Skip to main content
CVE-2016-3473 HIGH POC PATCH This Week

Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Information Disclosure Oracle Business Intelligence Publisher
NVD Exploit-DB
CVSS 3.0
7.7
EPSS
2.8%
CVE-2016-5573 HIGH PATCH This Week

Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.

Privilege Escalation Java Oracle Jdk Jre
NVD
CVSS 3.0
8.3
EPSS
7.0%
CVE-2016-5558 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Outside In Technology
NVD
CVSS 3.1
8.6
EPSS
3.4%
CVE-2016-3505 HIGH PATCH This Week

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Weblogic Server
NVD
CVSS 3.0
8.8
EPSS
2.0%
CVE-2016-5519 HIGH PATCH This Week

Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote authenticated users to affect confidentiality, integrity, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Glassfish Server
NVD
CVSS 3.0
8.8
EPSS
1.1%
CVE-2016-5523 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Java Oracle Agile Product Lifecycle Management
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2016-5515 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Agile Product Lifecycle Management
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2016-5514 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Agile Product Lifecycle Management
NVD
CVSS 3.0
8.8
EPSS
0.9%
CVE-2016-5607 HIGH PATCH This Week

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Flexcube Universal Banking
NVD
CVSS 3.0
8.8
EPSS
0.8%
CVE-2016-1000213 HIGH This Week

Ruckus Wireless H500 web management interface CSRF. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wireless H500
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-5574 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Outside In Technology
NVD
CVSS 3.0
8.6
EPSS
0.9%
CVE-2016-5588 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Outside In Technology
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2016-5579 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Outside In Technology
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2016-5578 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Outside In Technology
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2016-5577 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.5.1 through 8.5.3 allows remote attackers to affect confidentiality, integrity, and. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Outside In Technology
NVD
CVSS 3.0
8.6
EPSS
0.7%
CVE-2016-5595 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Interaction History
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5593 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Interaction History
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5592 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Interaction History
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5591 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Interaction History
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5589 HIGH PATCH This Week

Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Relationship Management Technical Foundation
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5587 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Customer Interaction History
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5586 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Email Center
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-8293 HIGH PATCH This Week

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-8291 HIGH PATCH This Week

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5489 HIGH PATCH This Week

Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.1.1 through 12.1.3, 12.2.3, and 12.2.4 allows remote attackers to affect confidentiality and integrity via. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Istore
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5557 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Advanced Pricing component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Advanced Pricing
NVD
CVSS 3.0
8.2
EPSS
0.3%
CVE-2016-5491 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Commerce Service Center component in Oracle Commerce 10.0.3.5 and 10.2.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Commerce Service Center
NVD
CVSS 3.0
8.2
EPSS
0.2%
CVE-2016-5482 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Commerce Guided Search
NVD
CVSS 3.0
8.2
EPSS
0.2%
CVE-2016-5518 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality,. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Oracle Agile Engineering Data Management
NVD
CVSS 3.0
8.1
EPSS
0.7%
CVE-2016-5503 HIGH PATCH This Week

Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality, integrity, and availability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity.

Information Disclosure Oracle Sun Zfs Storage Appliance Kit
NVD
CVSS 3.0
8.2
EPSS
0.1%
CVE-2016-5619 HIGH PATCH This Week

Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Flexcube Universal Banking
NVD
CVSS 3.0
8.1
EPSS
0.2%
CVE-2016-5563 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote administrators. Rated high severity (CVSS 7.9), this vulnerability is remotely exploitable.

Information Disclosure Oracle Hospitality Opera 5 Property Services
NVD
CVSS 3.0
7.9
EPSS
0.5%
CVE-2016-5501 HIGH PATCH This Week

Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality, integrity, and availability. Rated high severity (CVSS 7.8).

Information Disclosure Oracle Vm Virtualbox
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-5544 HIGH PATCH This Week

Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Kernel/X86. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Oracle Solaris
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-5565 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated. Rated high severity (CVSS 7.7), this vulnerability is remotely exploitable, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oracle Hospitality Opera 5 Property Services
NVD
CVSS 3.0
7.7
EPSS
0.1%
CVE-2016-8281 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Java Authentication Bypass Platform Security For Java
NVD
CVSS 3.0
7.6
EPSS
0.5%
CVE-2016-5536 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Java Authentication Bypass Platform Security For Java
NVD
CVSS 3.0
7.6
EPSS
0.4%
CVE-2016-8296 HIGH PATCH This Week

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.0
7.6
EPSS
0.2%
CVE-2016-5562 HIGH PATCH This Week

Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Iprocurement
NVD
CVSS 3.0
7.6
EPSS
0.1%
CVE-2016-1000215 HIGH This Week

Ruckus Wireless H500 web management interface denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Wireless H500
NVD
CVSS 3.0
7.5
EPSS
0.4%
CVE-2016-1000032 HIGH This Week

TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Tgcaptcha2
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5495 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to EUL Code & Schema. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oracle Discoverer
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5500 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to Viewer. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oracle Discoverer
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-5564 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Hospitality Applications 5.4.0.0 through 5.4.3.0, 5.5.0.0, and 5.5.1.0 allows remote authenticated. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Oracle Hospitality Opera 5 Property Services
NVD
CVSS 3.0
7.4
EPSS
0.3%
CVE-2016-5526 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Tomcat Apache Authentication Bypass Agile Product Lifecycle Management
NVD
CVSS 3.0
7.3
EPSS
0.3%
CVE-2016-5539 HIGH PATCH This Week

Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality, integrity, and availability via unknown vectors. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Oracle Micros Xstore Payment
NVD
CVSS 3.0
7.3
EPSS
0.1%
CVE-2016-5492 HIGH PATCH This Week

Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality and integrity via vectors. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Oracle Authentication Bypass Sun Zfs Storage Appliance Kit
NVD
CVSS 3.0
7.1
EPSS
0.0%
CVE-2016-5625 HIGH PATCH This Week

Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidentiality, integrity, and availability via vectors related to Server: Packaging. Rated high severity (CVSS 7.0).

Information Disclosure Oracle MySQL
NVD
CVSS 3.1
7.0
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy