Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 261447 entries
IDDescriptionPriorityModified date
CVE-2016-0438 Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0436, and CVE-2016-0437. LOW Jan 20, 2016
CVE-2016-0437 Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0436, and CVE-2016-0438. LOW Jan 20, 2016
CVE-2016-0436 Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0437, and CVE-2016-0438. LOW Jan 20, 2016
CVE-2016-0435 Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality and integrity via vectors related to Mobile POS. LOW Jan 20, 2016
CVE-2016-0434 Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0436, CVE-2016-0437, and CVE-2016-0438. LOW Jan 20, 2016
CVE-2016-0433 Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support. MEDIUM Jan 20, 2016
CVE-2016-0432 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4808, CVE-2015-6013, CVE-2015-6014, and CVE-2015-6015. LOW Jan 20, 2016
CVE-2016-0431 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0419. LOW Jan 20, 2016
CVE-2016-0430 Unspecified vulnerability in the Web Cache component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality via vectors related to SSL support, a different vulnerability than CVE-2016-0439. MEDIUM Jan 20, 2016
CVE-2016-0429 Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect integrity via unknown vectors related to Scheduler, a different vulnerability than CVE-2016-0401. MEDIUM Jan 20, 2016
CVE-2016-0428 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Verified Boot. MEDIUM Jan 20, 2016
CVE-2016-0427 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 11.2.0.4, 12.1.0.4, and 12.1.0.5 allows remote authenticated users to affect confidentiality via unknown vectors related to UI Framework. MEDIUM Jan 20, 2016
CVE-2016-0426 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality and availability via unknown vectors related to Solaris Kernel Zones. LOW Jan 20, 2016
CVE-2016-0425 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Monitoring and Diagnostics. MEDIUM Jan 20, 2016
CVE-2016-0424 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2016-0422. HIGH Jan 20, 2016
CVE-2016-0423 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Enterprise Infrastructure SEC. HIGH Jan 20, 2016
CVE-2016-0422 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Enterprise Infrastructure SEC, a different vulnerability than CVE-2016-0424. HIGH Jan 20, 2016
CVE-2016-0421 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via vectors related to Monitoring and Diagnostics SEC. MEDIUM Jan 20, 2016
CVE-2016-0420 Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote attackers to affect availability via unknown vectors related to Monitoring and Diagnostics. HIGH Jan 20, 2016
CVE-2016-0419 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0431. MEDIUM Jan 20, 2016
CVE-2016-0418 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0414. MEDIUM Jan 20, 2016
CVE-2016-0417 Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.2 allows local users to affect confidentiality, integrity, and availability via vectors related to HA for MySQL. MEDIUM Jan 20, 2016
CVE-2016-0416 Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect integrity via unknown vectors related to System Archive Utility. MEDIUM Jan 20, 2016
CVE-2016-0415 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1, 12.1.0.4, and 12.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to UI Framework. MEDIUM Jan 20, 2016
CVE-2016-0414 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Solaris Kernel Zones, a different vulnerability than CVE-2016-0418. HIGH Jan 20, 2016
CVE-2016-0413 Unspecified vulnerability in the Oracle Identity Federation component in Oracle Fusion Middleware 11.1.1.7 allows remote authenticated users to affect integrity via vectors related to Federation protocol support. MEDIUM Jan 20, 2016
CVE-2016-0412 Unspecified vulnerability in the PeopleSoft Enterprise SCM eProcurement component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect integrity via unknown vectors related to Manage Requisition Status. LOW Jan 20, 2016
CVE-2016-0411 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control 11.1.0.1 and 11.2.0.4 allows local users to affect confidentiality, integrity, and availability via vectors related to Agent Next Gen. MEDIUM Jan 20, 2016
CVE-2016-0410 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none -- Nov 7, 2023
CVE-2016-0409 Unspecified vulnerability in the PeopleSoft Enterprise HCM Global Payroll Switzerland component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Security. MEDIUM Jan 20, 2016
CVE-2016-0408 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 through 8.55 allows remote authenticated users to affect confidentiality and integrity via vectors related to the Activity Guide sub-component. MEDIUM Apr 22, 2016
CVE-2016-0407 Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Fusion HR Talent Integration. MEDIUM Apr 22, 2016
CVE-2016-0406 Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect integrity and availability via vectors related to Libc. LOW Jan 20, 2016
CVE-2016-0405 Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4 allows local users to affect confidentiality via vectors related to Cluster Manageability and Serviceability. LOW Jan 20, 2016
CVE-2016-0404 Unspecified vulnerability in the Oracle Identity Federation component in Oracle Fusion Middleware 11.1.2.2 allows remote attackers to affect integrity via vectors related to Admin. MEDIUM Jan 20, 2016
CVE-2016-0403 Unspecified vulnerability in Oracle Sun Solaris 11 allows remote attackers to affect availability via vectors related to SMB Utilities. HIGH Jan 20, 2016
CVE-2016-0402 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect integrity via unknown vectors related to Networking. MEDIUM Jan 20, 2016
CVE-2016-0401 Unspecified vulnerability in the Oracle BI Publisher component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect integrity via unknown vectors related to Scheduler, a different vulnerability than CVE-2016-0429. MEDIUM Jan 20, 2016
CVE-2016-0400 CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before 7.1.1.1, 8.5 before 8.5.0.3, and 8.6 before 8.6.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.<a href=https://cwe.mitre.org/data/definitions/93.html>CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')</a> MEDIUM Jul 6, 2016
CVE-2016-0399 Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.9 IFIX007, and 7.6 before 7.6.0.5 FP005 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. LOW Jul 6, 2016
CVE-2016-0398 IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers to conduct content-spoofing attacks via a crafted URL. MEDIUM Jul 5, 2016
CVE-2016-0397 WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) 9.x before 9.5.2 allows remote attackers to obtain sensitive information by sniffing the network for HTTP traffic. MEDIUM Aug 30, 2016
CVE-2016-0396 IBM Tivoli Endpoint Manager could allow a user under special circumstances to inject commands that would be executed with unnecessary higher privileges than expected. MEDIUM Feb 7, 2017
CVE-2016-0394 IBM Integration Bus and WebSphere Message broker sets incorrect permissions for an object that could allow a local attacker to manipulate certain files. LOW Feb 7, 2017
CVE-2016-0393 IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and 7.6 before 7.6.0.5-TIV-MAMMT-FP001 allows remote attackers to obtain sensitive URL information by reading log files. MEDIUM Jul 18, 2016
CVE-2016-0392 IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 through 2.0.7 and Elastic Storage Server 2.5.x through 2.5.5, 3.x before 3.5.5, and 4.x before 4.0.3, as distributed in Spectrum Scale RAID, allows local users to gain privileges via a crafted parameter to a setuid program. MEDIUM Jun 21, 2016
CVE-2016-0391 The IBM Watson Developer Cloud services on Bluemix platforms do not properly generate random numbers for service-instance credentials, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack. HIGH Jul 7, 2016
CVE-2016-0390 Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. LOW May 14, 2016
CVE-2016-0389 Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through 8.5.5.9 Liberty before Liberty Fix Pack 16.0.0.2 allows remote attackers to obtain sensitive information via unspecified vectors. MEDIUM Jul 8, 2016
CVE-2016-0387 Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before 3.4.2.4, and 3.5 before 3.5.0.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. LOW Jul 6, 2016
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online