Total
416 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2016-5545 | 1 Oracle | 1 Vm Virtualbox | 2024-08-06 | N/A |
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS v3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). | ||||
CVE-2016-5540 | 1 Oracle | 1 Micros Xstore Payment | 2024-08-06 | N/A |
Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Applications 1.x allows local users to affect confidentiality and integrity via unknown vectors. | ||||
CVE-2016-5525 | 1 Oracle | 1 Solaris Cluster | 2024-08-06 | N/A |
Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 and 4.3 allows local users to affect integrity via vectors related to Cluster check files. | ||||
CVE-2016-5511 | 1 Oracle | 1 Webcenter Sites | 2024-08-06 | N/A |
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1.0.0, 12.2.1.1.0, and 12.2.1.2.0 allows remote attackers to affect integrity via unknown vectors. | ||||
CVE-2016-5362 | 2 Openstack, Redhat | 2 Neutron, Openstack | 2024-08-06 | N/A |
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message. | ||||
CVE-2016-5363 | 2 Openstack, Redhat | 2 Neutron, Openstack | 2024-08-06 | N/A |
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic. | ||||
CVE-2016-5328 | 2 Apple, Vmware | 2 Mac Os X, Tools | 2024-08-06 | N/A |
VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, allows local users to determine kernel memory addresses and bypass the kASLR protection mechanism via unspecified vectors. | ||||
CVE-2016-5306 | 1 Symantec | 1 Endpoint Protection Manager | 2024-08-06 | N/A |
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445. | ||||
CVE-2016-5247 | 1 Lenovo | 23 Bios, Thinkcentre E93, Thinkcentre M6500t\/s and 20 more | 2024-08-06 | N/A |
The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M8600t/s, M900, M93, and M93P devices; ThinkServer RQ940, RS140, TS140, TS240, TS440, and TS540 devices; and ThinkStation E32, P300, and P310 devices might allow local users or physically proximate attackers to bypass the Secure Boot protection mechanism by leveraging an AMI test key. | ||||
CVE-2016-5268 | 1 Mozilla | 1 Firefox | 2024-08-06 | N/A |
Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT flags of about: URLs that are used for error pages, which makes it easier for remote attackers to conduct spoofing attacks via a crafted URL, as demonstrated by misleading text after an about:neterror?d= substring. | ||||
CVE-2016-5196 | 1 Google | 1 Chrome | 2024-08-06 | N/A |
The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page. | ||||
CVE-2016-5160 | 3 Google, Opensuse, Redhat | 3 Chrome, Leap, Rhel Extras | 2024-08-06 | N/A |
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5162. | ||||
CVE-2016-5155 | 3 Google, Opensuse, Redhat | 3 Chrome, Leap, Rhel Extras | 2024-08-06 | N/A |
Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly validate access to the initial document, which allows remote attackers to spoof the address bar via a crafted web site. | ||||
CVE-2016-5163 | 3 Google, Opensuse, Redhat | 3 Chrome, Leap, Rhel Extras | 2024-08-06 | N/A |
The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not ensure left-to-right (LTR) rendering of URLs, which allows remote attackers to spoof the address bar via crafted right-to-left (RTL) Unicode text, related to omnibox/SuggestionView.java and omnibox/UrlBar.java in Chrome for Android. | ||||
CVE-2016-5132 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element. | ||||
CVE-2016-5162 | 3 Google, Opensuse, Redhat | 3 Chrome, Leap, Rhel Extras | 2024-08-06 | N/A |
The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json web_accessible_resources field for restrictions on IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks, and trick users into changing extension settings, via a crafted web site, a different vulnerability than CVE-2016-5160. | ||||
CVE-2016-5145 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2024-08-06 | N/A |
Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is preserved after a structure-clone operation on an ImageBitmap object derived from a cross-origin image, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code. | ||||
CVE-2016-5091 | 1 Typo3 | 1 Typo3 | 2024-08-06 | N/A |
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. | ||||
CVE-2016-5128 | 2 Google, Redhat | 3 Chrome, V8, Rhel Extras | 2024-08-06 | N/A |
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site. | ||||
CVE-2016-5117 | 1 Openntpd | 1 Openntpd | 2024-08-06 | N/A |
OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote attackers to bypass the man-in-the-middle mitigations via a crafted timestamp constraint with a valid certificate. |