
CVE-2016-5588 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Outside In Technology
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2016-5579 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Outside In Technology
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2016-5578 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Outside In Technology
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2016-5577 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Outside In Technology
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2016-5595 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Interaction History
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5593 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Interaction History
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5592 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Interaction History
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5591 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Interaction History
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5589 HIGH PATCH This Week

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Relationship Management Technical Foundation
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5587 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Interaction History
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5586 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Email Center
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-8293 HIGH PATCH This Week

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-8291 HIGH PATCH This Week

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5489 HIGH PATCH This Week

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Istore
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5557 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Advanced Pricing component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Advanced Pricing
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5491 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Commerce Service Center component in Oracle Commerce 10.0.3.5 and 10.2.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Commerce Service Center
NVD
CVSS 3.0
8.2
EPSS
0.2%
CVE-2016-5482 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Commerce Guided Search
NVD
CVSS 3.0
8.2
EPSS
0.2%
CVE-2016-5518 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle Agile Engineering Data Management
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2016-5503 HIGH PATCH This Week

Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality, integrity, and availability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Sun Zfs Storage Appliance Kit
NVD
CVSS 3.0
8.2
EPSS
0.1%
CVE-2016-5619 HIGH PATCH This Week

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Flexcube Universal Banking
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2016-5563 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote administrators. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable.

Information Disclosure Oracle Hospitality Opera 5 Property Services
NVD
CVSS 3.0
7.9
EPSS
0.5%
CVE-2016-5501 HIGH PATCH This Week

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability. Rated high severity (CVSS 7.8).

Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-5544 HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-5565 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oracle Hospitality Opera 5 Property Services
NVD
CVSS 3.0
7.7
EPSS
0.1%
CVE-2016-8281 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Java Authentication Bypass Platform Security For Java
NVD
CVSS 3.0
7.6
EPSS
0.5%
CVE-2016-5536 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Java Authentication Bypass Platform Security For Java
NVD
CVSS 3.0
7.6
EPSS
0.4%
CVE-2016-8296 HIGH PATCH This Week

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
7.6
EPSS
0.2%
Page 1 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy