Total
2819 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5497 | 1 Oracle | 1 Database | 2024-08-06 | N/A |
| Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows local users to affect confidentiality, integrity, and availability via unknown vectors. | ||||
| CVE-2016-5493 | 1 Oracle | 1 Flexcube Private Banking | 2024-08-06 | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Private Banking component in Oracle Financial Services Applications 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. | ||||
| CVE-2016-5521 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2024-08-06 | N/A |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5512. | ||||
| CVE-2016-5491 | 1 Oracle | 1 Commerce Service Center | 2024-08-06 | N/A |
| Unspecified vulnerability in the Oracle Commerce Service Center component in Oracle Commerce 10.0.3.5 and 10.2.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors. | ||||
| CVE-2016-5495 | 1 Oracle | 1 Discoverer | 2024-08-06 | N/A |
| Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to EUL Code & Schema. | ||||
| CVE-2016-5502 | 1 Oracle | 1 Flexcube Universal Banking | 2024-08-06 | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA. | ||||
| CVE-2016-5527 | 1 Oracle | 1 Agile Product Lifecycle Management Framework | 2024-08-06 | N/A |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5524. | ||||
| CVE-2016-5492 | 1 Oracle | 1 Sun Zfs Storage Appliance Kit | 2024-08-06 | N/A |
| Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows local users to affect confidentiality and integrity via vectors related to SMB Users. | ||||
| CVE-2016-5404 | 4 Fedoraproject, Freeipa, Oracle and 1 more | 4 Fedora, Freeipa, Linux and 1 more | 2024-08-06 | N/A |
| The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. | ||||
| CVE-2016-5506 | 1 Oracle | 1 Identity Manager | 2024-08-06 | N/A |
| Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allows local users to affect confidentiality and integrity via vectors related to App Server. | ||||
| CVE-2016-5517 | 1 Oracle | 1 Applications Dba | 2024-08-06 | N/A |
| Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3 allows local users to affect confidentiality via vectors related to AD Utilities. | ||||
| CVE-2016-5383 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-08-06 | N/A |
| The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters." | ||||
| CVE-2016-5388 | 4 Apache, Hp, Oracle and 1 more | 13 Tomcat, System Management Homepage, Linux and 10 more | 2024-08-06 | N/A |
| Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability. | ||||
| CVE-2016-5341 | 1 Google | 1 Android | 2024-08-06 | N/A |
| The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial of service (GPS signal-acquisition delay) via an incorrect xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 31470303 and external bug 211602 (and AndroidID-7225554). | ||||
| CVE-2016-5366 | 1 Huawei | 2 Honor Ws851, Honor Ws851 Firmware | 2024-08-06 | N/A |
| Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052. | ||||
| CVE-2016-5414 | 1 Freeipa | 1 Freeipa | 2024-08-06 | N/A |
| FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. | ||||
| CVE-2016-5386 | 4 Fedoraproject, Golang, Oracle and 1 more | 7 Fedora, Go, Linux and 4 more | 2024-08-06 | 8.1 High |
| The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | ||||
| CVE-2016-5425 | 3 Apache, Oracle, Redhat | 10 Tomcat, Instantis Enterprisetrack, Linux and 7 more | 2024-08-06 | 7.8 High |
| The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. | ||||
| CVE-2016-5393 | 1 Apache | 1 Hadoop | 2024-08-06 | N/A |
| In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service. | ||||
| CVE-2016-5302 | 1 Citrix | 1 Xenserver | 2024-08-06 | N/A |
| Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier release, might allow remote attackers on the management network to "compromise" a host by leveraging credentials for an Active Directory account. | ||||