VARIoT IoT vulnerabilities database
| VAR-201609-0061 | CVE-2016-6182 | Huawei Honor 4C Smartphone software Camera Service disruption in drivers (DoS) Vulnerabilities |
CVSS V2: 9.3 CVSS V3: 7.0 Severity: HIGH |
The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6183, and CVE-2016-6184. This vulnerability CVE-2016-6180 , CVE-2016-6181 , CVE-2016-6183 ,and CVE-2016-6184 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlDenial of service operations through a specially crafted application by an attacker ( System crash ) It may be put into a state or it may be authorized. HuaweiHonor4C (Huawei Glory 4C) is a smartphone product from China's Huawei company. The HuaweiHonor4C driver has an input validation vulnerability. An attacker can induce a user to install a malicious application and use the vulnerability to pass specific parameters to the Camera driver, causing a system reboot or user privilege escalation. Huawei Honor 4C is prone to multiple unspecified security vulnerabilities
Limited information is currently available regarding these issues. We will update this BID as more information emerges.
The following versions are vulnerable:
Huawei Honor 4C CHM-UL00C00B535 through CHM-UL00C00B556
Huawei Honor 4C CHM-TL00C01 B535 through CHM-TL00C01B556
Huawei Honor 4C CHM-TL00HC00 B535 through CHM-TL00HC00B556
| VAR-201609-0062 | CVE-2016-6183 | Huawei Honor 4C Smartphone software Camera Service disruption in drivers (DoS) Vulnerabilities |
CVSS V2: 6.9 CVSS V3: 7.0 Severity: HIGH |
The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6182, and CVE-2016-6184. This vulnerability CVE-2016-6180 , CVE-2016-6181 , CVE-2016-6182 ,and CVE-2016-6184 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlDenial of service operations through a specially crafted application by an attacker ( System crash ) It may be put into a state or it may be authorized. HuaweiHonor4C (Huawei Glory 4C) is a smartphone product from China's Huawei company. The HuaweiHonor4C driver has an input validation vulnerability. An attacker can induce a user to install a malicious application and use the vulnerability to pass specific parameters to the Camera driver, causing a system reboot or user privilege escalation. Huawei Honor 4C is prone to multiple unspecified security vulnerabilities
Limited information is currently available regarding these issues. We will update this BID as more information emerges.
The following versions are vulnerable:
Huawei Honor 4C CHM-UL00C00B535 through CHM-UL00C00B556
Huawei Honor 4C CHM-TL00C01 B535 through CHM-TL00C01B556
Huawei Honor 4C CHM-TL00HC00 B535 through CHM-TL00HC00B556
| VAR-201609-0063 | CVE-2016-6184 | Huawei Honor 4C Smartphone software Camera Service disruption in drivers (DoS) Vulnerabilities |
CVSS V2: 6.9 CVSS V3: 7.0 Severity: HIGH |
The Camera driver in Huawei Honor 4C smartphones with software CHM-UL00C00 before CHM-UL00C00B564, CHM-TL00C01 before CHM-TL00C01B564, and CHM-TL00C00 before CHM-TL00HC00B564 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted application, a different vulnerability than CVE-2016-6180, CVE-2016-6181, CVE-2016-6182, and CVE-2016-6183. This vulnerability CVE-2016-6180 , CVE-2016-6181 , CVE-2016-6182 ,and CVE-2016-6183 Is a different vulnerability. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlDenial of service operations through a specially crafted application by an attacker ( System crash ) It may be put into a state or it may be authorized. HuaweiHonor4C (Huawei Glory 4C) is a smartphone product from China's Huawei company. The HuaweiHonor4C driver has an input validation vulnerability. An attacker can induce a user to install a malicious application and use the vulnerability to pass specific parameters to the Camera driver, causing a system reboot or user privilege escalation. Huawei Honor 4C is prone to multiple unspecified security vulnerabilities
Limited information is currently available regarding these issues. We will update this BID as more information emerges.
The following versions are vulnerable:
Huawei Honor 4C CHM-UL00C00B535 through CHM-UL00C00B556
Huawei Honor 4C CHM-TL00C01 B535 through CHM-TL00C01B556
Huawei Honor 4C CHM-TL00HC00 B535 through CHM-TL00HC00B556
| VAR-201607-0665 | CVE-2016-5457 | Oracle Sun Systems Products Suite of ILOM In LUMAIN Vulnerabilities |
CVSS V2: 9.0 CVSS V3: 8.8 Severity: HIGH |
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to LUMAIN. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'Multiple' protocol. The 'LUMAIN' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
| VAR-201607-0661 | CVE-2016-5453 | Oracle Sun Systems Products Suite of ILOM In IPMI Vulnerabilities |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'IPMI' protocol. The 'IPMI' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
| VAR-201607-0656 | CVE-2016-5449 | Oracle Sun Systems Products Suite of ILOM In Console Redirection Vulnerabilities |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'HTTP' protocol. The 'Console Redirection' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability
| VAR-201607-0655 | CVE-2016-5448 | Oracle Sun Systems Products Suite of ILOM In SNMP Vulnerabilities |
CVSS V2: 6.4 CVSS V3: 6.5 Severity: MEDIUM |
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'SNMP' protocol. The 'SNMP' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker could exploit this vulnerability to update, insert, or delete data, possibly causing a denial of service. Affect data integrity and availability
| VAR-201607-0654 | CVE-2016-5447 | Oracle Sun Systems Products Suite of ILOM In Backup-Restore Vulnerabilities |
CVSS V2: 6.5 CVSS V3: 7.6 Severity: HIGH |
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'HTTP' protocol. The 'Backup-Restore' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
| VAR-201607-0653 | CVE-2016-5446 | Oracle Sun Systems Products Suite of ILOM In Infrastructure Vulnerabilities |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: HIGH |
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Infrastructure. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'Multiple' protocol. The 'Infrastructure' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
| VAR-201607-0652 | CVE-2016-5445 | Oracle Sun Systems Products Suite of ILOM In Authentication Vulnerabilities |
CVSS V2: 7.5 CVSS V3: 8.3 Severity: HIGH |
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. (DoS) An attack may be carried out. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'Multiple' protocol. The 'Authentication' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation
| VAR-201607-0605 | CVE-2016-3481 | Oracle Sun Systems Products Suite of ILOM In Web Vulnerability |
CVSS V2: 4.0 CVSS V3: 7.7 Severity: HIGH |
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect availability via vectors related to Web. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'HTTP' protocol. The 'Web' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. Oracle Sun Systems Products Suite is a Sun system product suite of Oracle Corporation. A remote attacker can exploit this vulnerability to cause a denial of service and affect data availability
| VAR-201607-0587 | CVE-2016-3451 | Oracle Sun Systems Products Suite of ILOM In Web Vulnerabilities |
CVSS V2: 4.3 CVSS V3: 4.7 Severity: MEDIUM |
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity via vectors related to Web. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in ILOM.
The vulnerability can be exploited over the 'HTTP' protocol. The 'Web' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2. A remote attacker could exploit this vulnerability to update, insert, or delete data, affecting data integrity
| VAR-201607-0174 | CVE-2016-3585 | Oracle Sun Systems Products Suite of ILOM In Emulex Vulnerabilities |
CVSS V2: 5.8 CVSS V3: 7.4 Severity: HIGH |
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality and integrity via vectors related to Emulex. Oracle has released advance notification regarding the July 2016 Critical Patch Update (CPU) to be released on July 19, 2016. The update addresses 276 vulnerabilities affecting the following software:
Oracle Application Express
Oracle Database Server
Oracle Access Manager
Oracle BI Publisher
Oracle Business Intelligence Enterprise Edition
Oracle Directory Server Enterprise Edition
Oracle Exalogic Infrastructure
Oracle Fusion Middleware
Oracle GlassFish Server
Oracle HTTP Server
Oracle JDeveloper
Oracle Portal
Oracle WebCenter Sites
Oracle WebLogic Server
Outside In Technology
Hyperion Financial Reporting
Enterprise Manager Base Platform
Enterprise Manager for Fusion Middleware
Enterprise Manager Ops Center
Oracle E-Business Suite
Oracle Agile Engineering Data Management
Oracle Agile PLM
Oracle Demand Planning
Oracle Engineering Data Management
Oracle Transportation Management
PeopleSoft Enterprise FSCM
PeopleSoft Enterprise PeopleTools
JD Edwards EnterpriseOne Tools
Siebel Applications
Oracle Fusion Applications
Oracle Communications ASAP
Oracle Communications Core Session Manager
Oracle Communications EAGLE Application Processor
Oracle Communications Messaging Server
Oracle Communications Network Charging and Control
Oracle Communications Operations Monitor
Oracle Communications Policy Management
Oracle Communications Session Border Controller
Oracle Communications Unified Session Manager
Oracle Enterprise Communications Broker
Oracle Banking Platform
Oracle Financial Services Lending and Leasing
Oracle FLEXCUBE Direct Banking
Oracle Health Sciences Clinical Development Center
Oracle Health Sciences Information Manager
Oracle Healthcare Analytics Data Integration
Oracle Healthcare Master Person Index
Oracle Documaker
Oracle Insurance Calculation Engine
Oracle Insurance Policy Administration J2EE
Oracle Insurance Rules Palette
MICROS Retail XBRi Loss Prevention
Oracle Retail Central
Oracle Back Office
Oracle Returns Management
Oracle Retail Integration Bus
Oracle Retail Order Broker
Oracle Retail Service Backbone
Oracle Retail Store Inventory Management
Oracle Utilities Framework
Oracle Utilities Network Management System
Oracle Utilities Work and Asset Management
Oracle In-Memory Policy Analytics
Oracle Policy Automation
Oracle Policy Automation Connector for Siebel
Oracle Policy Automation for Mobile Devices
Primavera Contract Management
Primavera P6 Enterprise Project Portfolio Management
Oracle Java SE
Oracle Java SE Embedded
Oracle JRockit
40G 10G 72/64 Ethernet Switch
Fujitsu M10-1 Servers
Fujitsu M10-4 Servers
Fujitsu M10-4S Servers
ILOM
Oracle Switch ES1-24
Solaris
Solaris Cluster
SPARC Enterprise M3000 Servers
SPARC Enterprise M4000 Servers
SPARC Enterprise M5000 Servers
SPARC Enterprise M8000 Servers
SPARC Enterprise M9000 Servers
Sun Blade 6000 Ethernet Switched NEM 24P 10GE
Sun Data Center InfiniBand Switch 36
Sun Network 10GE Switch 72p
Sun Network QDR InfiniBand Gateway Switch
Oracle Secure Global Desktop
Oracle VM VirtualBox
MySQL Server
Exploiting the most severe of these vulnerabilities may potentially compromise the database server or the host operating system. Oracle Integrated Lights Out Manager is prone to a remote security vulnerability in Integrated Lights Out Manager.
The vulnerability can be exploited over the 'HTTPS' protocol. The 'Emulex' sub component is affected.
This vulnerability affects the following supported versions:
3.0, 3.1, 3.2
| VAR-201607-0386 | CVE-2016-4529 | Schneider Electric M171/M172 Logic Controller for SoMachine HVAC Programming of ActiveX Vulnerability in arbitrary code execution in control |
CVSS V2: 7.5 CVSS V3: 7.3 Severity: HIGH |
An unspecified ActiveX control in Schneider Electric SoMachine HVAC Programming Software for M171/M172 Controllers before 2.1.0 allows remote attackers to execute arbitrary code via unknown vectors, related to the INTERFACESAFE_FOR_UNTRUSTED_CALLER (aka safe for scripting) flag. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the SetDataIntf method of the AxEditGrid control. The control has an untrusted pointer dereference vulnerability because it blindly calls an attacker-supplied memory address. A remote attacker can leverage this vulnerability to execute arbitrary code under the context of the process. Schneider Electric SoMachine HVAC Programming Software for M171 / M172 Controllers is a set of M171 / M172 controller-specific programming software from Schneider Electric (France). Failed attacks will likely cause denial-of-service conditions
| VAR-201607-0457 | CVE-2016-5804 | plural Moxa MGate Vulnerabilities that can bypass product authentication |
CVSS V2: 5.0 CVSS V3: 9.8 Severity: CRITICAL |
Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before 2.5, and MGate MB3270 before 2.7 use weak encryption, which allows remote attackers to bypass authentication via a brute-force series of guesses for a parameter value. MoxaMGateMB3180 and others are gateway products of Moxa. A number of Moxa products have security vulnerabilities that originate from weak encryption algorithms used by programs. A remote attacker can exploit this vulnerability to bypass authentication by implementing brute force attacks. This may lead to further attacks.
The following products are affected :
Moxa MGate MB3180, versions prior to v1.8 are vulnerable.
Moxa MGate MB3280, versions prior to v2.7 are vulnerable.
Moxa MGate MB3480, versions prior to v2.6 are vulnerable.
Moxa MGate MB3170, versions prior to v2.5 are vulnerable.
Moxa MGate MB3270, versions prior to v2.7 are vulnerable. Moxa MGate MB3180 etc
| VAR-201607-0434 | CVE-2016-1456 | Cisco IOS XR of CLI In a privileged context at OS Command execution vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721. Cisco IOSXR is a fully modular, distributed networked operating system in the Cisco IOS software family. There is a security vulnerability in the CLI in Cisco IOSXR 6.x to 6.0.1. A local attacker could exploit this vulnerability to execute arbitrary operating system commands with elevated privileges.
This issue is being tracked by Cisco bug ID CSCuz62721
| VAR-201607-0429 | CVE-2016-1448 | Cisco WebEx Meetings Server Vulnerable to cross-site request forgery |
CVSS V2: 6.8 CVSS V3: 8.8 Severity: HIGH |
Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Meetings Server 2.7 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuy92706.
An attacker can exploit this issue to perform certain unauthorized actions and gain access to the affected application. Other attacks are also possible.
This issue is being tracked by Cisco Bug ID CSCuy92706. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution
| VAR-201607-0427 | CVE-2016-1446 | Cisco WebEx Meetings Server In SQL Injection vulnerability |
CVSS V2: 6.5 CVSS V3: 8.8 Severity: HIGH |
SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCuy83200.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
This issue is being tracked by Cisco Bug ID CSCuy83200. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution
| VAR-201607-0428 | CVE-2016-1447 | Cisco WebEx Meetings Server Management interface cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the administrator interface in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCuy83194. Vendors have confirmed this vulnerability Bug ID CSCuy83194 It is released as.By any third party Web Script or HTML May be inserted.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCuy83194. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution
| VAR-201607-0430 | CVE-2016-1449 | Cisco WebEx Meetings Server Vulnerable to cross-site scripting |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings Server 2.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCuy92711.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
This issue is being tracked by Cisco Bug ID CSCuy92711. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution