Security Vulnerabilities - CVEs Published In 2016
Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
CVSS Score
4.9
EPSS Score
0.003
Published
2016-10-25
Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and earlier allows remote authenticated users to affect availability via vectors related to Server: Optimizer.
CVSS Score
6.5
EPSS Score
0.021
Published
2016-10-25
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.
CVSS Score
7.7
EPSS Score
0.028
Published
2016-10-25
Ruckus Wireless H500 web management interface denial of service
CVSS Score
7.5
EPSS Score
0.004
Published
2016-10-25
Ruckus Wireless H500 web management interface authentication bypass
CVSS Score
5.3
EPSS Score
0.003
Published
2016-10-25
Ruckus Wireless H500 web management interface CSRF
CVSS Score
8.8
EPSS Score
0.002
Published
2016-10-25
Shotwell version 0.22.0 (and possibly other versions) is vulnerable to a TLS/SSL certification validation flaw resulting in a potential for man in the middle attacks.
CVSS Score
3.7
EPSS Score
0.003
Published
2016-10-25
TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times.
CVSS Score
7.5
EPSS Score
0.006
Published
2016-10-25
Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation Remote Code Execution
CVSS Score
9.8
EPSS Score
0.501
Published
2016-10-25
The Administrative Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, and 8.5.x before 8.5.5.10 mishandles CSRFtoken cookies, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2016-10-22