| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
37101 |
CVE-2016-5459 |
|
|
|
2016-07-21 |
2017-08-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to iHelp. |
|
37102 |
CVE-2016-5458 |
|
|
|
2016-07-21 |
2017-08-31 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Oracle Communications EAGLE Application Processor component in Oracle Communications Applications 16.0 allows remote authenticated users to affect confidentiality and integrity via vectors related to APPL. |
|
37103 |
CVE-2016-5457 |
|
|
|
2016-07-21 |
2017-08-31 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via vectors related to LUMAIN. |
|
37104 |
CVE-2016-5456 |
|
|
|
2016-07-21 |
2017-08-31 |
6.3 |
None |
Remote |
Medium |
Single system |
Complete |
None |
None |
|
Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality via vectors related to Services. |
|
37105 |
CVE-2016-5455 |
|
|
|
2016-07-21 |
2017-08-31 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communications Applications 6.3, 7.0, and 8.0 allows remote attackers to affect confidentiality via vectors related to Multiplexor. |
|
37106 |
CVE-2016-5454 |
|
|
|
2016-07-21 |
2017-08-31 |
5.4 |
None |
Local |
Medium |
Not required |
None |
Partial |
Complete |
|
Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and availability via vectors related to Verified Boot. |
|
37107 |
CVE-2016-5453 |
|
|
|
2016-07-21 |
2017-08-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to IPMI. |
|
37108 |
CVE-2016-5451 |
|
|
|
2016-07-21 |
2017-08-31 |
5.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
None |
|
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote authenticated users to affect confidentiality and integrity via vectors related to EAI, a different vulnerability than CVE-2016-5468. |
|
37109 |
CVE-2016-5450 |
|
|
|
2016-07-21 |
2017-08-31 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP2014, IP2015, and IP2016 allows remote attackers to affect integrity via vectors related to UIF Open UI. |
|
37110 |
CVE-2016-5449 |
|
|
|
2016-07-21 |
2017-08-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect availability via vectors related to Console Redirection. |
|
37111 |
CVE-2016-5448 |
|
|
|
2016-07-21 |
2017-08-31 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect integrity and availability via vectors related to SNMP. |
|
37112 |
CVE-2016-5447 |
|
|
|
2016-07-21 |
2017-08-31 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. |
|
37113 |
CVE-2016-5446 |
|
|
|
2016-07-21 |
2017-08-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Infrastructure. |
|
37114 |
CVE-2016-5445 |
|
|
|
2016-07-21 |
2017-08-31 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. |
|
37115 |
CVE-2016-5444 |
|
|
|
2016-07-21 |
2019-04-22 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. |
|
37116 |
CVE-2016-5442 |
|
|
|
2016-07-21 |
2017-08-31 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Security: Encryption. |
|
37117 |
CVE-2016-5441 |
|
|
|
2016-07-21 |
2017-08-31 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Replication. |
|
37118 |
CVE-2016-5440 |
|
|
|
2016-07-21 |
2018-01-04 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. |
|
37119 |
CVE-2016-5439 |
|
|
|
2016-07-21 |
2017-08-31 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Privileges. |
|
37120 |
CVE-2016-5437 |
|
|
|
2016-07-21 |
2017-08-31 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Log. |
|
37121 |
CVE-2016-5436 |
|
|
|
2016-07-21 |
2017-08-31 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. |
|
37122 |
CVE-2016-5435 |
399 |
|
DoS |
2016-06-24 |
2016-06-27 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG6600, USG9500, and AntiDDoS8000 V500R001C00 before V500R001C20SPC100, when in hot standby networking where two devices are not directly connected, allows remote attackers to cause a denial of service (memory consumption and reboot) via a crafted packet. |
|
37123 |
CVE-2016-5434 |
125 |
|
DoS |
2017-01-30 |
2017-02-28 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loop or out-of-bounds read) via a crafted signature file. |
|
37124 |
CVE-2016-5433 |
20 |
|
|
2016-06-17 |
2016-06-20 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. |
|
37125 |
CVE-2016-5431 |
310 |
|
Bypass |
2019-08-07 |
2019-10-09 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm substitution in the JWS component resulting in bypassing the signature verification via crafted tokens. |
|
37126 |
CVE-2016-5430 |
310 |
|
|
2016-09-03 |
2016-11-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA). |
|
37127 |
CVE-2016-5429 |
200 |
|
+Info |
2016-09-03 |
2016-11-28 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php. |
|
37128 |
CVE-2016-5427 |
399 |
|
DoS |
2016-09-21 |
2017-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query. |
|
37129 |
CVE-2016-5426 |
399 |
|
DoS |
2016-09-21 |
2017-08-12 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of service (backend CPU consumption) via a long qname. |
|
37130 |
CVE-2016-5425 |
264 |
|
+Priv |
2016-10-13 |
2017-09-02 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group. |
|
37131 |
CVE-2016-5424 |
94 |
|
+Priv |
2016-12-09 |
2018-01-04 |
4.6 |
None |
Remote |
High |
Single system |
Partial |
Partial |
Partial |
|
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation. |
|
37132 |
CVE-2016-5423 |
476 |
|
DoS Exec Code +Info |
2016-12-09 |
2018-01-04 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 allow remote authenticated users to cause a denial of service (NULL pointer dereference and server crash), obtain sensitive memory information, or possibly execute arbitrary code via (1) a CASE expression within the test value subexpression of another CASE or (2) inlining of an SQL function that implements the equality operator used for a CASE expression involving values of different types. |
|
37133 |
CVE-2016-5422 |
264 |
|
+Priv |
2016-09-07 |
2016-09-08 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize requests to add users with the super user role, which allows remote authenticated users to gain admin privileges via a crafted POST request. |
|
37134 |
CVE-2016-5421 |
416 |
|
|
2016-08-10 |
2018-11-13 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. |
|
37135 |
CVE-2016-5420 |
285 |
|
|
2016-08-10 |
2018-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. |
|
37136 |
CVE-2016-5419 |
310 |
|
Bypass |
2016-08-10 |
2018-11-13 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. |
|
37137 |
CVE-2016-5418 |
20 |
|
|
2016-09-21 |
2017-06-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. |
|
37138 |
CVE-2016-5417 |
399 |
|
DoS |
2017-02-16 |
2017-02-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU C Library (aka glibc or libc6) before 2.24 allows remote attackers to cause a denial of service (memory consumption) by leveraging partial initialization of internal resolver data structures. |
|
37139 |
CVE-2016-5416 |
200 |
|
+Info |
2017-06-08 |
2019-04-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the default Access Control Instructions. |
|
37140 |
CVE-2016-5414 |
284 |
|
|
2017-06-27 |
2017-07-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services. |
|
37141 |
CVE-2016-5412 |
399 |
|
DoS |
2016-08-06 |
2018-01-04 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
|
arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled, allows guest OS users to cause a denial of service (host OS infinite loop) by making a H_CEDE hypercall during the existence of a suspended transaction. |
|
37142 |
CVE-2016-5411 |
255 |
|
|
2017-06-13 |
2017-07-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1.0 GA is created world readable and contains the root password of the deployed system. |
|
37143 |
CVE-2016-5409 |
200 |
|
+Info |
2017-04-20 |
2017-04-26 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEARID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to the cookies. |
|
37144 |
CVE-2016-5408 |
119 |
|
Exec Code Overflow |
2016-08-10 |
2016-09-28 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051. |
|
37145 |
CVE-2016-5407 |
125 |
|
|
2016-12-13 |
2017-06-30 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote X servers to trigger out-of-bounds memory access operations via vectors involving length specifications in received data. |
|
37146 |
CVE-2016-5406 |
264 |
|
+Priv |
2016-09-26 |
2017-12-14 |
6.5 |
None |
Remote |
Low |
Single system |
Partial |
Partial |
Partial |
|
The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows remote authenticated users to gain privileges by leveraging failure to propagate administrative RBAC configuration to all slaves. |
|
37147 |
CVE-2016-5405 |
199 |
|
|
2017-06-08 |
2017-06-16 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain user passwords. |
|
37148 |
CVE-2016-5404 |
284 |
|
|
2016-09-07 |
2016-11-28 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which allows remote authenticated users to revoke arbitrary certificates by leveraging the "retrieve certificate" permission. |
|
37149 |
CVE-2016-5403 |
399 |
|
DoS |
2016-08-02 |
2018-01-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cause a denial of service (memory consumption and QEMU process crash) by submitting requests without waiting for completion. |
|
37150 |
CVE-2016-5402 |
94 |
|
Exec Code |
2018-10-31 |
2019-10-09 |
9.0 |
None |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
|
A code injection flaw was found in the way capacity and utilization imported control files are processed. A remote, authenticated attacker with access to the capacity and utilization feature could use this flaw to execute arbitrary code as the user CFME runs as. |
