# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
28701 |
CVE-2016-8316 |
284 |
|
|
2017-01-27 |
2017-02-10 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Investor Servicing, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). |
28702 |
CVE-2016-8315 |
284 |
|
|
2017-01-27 |
2017-02-10 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Infrastructure Code). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts). |
28703 |
CVE-2016-8314 |
254 |
|
|
2017-01-27 |
2017-02-10 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 5.1.0, 5.2.0 and 11.5.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Core Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Core Banking accessible data. CVSS v3.0 Base Score 3.1 (Confidentiality impacts). |
28704 |
CVE-2016-8313 |
200 |
|
+Info |
2017-01-27 |
2017-02-10 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.1 (Confidentiality impacts). |
28705 |
CVE-2016-8312 |
284 |
|
|
2017-01-27 |
2017-02-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 8.2 (Confidentiality and Integrity impacts). |
28706 |
CVE-2016-8311 |
284 |
|
|
2017-01-27 |
2017-02-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.5 (Confidentiality impacts). |
28707 |
CVE-2016-8309 |
284 |
|
|
2017-01-27 |
2017-02-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts). |
28708 |
CVE-2016-8308 |
|
|
|
2017-01-27 |
2017-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts). |
28709 |
CVE-2016-8307 |
284 |
|
|
2017-01-27 |
2017-02-10 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts). |
28710 |
CVE-2016-8306 |
254 |
|
|
2017-01-27 |
2017-02-10 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Investor Servicing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Investor Servicing accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Investor Servicing accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). |
28711 |
CVE-2016-8305 |
200 |
|
+Info |
2017-01-27 |
2017-02-10 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows physical access to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 2.1 (Confidentiality impacts). |
28712 |
CVE-2016-8304 |
284 |
|
|
2017-01-27 |
2017-02-10 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 5.4 (Confidentiality and Integrity impacts). |
28713 |
CVE-2016-8303 |
254 |
|
|
2017-01-27 |
2017-02-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Universal Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). |
28714 |
CVE-2016-8302 |
200 |
|
+Info |
2017-01-27 |
2017-02-10 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.3 (Confidentiality impacts). |
28715 |
CVE-2016-8301 |
|
|
|
2017-01-27 |
2017-02-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 4.3 (Integrity impacts). |
28716 |
CVE-2016-8300 |
284 |
|
|
2017-01-27 |
2017-02-10 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 5.3 (Confidentiality impacts). |
28717 |
CVE-2016-8299 |
284 |
|
DoS |
2017-01-27 |
2017-02-10 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Universal Banking accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle FLEXCUBE Universal Banking. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). |
28718 |
CVE-2016-8298 |
284 |
|
|
2017-01-27 |
2017-02-10 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Private Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts). |
28719 |
CVE-2016-8297 |
284 |
|
|
2017-01-27 |
2017-02-10 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
Vulnerability in the Oracle FLEXCUBE Universal Banking component of Oracle Financial Services Applications (subcomponent: Core). Supported versions that are affected are 11.3.0, 11.4.0, 12.0.1, 12.0.2, 12.0.3, 12.1.0 and 12.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle FLEXCUBE Universal Banking. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle FLEXCUBE Universal Banking accessible data as well as unauthorized access to critical data or complete access to all Oracle FLEXCUBE Universal Banking accessible data. CVSS v3.0 Base Score 8.1 (Confidentiality and Integrity impacts). |
28720 |
CVE-2016-8296 |
284 |
|
|
2016-10-25 |
2017-07-28 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to LDAP. |
28721 |
CVE-2016-8295 |
200 |
|
+Info |
2016-10-25 |
2017-07-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality via unknown vectors. |
28722 |
CVE-2016-8294 |
200 |
|
+Info |
2016-10-25 |
2017-07-28 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote authenticated users to affect confidentiality via unknown vectors. |
28723 |
CVE-2016-8293 |
284 |
|
|
2016-10-25 |
2017-07-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-5530. |
28724 |
CVE-2016-8292 |
284 |
|
|
2016-10-25 |
2017-07-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to Talent Acquisition Manager. |
28725 |
CVE-2016-8291 |
284 |
|
|
2016-10-25 |
2017-07-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Mobile Application Platform. |
28726 |
CVE-2016-8290 |
|
|
|
2016-10-25 |
2017-07-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Performance Schema, a different vulnerability than CVE-2016-5633. |
28727 |
CVE-2016-8289 |
264 |
|
|
2016-10-25 |
2017-07-28 |
3.3 |
None |
Local |
Medium |
Not required |
None |
Partial |
Partial |
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows local users to affect integrity and availability via vectors related to Server: InnoDB. |
28728 |
CVE-2016-8288 |
284 |
|
|
2016-10-25 |
2018-01-04 |
4.9 |
None |
Remote |
Medium |
Single system |
None |
Partial |
Partial |
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin. |
28729 |
CVE-2016-8287 |
|
|
|
2016-10-25 |
2017-07-28 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. |
28730 |
CVE-2016-8286 |
200 |
|
+Info |
2016-10-25 |
2017-07-28 |
3.5 |
None |
Remote |
Medium |
Single system |
Partial |
None |
None |
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges. |
28731 |
CVE-2016-8285 |
284 |
|
|
2016-10-25 |
2017-07-28 |
4.9 |
None |
Remote |
Medium |
Single system |
Partial |
Partial |
None |
Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote administrators to affect confidentiality and integrity via vectors related to Candidate Gateway. |
28732 |
CVE-2016-8284 |
|
|
|
2016-10-25 |
2018-01-04 |
1.2 |
None |
Local |
High |
Not required |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication. |
28733 |
CVE-2016-8283 |
|
|
|
2016-10-25 |
2018-01-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Types. |
28734 |
CVE-2016-8282 |
284 |
|
|
2017-01-27 |
2017-02-10 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Product / Instrument Search). Supported versions that are affected are 2.0.1, 2.2.0 and 12.0.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle FLEXCUBE Private Banking. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle FLEXCUBE Private Banking, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle FLEXCUBE Private Banking accessible data as well as unauthorized read access to a subset of Oracle FLEXCUBE Private Banking accessible data. CVSS v3.0 Base Score 6.1 (Confidentiality and Integrity impacts). |
28735 |
CVE-2016-8281 |
284 |
|
|
2016-10-25 |
2017-07-28 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middleware 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-5536. |
28736 |
CVE-2016-8280 |
22 |
|
Dir. Trav. |
2016-10-03 |
2016-10-04 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
Directory traversal vulnerability in Huawei eSight before V300R003C20SPC005 allows remote authenticated users to read arbitrary files via unspecified vectors. |
28737 |
CVE-2016-8277 |
20 |
|
DoS |
2016-10-03 |
2016-10-06 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
Huawei USG9520, USG9560, and USG9580 unified security gateways with software before V300R001C01SPCa00 allow remote authenticated users to cause a denial of service (device restart) via an unspecified command parameter. |
28738 |
CVE-2016-8275 |
20 |
|
|
2017-04-02 |
2017-04-05 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
Huawei AnyOffice V200R006C00 could allow an authenticated, remote attacker to cause the software to deny services by uploading an XML bomb. |
28739 |
CVE-2016-8273 |
20 |
|
|
2017-04-02 |
2017-04-05 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for upgrade software package download and does not check the integrity of the software package before installing; an attacker can launch an MITM attack to interrupt or replace the downloaded software package and further compromise the PC. |
28740 |
CVE-2016-8272 |
200 |
|
+Info |
2017-04-02 |
2017-04-05 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Huawei PC client software HiSuite 4.0.5.300_OVE has an information leak vulnerability; an attacker who can log in to the system can copy out the user's proxy password, causing information leaks. |
28741 |
CVE-2016-8271 |
200 |
|
+Info |
2017-04-02 |
2017-05-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL. |
28742 |
CVE-2016-8236 |
284 |
|
|
2017-03-03 |
2017-03-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
Reset to default settings may occur in Lenovo ThinkServer TSM RD350, RD450, RD550, RD650, TD350 during a prolonged broadcast storm in TSM versions earlier than 3.77. |
28743 |
CVE-2016-8233 |
532 |
|
|
2017-03-01 |
2017-03-02 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
Log files generated by Lenovo XClarity Administrator (LXCA) versions earlier than 1.2.2 may contain user credentials in a non-secure, clear text form that could be viewed by a non-privileged user. |
28744 |
CVE-2016-8232 |
79 |
|
XSS |
2017-03-01 |
2017-03-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Document Object Model-(DOM) based cross-site scripting vulnerability in the Advanced Management Module (AMM) versions earlier than 66Z of Lenovo IBM BladeCenter HS22, HS22V, HS23, HS23E, HX5 allows an unauthenticated attacker with access to the AMM's IP address to send a crafted URL that could inject a malicious script to access a user's AMM data such as cookies or other session information. |
28745 |
CVE-2016-8231 |
295 |
|
|
2017-06-04 |
2017-06-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
In Lenovo Service Bridge before version 4, a bug found in the signature verification logic of the code signing certificate could be exploited by an attacker to insert a forged code signing certificate. |
28746 |
CVE-2016-8230 |
200 |
|
+Info |
2017-06-04 |
2017-06-09 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
In Lenovo Service Bridge before version 4, an insecure HTTP connection is used by LSB to send system serial number, machine type and model and product name to Lenovo's servers. |
28747 |
CVE-2016-8229 |
352 |
|
CSRF |
2017-06-04 |
2017-06-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. |
28748 |
CVE-2016-8226 |
19 |
|
DoS |
2017-01-26 |
2017-01-31 |
6.8 |
None |
Remote |
Low |
Single system |
None |
None |
Complete |
The BIOS in Lenovo System X M5, M6, and X6 systems allows administrators to cause a denial of service via updating a UEFI data structure. |
28749 |
CVE-2016-8225 |
428 |
|
Exec Code |
2017-01-26 |
2017-01-31 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB Keyboard Driver versions earlier than 1.21 allows local users to execute code with elevated privileges. |
28750 |
CVE-2016-8224 |
310 |
|
DoS |
2016-11-29 |
2016-12-06 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
A vulnerability has been identified in some Lenovo Notebook and ThinkServer systems where an attacker with administrative privileges on a system could install a program that circumvents Intel Management Engine (ME) protections. This could result in a denial of service or privilege escalation attack on the system. |