CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
6151 CVE-2016-3606 2016-07-21 2017-11-09
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
6152 CVE-2016-3565 2016-07-21 2017-08-31
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 5.1 and 5.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to System Administration.
6153 CVE-2016-3552 2016-07-21 2017-11-09
6.2
None Local High Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Install.
6154 CVE-2016-3537 2016-07-21 2017-08-31
6.8
None Remote Low Single system Complete None None
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality via vectors related to File Folders / Attachment, a different vulnerability than CVE-2016-5473.
6155 CVE-2016-3521 2016-07-21 2018-01-04
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote authenticated users to affect availability via vectors related to Server: Types.
6156 CVE-2016-3520 2016-07-21 2017-08-31
6.8
None Remote Low Single system Complete None None
Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via vectors related to AOL Diagnostic tests.
6157 CVE-2016-3518 2016-07-21 2017-08-31
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
6158 CVE-2016-3514 2016-07-21 2017-08-31
6.8
None Remote Low Single system Complete None None
Unspecified vulnerability in the Oracle Enterprise Communications Broker component in Oracle Communications Applications before PCz 2.0.0m4p1 allows remote authenticated users to affect confidentiality via vectors related to GUI, a different vulnerability than CVE-2016-3516.
6159 CVE-2016-3513 2016-07-21 2017-08-31
6.8
None Remote Low Single system Complete None None
Unspecified vulnerability in the Oracle Communications Operations Monitor component in Oracle Communications Applications before 3.3.92.0.0 allows remote authenticated users to affect confidentiality via vectors related to Infrastructure.
6160 CVE-2016-3511 2016-07-21 2018-01-04
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows local users to affect confidentiality, integrity, and availability via vectors related to Deployment.
6161 CVE-2016-3506 2016-07-21 2018-07-18
6.8
None Remote Medium Not required Partial Partial Partial
Unspecified vulnerability in the JDBC component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2; the Oracle Retail Xstore Point of Service 5.5, 6.0, 6.5, 7.0, 7.1, 15.0, and 16.0; the Oracle Retail Warehouse Management System 14.04, 14.1.3, and 15.0.1; the Oracle Retail Workforce Management 1.60.7, and 1.64.0; the Oracle Retail Clearance Optimization Engine 13.4; the Oracle Retail Markdown Optimization 13.4 and 14.0; and Oracle Retail Merchandising System 16.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
6162 CVE-2016-3502 2016-07-21 2017-08-31
6.0
None Remote Medium Single system Partial Partial Partial
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 11.1.1.8 and 12.2.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
6163 CVE-2016-3495 2016-10-25 2017-07-28
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
6164 CVE-2016-3494 2016-07-21 2017-08-31
6.1
None Local Network Low Not required None None Complete
Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2 allows remote attackers to affect availability via vectors related to OS Provisioning.
6165 CVE-2016-3492 2016-10-25 2018-01-04
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
6166 CVE-2016-3486 2016-07-21 2017-08-31
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect availability via vectors related to Server: FTS.
6167 CVE-2016-3483 2016-07-21 2017-08-31
6.4
None Remote Low Not required Partial None Partial
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and availability via vectors related to File Processing.
6168 CVE-2016-3476 2016-07-21 2017-08-31
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Knowledge component in Oracle Siebel CRM 8.5.x allows remote attackers to affect confidentiality and integrity via vectors related to Information Manager Console.
6169 CVE-2016-3466 2016-04-21 2016-12-02
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless.
6170 CVE-2016-3438 XSS 2016-04-21 2017-09-02
6.4
None Remote Low Not required Partial Partial None
Unspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat. NOTE: the previous information is from the April 2016 CPU. Oracle has not commented on third-party claims that that this issue involves multiple cross-site scripting (XSS) vulnerabilities, which allow remote attackers to inject arbitrary web script or HTML via three unspecified parameters in an unknown JSP file.
6171 CVE-2016-3421 2016-04-21 2016-12-02
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Activity Guide.
6172 CVE-2016-3418 2016-04-21 2016-04-26
6.9
None Local Medium Not required Complete Complete Complete
Unspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0692, and CVE-2016-0694.
6173 CVE-2016-3415 502 2017-01-18 2017-02-02
6.4
None Remote Low Not required Partial Partial None
Zimbra Collaboration before 8.7.0 allows remote attackers to conduct deserialization attacks via unspecified vectors, aka bug 102276.
6174 CVE-2016-3406 352 CSRF 2017-01-18 2017-02-01
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to hijack the authentication of unspecified victims via vectors involving (1) the Client uploader extension or (2) extension REST handlers, aka bugs 104294 and 104456.
6175 CVE-2016-3403 352 CSRF 2017-05-17 2017-05-30
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for requests that (1) add, (2) modify, or (3) remove accounts by leveraging failure to use of a CSRF token and perform referer header checks, aka bugs 100885 and 100899.
6176 CVE-2016-3400 254 DoS +Priv +Info 2017-07-03 2017-08-30
6.8
None Remote Medium Not required Partial Partial Partial
NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows man-in-the-middle attackers to obtain sensitive information, gain privileges, or cause a denial of service via vectors related to the SMB protocol.
6177 CVE-2016-3387 264 +Priv 2016-10-13 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3388.
6178 CVE-2016-3324 DoS Exec Code Mem. Corr. 2016-09-14 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
6179 CVE-2016-3302 264 Exec Code 2016-09-14 2019-05-16
6.2
None Local High Not required Complete Complete Complete
Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607, when the lock screen is enabled, do not properly restrict the loading of web content, which allows physically proximate attackers to execute arbitrary code via a (1) crafted Wi-Fi access point or (2) crafted mobile-broadband device, aka "Windows Lock Screen Elevation of Privilege Vulnerability."
6180 CVE-2016-3297 DoS Exec Code Mem. Corr. 2016-09-14 2018-10-12
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
6181 CVE-2016-3237 264 Bypass 2016-08-09 2019-05-20
6.8
None Remote Medium Not required Partial Partial Partial
Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows man-in-the-middle attackers to bypass authentication via vectors related to a fallback to NTLM authentication during a domain account password change, aka "Kerberos Security Feature Bypass Vulnerability."
6182 CVE-2016-3225 264 +Priv 2016-06-15 2018-10-12
6.9
None Local Medium Not required Complete Complete Complete
The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability."
6183 CVE-2016-3221 264 +Priv 2016-06-15 2018-10-12
6.9
None Local Medium Not required Complete Complete Complete
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3218.
6184 CVE-2016-3220 264 +Priv 2016-06-15 2018-10-12
6.9
None Local Medium Not required Complete Complete Complete
atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "ATMFD.dll Elevation of Privilege Vulnerability."
6185 CVE-2016-3219 264 +Priv 2016-06-15 2018-10-12
6.9
None Local Medium Not required Complete Complete Complete
The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
6186 CVE-2016-3218 264 +Priv 2016-06-15 2018-10-12
6.9
None Local Medium Not required Complete Complete Complete
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3221.
6187 CVE-2016-3185 20 DoS +Info 2016-05-16 2016-11-30
6.4
None Remote Low Not required Partial None Partial
The make_http_soap_request function in ext/soap/php_http.c in PHP before 5.4.44, 5.5.x before 5.5.28, 5.6.x before 5.6.12, and 7.x before 7.0.4 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (type confusion and application crash) via crafted serialized _cookies data, related to the SoapClient::__call method in ext/soap/soap.c.
6188 CVE-2016-3180 254 Exec Code Bypass 2017-02-07 2017-02-28
6.8
None Remote Medium Not required Partial Partial Partial
Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during the initial run, allows man-in-the-middle attackers to bypass the PGP signature verification and execute arbitrary code via a Trojan horse tar file and a signature file with the valid tarball and signature.
6189 CVE-2016-3172 89 Exec Code Sql 2016-04-12 2016-11-30
6.5
None Remote Low Single system Partial Partial Partial
SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.
6190 CVE-2016-3171 19 Exec Code 2016-04-12 2016-05-09
6.8
None Remote Medium Not required Partial Partial Partial
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
6191 CVE-2016-3169 264 +Priv 2016-04-12 2016-04-12
6.8
User Remote Medium Not required Partial Partial Partial
The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
6192 CVE-2016-3167 2016-04-12 2016-04-18
6.4
None Remote Low Not required Partial Partial None
Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a double-encoded URL in the "destination" parameter.
6193 CVE-2016-3162 284 Bypass 2016-04-12 2016-04-22
6.5
None Remote Low Single system Partial Partial Partial
The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files.
6194 CVE-2016-3142 119 DoS Overflow +Info 2016-03-31 2018-01-04
6.4
None Remote Low Not required Partial None Partial
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
6195 CVE-2016-3128 254 2017-01-13 2017-01-19
6.4
None Remote Low Not required Partial Partial None
A spoofing vulnerability in the Core of BlackBerry Enterprise Server (BES) 12 through 12.5.2 allows remote attackers to enroll an illegitimate device to the BES, gain access to device parameters for the BES, or send false information to the BES by gaining access to specific information about a device that was legitimately enrolled on the BES.
6196 CVE-2016-3118 2016-04-05 2016-04-07
6.4
None Remote Low Not required Partial Partial None
CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8.3.01, and 8.4 before 8.4.01 allows remote attackers to have an unspecified impact via unknown vectors.
6197 CVE-2016-3105 284 Exec Code 2016-05-09 2017-06-30
6.8
None Remote Medium Not required Partial Partial Partial
The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name.
6198 CVE-2016-3090 20 Exec Code 2017-10-30 2018-06-30
6.5
None Remote Low Single system Partial Partial Partial
The TextParseUtil.translateVariables method in Apache Struts 2.x before 2.3.20 allows remote attackers to execute arbitrary code via a crafted OGNL expression with ANTLR tooling.
6199 CVE-2016-3072 89 Exec Code Sql 2016-06-07 2019-04-22
6.5
None Remote Low Single system Partial Partial Partial
Multiple SQL injection vulnerabilities in the scoped_search function in app/controllers/katello/api/v2/api_controller.rb in Katello allow remote authenticated users to execute arbitrary SQL commands via the (1) sort_by or (2) sort_order parameter.
6200 CVE-2016-3069 20 Exec Code 2016-04-13 2018-10-30
6.8
None Remote Medium Not required Partial Partial Partial
Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.