CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 6 and 6.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
5851 CVE-2016-5515 2016-10-25 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to RMIServlet.
5852 CVE-2016-5514 2016-10-25 2016-11-28
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to ExportServlet.
5853 CVE-2016-5507 2016-10-25 2018-01-04
6.8
None Remote Low Single system None None Complete
Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB.
5854 CVE-2016-5476 2016-07-21 2017-08-31
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to Install.
5855 CVE-2016-5456 2016-07-21 2017-08-31
6.3
None Remote Medium Single system Complete None None
Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Services.
5856 CVE-2016-5448 2016-07-21 2017-08-31
6.4
None Remote Low Not required None Partial Partial
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP.
5857 CVE-2016-5447 2016-07-21 2017-08-31
6.5
None Remote Low Single system Partial Partial Partial
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
5858 CVE-2016-5423 476 DoS Exec Code +Info 2016-12-09 2018-01-04
6.5
None Remote Low Single system Partial Partial Partial
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types.
5859 CVE-2016-5422 264 +Priv 2016-09-07 2016-09-08
6.5
None Remote Low Single system Partial Partial Partial
The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request.
5860 CVE-2016-5406 264 +Priv 2016-09-26 2017-12-14
6.5
None Remote Low Single system Partial Partial Partial
The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves.
5861 CVE-2016-5401 352 CSRF 2017-04-20 2017-04-26
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web page.
5862 CVE-2016-5399 787 DoS Exec Code 2017-04-21 2018-10-09
6.8
None Remote Medium Not required Partial Partial Partial
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
5863 CVE-2016-5393 284 2016-11-29 2016-12-01
6.5
None Remote Low Single system Partial Partial Partial
In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with the HDFS NameNode can possibly run arbitrary commands with the same privileges as the HDFS service.
5864 CVE-2016-5392 200 +Info 2016-08-05 2016-08-05
6.8
None Remote Low Single system Complete None None
The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list.
5865 CVE-2016-5386 284 2016-07-18 2017-08-24
6.8
None Remote Medium Not required Partial Partial Partial
The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.
5866 CVE-2016-5383 284 Exec Code 2016-08-26 2016-08-26
6.5
None Remote Low Single system Partial Partial Partial
The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters."
5867 CVE-2016-5374 264 Bypass 2017-03-01 2017-03-14
6.5
None Remote Low Single system Partial Partial Partial
NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted data to bypass intended sharing restrictions by leveraging improper handling of the owner_rights ACL entry.
5868 CVE-2016-5372 352 CSRF 2017-02-07 2017-11-15
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allows remote attackers to hijack the authentication of users for requests that have unspecified impact via unknown vectors.
5869 CVE-2016-5363 254 DoS Bypass 2016-06-17 2016-11-28
6.4
None Remote Low Not required Partial None Partial
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended MAC-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via (1) a crafted DHCP discovery message or (2) crafted non-IP traffic.
5870 CVE-2016-5362 254 DoS Bypass 2016-06-17 2018-10-19
6.4
None Remote Low Not required Partial None Partial
The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attackers to bypass an intended DHCP-spoofing protection mechanism and consequently cause a denial of service or intercept network traffic via a crafted DHCP discovery message.
5871 CVE-2016-5345 119 Overflow +Priv 2018-01-22 2018-02-12
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in the Qualcomm radio driver in Android before 2017-01-05 on Android One devices allows local users to gain privileges via a crafted application, aka Android internal bug 32639452 and Qualcomm internal bug CR1079713.
5872 CVE-2016-5314 787 DoS Overflow 2018-03-11 2018-04-05
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TIFF image, as demonstrated by overwriting the vgetparent function pointer with rgb2ycbcr.
5873 CVE-2016-5283 284 Bypass 2016-09-22 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted fragment identifier in the SRC attribute of an IFRAME element, leading to insufficient restrictions on link-color information after a document is resized.
5874 CVE-2016-5278 119 Exec Code Overflow 2016-09-22 2018-06-11
6.8
None Remote Medium Not required Partial Partial Partial
Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 allows remote attackers to execute arbitrary code via a crafted image data that is mishandled during the encoding of an image frame to an image.
5875 CVE-2016-5275 119 Exec Code Overflow 2016-09-22 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code by leveraging improper interaction between empty filters and CANVAS element rendering.
5876 CVE-2016-5273 284 Exec Code 2016-09-22 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation in Mozilla Firefox before 49.0 allows remote attackers to execute arbitrary code via a crafted web site.
5877 CVE-2016-5272 20 Exec Code 2016-09-22 2018-06-11
6.8
None Remote Medium Not required Partial Partial Partial
The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 does not properly perform a cast of an unspecified variable during handling of INPUT elements, which allows remote attackers to execute arbitrary code via a crafted web site.
5878 CVE-2016-5264 416 DoS Exec Code Mem. Corr. 2016-08-04 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via an SVG element that is mishandled during effect application.
5879 CVE-2016-5263 704 Exec Code 2016-08-04 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code via a crafted web site that leverages "type confusion."
5880 CVE-2016-5259 416 Exec Code 2016-08-04 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via a script that closes its own Service Worker within a nested sync event loop.
5881 CVE-2016-5258 416 Exec Code 2016-08-04 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code by leveraging incorrect free operations on DTLS objects during the shutdown of a WebRTC session.
5882 CVE-2016-5255 416 Exec Code 2016-08-04 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandled during incremental garbage collection.
5883 CVE-2016-5252 119 Exec Code Overflow 2016-08-04 2017-08-15
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted two-dimensional graphics data that is mishandled during clipping-region calculations.
5884 CVE-2016-5230 264 Bypass 2016-06-30 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17B182, and NXT-TL before NXT-TL00C01B182 allows attackers to bypass permission checks and control partial module functions via a crafted app.
5885 CVE-2016-5221 190 Bypass 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android possibly allowed a remote attacker to bypass buffer validation via a crafted HTML page.
5886 CVE-2016-5219 416 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
5887 CVE-2016-5216 416 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.
5888 CVE-2016-5215 416 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
5889 CVE-2016-5213 416 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
5890 CVE-2016-5211 416 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
5891 CVE-2016-5210 787 Overflow 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
5892 CVE-2016-5209 787 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
5893 CVE-2016-5206 284 Bypass 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly followed redirects, which allowed a remote attacker to bypass the Same Origin Policy via a crafted HTML page.
5894 CVE-2016-5203 416 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
5895 CVE-2016-5200 119 Overflow 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android incorrectly applied type rules, which allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
5896 CVE-2016-5199 119 Overflow 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 for Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
5897 CVE-2016-5198 125 Exec Code 2017-01-19 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page.
5898 CVE-2016-5197 20 2017-01-19 2017-01-20
6.8
None Remote Medium Not required Partial Partial Partial
The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated intent URLs, which allowed a remote attacker who had compromised the renderer process to start arbitrary activity on the system via a crafted HTML page.
5899 CVE-2016-5196 254 2017-01-19 2017-01-20
6.8
None Remote Medium Not required Partial Partial Partial
The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page.
5900 CVE-2016-5190 416 2016-12-17 2018-01-04
6.8
None Remote Medium Not required Partial Partial Partial
Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles during shutdown, which allowed a remote attacker to perform an out of bounds memory read via crafted HTML pages.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.