Total
1752 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-8300 | 1 Oracle | 1 Flexcube Private Banking | 2024-11-21 | 3.5 LOW | 5.3 MEDIUM |
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts). | |||||
CVE-2016-8299 | 1 Oracle | 1 Flexcube Universal Banking | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). | |||||
CVE-2016-8298 | 1 Oracle | 1 Flexcube Private Banking | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts). | |||||
CVE-2016-8297 | 1 Oracle | 1 Flexcube Universal Banking | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts). | |||||
CVE-2016-8296 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2024-11-21 | 4.9 MEDIUM | 7.6 HIGH |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to LDAP. | |||||
CVE-2016-8293 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2024-11-21 | 5.8 MEDIUM | 8.2 HIGH |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-5530. | |||||
CVE-2016-8292 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Talent Acquisition Manager | 2024-11-21 | 5.8 MEDIUM | 4.2 MEDIUM |
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Talent Acquisition Manager. | |||||
CVE-2016-8291 | 1 Oracle | 1 Peoplesoft Enterprise Peopletools | 2024-11-21 | 5.8 MEDIUM | 8.2 HIGH |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Mobile Application Platform. | |||||
CVE-2016-8288 | 1 Oracle | 1 Mysql | 2024-11-21 | 4.9 MEDIUM | 3.1 LOW |
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. | |||||
CVE-2016-8285 | 1 Oracle | 1 Peoplesoft Enterprise Human Capital Management Candidate Gateway | 2024-11-21 | 4.9 MEDIUM | 4.8 MEDIUM |
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway. | |||||
CVE-2016-8282 | 1 Oracle | 1 Flexcube Private Banking | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). | |||||
CVE-2016-8281 | 1 Oracle | 1 Platform Security For Java | 2024-11-21 | 6.5 MEDIUM | 7.6 HIGH |
Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-5536. | |||||
CVE-2016-8279 | 1 Huawei | 7 Honor6, Honor6 Firmware, Honor6 Plus and 4 more | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
The video driver in Huawei Mate S smartphones with software CRR-TL00 before CRR-TL00C01B362, CRR-UL20 before CRR-UL20C00B362, CRR-CL00 before CRR-CL00C92B362, and CRR-CL20 before CRR-CL20C92B362; P8 smartphones with software GRA-TL00 before GRA-TL00C01B366, GRA-UL00 before GRA-UL00C00B366, GRA-UL10 before GRA-UL10C00B366, and GRA-CL00 before GRA-CL00C92B366; and Honor 6 and Honor 6 Plus smartphones with software before 6.9.16 allows attackers to cause a denial of service (device reboot) via a crafted application. | |||||
CVE-2016-8274 | 1 Huawei | 1 Hisuite | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link library (DLL) hijack vulnerability; an attacker can make the system load malicious DLL files to execute arbitrary code. | |||||
CVE-2016-8273 | 1 Huawei | 1 Hisuite | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC. | |||||
CVE-2016-8236 | 1 Lenovo | 6 Thinkserver Firmware, Thinkserver Rd350, Thinkserver Rd450 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. | |||||
CVE-2016-8227 | 1 Lenovo | 1 Transition | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
Privilege escalation vulnerability in Lenovo Transition application used in Lenovo Yoga, Flex and Miix systems running Windows allows local users to execute code with elevated privileges. | |||||
CVE-2016-8223 | 2 Lenovo, Microsoft | 2 System Interface Foundation, Windows 10 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with local privileges could run arbitrary code with administrator level privileges. | |||||
CVE-2016-8222 | 1 Lenovo | 148 Thinkpad 10 Ella 2, Thinkpad 10 Ella 2 Bios, Thinkpad 11e Beema and 145 more | 2024-11-21 | 4.7 MEDIUM | 4.4 MEDIUM |
A vulnerability has been identified in a signed kernel driver for the BIOS of some ThinkPad systems that can allow an attacker with Windows administrator-level privileges to call System Management Mode (SMM) services. This could lead to a denial of service attack or allow certain BIOS variables or settings to be altered (such as boot sequence). The setting or changing of BIOS passwords is not affected by this vulnerability. | |||||
CVE-2016-8032 | 1 Mcafee | 1 Anti-malware Scan Engine | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
Software Integrity Attacks vulnerability in Intel Security Anti-Virus Engine (AVE) 5200 through 5800 allows local attackers to bypass local security protection via a crafted input file. |