Ffxi Patch Download April 2016

Posted by4 days ago
Stickied post

Welcome to the question megathread! If you have any questions around FFXI at all, this is the place to ask. Scroll down to the comments and ask away. Various FFXI resources are provided in the body of this topic directly before the comments.

Ffxi Patch Download

Are you a new or returning player? We have quite the list of Frequently Asked Questions that's pretty comprehensive of the questions most commonly asked around the sub. If your question isn't answered there, feel free to shoot in the comments below.

Ffxi Patch Download April 2016
BG Wiki

BG Wiki is a modern FFXI wiki with up-to-date pages on endgame specifics as well as various guides.

It is currently the only XI wiki with an active staff which are always working with members of the community to address concerns and suggestions. BG seeks to be the main wiki of the community. Consolidating the efforts of everyone into one single wiki is the most productive and effective. We welcome and invite all to join us!

How to update FFXI for Private Server Ben Parker. Boost Download Speeds. Final Fantasy XI Mounts Walkthrough - April 2016 Update - Duration. Thanks in advance for any help. I've been trying to install ffxi for a while and manage to download the 4 files from the playonline site. When I go to click on setup.exe it goes through the accepting terms box fine but after I click next it says 7zip there is no such archive.

  • Don't know where to start on the wiki? Check out the getting started page.

  • Anyone wishing to join Team Blue Gartr may join the Discord.

63 comments

Oracle Critical Patch Update CVSS V2 Risk Matrices - April 2016


Description

Ffxi Patch Download April 2016 Calendar

This is a placeholder for the Critical Patch Update of April, 2016, that provides CVSS V2 versions of the Risk Matrix Appendices for all vulnerabilities whose fixes were included in the Oracle Critical Patch Update for April, 2016.

The main Advisory for Oracle Critical Patch Update Release April, 2016 can be found here.

Ffxi Patch Download April 2016 Free

Note that the Oracle Critical Patch Update Advisory for April, 2016 will be the only Oracle Critical Patch Update Advisory that will include both CVSS V2 and CVSS V3 scoring and that future versions of Oracle Security Alerts or Oracle Critical Patch Update Advisories will not contain CVSS V2 information.

Appendix - Oracle Database Server

Oracle Database Server Executive Summary

This Critical Patch Update contains 5 new security fixes for the Oracle Database Server. 2 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. None of these fixes are applicable to client-only installations, i.e., installations that do not have the Oracle Database Server installed. The English text form of this Risk Matrix can be found here.

Please note that the Oracle Critical Patch Update Advisory for January 2016 was updated post release to clarify that CVE-2015-4923 is applicable to client-only installations. Database customers are strongly advised to apply the patches released in CPUJan2016 or later to their client-only installations.

Oracle Database Server Risk Matrix


CVE#ComponentProtocolPackage and/or Privilege RequiredRemote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2016-3454Java VMMultipleNoneYes7.6NetworkHighNoneCompleteCompleteComplete11.2.0.4, 12.1.0.1, 12.1.0.2See Note 1
CVE-2016-0681Oracle OLAPOracle NetExecute on DBMS_AWNo6.5NetworkLowSinglePartial+Partial+Partial+11.2.0.4, 12.1.0.1, 12.1.0.2
CVE-2016-0677RDBMS SecurityKerberosNoneYes5.0NetworkLowNoneNoneNonePartial+12.1.0.1, 12.1.0.2
CVE-2016-0690RDBMS SecurityOracle NetCreate SessionNo4.0NetworkLowSingleNonePartialNone11.2.0.4, 12.1.0.1, 12.1.0.2
CVE-2016-0691RDBMS SecurityOracle NetCreate SessionNo4.0NetworkLowSingleNonePartialNone11.2.0.4, 12.1.0.1, 12.1.0.2

Notes:

  1. The CVSS score is 7.6 only on Windows for Database versions prior to 12c. The CVSS is 5.1 (Confidentiality, Integrity and Availability is 'Partial+') for Database 12c on Windows and for all versions of Database on Linux, Unix and other platforms

Appendix - Oracle Fusion Middleware

Oracle Fusion Middleware Executive Summary

This Critical Patch Update contains 22 new security fixes for Oracle Fusion Middleware. 21 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.

Oracle Fusion Middleware products include Oracle Database components that are affected by the vulnerabilities listed in the Oracle Database section. The exposure of Oracle Fusion Middleware products is dependent on the Oracle Database version being used. Oracle Database security fixes are not listed in the Oracle Fusion Middleware risk matrix. However, since vulnerabilities affecting Oracle Database versions may affect Oracle Fusion Middleware products, Oracle recommends that customers apply the April 2016 Critical Patch Update to the Oracle Database components of Oracle Fusion Middleware products. For information on what patches need to be applied to your environments, refer to Critical Patch Update April 2016 Patch Availability Document for Oracle Products, My Oracle Support Note 2102148.1.

Oracle Fusion Middleware Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2016-3455Oracle Outside In TechnologyMultipleOutside In FiltersYes9.0NetworkLowNoneCompletePartialPartial8.5.0, 8.5.1, 8.5.2See Note 1
CVE-2015-7182Oracle GlassFish ServerHTTPSSecurityYes7.5NetworkLowNonePartialPartialPartial2.1.1
CVE-2015-7182Oracle OpenSSOHTTPSWeb AgentsYes7.5NetworkLowNonePartialPartialPartial3.0-0.7
CVE-2015-7182Oracle Traffic DirectorHTTPSSecurityYes7.5NetworkLowNonePartialPartialPartial11.1.1.7.0, 11.1.1.9.0
CVE-2015-3253Oracle WebCenter SitesMultipleSitesYes7.5NetworkLowNonePartialPartialPartial11.1.1.8.0, 12.2.1
CVE-2016-0638Oracle WebLogic ServerJMSJava Messaging ServiceYes7.5NetworkLowNonePartial+Partial+Partial+10.3.6, 12.1.2, 12.1.3, 12.2.1
CVE-2015-7182Oracle iPlanet Web Proxy ServerHTTPSSecurityYes7.5NetworkLowNonePartialPartialPartial4.0
CVE-2015-7182Oracle iPlanet Web ServerHTTPSSecurityYes7.5NetworkLowNonePartialPartialPartial7.0
CVE-2015-7547Oracle Exalogic InfrastructuremultipleBase ImageYes6.8NetworkMediumNonePartialPartialPartial1.0, 2.0
CVE-2016-0696Oracle WebLogic ServerHTTPConsoleYes6.4NetworkLowNonePartialPartialNone10.3.6
CVE-2016-0479Oracle Business Intelligence Enterprise EditionHTTPAnalytics ScorecardYes5.8NetworkMediumNonePartialPartialNone11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0
CVE-2015-3195Oracle API GatewayHTTPSOAGYes5.0NetworkLowNoneNoneNonePartial11.1.2.3.0, 11.1.2.4.0
CVE-2014-3576Oracle BI PublisherMultipleSecurityYes5.0NetworkLowNoneNoneNonePartial12.2.1.0.0
CVE-2015-3195Oracle Exalogic InfrastructureHTTPSNetwork Infra FrameworkYes5.0NetworkLowNoneNoneNonePartial1.0, 2.0
CVE-2015-3197Oracle Exalogic InfrastructureHTTPSBase ImageYes4.3NetworkMediumNonePartial+NoneNone1.0, 2.0
CVE-2015-3197Oracle TuxedoHTTPSOpen SSLYes4.3NetworkMediumNonePartialNoneNone12.1.1.0
CVE-2016-0675Oracle WebLogic ServerHTTPConsoleYes4.3NetworkMediumNoneNonePartialNone10.3.6, 12.1.2, 12.1.3
CVE-2016-0700Oracle WebLogic ServerHTTPConsoleYes4.3NetworkMediumNoneNonePartialNone10.3.6, 12.1.2, 12.1.3
CVE-2016-3416Oracle WebLogic ServerHTTPConsoleYes4.3NetworkMediumNoneNonePartialNone10.3.6, 12.1.2, 12.1.3, 12.2.1
CVE-2016-0468Oracle Business Intelligence Enterprise EditionHTTPAnalytics Web GeneralNo3.5NetworkMediumSingleNonePartialNone11.1.1.7.0, 11.1.1.9.0, 12.2.1.0.0
CVE-2016-0671Oracle HTTP ServerHTTPSOSSL ModuleYes2.6NetworkHighNonePartialNoneNone12.1.2.0
CVE-2016-0688Oracle WebLogic ServerHTTPCore ComponentsYes2.6NetworkHighNoneNonePartialNone10.3.6, 12.1.2, 12.1.3

Notes:

  1. Outside In Technology is a suite of software development kits (SDKs). It does not have any particular associated protocol. The score here assumes that the hosting software passes data received over the network to Outside In Technology code. In any other cases, the scores could be lower than this.

Additional CVEs addressed:

  1. CVE-2015-7182 fix also addresses CVE-2015-2721, CVE-2015-4000, CVE-2015-7181, CVE-2015-7183, CVE-2015-7575.

Appendix - Oracle Enterprise Manager Grid Control

Oracle Enterprise Manager Grid Control Executive Summary

This Critical Patch Update contains 2 new security fixes for Oracle Enterprise Manager Grid Control. 1 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. None of these fixes are applicable to client-only installations, i.e., installations that do not have Oracle Enterprise Manager Grid Control installed. The English text form of this Risk Matrix can be found here.

Oracle Enterprise Manager products include Oracle Database and Oracle Fusion Middleware components that are affected by the vulnerabilities listed in the Oracle Database and Oracle Fusion Middleware sections. The exposure of Oracle Enterprise Manager products is dependent on the Oracle Database and Oracle Fusion Middleware versions being used. Oracle Database and Oracle Fusion Middleware security fixes are not listed in the Oracle Enterprise Manager risk matrix. However, since vulnerabilities affecting Oracle Database and Oracle Fusion Middleware versions may affect Oracle Enterprise Manager products, Oracle recommends that customers apply the April 2016 Critical Patch Update to the Oracle Database and Oracle Fusion Middleware components of Enterprise Manager. For information on what patches need to be applied to your environments, refer to Critical Patch Update April 2016 Patch Availability Document for Oracle Products, My Oracle Support Note 2102148.1.

Oracle Enterprise Manager Grid Control Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2015-7501Oracle Application Testing SuiteHTTPSInstallNo8.5NetworkMediumSingleCompleteCompleteComplete12.4.0.2, 12.5.0.2
CVE-2015-3197OSS Support Tools Oracle ExplorerHTTPSBinariesYes4.3NetworkMediumNonePartialNoneNone8.11.16.3.8

Appendix - Oracle Applications

Oracle E-Business Suite Executive Summary

This Critical Patch Update contains 7 new security fixes for the Oracle E-Business Suite. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.

Oracle E-Business Suite products include Oracle Database and Oracle Fusion Middleware components that are affected by the vulnerabilities listed in the Oracle Database and Oracle Fusion Middleware sections. The exposure of Oracle E-Business Suite products is dependent on the Oracle Database and Oracle Fusion Middleware versions being used. Oracle Database and Oracle Fusion Middleware security fixes are not listed in the Oracle E-Business Suite risk matrix. However, since vulnerabilities affecting Oracle Database and Oracle Fusion Middleware versions may affect Oracle E-Business Suite products, Oracle recommends that customers apply the April 2016 Critical Patch Update to the Oracle Database and Oracle Fusion Middleware components of Oracle E-Business Suite. For information on what patches need to be applied to your environments, refer to Oracle E-Business Suite Releases 11i and 12 Critical Patch Update Knowledge Document (April 2016), My Oracle Support Note 2113110.1.

Oracle E-Business Suite Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2016-3466Oracle Field ServiceHTTPWirelessYes6.4NetworkLowNonePartial+Partial+None12.1.1, 12.1.2, 12.1.3
CVE-2016-3434Oracle Application Object LibraryHTTPLogoutYes4.3NetworkMediumNoneNonePartialNone12.1.3, 12.2.3, 12.2.4, 12.2.5
CVE-2016-3439Oracle CRM WirelessHTTPCall Phone Number PageYes4.3NetworkMediumNoneNonePartialNone12.1.3
CVE-2016-3437Oracle CRM WirelessHTTPPerson Address PageYes4.3NetworkMediumNoneNonePartialNone12.1.3
CVE-2016-3436Oracle Common Applications CalendarHTTPTasksYes4.3NetworkMediumNoneNonePartialNone12.1.1, 12.1.2, 12.1.3
CVE-2016-0697Oracle Application Object LibraryOracle NetDB PrivilegesNo3.6NetworkHighSinglePartial+Partial+None12.1.3, 12.2.3, 12.2.4, 12.2.5
CVE-2016-3447Oracle Applications FrameworkHTTPOAF CoreYes2.6NetworkHighNoneNonePartialNone12.1.3, 12.2.3, 12.2.4, 12.2.5

Oracle Supply Chain Products Suite Executive Summary

This Critical Patch Update contains 6 new security fixes for the Oracle Supply Chain Products Suite. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.

Oracle Supply Chain Products Suite Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2016-3438Oracle ConfiguratorHTTPJRAD HeartbeatYes6.4NetworkLowNonePartialPartialNone12.1, 12.2
CVE-2015-3195Oracle Transportation ManagementHTTPSInstallYes5.0NetworkLowNoneNoneNonePartial6.1, 6.2
CVE-2016-3456Oracle Complex Maintenance, Repair, and OverhaulHTTPDialog BoxYes4.3NetworkMediumNoneNonePartialNone12.1.1, 12.1.2, 12.1.3
CVE-2016-3420Oracle Agile PLMHTTPSecurityNo3.6NetworkHighSinglePartialPartialNone9.3.1.1, 9.3.1.2, 9.3.2, 9.3.3
CVE-2016-3431Oracle Agile PLMHTTPSecurityNo3.6NetworkHighSinglePartialPartialNone9.3.1.1, 9.3.1.2, 9.3.2, 9.3.3
CVE-2016-3428Oracle Agile Engineering Data ManagementECI (Proprietary EDM Protocol)Engineering Communication InterfaceNo1.8Adjacent NetworkHighNoneNoneNonePartial6.1.3.0, 6.2.0.0

Oracle PeopleSoft Products Executive Summary

This Critical Patch Update contains 15 new security fixes for Oracle PeopleSoft Products. 6 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.

Oracle PeopleSoft Products Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2016-3421PeopleSoft Enterprise PeopleToolsHTTPActivity GuideNo6.5NetworkLowSinglePartialPartialPartial8.53, 8.54, 8.55
CVE-2016-3460PeopleSoft Enterprise HCMHTTPePerformanceNo5.5NetworkLowSinglePartialPartialNone9.2
CVE-2016-3457PeopleSoft Enterprise HCM ePerformanceHTTPSecurityNo5.5NetworkLowSinglePartialPartialNone9.2
CVE-2016-0685PeopleSoft Enterprise PeopleToolsHTTPFile ProcessingNo5.5NetworkLowSinglePartialPartialNone8.53, 8.54, 8.55
CVE-2016-0679PeopleSoft Enterprise PeopleToolsHTTPPIA GridsNo5.5NetworkLowSingleNonePartial+Partial+8.53, 8, 54, 8.55
CVE-2016-0680PeopleSoft Enterprise SCMHTTPServices ProcurementNo5.5NetworkLowSinglePartialPartialNone9.1, 9.2
CVE-2016-3435PeopleSoft Enterprise PeopleToolsHTTPPIA Core TechnologyYes5.0NetworkLowNoneNoneNonePartial8.53, 8.54, 8.55
CVE-2016-0408PeopleSoft Enterprise PeopleToolsHTTPActivity GuideYes4.3NetworkMediumNoneNonePartialNone8.53, 8.54, 8.55
CVE-2016-3417PeopleSoft Enterprise PeopleToolsHTTPPIA Search FunctionalityYes4.3NetworkMediumNoneNonePartialNone8.53, 8.54, 8.55
CVE-2016-3442PeopleSoft Enterprise PeopleToolsHTTPPortalYes4.3NetworkMediumNoneNonePartialNone8.53, 8.54, 8.55
CVE-2016-0698PeopleSoft Enterprise PeopleToolsHTTPRich Text EditorYes4.3NetworkMediumNoneNonePartialNone8.53, 8.54, 8.55
CVE-2015-3197PeopleSoft Enterprise PeopleToolsHTTPSSecurityYes4.3NetworkMediumNonePartialNoneNone8.53, 8.54, 8.55
CVE-2016-0407PeopleSoft Enterprise HCMHTTPFusion HR Talent IntegrationNo4.0NetworkLowSinglePartialNoneNone9.1, 9.2
CVE-2016-0683PeopleSoft Enterprise PeopleToolsHTTPSearch FrameworkNo4.0NetworkLowSingleNonePartialNone8.53, 8.54, 8.55
CVE-2016-3423PeopleSoft Enterprise PeopleToolsHTTPRich Text EditorNo3.5NetworkMediumSingleNonePartialNone8.53, 8.54, 8.55

Additional CVEs addressed:

  1. CVE-2015-3197 fix also addresses CVE-2015-3195.

Oracle JD Edwards Products Executive Summary

This Critical Patch Update contains 1 new security fix for Oracle JD Edwards Products. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.

Oracle JD Edwards Products Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2015-1793JD Edwards EnterpriseOne ToolsHTTPOneWorld Tools SecurityYes6.4NetworkLowNonePartialPartialNone9.1, 9.2

Oracle Siebel CRM Executive Summary

This Critical Patch Update contains 2 new security fixes for Oracle Siebel CRM. Neither of these vulnerabilities may be remotely exploitable without authentication, i.e., neither may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.

Oracle Siebel CRM Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2016-0673Siebel UI FrameworkHTTPUIF Open UINo5.5NetworkLowSinglePartialPartialNone8.1.1, 8.2.2
CVE-2016-0674Siebel Core - Common ComponentsHTTPEmailNo3.2LocalLowSinglePartialPartialNone8.1.1, 8.2.2

Appendix - Oracle Industry Applications

Oracle Communications Applications Executive Summary

This Critical Patch Update contains 1 new security fix for Oracle Communications Applications. This vulnerability is not remotely exploitable without authentication, i.e., may not be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.

Oracle Communications Applications Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2014-2532Oracle Communications User Data RepositoryOpenSSHSecurityNo4.9NetworkMediumSinglePartialPartialNone10.0.1

Oracle Retail Applications Executive Summary

This Critical Patch Update contains 3 new security fixes for Oracle Retail Applications. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.

Oracle Retail Applications Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2016-0684Oracle Retail MICROS ARS POSOracle NetPOSNo6.8NetworkLowSingleCompleteNoneNone1.5
CVE-2016-3429Oracle Retail Xstore Point of ServiceHTTPXstore ServicesNo5.4LocalMediumNoneCompletePartialNone5.0, 5.5, 6.0, 6.5, 7.0, 7.1
CVE-2016-0469Oracle Retail MICROS C2HTTPSPOSNo4.6LocalLowSingleCompleteNoneNone9.89.0.0

Oracle Health Sciences Applications Executive Summary

This Critical Patch Update contains 1 new security fix for Oracle Health Sciences Applications. This vulnerability is remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.

Oracle Health Sciences Applications Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2015-3195Oracle Life Sciences Data HubHTTPSOpen SSLYes5.0NetworkLowNoneNoneNonePartial2.1

Appendix - Oracle Financial Services Software

Oracle Financial Services Software Executive Summary

This Critical Patch Update contains 4 new security fixes for Oracle Financial Services Software. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.

Oracle Financial Services Software Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2016-0699Oracle FLEXCUBE Direct BankingHTTPLoginYes9.4NetworkLowNoneCompleteCompleteNone12.0.2, 12.0.3
CVE-2016-0672Oracle FLEXCUBE Direct BankingHTTPPre-LoginYes5.0NetworkLowNonePartialNoneNone12.0.2, 12.0.3
CVE-2016-3463Oracle FLEXCUBE Direct BankingHTTPPre-LoginYes5.0NetworkLowNonePartialNoneNone12.0.3
CVE-2016-3464Oracle FLEXCUBE Direct BankingHTTPAccountsNo4.0NetworkLowSinglePartialNoneNone12.0.3

Appendix - Oracle Java SE

Oracle Java SE Executive Summary

This Critical Patch Update contains 9 new security fixes for Oracle Java SE. All of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.


The CVSS scores below assume that a user running a Java applet or Java Web Start application has administrator privileges (typical on Windows). When the user does not run with administrator privileges (typical on Solaris and Linux), the corresponding CVSS impact scores for Confidentiality, Integrity, and Availability are 'Partial' instead of 'Complete', lowering the CVSS Base Score. For example, a Base Score of 10.0 becomes 7.5.
Users should only use the default Java Plug-in and Java Web Start from the latest JDK or JRE 7 and 8 releases.

Oracle Java SE Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2016-3443Java SEMultiple2DYes10.0NetworkLowNoneCompleteCompleteCompleteJava SE: 6u113, 7u99, 8u77See Note 1
CVE-2016-0687Java SE, Java SE EmbeddedMultipleHotspotYes10.0NetworkLowNoneCompleteCompleteCompleteJava SE: 6u113, 7u99, 8u77; Java SE Embedded: 8u77See Note 1
CVE-2016-0686Java SE, Java SE EmbeddedMultipleSerializationYes10.0NetworkLowNoneCompleteCompleteCompleteJava SE: 6u113, 7u99, 8u77; Java SE Embedded: 8u77See Note 1
CVE-2016-3427Java SE, Java SE Embedded, JRockitMultipleJMXYes10.0NetworkLowNoneCompleteCompleteCompleteJava SE: 6u113, 7u99, 8u77; Java SE Embedded: 8u77; JRockit: R28.3.9See Note 2
CVE-2016-3449Java SEMultipleDeploymentYes7.6NetworkHighNoneCompleteCompleteCompleteJava SE: 6u113, 7u99, 8u77See Note 1
CVE-2016-3422Java SEMultiple2DYes5.0NetworkLowNoneNoneNonePartialJava SE: 6u113, 7u99, 8u77See Note 1
CVE-2016-3425Java SE, Java SE Embedded, JRockitMultipleJAXPYes5.0NetworkLowNoneNoneNonePartialJava SE: 6u113, 7u99, 8u77; Java SE Embedded: 8u77; JRockit: R28.3.9See Note 2
CVE-2016-3426Java SE, Java SE EmbeddedMultipleJCEYes4.3NetworkMediumNonePartialNoneNoneJava SE: 8u77; Java SE Embedded: 8u77See Note 1
CVE-2016-0695Java SE, Java SE Embedded, JRockitMultipleSecurityYes2.6NetworkHighNonePartialNoneNoneJava SE: 6u113, 7u99, 8u77; Java SE Embedded: 8u77; JRockit: R28.3.9See Note 3

Notes:

  1. This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator).
  2. Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.
  3. Applies to client and server deployment of JSSE.

Appendix - Oracle Sun Systems Products Suite

Oracle Sun Systems Products Suite Executive Summary

This Critical Patch Update contains 18 new security fixes for the Oracle Sun Systems Products Suite. 12 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.

Oracle Sun Systems Products Suite Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2016-0693SolarisMultiplePAM LDAP moduleYes10.0NetworkLowNoneCompleteCompleteComplete10, 11.3
CVE-2013-4786Fujitsu M10-1, M10-4, M10-4S ServersIPMIXCP FirmwareYes7.8NetworkLowNoneCompleteNoneNoneXCP prior to XCP2290
CVE-2016-3441SolarisNoneFilesystemNo7.2LocalLowNoneCompleteCompleteComplete10, 11.3
CVE-2015-7547Fujitsu M10-1, M10-4, M10-4S ServersMultipleXCP FirmwareYes6.8NetworkMediumNonePartialPartialPartialXCP prior to XCP2290
CVE-2015-1793Oracle Ethernet Switch ES2-72, Oracle Ethernet Switch ES2-64HTTPSFirmwareYes6.4NetworkLowNonePartialPartialNoneVersions prior to 2.0.0.6
CVE-2015-3238SPARC Enterprise M3000, M4000, M5000, M8000, M9000 ServersMultipleXCP FirmwareYes5.8NetworkMediumNonePartialNonePartialXCP prior to XCP 1121
CVE-2016-0669SolarisNoneFwflashNo5.2LocalLowSingleNonePartialComplete11.3
CVE-2015-7236SolarisRPCUtilitiesYes5.0NetworkLowNoneNoneNonePartial10, 11.3
CVE-2011-4461Sun Storage Common Array ManagerHTTPJetty Web ServerYes5.0NetworkLowNoneNoneNonePartial6.9.0
CVE-2016-3462SolarisNoneNetwork Configuration ServiceNo4.9LocalLowNoneNoneNoneComplete11.3
CVE-2016-3465SolarisNoneZFSNo4.9LocalLowNoneNoneNoneComplete10, 11.3
CVE-2013-2566SPARC Enterprise M3000, M4000, M5000, M8000, M9000 ServersHTTPSXCP FirmwareYes4.3NetworkMediumNonePartialNoneNoneXCP prior to XCP 1121
CVE-2015-4000SPARC Enterprise M3000, M4000, M5000, M8000, M9000 ServersHTTPSXCP FirmwareYes4.3NetworkMediumNoneNonePartialNoneXCP prior to XCP 1121
CVE-2015-1789SPARC Enterprise M3000, M4000, M5000, M8000, M9000 ServersHTTPSXCP FirmwareYes4.3NetworkMediumNoneNoneNonePartialXCP prior to XCP 1121
CVE-2016-0623SolarisMultipleAutomated InstallerYes4.3NetworkMediumNoneNonePartialNone11.3
CVE-2014-3566Solaris ClusterHTTPSGlassFish ServerYes4.3NetworkMediumNonePartialNoneNone4.2
CVE-2016-0676SolarisNoneKernelNo4.0LocalHighNoneNoneNoneComplete10
CVE-2016-3419SolarisNoneFilesystemNo2.1LocalLowNoneNoneNonePartial+10, 11.3

Additional CVEs addressed:

  1. CVE-2013-2566 fix also addresses CVE-2015-2808.
  2. CVE-2015-1789 fix also addresses CVE-2015-1790.

Appendix - Oracle Linux and Virtualization

Oracle Virtualization Executive Summary

This Critical Patch Update contains 4 new security fixes for Oracle Virtualization. 3 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.

Oracle Virtualization Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2015-3195Oracle VM VirtualBoxHTTPSCoreYes5.0NetworkLowNoneNoneNonePartialVirtualBox prior to 4.3.36, prior to 5.0.14
CVE-2015-3195Sun Ray SoftwareHTTPSSun Ray Server SoftwareYes5.0NetworkLowNoneNoneNonePartial11.1
CVE-2015-3197Oracle VM VirtualBoxHTTPSCoreYes4.3NetworkMediumNonePartialNoneNoneVirtualBox prior to 5.0.16
CVE-2016-0678Oracle VM VirtualBoxNoneCoreNo4.1LocalMediumSinglePartial+Partial+Partial+VirtualBox prior to 5.0.18

Additional CVEs addressed:

  1. CVE-2015-3195 fix also addresses CVE-2015-1794, CVE-2015-3193, CVE-2015-3194, CVE-2015-3196.

Appendix - Oracle MySQL

Oracle MySQL Executive Summary

This Critical Patch Update contains 31 new security fixes for Oracle MySQL. 4 of these vulnerabilities may be remotely exploitable without authentication, i.e., may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.

Oracle MySQL Risk Matrix


CVE#ComponentProtocolSub-
component
Remote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2016-0705MySQL ServerMySQL ProtocolServer: PackagingYes10.0NetworkLowNoneCompleteCompleteComplete5.6.29 and earlier, 5.7.11 and earlier
CVE-2016-0639MySQL ServerMySQL ProtocolServer: Pluggable AuthenticationYes10.0NetworkLowNoneCompleteCompleteComplete5.6.29 and earlier, 5.7.11 and earlier
CVE-2015-3194MySQL ServerMySQL ProtocolServer: Security: EncryptionYes5.0NetworkLowNoneNoneNonePartial+5.6.28 and earlier, 5.7.10 and earlier
CVE-2016-0640MySQL ServerMySQL ProtocolServer: DMLNo4.9NetworkMediumSingleNonePartialPartial+5.5.47 and earlier, 5.6.28 and earlier, 5.7.10 and earlier
CVE-2016-0641MySQL ServerMySQL ProtocolServer: MyISAMNo4.9NetworkMediumSinglePartialNonePartial+5.5.47 and earlier, 5.6.28 and earlier, 5.7.10 and earlier
CVE-2016-3461MySQL Enterprise MonitorMultipleMonitoring: ServerNo4.3NetworkHighMultiplePartial+Partial+Partial+3.0.25 and earlier, 3.1.2 and earlier
CVE-2016-2047MySQL ServerMySQL ProtocolServer: Connection HandlingYes4.3NetworkMediumNoneNonePartialNone5.5.48 and earlier, 5.6.29 and earlier, 5.7.11 and earlier
CVE-2016-0642MySQL ServerMySQL ProtocolServer: FederatedNo4.3NetworkMediumMultipleNonePartialPartial+5.5.48 and earlier, 5.6.29 and earlier, 5.7.11 and earlier
CVE-2016-0643MySQL ServerMySQL ProtoclServer: DMLNo4.0NetworkLowSinglePartialNoneNone5.5.48 and earlier, 5.6.29 and earlier, 5.7.11 and earlier
CVE-2016-0644MySQL ServerMySQL ProtocolServer: DDLNo4.0NetworkLowSingleNoneNonePartial+5.5.47 and earlier, 5.6.28 and earlier, 5.7.10 and earlier
CVE-2016-0646MySQL ServerMySQL ProtocolServer: DMLNo4.0NetworkLowSingleNoneNonePartial+5.5.47 and earlier, 5.6.28 and earlier, 5.7.10 and earlier
CVE-2016-0647MySQL ServerMySQL ProtocolServer: FTSNo4.0NetworkLowSingleNoneNonePartial+5.5.48 and earlier, 5.6.29 and earlier, 5.7.11 and earlier
CVE-2016-0648MySQL ServerMySQL ProtocolServer: PSNo4.0NetworkLowSingleNoneNonePartial+5.5.48 and earlier, 5.6.29 and earlier, 5.7.11 and earlier
CVE-2016-0649MySQL ServerMySQL ProtocolServer: PSNo4.0NetworkLowSingleNoneNonePartial+5.5.47 and earlier, 5.6.28 and earlier, 5.7.10 and earlier
CVE-2016-0650MySQL ServerMySQL ProtocolServer: ReplicationNo4.0NetworkLowSingleNoneNonePartial+5.5.47 and earlier, 5.6.28 and earlier, 5.7.10 and earlier
CVE-2016-0652MySQL ServerMySQL ProtocolServer: DMLNo3.5NetworkMediumSingleNoneNonePartial+5.7.10 and earlier
CVE-2016-0653MySQL ServerMySQL ProtocolServer: FTSNo3.5NetworkMediumSingleNoneNonePartial+5.7.10 and earlier
CVE-2016-0654MySQL ServerMySQL ProtocolServer: InnoDBNo3.5NetworkMediumSingleNoneNonePartial+5.7.10 and earlier
CVE-2016-0655MySQL ServerMySQL ProtocolServer: InnoDBNo3.5NetworkMediumSingleNoneNonePartial+5.6.29 and earlier, 5.7.11 and earlier
CVE-2016-0656MySQL ServerMySQL ProtocolServer: InnoDBNo3.5NetworkMediumSingleNoneNonePartial+5.7.10 and earlier
CVE-2016-0657MySQL ServerMySQL ProtocolServer: JSONNo3.5NetworkMediumSinglePartialNoneNone5.7.11 and earlier
CVE-2016-0658MySQL ServerMySQL ProtocolServer: OptimizerNo3.5NetworkMediumSingleNoneNonePartial+5.7.10 and earlier
CVE-2016-0651MySQL ServerMySQL ProtocolServer: OptimizerNo3.5NetworkMediumSingleNoneNonePartial+5.5.46 and earlier
CVE-2016-0659MySQL ServerMySQL ProtocolServer: OptimizerNo3.5NetworkMediumSingleNoneNonePartial+5.7.11 and earlier
CVE-2016-0661MySQL ServerMySQL ProtocolServer: OptionsNo3.5NetworkMediumSingleNoneNonePartial+5.6.28 and earlier, 5.7.10 and earlier
CVE-2016-0662MySQL ServerMySQL ProtocolServer: PartitionNo3.5NetworkMediumSingleNoneNonePartial+5.7.11 and earlier
CVE-2016-0663MySQL ServerMySQL ProtocolServer: Performance SchemaNo3.5NetworkMediumSingleNoneNonePartial+5.7.10 and earlier
CVE-2016-0665MySQL ServerMySQL ProtocolServer: Security: EncryptionNo3.5NetworkMediumSingleNoneNonePartial+5.6.28 and earlier 5.7.10 and earlier
CVE-2016-0666MySQL ServerMySQL ProtocolServer: Security: PrivilegesNo3.5NetworkMediumSingleNoneNonePartial+5.5.48 and earlier, 5.6.29 and earlier, 5.7.11 and earlier
CVE-2016-0667MySQL ServerMySQL ProtocolServer: LockingNo2.8NetworkMediumMultipleNoneNonePartial+5.7.11 and earlier
CVE-2016-0668MySQL ServerMySQL ProtocolServer: InnoDBNo1.7NetworkHighMultipleNoneNonePartial+5.6.28 and earlier 5.7.10 and earlier

Additional CVEs addressed:

  1. CVE-2015-3194 fix also addresses CVE-2015-3195.
  2. CVE-2016-0705 fix also addresses CVE-2015-3197, CVE-2016-0702, CVE-2016-0797, CVE-2016-0798, CVE-2016-0799, CVE-2016-0800.

Appendix - Oracle Berkeley DB

Oracle Berkeley DB Executive Summary

This Critical Patch Update contains 5 new security fixes for Oracle Berkeley DB. None of these vulnerabilities may be remotely exploitable without authentication, i.e., none may be exploited over a network without the need for a username and password. The English text form of this Risk Matrix can be found here.

Oracle Berkeley DB Risk Matrix


CVE#ComponentProtocolPackage and/or Privilege RequiredRemote Exploit without Auth.?CVSS VERSION 2.0 RISK (see Risk Matrix Definitions)Supported Versions AffectedNotes
Base ScoreAccess VectorAccess ComplexityAuthen-
tication
Confiden-
tiality
IntegrityAvail-
ability
CVE-2016-0682DataStoreNoneNoneNo6.9LocalMediumNoneCompleteCompleteComplete11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, 12.1.6.1.26
CVE-2016-0689DataStoreNoneNoneNo6.9LocalMediumNoneCompleteCompleteComplete11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, 12.1.6.1.26
CVE-2016-0692DataStoreNoneNoneNo6.9LocalMediumNoneCompleteCompleteComplete11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, 12.1.6.1.26
CVE-2016-0694DataStoreNoneNoneNo6.9LocalMediumNoneCompleteCompleteComplete11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, 12.1.6.1.26
CVE-2016-3418DataStoreNoneNoneNo6.9LocalMediumNoneCompleteCompleteComplete11.2.5.0.32, 11.2.5.1.29, 11.2.5.2.42, 11.2.5.3.28, 12.1.6.0.35, 12.1.6.1.26