| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
5301 |
CVE-2016-5557 |
284 |
|
|
2016-10-25 |
2017-07-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle Advanced Pricing component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality and integrity via unknown vectors. |
|
5302 |
CVE-2016-5552 |
|
|
|
2017-01-27 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Integrity impacts). |
|
5303 |
CVE-2016-5547 |
|
|
DoS |
2017-01-27 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Java SE, Java SE Embedded, JRockit. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 5.3 (Availability impacts). |
|
5304 |
CVE-2016-5546 |
|
|
|
2017-01-27 |
2018-01-04 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: Libraries). Supported versions that are affected are Java SE: 6u131, 7u121 and 8u112; Java SE Embedded: 8u111; JRockit: R28.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded, JRockit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java SE, Java SE Embedded, JRockit accessible data. Note: Applies to client and server deployment of Java. This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified Component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. CVSS v3.0 Base Score 7.5 (Integrity impacts). |
|
5305 |
CVE-2016-5543 |
|
|
|
2016-10-25 |
2017-07-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management component in Oracle Financial Services Applications 12.0.0 and 12.1.0 allows remote attackers to affect confidentiality and integrity via vectors related to INFRA. |
|
5306 |
CVE-2016-5541 |
|
|
DoS |
2017-01-27 |
2017-07-25 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Supported versions that are affected are 7.2.26 and earlier, 7.3.14 and earlier and 7.4.12 and earlier. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Cluster accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Cluster. CVSS v3.0 Base Score 4.8 (Integrity and Availability impacts). |
|
5307 |
CVE-2016-5533 |
284 |
|
|
2016-10-25 |
2016-11-28 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in Oracle Primavera Products Suite 8.4, 15.x, and 16.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors. |
|
5308 |
CVE-2016-5532 |
284 |
|
|
2016-10-25 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Shipping Execution component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote attackers to affect confidentiality via vectors related to Workflow Events. |
|
5309 |
CVE-2016-5530 |
|
|
|
2016-10-25 |
2017-07-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5529 and CVE-2016-8293. |
|
5310 |
CVE-2016-5529 |
|
|
|
2016-10-25 |
2017-07-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Integration Broker, a different vulnerability than CVE-2016-5530 and CVE-2016-8293. |
|
5311 |
CVE-2016-5524 |
200 |
|
+Info |
2016-10-25 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5527. |
|
5312 |
CVE-2016-5510 |
200 |
|
+Info |
2016-10-25 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors. |
|
5313 |
CVE-2016-5502 |
284 |
|
|
2016-10-25 |
2017-07-28 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3 allows remote authenticated users to affect confidentiality and integrity via vectors related to INFRA. |
|
5314 |
CVE-2016-5500 |
200 |
|
+Info |
2016-10-25 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to Viewer. |
|
5315 |
CVE-2016-5495 |
284 |
|
|
2016-10-25 |
2017-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 allows remote attackers to affect confidentiality via vectors related to EUL Code & Schema. |
|
5316 |
CVE-2016-5491 |
284 |
|
|
2016-10-25 |
2016-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle Commerce Service Center component in Oracle Commerce 10.0.3.5 and 10.2.0.5 allows remote attackers to affect confidentiality and integrity via unknown vectors. |
|
5317 |
CVE-2016-5488 |
|
|
|
2016-10-25 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0 and 12.1.3.0 allows remote attackers to affect availability via vectors related to Web Container, a different vulnerability than CVE-2016-3445. |
|
5318 |
CVE-2016-5482 |
284 |
|
|
2016-10-25 |
2016-11-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6.3.0, 6.4.1.2, and 6.5.0 through 6.5.2 allows remote attackers to affect confidentiality and integrity via unknown vectors. |
|
5319 |
CVE-2016-5477 |
|
|
|
2016-07-21 |
2017-08-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1 and 3.0.1 allows remote attackers to affect confidentiality via vectors related to Administration. |
|
5320 |
CVE-2016-5468 |
|
|
|
2016-07-21 |
2017-08-31 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5451. |
|
5321 |
CVE-2016-5467 |
|
|
|
2016-07-21 |
2017-08-31 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality and integrity via vectors related to eProcurement. |
|
5322 |
CVE-2016-5465 |
|
|
|
2016-07-21 |
2017-08-31 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53, 8.54, and 8.55 allows remote attackers to affect confidentiality and integrity via vectors related to Panel Processor. |
|
5323 |
CVE-2016-5458 |
|
|
|
2016-07-21 |
2017-08-31 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle Communications EAGLE Application Processor component in Oracle Communications Applications 16.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to APPL. |
|
5324 |
CVE-2016-5455 |
|
|
|
2016-07-21 |
2017-08-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors related to Multiplexor. |
|
5325 |
CVE-2016-5454 |
|
|
|
2016-07-21 |
2017-08-31 |
5.4 |
None |
Local |
Medium |
Not required |
None |
Partial |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot. |
|
5326 |
CVE-2016-5451 |
|
|
|
2016-07-21 |
2017-08-31 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5468. |
|
5327 |
CVE-2016-5449 |
|
|
|
2016-07-21 |
2017-08-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection. |
|
5328 |
CVE-2016-5433 |
20 |
|
|
2016-06-17 |
2016-06-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. |
|
5329 |
CVE-2016-5430 |
310 |
|
|
2016-09-03 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA). |
|
5330 |
CVE-2016-5427 |
399 |
|
DoS |
2016-09-21 |
2017-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query. |
|
5331 |
CVE-2016-5426 |
399 |
|
DoS |
2016-09-21 |
2017-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. |
|
5332 |
CVE-2016-5420 |
285 |
|
|
2016-08-10 |
2018-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. |
|
5333 |
CVE-2016-5419 |
310 |
|
Bypass |
2016-08-10 |
2018-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. |
|
5334 |
CVE-2016-5418 |
20 |
|
|
2016-09-21 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. |
|
5335 |
CVE-2016-5417 |
399 |
|
DoS |
2017-02-16 |
2017-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. |
|
5336 |
CVE-2016-5416 |
200 |
|
+Info |
2017-06-08 |
2017-06-19 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions. |
|
5337 |
CVE-2016-5414 |
284 |
|
|
2017-06-27 |
2017-07-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. |
|
5338 |
CVE-2016-5409 |
200 |
|
+Info |
2017-04-20 |
2017-04-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. |
|
5339 |
CVE-2016-5405 |
199 |
|
|
2017-06-08 |
2017-06-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords. |
|
5340 |
CVE-2016-5391 |
476 |
|
DoS |
2017-06-13 |
2017-06-21 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto daemon restart). |
|
5341 |
CVE-2016-5388 |
284 |
|
|
2016-07-18 |
2018-08-15 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability. |
|
5342 |
CVE-2016-5387 |
284 |
|
|
2016-07-18 |
2018-01-18 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "This mitigation has been assigned the identifier CVE-2016-5387"; in other words, this is not a CVE ID for a vulnerability. |
|
5343 |
CVE-2016-5385 |
284 |
|
|
2016-07-18 |
2018-01-18 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, as demonstrated by (1) an application that makes a getenv('HTTP_PROXY') call or (2) a CGI configuration of PHP, aka an "httpoxy" issue. |
|
5344 |
CVE-2016-5367 |
200 |
|
+Info |
2016-06-14 |
2016-06-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors, aka HWPSIRT-2016-05053. |
|
5345 |
CVE-2016-5366 |
284 |
|
|
2016-06-14 |
2016-06-14 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify configuration data via vectors related to a "file injection vulnerability," aka HWPSIRT-2016-05052. |
|
5346 |
CVE-2016-5361 |
20 |
|
DoS |
2016-06-16 |
2017-01-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. NOTE: the original behavior complies with the IKEv1 protocol, but has a required security update from the libreswan vendor; as of 2016-06-10, it is expected that several other IKEv1 implementations will have vendor-required security updates, with separate CVE IDs assigned to each. |
|
5347 |
CVE-2016-5334 |
284 |
|
|
2016-12-29 |
2017-07-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors. |
|
5348 |
CVE-2016-5332 |
22 |
|
Dir. Trav. |
2016-08-30 |
2017-08-15 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows remote attackers to read arbitrary files via unspecified vectors. |
|
5349 |
CVE-2016-5323 |
369 |
|
DoS |
2017-01-20 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted Tiff image. |
|
5350 |
CVE-2016-5306 |
254 |
|
+Info |
2016-06-30 |
2017-08-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS protection mechanism, which makes it easier for remote attackers to obtain sensitive information by sniffing the network for unintended HTTP traffic on port 8445. |
