Report ช่องโหว่ ประจำสัปดาห์ (18 เมษายน 2559)


บริการแจ้งเตือนช่องโหว่ เป็นข้อมูลช่องโหว่ที่อ้างอิงจากหมายเลข CVE และมีการประเมินความระดับรุนแรงของช่องโหว่ตามข้อมูล Common Vulnerabilities Scoring System (CVSS) สำหรับการแบ่งประเภทความรุนแรงของช่องโหว่ แบ่งได้เป็น 3 ระดับตามค่ารุนแรงของ CVSS Score ดังนี้:
  • High - ประเภทความรุนแรงระดับสูง ประเมินจากค่า CVSS 7.0 - 10.0
  • Medium - ประเภทความรุนแรงระดับปานกลาง ประเมินจากค่า CVSS 4.0 - 6.9
  • Low - ประเภทความรุนแรงระดับต่ำ ประเมินจากค่า CVSS 0.0 - 3.9
รายการช่องโหว่จะแสดงในรูปของตารางมีข้อมูล 5 ส่วนได้แก่ 1). ชื่อผู้ผลิต (Vendor) และ ชื่อผลิตภัณฑ์ (Product) 2). รายละเอียดช่องโหว่ซึ่งอาจรวมถึง ชื่อซอฟต์แวร์ เวอร์ชันที่ได้รับผลกระทบ และ ผลกระทบที่เกิดจากการโจมตีผ่านช่องโหว่ดังกล่าว 3). วันที่ประกาศช่องโหว่ 4). CVSS Score พร้อม link ที่มา 5). แหล่งที่มา โดยรายการช่องโหว่ดังกล่าวจะแสดงเฉพาะ รายการของซอฟต์แวร์ที่ไทยเซิร์ตติดตาม

High Vulnerabilities (ช่องโหว่ความรุนแรงระดับสูง)
ชื่อผู้ผลิต - ชื่อผลิตภัณฑ์
(Vendor - Product)
รายละเอียดช่องโหว่ วันที่ประกาศช่องโหว่ CVSS Score แหล่งที่มา
oracle - solarisUnspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the PAM LDAP module.2016-04-2110.0CVE-2016-0693
oracle - jdkUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.2016-04-2110.0CVE-2016-3443
oracle - jdkUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u772016-04-2110.0CVE-2016-3427
oracle - jdkUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to the Hotspot sub-component.2016-04-2110.0CVE-2016-0687
oracle - jdkUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Serialization.2016-04-2110.0CVE-2016-0686
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Pluggable Authentication.2016-04-2110.0CVE-2016-0639
google - chromeMultiple unspecified vulnerabilities in Google Chrome before 50.0.2661.75 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.2016-04-1810.0CVE-2016-1659
adobe - airUse-after-free vulnerability in the TextField object implementation in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted text property, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE2016-04-229.3CVE-2015-8823
oracle - flexcube_direct_bankingUnspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to the Login sub-component.2016-04-219.4CVE-2016-0699
oracle - outside_in_technologyUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Outside In Filters.2016-04-219.0CVE-2016-3455
google - chromeThe LoadBuffer implementation in Google V8, as used in Google Chrome before 50.0.2661.75, mishandles data types, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers an out-of-bounds write operation, related to compiler/pipeline.cc and compiler/simplified-lowering.cc.2016-04-189.3CVE-2016-1653
oracle - weblogic_serverUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, 12.1.3, and 12.2.1 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Messaging Service.2016-04-217.5CVE-2016-0638
oracle - solaris_operating_systemUnspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentiality, integrity, and availability via vectors related to Filesystem.2016-04-217.2CVE-2016-3441
oracle - jdkUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Deployment.2016-04-217.6CVE-2016-3449
oracle - databaseUnspecified vulnerability in the Java VM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.2016-04-217.6CVE-2016-3454
xen - xenInteger overflow in the x86 shadow pagetable code in Xen allows local guest OS users to cause a denial of service (host crash) or possibly gain privileges by shadowing a superpage mapping.2016-04-197.2CVE-2016-3960
google - chromeGoogle Chrome before 50.0.2661.75 does not properly consider that frame removal may occur during callback execution, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted extension.2016-04-187.5CVE-2016-1655
panda - panda_endpoint_administration_Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.2016-04-187.2CVE-2016-3943


Medium Vulnerabilities (ช่องโหว่ความรุนแรงระดับปานกลาง)
ชื่อผู้ผลิต - ชื่อผลิตภัณฑ์
(Vendor - Product)
รายละเอียดช่องโหว่ วันที่ประกาศช่องโหว่ CVSS Score แหล่งที่มา
foxitsoftware - phantompdfUse-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted FlateDecode stream in a PDF document.2016-04-226.8CVE-2016-4059
foxitsoftware - phantompdfThe ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on Windows, when the gflags app is enabled, allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted (1) JPEG, (2) GIF, or (3) BMP image.2016-04-226.8CVE-2016-4065
foxitsoftware - phantompdfUse-after-free vulnerability in the XFA forms handling functionality in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via a crafted remerge call.2016-04-226.8CVE-2016-4064
foxitsoftware - phantompdfUse-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to execute arbitrary code via an object with a revision number of -1 in a PDF document.2016-04-226.8CVE-2016-4063
oracle - weblogic_serverUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6 allows remote attackers to affect confidentiality and integrity via vectors related to Console.2016-04-216.4CVE-2016-0696
oracle - oracle_berkeley_dbUnspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0682, CVE-2016-0689, CVE-2016-0694, and CVE-2016-3418.2016-04-216.9CVE-2016-0692
oracle - configuratorUnspecified vulnerability in the Oracle Configurator component in Oracle Supply Chain Products Suite 12.0.6, 12.1, and 12.2 allows remote attackers to affect confidentiality and integrity via vectors related to JRAD Heartbeat.2016-04-216.4CVE-2016-3438
oracle - peoplesoft_enterprise_peopletoUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Activity Guide.2016-04-216.5CVE-2016-3421
oracle - oracle_berkeley_dbUnspecified vulnerability in the DataStore component in Oracle Berkeley DB 11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, and 12.1.6.1.26 allows local users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0689, CVE-2016-0692, CVE-2016-0694, and CVE-2016-3418.2016-04-216.9CVE-2016-0682
oracle - olapUnspecified vulnerability in the Oracle OLAP component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unspecified vectors.2016-04-216.5CVE-2016-0681
oracle - micros_arsposUnspecified vulnerability in the Oracle Retail MICROS ARS POS component in Oracle Retail Applications 1.5 allows remote authenticated users to affect confidentiality via vectors related to POS.2016-04-216.8CVE-2016-0684
oracle - field_serviceUnspecified vulnerability in the Oracle Field Service component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Wireless.2016-04-216.4CVE-2016-3466
samba - sambaSamba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof LDAPS and HTTPS servers and obtain sensitive information via a crafted certificate.2016-04-245.8CVE-2016-2113
foxitsoftware - phantompdfUse-after-free vulnerability in Foxit Reader and PhantomPDF before 7.3.4 on Windows allows remote attackers to cause a denial of service (application crash) via unspecified vectors.2016-04-225.0CVE-2016-4060
oracle - business_intelligenceUnspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality and integrity via vectors related to Analytics Scorecard.2016-04-215.8CVE-2016-0479
oracle - jdkUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 allows remote attackers to affect availability via vectors related to 2D.2016-04-215.0CVE-2016-3422
oracle - jdkUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u772016-04-215.0CVE-2016-3425
oracle - peoplesoft_enterprise_peopletoUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect integrity and availability via vectors related to PIA Grids.2016-04-215.5CVE-2016-0679
oracle - flexcube_direct_bankingUnspecified vulnerability in the Oracle FLEXCUBE Direct Banking component in Oracle Financial Services Software 12.0.2 and 12.0.3 allows remote attackers to affect confidentiality and integrity via vectors related to Pre-Login.2016-04-215.0CVE-2016-0672
google - chromeThe Extensions subsystem in Google Chrome before 50.0.2661.75 incorrectly relies on GetOrigin method calls for origin comparisons, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted extension.2016-04-185.0CVE-2016-1658
google - chromefxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 50.0.2661.75, does not properly implement the sycc420_to_rgb and sycc422_to_rgb functions, which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read) via crafted JPEG 2000 data in a PDF document.2016-04-185.8CVE-2016-1651
google - chromeThe download implementation in Google Chrome before 50.0.2661.75 on Android allows remote attackers to bypass intended pathname restrictions via unspecified vectors.2016-04-185.0CVE-2016-1656
samba - sambaThe bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 does not recognize the "client ldap sasl wrapping" setting, which allows man-in-the-middle attackers to perform LDAP protocol-downgrade attacks by modifying the client-server data stream.2016-04-244.3CVE-2016-2112
blackberry - enterprise_serverCross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918.2016-04-224.3CVE-2016-1917
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect confidentiality and availability via vectors related to MyISAM.2016-04-214.9CVE-2016-0641
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect integrity and availability via vectors related to Federated.2016-04-214.3CVE-2016-0642
oracle - application_object_libraryUnspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect integrity via vectors related to Logout.2016-04-214.3CVE-2016-3434
oracle - crm_technical_foundationUnspecified vulnerability in the Oracle CRM Wireless component in Oracle E-Business Suite 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Call Phone Number Page.2016-04-214.3CVE-2016-3439
oracle - databaseUnspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows local users to affect integrity via unknown vectors, a different vulnerability than CVE-2016-0690.2016-04-214.0CVE-2016-0691
oracle - peoplesoft_enterprise_peopletoUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to PIA Search Functionality.2016-04-214.3CVE-2016-3417
oracle - jdkUnspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded 8u77 allows remote attackers to affect confidentiality via vectors related to JCE.2016-04-214.3CVE-2016-3426
oracle - weblogic_serverUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Console, a different vulnerability than CVE-2016-0675.2016-04-214.3CVE-2016-0700
oracle - peoplesoft_enterprise_peopletoUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Search Framework.2016-04-214.0CVE-2016-0683
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to PS.2016-04-214.0CVE-2016-0649
oracle - peoplesoft_enterprise_human_caUnspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Fusion HR Talent Integration.2016-04-214.0CVE-2016-0407
oracle - peoplesoft_enterprise_peopletoUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 through 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to the Activity Guide sub-component.2016-04-214.3CVE-2016-0408
oracle - weblogic_serverUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors related to Console, a different vulnerability than CVE-2016-0700.2016-04-214.3CVE-2016-0675
oracle - siebel_ui_frameworkUnspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to UIF Open UI.2016-04-214.9CVE-2016-0673
oracle - solarisUnspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect availability via vectors related to the kernel.2016-04-214.0CVE-2016-0676
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to Replication.2016-04-214.0CVE-2016-0650
oracle - vm_virtualboxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 5.0.18 allows local users to affect confidentiality, integrity, and availability via vectors related to Core.2016-04-214.1CVE-2016-0678
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to DDL.2016-04-214.0CVE-2016-0644
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 and earlier, and 5.7.10 and earlier allows local users to affect availability via vectors related to DML.2016-04-214.0CVE-2016-0646
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect confidentiality via vectors related to DML.2016-04-214.0CVE-2016-0643
oracle - micros_c2Unspecified vulnerability in the Oracle Retail MICROS C2 component in Oracle Retail Applications 9.89.0.0 allows local users to affect confidentiality via vectors related to POS.2016-04-214.6CVE-2016-0469
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to PS.2016-04-214.0CVE-2016-0648
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to FTS.2016-04-214.0CVE-2016-0647
oracle - solarisUnspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect integrity via vectors related to the Automated Installer sub-component.2016-04-214.3CVE-2016-0623
squid-cache - squidThe FwdState::connectedToPeer method in FwdState.cc in Squid before 3.5.14 and 4.0.x before 4.0.6 does not properly handle SSL handshake errors when built with the --with-openssl option, which allows remote attackers to cause a denial of service (application crash) via a plaintext HTTP message.2016-04-194.3CVE-2016-2390
google - chromeThe WebContentsImpl::FocusLocationBarByDefault function in content/browser/web_contents/web_contents_impl.cc in Google Chrome before 50.0.2661.75 mishandles focus for certain about:blank pages, which allows remote attackers to spoof the address bar via a crafted URL.2016-04-184.3CVE-2016-1657
google - chromeThe media subsystem in Google Chrome before 50.0.2661.75 does not initialize an unspecified data structure, which allows remote attackers to cause a denial of service (invalid read operation) via unknown vectors.2016-04-184.3CVE-2016-1654
google - chromeCross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."2016-04-184.3CVE-2016-1652
videolan - vlc_media_playerBuffer overflow in the AStreamPeekStream function in input/stream.c in VideoLAN VLC media player before 2.2.0 allows remote attackers to cause a denial of service (crash) via a crafted wav file, related to "seek across EOF."2016-04-184.3CVE-2016-3941


Low Vulnerabilities (ช่องโหว่ความรุนแรงระดับต่ำ)
ชื่อผู้ผลิต - ชื่อผลิตภัณฑ์
(Vendor - Product)
รายละเอียดช่องโหว่ วันที่ประกาศช่องโหว่ CVSS Score แหล่งที่มา
blackberry - enterprise_serverCross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen.2016-04-223.5CVE-2016-1916
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB, a different vulnerability than CVE-2016-0656.2016-04-213.5CVE-2016-0654
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Options.2016-04-213.5CVE-2016-0661
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Optimizer.2016-04-213.5CVE-2016-0659
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Optimizer.2016-04-213.5CVE-2016-0658
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to DML.2016-04-213.5CVE-2016-0652
oracle - peoplesoft_enterprise_peopletoUnspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to Rich Text Editor, a different vulnerability than CVE-2016-0698.2016-04-213.5CVE-2016-3423
oracle - agile_product_lifecycle_manageUnspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.1.1, 9.3.1.2, 9.3.2, and 9.3.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to Security, a different vulnerability than CVE-2016-3431.2016-04-213.6CVE-2016-3420
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to Security: Encryption.2016-04-213.5CVE-2016-0665
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier allows local users to affect availability via vectors related to Security: Privileges.2016-04-213.5CVE-2016-0666
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows local users to affect availability via vectors related to Performance Schema.2016-04-213.5CVE-2016-0663
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.6.29 and earlier and 5.7.11 and earlier allows local users to affect availability via vectors related to InnoDB.2016-04-213.5CVE-2016-0655
oracle - siebel_core-common_componentsUnspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows local users to affect confidentiality and integrity via vectors related to Email.2016-04-213.2CVE-2016-0674
oracle - business_intelligenceUnspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to Analytics Web General.2016-04-213.5CVE-2016-0468
oracle - jdkUnspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u772016-04-212.6CVE-2016-0695
oracle - weblogic_serverUnspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via vectors related to Core Components.2016-04-212.6CVE-2016-0688
oracle - solaris_operating_systemUnspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availability via vectors related to Filesystem.2016-04-212.1CVE-2016-3419
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows local users to affect availability via vectors related to Locking.2016-04-212.8CVE-2016-0667
oracle - http_serverUnspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module.2016-04-212.6CVE-2016-0671
apache - hadoopApache Hadoop 2.6.x encrypts intermediate data generated by a MapReduce job and stores it along with the encryption key in a credentials file on disk when the Intermediate data encryption feature is enabled, which allows local users to obtain sensitive information by reading the file.2016-04-192.1CVE-2015-1776
oracle - agile_engineering_data_managemUnspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect availability via vectors related to Engineering Communication Interface.2016-04-211.8CVE-2016-3428
oracle - mysqlUnspecified vulnerability in Oracle MySQL 5.6.28 and earlier and 5.7.10 and earlier allows local users to affect availability via vectors related to InnoDB.2016-04-211.7CVE-2016-0668