CVE-2016-1905

The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object...

OpenJDK: logging of RMI connection secrets (JMX, 8130710)

Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66, and Java SE Embedded 8u65 allows remote authenticated users to affect confidentiality via vectors related to JMX...

CVE-2016-1141

KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors...

CVE-2016-1141

KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors...

Lexmark Printer Competitive Conditions Vulnerability

Lexmark printer is a printer product from Lexmark, USA. A competitive condition vulnerability exists in the initialization process of the Lexmark printer. A remote attacker can bypass authentication via incorrect detection of security-jumper state...

UBUNTU-CVE-2015-8794

Absolute path traversal vulnerability in program/steps/addressbook/photo.inc in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote authenticated users to read arbitrary files via a full pathname in the alt parameter, related to contact photo handling...

CVE-2015-8794

Roundcube Webmail contains an absolute path traversal vulnerability in program/steps/addressbook/photo.inc, affecting Roundcube before 1.0.6 and 1.1.x before 1.1.2. A remote authenticated user can read arbitrary files by supplying a full pathname in the _alt parameter during contact photo handlin...

CVE-2016-0869

Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows remote authenticated users to cause a denial of service via a malformed HTML document...

jenkins: plug-in code can be downloaded by anyone with read access (SECURITY-155)

Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent downloading of plugins, which allows remote authenticated users with the Overall/READ permission to obtain sensitive information by reading the plugin code...

jenkins: job configuration issues (SECURITY-127, SECURITY-128)

Jenkins before 1.583 and LTS before 1.565.3 allows remote authenticated users with the Job/CONFIGURE permission to bypass intended restrictions and create or destroy arbitrary jobs via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in IBM WebSphere Application Server 7.0 before 7.0.0.41, 8.0 before 8.0.0.12, and 8.5 before 8.5.5.9 allows remote authenticated users to inject arbitrary web script or HTML via crafted data from an OAuth provider...

CVE-2016-0608

Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 and earlier, and 5.7.9 and MariaDB before 5.5.47, 10.0.x before 10.0.23, and 10.1.x before 10.1.10 allows remote authenticated users to affect availability via vectors related to UDF...

CVE-2016-0591

Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Supplier Change...

UBUNTU-CVE-2016-0599

Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote authenticated users to affect availability via unknown vectors related to Optimizer...

CVE-2016-0472

Unspecified vulnerability in the XDB - XML Database component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality and availability via unknown vectors...

Design/Logic Flaw

Unspecified vulnerability in the Security component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect integrity via unknown vectors...

CVE-2016-0502

Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer...

CVE-2016-0425

Unspecified vulnerability in the JD Edwards EnterpriseOne Tools component in Oracle JD Edwards Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Monitoring and Diagnostics...

CVE-2016-0523

Unspecified vulnerability in the Oracle Interaction Blending component in Oracle E-Business Suite 11.5.10.2, 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Blending Administration...

CVE-2016-0442

CVE-2016-0442 affects Oracle Enterprise Manager Grid Control’s Enterprise Manager Base Platform Loader Service in 12.1.0.4 and 12.1.0.5. The vulnerability enables remote authenticated users to impact confidentiality, integrity, and availability via unknown vectors related to the Loader Service. P...