CVE-2016-5xxx

There are 883 CVE in this subgroup.
Last updated: 
← Back to 2016
ID Summary Flags Max Score
CVE-2016-5000 The XLSX2CSV example in Apache POI before 3.14 allows remote attackers to read arbitrary files via a...
CVE-2016-5001 This is an information disclosure vulnerability in Apache Hadoop before 2.6.4 and 2.7.x before 2.7.2...
CVE-2016-5002 XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used...
CVE-2016-5003 The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache Archiva, allows remote attackers...
E
CVE-2016-5004 The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in Apache Archiva allows remote ...
E
CVE-2016-5005 Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and earlier allows remote authentic...
E
CVE-2016-5006 The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, whi...
CVE-2016-5007 Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework 3.2.x, 4.0.x, 4.1.x, 4.2.x rely on...
CVE-2016-5008 libvirt before 2.0.0 improperly disables password checking when the password on a VNC server is set ...
CVE-2016-5009 The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a d...
CVE-2016-5010 coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to cause a denial of service (ou...
S
CVE-2016-5011 The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows phy...
S
CVE-2016-5012 In Moodle 3.x, glossary search displays entries without checking user permissions to view them....
S
CVE-2016-5013 In Moodle 2.x and 3.x, text injection can occur in email headers, potentially leading to outbound sp...
S
CVE-2016-5014 In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though the...
S
CVE-2016-5015 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in...
R
CVE-2016-5016 Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and Authentication Server) 3.4.1 and ea...
CVE-2016-5017 Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 and 3.5.x before 3.5.3, when usi...
E
CVE-2016-5018 In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0....
E S
CVE-2016-5019 CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through 1.0.13, 1.2.x before 1.2.15, 2.0.x...
S
CVE-2016-5020 F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to modify the account configuration of...
CVE-2016-5021 The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM ...
CVE-2016-5022 F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 1...
CVE-2016-5023 Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 throu...
CVE-2016-5024 Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and 12.1.x before 12.1.2, when configu...
CVE-2016-5025 For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI s...
S
CVE-2016-5026 hs.py in OnionShare before 0.9.1 allows local users to modify the hiddenservice by pre-creating the ...
S
CVE-2016-5027 dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a denial of service (crash) via a...
S
CVE-2016-5028 The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a d...
E S
CVE-2016-5029 The create_fullest_file_path function in libdwarf before 20160923 allows remote attackers to cause a...
E S
CVE-2016-5030 The _dwarf_calculate_info_section_end_ptr function in libdwarf before 20160923 allows remote attacke...
E S
CVE-2016-5031 The print_frame_inst_bytes function in libdwarf before 20160923 allows remote attackers to cause a d...
E S
CVE-2016-5032 The dwarf_get_xu_hash_entry function in libdwarf before 20160923 allows remote attackers to cause a ...
E S
CVE-2016-5033 The print_exprloc_content function in libdwarf before 20160923 allows remote attackers to cause a de...
E S
CVE-2016-5034 dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers to cause a denial of service ...
E S
CVE-2016-5035 The _dwarf_read_line_table_header function in dwarf_line_table_reader.c in libdwarf before 20160923 ...
E S
CVE-2016-5036 The dump_block function in print_sections.c in libdwarf before 20160923 allows remote attackers to c...
E S
CVE-2016-5037 The _dwarf_load_section function in libdwarf before 20160923 allows remote attackers to cause a deni...
E S
CVE-2016-5038 The dwarf_get_macro_startend_file function in dwarf_macro5.c in libdwarf before 20160923 allows remo...
E S
CVE-2016-5039 The get_attr_value function in libdwarf before 20160923 allows remote attackers to cause a denial of...
E S
CVE-2016-5040 libdwarf before 20160923 allows remote attackers to cause a denial of service (out-of-bounds read an...
E S
CVE-2016-5041 dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to cause a denial of service (NUL...
E
CVE-2016-5042 The dwarf_get_aranges_list function in libdwarf before 20160923 allows remote attackers to cause a d...
E S
CVE-2016-5043 The dwarf_dealloc function in libdwarf before 20160923 allows remote attackers to cause a denial of ...
E S
CVE-2016-5044 The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before 20160923 allows remote attacke...
E S
CVE-2016-5045 NetApp OnCommand System Manager before 9.0 allows remote attackers to obtain sensitive credentials v...
CVE-2016-5047 NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote authenticated users to cause a de...
S
CVE-2016-5048 SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk 9.1 allows remote attackers to e...
CVE-2016-5049 Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk 9.1 allows remote attackers t...
CVE-2016-5050 Unrestricted file upload vulnerability in chat/sendfile.aspx in ReadyDesk 9.1 allows remote attacker...
CVE-2016-5051 OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in cleartext under /private/var/mo...
E M
CVE-2016-5052 OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL pinning....
E M
CVE-2016-5053 OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote attackers to execute arbitrary co...
E M
CVE-2016-5054 OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee replay....
E M
CVE-2016-5055 OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the username field and Wireless Clien...
E M
CVE-2016-5056 OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex digits for a PSK....
E M
CVE-2016-5057 OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL pinning....
E M
CVE-2016-5058 OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee replay....
E M
CVE-2016-5059 OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to obtain sensitive information...
E
CVE-2016-5060 Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before 3.4 allow remote attackers to...
S
CVE-2016-5061 Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow...
CVE-2016-5062 The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading...
CVE-2016-5063 The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows mig...
E M
CVE-2016-5065 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Embedded_Ace_Set_Task.cgi command inj...
E
CVE-2016-5066 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak passwords for admin, rauser, scon...
E
CVE-2016-5067 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection....
E
CVE-2016-5068 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require authentication for Embedded_...
E
CVE-2016-5069 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable session tokens, which are in ...
E
CVE-2016-5070 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store passwords in cleartext....
E
CVE-2016-5071 Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as r...
E
CVE-2016-5072 OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST req...
S
CVE-2016-5073 CloudView NMS before 2.10a has XSS via SNMP....
E
CVE-2016-5074 CloudView NMS before 2.10a has a format string issue exploitable over SNMP....
E
CVE-2016-5075 CloudView NMS before 2.10a has XSS via a TELNET login....
E
CVE-2016-5076 CloudView NMS before 2.10a allows remote attackers to obtain sensitive information via a direct requ...
E
CVE-2016-5077 Netikus EventSentry before 3.2.1.44 has XSS via SNMP....
CVE-2016-5078 Paessler PRTG before 16.2.24.4045 has XSS via SNMP....
CVE-2016-5080 Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in Objective Systems ASN1C for C/C+...
CVE-2016-5081 ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, which makes it easier for rem...
CVE-2016-5084 Johnson & Johnson Animas OneTouch Ping devices do not use encryption for certain data, which might a...
M
CVE-2016-5085 Johnson & Johnson Animas OneTouch Ping devices do not properly generate random numbers, which makes ...
M
CVE-2016-5086 Johnson & Johnson Animas OneTouch Ping devices allow remote attackers to bypass authentication via r...
M
CVE-2016-5087 Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak permissions for configuration file...
CVE-2016-5091 Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain ...
S
CVE-2016-5092 Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated admi...
CVE-2016-5093 The get_icu_value_internal function in ext/intl/locale/locale_methods.c in PHP before 5.5.36, 5.6.x ...
E S
CVE-2016-5094 Integer overflow in the php_html_entities function in ext/standard/html.c in PHP before 5.5.36 and 5...
CVE-2016-5095 Integer overflow in the php_escape_html_entities_ex function in ext/standard/html.c in PHP before 5....
CVE-2016-5096 Integer overflow in the fread function in ext/standard/file.c in PHP before 5.5.36 and 5.6.x before ...
E S
CVE-2016-5097 phpMyAdmin before 4.6.2 places tokens in query strings and does not arrange for them to be stripped ...
S
CVE-2016-5098 Directory traversal vulnerability in libraries/error_report.lib.php in phpMyAdmin before 4.6.2-prere...
S
CVE-2016-5099 Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before 4.4.15.6 and 4.6.x before 4.6.2 ...
S
CVE-2016-5100 Froxlor before 0.9.35 uses the PHP rand function for random number generation, which makes it easier...
S
CVE-2016-5101 Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote att...
CVE-2016-5102 Buffer overflow in the readgifimage function in gif2tiff.c in the gif2tiff tool in LibTIFF 4.0.6 all...
CVE-2016-5103 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-4552. Reason: This candida...
R
CVE-2016-5104 The socket_create function in common/socket.c in libimobiledevice and libusbmuxd allows remote attac...
CVE-2016-5105 The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS 8708EM...
S
CVE-2016-5106 The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, when built with MegaRAID SAS ...
S
CVE-2016-5107 The megasas_lookup_frame function in QEMU, when built with MegaRAID SAS 8708EM2 Host Bus Adapter emu...
S
CVE-2016-5108 Buffer overflow in the DecodeAdpcmImaQT function in modules/codec/adpcm.c in VideoLAN VLC media play...
CVE-2016-5109 Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow p...
CVE-2016-5114 sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and 7.x before 7.0.2 misinterprets...
E S
CVE-2016-5115 The avcodec_decode_audio4 function in libavcodec in libavformat 57.34.103, as used in MPlayer, allow...
CVE-2016-5116 gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used in certain custom PHP 5.5.x co...
S
CVE-2016-5117 OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint requests, which allows remote at...
S
CVE-2016-5118 The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attack...
CVE-2016-5119 The automatic update feature in KeePass 2.33 and earlier allows man-in-the-middle attackers to execu...
E S
CVE-2016-5124 An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Adding images from external...
CVE-2016-5125 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-5126 Heap-based buffer overflow in the iscsi_aio_ioctl function in block/iscsi.c in QEMU allows local gue...
S
CVE-2016-5127 Use-after-free vulnerability in WebKit/Source/core/editing/VisibleUnits.cpp in Blink, as used in Goo...
CVE-2016-5128 objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not pr...
CVE-2016-5129 Google V8 before 5.2.361.32, as used in Google Chrome before 52.0.2743.82, does not properly process...
CVE-2016-5130 content/renderer/history_controller.cc in Google Chrome before 52.0.2743.82 does not properly restri...
CVE-2016-5131 Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82,...
CVE-2016-5132 The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the S...
CVE-2016-5133 Google Chrome before 52.0.2743.82 mishandles origin information during proxy authentication, which a...
CVE-2016-5134 net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in Google Chrome before 52.0.2743....
CVE-2016-5135 WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0...
CVE-2016-5136 Use-after-free vulnerability in extensions/renderer/user_script_injector.cc in the Extensions subsys...
CVE-2016-5137 The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content S...
CVE-2016-5138 Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Googl...
CVE-2016-5139 Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium...
CVE-2016-5140 Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in P...
CVE-2016-5141 Blink, as used in Google Chrome before 52.0.2743.116, allows remote attackers to spoof the address b...
CVE-2016-5142 The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52...
CVE-2016-5143 The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116...
CVE-2016-5144 The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116...
CVE-2016-5145 Blink, as used in Google Chrome before 52.0.2743.116, does not ensure that a taint property is prese...
CVE-2016-5146 Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause ...
CVE-2016-5147 Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on L...
CVE-2016-5148 Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on W...
CVE-2016-5149 The extensions subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.27...
CVE-2016-5150 WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before ...
CVE-2016-5151 PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux mis...
CVE-2016-5152 Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFi...
CVE-2016-5153 The Web Animations implementation in Blink, as used in Google Chrome before 53.0.2785.89 on Windows ...
CVE-2016-5154 Multiple heap-based buffer overflows in PDFium, as used in Google Chrome before 53.0.2785.89 on Wind...
CVE-2016-5155 Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not prop...
CVE-2016-5156 extensions/renderer/event_bindings.cc in the event bindings in Google Chrome before 53.0.2785.89 on ...
CVE-2016-5157 Heap-based buffer overflow in the opj_dwt_interleave_v function in dwt.c in OpenJPEG, as used in PDF...
CVE-2016-5158 Multiple integer overflows in the opj_tcd_init_tile function in tcd.c in OpenJPEG, as used in PDFium...
CVE-2016-5159 Multiple integer overflows in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Wi...
CVE-2016-5160 The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chro...
CVE-2016-5161 The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as us...
CVE-2016-5162 The AllowCrossRendererResourceLoad function in extensions/browser/url_request_util.cc in Google Chro...
CVE-2016-5163 The bidirectional-text implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and b...
CVE-2016-5164 Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Bl...
CVE-2016-5165 Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google C...
CVE-2016-5166 The download implementation in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0...
CVE-2016-5167 Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.89 on Windows and OS X and be...
CVE-2016-5168 Skia, as used in Google Chrome before 50.0.2661.94, allows remote attackers to bypass the Same Origi...
CVE-2016-5169 Format string vulnerability in Google Chrome OS before 53.0.2785.103 allows remote attackers to caus...
CVE-2016-5170 WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as used in Google Chrome before ...
CVE-2016-5171 WebKit/Source/bindings/templates/interface.cpp in Blink, as used in Google Chrome before 53.0.2785.1...
CVE-2016-5172 The parser in Google V8, as used in Google Chrome before 53.0.2785.113, mishandles scopes, which all...
CVE-2016-5173 The extensions subsystem in Google Chrome before 53.0.2785.113 does not properly restrict access to ...
CVE-2016-5174 browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome before 53.0.2785.113 does not...
CVE-2016-5175 Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.113 allow attackers to cause ...
CVE-2016-5176 Google Chrome before 53.0.2785.113 allows remote attackers to bypass the SafeBrowsing protection mec...
CVE-2016-5177 Use-after-free vulnerability in V8 in Google Chrome before 53.0.2785.143 allows remote attackers to ...
CVE-2016-5178 Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to...
CVE-2016-5179 Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot....
CVE-2016-5180 Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remo...
CVE-2016-5181 Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android p...
CVE-2016-5182 Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android h...
CVE-2016-5183 A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; ...
CVE-2016-5184 PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android ...
CVE-2016-5185 Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android i...
CVE-2016-5186 Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Androi...
CVE-2016-5187 Google Chrome prior to 54.0.2840.85 for Android incorrectly handled rapid transition into and out of...
CVE-2016-5188 Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux allow a ...
CVE-2016-5189 Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android permitted ...
CVE-2016-5190 Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectl...
CVE-2016-5191 Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 f...
CVE-2016-5192 Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS check on redirect in TextTrac...
CVE-2016-5193 Google Chrome prior to 54.0 for iOS had insufficient validation of URLs for windows open by DOM, whi...
CVE-2016-5194 Unspecified vulnerabilities in Google Chrome before 54.0.2840.59....
CVE-2016-5195 Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to ga...
KEV E S
CVE-2016-5196 The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforc...
CVE-2016-5197 The content view client in Google Chrome prior to 54.0.2840.85 for Android insufficiently validated ...
CVE-2016-5198 V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 ...
KEV E
CVE-2016-5199 An off by one error resulting in an allocation of zero size in FFmpeg in Google Chrome prior to 54.0...
CVE-2016-5200 V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 for Windows, and 54.0.2840.100 f...
CVE-2016-5201 A leak of privateClass in the extensions API in Google Chrome prior to 54.0.2840.100 for Linux, and ...
CVE-2016-5202 browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 5...
CVE-2016-5203 A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55...
CVE-2016-5204 Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior ...
CVE-2016-5205 Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac, incorrectly handles deferre...
CVE-2016-5206 The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 f...
CVE-2016-5207 In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for And...
CVE-2016-5208 Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android all...
CVE-2016-5209 Bad casting in bitmap manipulation in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows ...
CVE-2016-5210 Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for ...
CVE-2016-5211 A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55...
CVE-2016-5212 Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android insuffi...
CVE-2016-5213 A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2...
CVE-2016-5214 Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded files, which allowed a remote ...
CVE-2016-5215 A use after free in webaudio in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and ...
CVE-2016-5216 A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55...
CVE-2016-5217 The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883....
CVE-2016-5218 The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883....
CVE-2016-5219 A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 5...
CVE-2016-5220 PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Andro...
CVE-2016-5221 Type confusion in libGLESv2 in ANGLE in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Lin...
CVE-2016-5222 Incorrect handling of invalid URLs in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux...
CVE-2016-5223 Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55...
CVE-2016-5224 A timing attack on denormalized floating point arithmetic in SVG filters in Blink in Google Chrome p...
CVE-2016-5225 Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Androi...
CVE-2016-5226 Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and Mac executed javascript: URLs en...
CVE-2016-5228 Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx i...
E
CVE-2016-5229 Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted des...
CVE-2016-5230 Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17...
CVE-2016-5231 Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL before NXT-DL00C17...
CVE-2016-5232 Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before NXT-CL00C92B182, NXT-DL...
CVE-2016-5233 Huawei Mate 8 smartphones with software NXT-AL10 before NXT-AL10C00B182, NXT-CL00 before NXT-CL00C92...
CVE-2016-5234 Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint control unit devices with software b...
CVE-2016-5235 A Cross Site Scripting (XSS) vulnerability in versions of F5 WebSafe Dashboard 3.9.x and earlier, ak...
CVE-2016-5236 Cross-Site-Scripting (XSS) vulnerabilities in F5 WebSafe Dashboard 3.9.5 and earlier, aka F5 WebSafe...
CVE-2016-5237 Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which all...
E
CVE-2016-5238 The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest OS administrators to cause a d...
S
CVE-2016-5239 The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and GraphicsMagick allows remote at...
S
CVE-2016-5240 The DrawDashPolygon function in magick/render.c in GraphicsMagick before 1.3.24 and the SVG renderer...
CVE-2016-5241 magick/render.c in GraphicsMagick before 1.3.24 allows remote attackers to cause a denial of service...
S
CVE-2016-5242 The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x allows local guest OS users w...
CVE-2016-5243 The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel through 4.6.3...
S
CVE-2016-5244 The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initiali...
S
CVE-2016-5247 The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, M6600t/s, M73p, M800, M83, M8500t/s, M...
M
CVE-2016-5248 The StopProxy command in LSC.Services.SystemService in Lenovo Solution Center before 3.3.003 allows ...
CVE-2016-5249 Lenovo Solution Center (LSC) before 3.3.003 allows local users to execute arbitrary code with LocalS...
CVE-2016-5250 Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obt...
CVE-2016-5251 Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters...
CVE-2016-5252 Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48....
CVE-2016-5253 The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files...
CVE-2016-5254 Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48...
CVE-2016-5255 Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox be...
CVE-2016-5256 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0 allow remo...
CVE-2016-5257 Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 49.0, Firefox E...
CVE-2016-5258 Use-after-free vulnerability in the WebRTC socket thread in Mozilla Firefox before 48.0 and Firefox ...
E
CVE-2016-5259 Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before ...
E
CVE-2016-5260 Mozilla Firefox before 48.0 mishandles changes from 'INPUT type="password"' to 'INPUT type="text"' w...
CVE-2016-5261 Integer overflow in the WebSocketChannel class in the WebSockets subsystem in Mozilla Firefox before...
CVE-2016-5262 Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attrib...
CVE-2016-5263 The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 ...
CVE-2016-5264 Use-after-free vulnerability in the nsNodeUtils::NativeAnonymousChildListChange function in Mozilla ...
E
CVE-2016-5265 Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to...
CVE-2016-5266 Mozilla Firefox before 48.0 does not properly restrict drag-and-drop (aka dataTransfer) actions for ...
CVE-2016-5267 Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-...
CVE-2016-5268 Mozilla Firefox before 48.0 does not properly set the LINKABLE and URI_SAFE_FOR_UNTRUSTED_CONTENT fl...
CVE-2016-5270 Heap-based buffer overflow in the nsCaseTransformTextRunFactory::TransformString function in Mozilla...
CVE-2016-5271 The PropertyProvider::GetSpacingInternal function in Mozilla Firefox before 49.0 allows remote attac...
CVE-2016-5272 The nsImageGeometryMixin class in Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thu...
CVE-2016-5273 The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the accessibility implementation ...
CVE-2016-5274 Use-after-free vulnerability in the nsFrameManager::CaptureFrameState function in Mozilla Firefox be...
CVE-2016-5275 Buffer overflow in the mozilla::gfx::FilterSupport::ComputeSourceNeededRegions function in Mozilla F...
CVE-2016-5276 Use-after-free vulnerability in the mozilla::a11y::DocAccessible::ProcessInvalidationList function i...
CVE-2016-5277 Use-after-free vulnerability in the nsRefreshDriver::Tick function in Mozilla Firefox before 49.0, F...
CVE-2016-5278 Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function in Mozilla Firefox before 49....
CVE-2016-5279 Mozilla Firefox before 49.0 allows user-assisted remote attackers to obtain sensitive full-pathname ...
CVE-2016-5280 Use-after-free vulnerability in the mozilla::nsTextNodeDirectionalityMap::RemoveElementFromMap funct...
CVE-2016-5281 Use-after-free vulnerability in the DOMSVGLength class in Mozilla Firefox before 49.0, Firefox ESR 4...
CVE-2016-5282 Mozilla Firefox before 49.0 does not properly restrict the scheme in favicon requests, which might a...
CVE-2016-5283 Mozilla Firefox before 49.0 allows remote attackers to bypass the Same Origin Policy via a crafted f...
CVE-2016-5284 Mozilla Firefox before 49.0, Firefox ESR 45.x before 45.4, and Thunderbird < 45.4 rely on unintended...
CVE-2016-5285 A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missin...
CVE-2016-5287 A potentially exploitable use-after-free crash during actor destruction with service workers. This i...
CVE-2016-5288 Web content could access information in the HTTP cache if e10s is disabled. This can reveal some vis...
CVE-2016-5289 Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corrupt...
CVE-2016-5290 Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evide...
CVE-2016-5291 A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. Thi...
E
CVE-2016-5292 During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulner...
CVE-2016-5293 When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hard...
CVE-2016-5294 The Mozilla Updater can be made to choose an arbitrary target working directory for output files res...
E
CVE-2016-5295 This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege b...
CVE-2016-5296 A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulti...
CVE-2016-5297 An error in argument length checking in JavaScript, leading to potential integer overflows or other ...
CVE-2016-5298 A mechanism where disruption of the loading of a new web page can cause the previous page's favicon ...
E
CVE-2016-5299 A previously installed malicious Android application with same signature-level permissions as Firefo...
E
CVE-2016-5300 The XML parser in Expat does not use sufficient entropy for hash initialization, which allows contex...
S
CVE-2016-5301 The parse_chunk_header function in libtorrent before 1.1.1 allows remote attackers to cause a denial...
CVE-2016-5302 Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has been upgraded from an earlier rel...
CVE-2016-5303 Cross-site scripting (XSS) vulnerability in the Horde Text Filter API in Horde Groupware and Horde G...
S
CVE-2016-5304 Open redirect vulnerability in a report-routing component in Symantec Endpoint Protection Manager (S...
E
CVE-2016-5305 Multiple cross-site scripting (XSS) vulnerabilities in management scripts in Symantec Endpoint Prote...
CVE-2016-5306 Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does not properly implement the HSTS...
CVE-2016-5307 Directory traversal vulnerability in Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5...
CVE-2016-5308 The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (S...
CVE-2016-5309 The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protect...
E S
CVE-2016-5310 The RAR file parser component in the AntiVirus Decomposer engine in Symantec Advanced Threat Protect...
E S
CVE-2016-5311 A Privilege Escalation vulnerability exists in Symantec Norton Antivirus, Norton AntiVirus with Back...
CVE-2016-5312 Directory traversal vulnerability in the charting component in Symantec Messaging Gateway before 10....
E
CVE-2016-5313 Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS co...
E
CVE-2016-5314 Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in LibTIFF 4.0.6 and earlier allows...
E S
CVE-2016-5315 The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause...
CVE-2016-5316 Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c in libtiff 4.0.6 and earlier al...
CVE-2016-5317 Buffer overflow in the PixarLogDecode function in libtiff.so in the PixarLogDecode function in libti...
CVE-2016-5318 Stack-based buffer overflow in the _TIFFVGetField function in libtiff 4.0.6 and earlier allows remot...
CVE-2016-5319 Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and earlier allows remote attackers to...
CVE-2016-5320 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candida...
R
CVE-2016-5321 The DumpModeDecode function in libtiff 4.0.6 and earlier allows attackers to cause a denial of servi...
CVE-2016-5322 The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier allows remote attackers to cause...
CVE-2016-5323 The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote attackers to cause a denial of ...
CVE-2016-5325 CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10....
S
CVE-2016-5328 VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, ...
CVE-2016-5329 VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows loca...
CVE-2016-5330 Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 ...
E M
CVE-2016-5331 CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 and ESXi 6.0 allows remote attac...
S
CVE-2016-5332 Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows rem...
S
CVE-2016-5333 VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public key in an authorized_keys file, ...
CVE-2016-5334 VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attac...
S
CVE-2016-5335 VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to...
S
CVE-2016-5336 VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via un...
S
CVE-2016-5337 The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows local guest OS administrators...
S
CVE-2016-5338 The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c in QEMU allow local guest OS a...
S
CVE-2016-5340 The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Cen...
S
CVE-2016-5341 The GPS component in Android before 2016-12-05 allows man-in-the-middle attackers to cause a denial ...
S
CVE-2016-5342 Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan...
S
CVE-2016-5343 drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service driver for the Linux kernel 3.x, a...
S
CVE-2016-5344 Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovati...
S
CVE-2016-5345 Buffer overflow in the Qualcomm radio driver in Android before 2017-01-05 on Android One devices all...
S
CVE-2016-5346 An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver ...
E S
CVE-2016-5347 In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data ca...
S
CVE-2016-5348 The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 20...
E S
CVE-2016-5349 The high level operating systems (HLOS) was not providing sufficient memory address information to e...
S
CVE-2016-5350 epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in Wireshark 1.12.x before 1.12.12 a...
S
CVE-2016-5351 epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.12 and 2.x before...
E
CVE-2016-5352 epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x before 2.0.4 mishandles certain ...
CVE-2016-5353 epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark 1.12.x before 1.12.12 and 2.x...
CVE-2016-5354 The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 mishandles class types, wh...
CVE-2016-5355 wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4...
CVE-2016-5356 wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2.0.4 m...
CVE-2016-5357 wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x before 1.12.12 and 2.x before 2...
CVE-2016-5358 epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark 2.x before 2.0.4 mishandles th...
CVE-2016-5359 epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 1.12.x before 1.12.12 mishandles ...
CVE-2016-5360 HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, allows remote attackers to cause ...
CVE-2016-5361 programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allow...
S
CVE-2016-5362 The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attack...
CVE-2016-5363 The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 through 8.1.0 allows remote attack...
CVE-2016-5364 Cross-site scripting (XSS) vulnerability in manage_custom_field_edit_page.php in MantisBT 1.2.19 and...
E S
CVE-2016-5365 Stack-based buffer overflow in Huawei Honor WS851 routers with software 1.1.21.1 and earlier allows ...
CVE-2016-5366 Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to modify confi...
CVE-2016-5367 Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow remote attackers to obtain sensi...
CVE-2016-5368 Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote attackers to cause a denial of s...
CVE-2016-5372 Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator Framework before 4.3.0P1 allo...
CVE-2016-5374 NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated users that own SMB-hosted dat...
S
CVE-2016-5383 The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via...
CVE-2016-5384 fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary fr...
S
CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and theref...
S
CVE-2016-5386 The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace...
S
CVE-2016-5387 The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect...
S
CVE-2016-5388 Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC...
S
CVE-2016-5389 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5696. Reason: This candida...
R
CVE-2016-5390 Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts ...
S
CVE-2016-5391 libreswan before 3.18 allows remote attackers to cause a denial of service (NULL pointer dereference...
S
CVE-2016-5392 The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environ...
CVE-2016-5393 In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote user who can authenticate with ...
CVE-2016-5394 In the XSS Protection API module before 1.0.12 in Apache Sling, the encoding done by the XSSAPI.enco...
CVE-2016-5395 Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool i...
CVE-2016-5396 Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb Attack....
S
CVE-2016-5397 The Apache Thrift Go client library exposed the potential during code generation for command injecti...
CVE-2016-5398 Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite befor...
CVE-2016-5399 The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9...
E
CVE-2016-5400 Memory leak in the airspy_probe function in drivers/media/usb/airspy/airspy.c in the airspy USB driv...
S
CVE-2016-5401 Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attac...
CVE-2016-5402 A code injection flaw was found in the way capacity and utilization imported control files are proce...
CVE-2016-5403 The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local guest OS administrators to cau...
S
CVE-2016-5404 The cert_revoke command in FreeIPA does not check for the "revoke certificate" permission, which all...
S
CVE-2016-5405 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC N...
CVE-2016-5406 The domain controller in Red Hat JBoss Enterprise Application Platform (EAP) 7.x before 7.0.2 allows...
CVE-2016-5407 The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org libXv before 1.0.11 allow remote...
S
CVE-2016-5408 Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package be...
S
CVE-2016-5409 Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a Set-Cookie header for the GEA...
CVE-2016-5410 firewalld.py in firewalld before 0.4.3.3 allows local users to bypass authentication and modify fire...
S
CVE-2016-5411 /var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart Cloud Installer (QCI) before 1...
CVE-2016-5412 arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through 4.7 on PowerPC platforms, when C...
S
CVE-2016-5413 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-5414 FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name for services....
S
CVE-2016-5415 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-5416 389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC N...
CVE-2016-5417 Memory leak in the __res_vinit function in the IPv6 name server management code in libresolv in GNU ...
S
CVE-2016-5418 The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero ...
E S
CVE-2016-5419 curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has...
S
CVE-2016-5420 curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection ...
S
CVE-2016-5421 Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection i...
S
CVE-2016-5422 The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 does not properly authorize r...
S
CVE-2016-5423 PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x be...
S
CVE-2016-5424 PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x be...
S
CVE-2016-5425 The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly ...
E
CVE-2016-5426 PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote attackers to cause a denial of ...
S
CVE-2016-5427 PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside lab...
CVE-2016-5428 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a...
R
CVE-2016-5429 jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easi...
S
CVE-2016-5430 The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks...
S
CVE-2016-5431 The PHP JOSE Library by Gree Inc. before version 2.2.1 is vulnerable to key confusion/algorithm subs...
S
CVE-2016-5432 The ovirt-engine-provisiondb utility in Red Hat Enterprise Virtualization (RHEV) Engine 4.0 allows l...
S
CVE-2016-5433 Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validate...
CVE-2016-5434 libalpm, as used in pacman 5.0.1, allows remote attackers to cause a denial of service (infinite loo...
E S
CVE-2016-5435 Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and Secospace USG6300, USG6500, USG...
CVE-2016-5436 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect ...
S
CVE-2016-5437 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect ...
S
CVE-2016-5438 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-5439 Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote ad...
S
CVE-2016-5440 Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and ear...
S
CVE-2016-5441 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect ...
S
CVE-2016-5442 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect ...
S
CVE-2016-5443 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows local users to affect availabili...
S
CVE-2016-5444 Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and ear...
S
CVE-2016-5445 Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3...
S
CVE-2016-5446 Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3...
S
CVE-2016-5447 Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3...
S
CVE-2016-5448 Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3...
S
CVE-2016-5449 Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3...
S
CVE-2016-5450 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP...
S
CVE-2016-5451 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP...
S
CVE-2016-5452 Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality vi...
S
CVE-2016-5453 Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3...
S
CVE-2016-5454 Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and avai...
S
CVE-2016-5455 Unspecified vulnerability in the Oracle Communications Messaging Server component in Oracle Communic...
S
CVE-2016-5456 Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1...
S
CVE-2016-5457 Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3...
S
CVE-2016-5458 Unspecified vulnerability in the Oracle Communications EAGLE Application Processor component in Orac...
S
CVE-2016-5459 Unspecified vulnerability in the Siebel Core - Common Components component in Oracle Siebel CRM 8.1....
S
CVE-2016-5460 Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1...
S
CVE-2016-5461 Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1...
S
CVE-2016-5462 Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1...
S
CVE-2016-5463 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP...
S
CVE-2016-5464 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP...
S
CVE-2016-5465 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
S
CVE-2016-5466 Unspecified vulnerability in the Siebel Core - Server Framework component in Oracle Siebel CRM 8.1.1...
S
CVE-2016-5467 Unspecified vulnerability in the PeopleSoft Enterprise FSCM component in Oracle PeopleSoft Products ...
S
CVE-2016-5468 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 8.1.1, 8.2.2, IP...
S
CVE-2016-5469 Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via v...
S
CVE-2016-5470 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
S
CVE-2016-5471 Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via v...
S
CVE-2016-5472 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
S
CVE-2016-5473 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-5474 Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applicati...
S
CVE-2016-5475 Unspecified vulnerability in the Oracle Retail Service Backbone component in Oracle Retail Applicati...
S
CVE-2016-5476 Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applicatio...
S
CVE-2016-5477 Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1...
S
CVE-2016-5478 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-5479 Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Ser...
S
CVE-2016-5480 Unspecified vulnerability in Oracle Sun Solaris 10 allows local users to affect integrity via vector...
S
CVE-2016-5481 Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems ...
S
CVE-2016-5482 Unspecified vulnerability in the Oracle Commerce Guided Search component in Oracle Commerce 6.2.2, 6...
S
CVE-2016-5483 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-3600. Reason: This candida...
R
CVE-2016-5484 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-5485 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-5486 Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems ...
S
CVE-2016-5487 Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect confidentiality, i...
S
CVE-2016-5488 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6...
S
CVE-2016-5489 Unspecified vulnerability in the Oracle iStore component in Oracle E-Business Suite 12.1.1 through 1...
S
CVE-2016-5490 Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Ser...
S
CVE-2016-5491 Unspecified vulnerability in the Oracle Commerce Service Center component in Oracle Commerce 10.0.3....
S
CVE-2016-5492 Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems ...
S
CVE-2016-5493 Unspecified vulnerability in the Oracle FLEXCUBE Private Banking component in Oracle Financial Servi...
S
CVE-2016-5494 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-5495 Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 ...
S
CVE-2016-5496 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-5497 Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 12.1.0.2 allows ...
S
CVE-2016-5498 Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12....
S
CVE-2016-5499 Unspecified vulnerability in the RDBMS Security component in Oracle Database Server 11.2.0.4 and 12....
S
CVE-2016-5500 Unspecified vulnerability in the Oracle Discoverer component in Oracle Fusion Middleware 11.1.1.7.0 ...
S
CVE-2016-5501 Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8...
S
CVE-2016-5502 Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Ser...
S
CVE-2016-5503 Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems ...
S
CVE-2016-5504 Unspecified vulnerability in the Oracle Agile Product Lifecycle Management for Process component in ...
S
CVE-2016-5505 Unspecified vulnerability in the RDBMS Programmable Interface component in Oracle Database Server 11...
S
CVE-2016-5506 Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware allow...
S
CVE-2016-5507 Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote ad...
S
CVE-2016-5508 Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 4.3 ...
S
CVE-2016-5509 Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Appli...
S
CVE-2016-5510 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-5511 Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 12.2.1...
S
CVE-2016-5512 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-5513 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-5514 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-5515 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-5516 Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows loca...
S
CVE-2016-5517 Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3...
S
CVE-2016-5518 Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply...
S
CVE-2016-5519 Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1...
S
CVE-2016-5520 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-5521 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-5522 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-5523 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-5524 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-5525 Unspecified vulnerability in the Solaris Cluster component in Oracle Sun Systems Products Suite 3.3 ...
S
CVE-2016-5526 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-5527 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9....
S
CVE-2016-5528 Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware (subcomponent: Se...
S
CVE-2016-5529 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
S
CVE-2016-5530 Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Pr...
S
CVE-2016-5531 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6...
S
CVE-2016-5532 Unspecified vulnerability in the Oracle Shipping Execution component in Oracle E-Business Suite 12.1...
S
CVE-2016-5533 Unspecified vulnerability in the Primavera P6 Enterprise Project Portfolio Management component in O...
S
CVE-2016-5534 Unspecified vulnerability in the Siebel Apps - Customer Order Management component in Oracle Siebel ...
S
CVE-2016-5535 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6...
S
CVE-2016-5536 Unspecified vulnerability in the Oracle Platform Security for Java component in Oracle Fusion Middle...
S
CVE-2016-5537 Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local use...
E S
CVE-2016-5538 Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8...
S
CVE-2016-5539 Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Application...
S
CVE-2016-5540 Unspecified vulnerability in the Oracle Retail Xstore Payment component in Oracle Retail Application...
S
CVE-2016-5541 Vulnerability in the MySQL Cluster component of Oracle MySQL (subcomponent: Cluster: NDBAPI). Suppor...
S
CVE-2016-5542 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows r...
S
CVE-2016-5543 Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management compone...
S
CVE-2016-5544 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect confidentia...
S
CVE-2016-5545 Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Su...
S
CVE-2016-5546 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: L...
S
CVE-2016-5547 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: L...
S
CVE-2016-5548 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries)...
S
CVE-2016-5549 Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Libraries)...
S
CVE-2016-5550 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-5551 Vulnerability in the Solaris Cluster component of Oracle Sun Systems Products Suite (subcomponent: N...
S
CVE-2016-5552 Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE (subcomponent: N...
S
CVE-2016-5553 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect availabilit...
S
CVE-2016-5554 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows r...
S
CVE-2016-5555 Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allo...
S
CVE-2016-5556 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affec...
S
CVE-2016-5557 Unspecified vulnerability in the Oracle Advanced Pricing component in Oracle E-Business Suite 12.1.1...
S
CVE-2016-5558 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware ...
S
CVE-2016-5559 Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows local users to affect integrity v...
S
CVE-2016-5560 Unspecified vulnerability in the Siebel UI Framework component in Oracle Siebel CRM 16.1 allows remo...
S
CVE-2016-5561 Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect availability ...
S
CVE-2016-5562 Unspecified vulnerability in the Oracle iProcurement component in Oracle E-Business Suite 12.1.1 thr...
S
CVE-2016-5563 Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Ho...
S
CVE-2016-5564 Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Ho...
S
CVE-2016-5565 Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property Services component in Oracle Ho...
S
CVE-2016-5566 Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote attackers to affect confidentiali...
S
CVE-2016-5567 Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3...
S
CVE-2016-5568 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affec...
S
CVE-2016-5569 Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral Management compone...
S
CVE-2016-5570 Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.2.3...
S
CVE-2016-5571 Unspecified vulnerability in the Oracle Applications DBA component in Oracle E-Business Suite 12.1.3...
S
CVE-2016-5572 Unspecified vulnerability in the Kernel PDB component in Oracle Database Server 12.1.0.2 allows loca...
S
CVE-2016-5573 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows r...
S
CVE-2016-5574 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware ...
S
CVE-2016-5575 Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business ...
S
CVE-2016-5576 Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via v...
S
CVE-2016-5577 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware ...
S
CVE-2016-5578 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware ...
S
CVE-2016-5579 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware ...
S
CVE-2016-5580 Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5....
S
CVE-2016-5581 Unspecified vulnerability in the Oracle iRecruitment component in Oracle E-Business Suite 12.1.1 thr...
S
CVE-2016-5582 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows r...
S
CVE-2016-5583 Unspecified vulnerability in the Oracle One-to-One Fulfillment component in Oracle E-Business Suite ...
S
CVE-2016-5584 Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and ear...
S
CVE-2016-5585 Unspecified vulnerability in the Oracle Interaction Center Intelligence component in Oracle E-Busine...
S
CVE-2016-5586 Unspecified vulnerability in the Oracle Email Center component in Oracle E-Business Suite 12.1.1 thr...
S
CVE-2016-5587 Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business ...
S
CVE-2016-5588 Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware ...
S
CVE-2016-5589 Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suit...
S
CVE-2016-5590 Vulnerability in the MySQL Enterprise Monitor component of Oracle MySQL (subcomponent: Monitoring: A...
S
CVE-2016-5591 Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business ...
S
CVE-2016-5592 Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business ...
S
CVE-2016-5593 Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business ...
S
CVE-2016-5594 Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Ser...
S
CVE-2016-5595 Unspecified vulnerability in the Oracle Customer Interaction History component in Oracle E-Business ...
S
CVE-2016-5596 Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suit...
S
CVE-2016-5597 Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows r...
S
CVE-2016-5598 Unspecified vulnerability in the MySQL Connector component 2.1.3 and earlier and 2.0.4 and earlier i...
S
CVE-2016-5599 Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Ch...
S
CVE-2016-5600 Unspecified vulnerability in the PeopleSoft Enterprise SCM Services Procurement component in Oracle ...
S
CVE-2016-5601 Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3...
S
CVE-2016-5602 Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1...
S
CVE-2016-5603 Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Ser...
S
CVE-2016-5604 Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Man...
S
CVE-2016-5605 Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualizatio...
S
CVE-2016-5606 Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect integrity and avai...
S
CVE-2016-5607 Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Ser...
S
CVE-2016-5608 Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8...
S
CVE-2016-5609 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote au...
S
CVE-2016-5610 Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8...
S
CVE-2016-5611 Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8...
S
CVE-2016-5612 Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 and earlier, and 5.7.13 and ear...
S
CVE-2016-5613 Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8...
S
CVE-2016-5614 Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applicat...
S
CVE-2016-5615 Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local users to affect availability via v...
S
CVE-2016-5616 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6663. Reason: This candidat...
R
CVE-2016-5617 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-6664. Reason: This candida...
R
CVE-2016-5618 Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1...
S
CVE-2016-5619 Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Ser...
S
CVE-2016-5620 Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Ser...
S
CVE-2016-5621 Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Ser...
S
CVE-2016-5622 Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Ser...
S
CVE-2016-5623 Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applicat...
S
CVE-2016-5624 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows remote authenticated users to af...
S
CVE-2016-5625 Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows local users to affect confidenti...
S
CVE-2016-5626 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and ear...
S
CVE-2016-5627 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote au...
S
CVE-2016-5628 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect ...
S
CVE-2016-5629 Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 and earlier, and 5.7.14 and ear...
S
CVE-2016-5630 Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows remote ad...
S
CVE-2016-5631 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect ...
S
CVE-2016-5632 Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect ...
S
CVE-2016-5633 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect ...
S
CVE-2016-5634 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect ...
S
CVE-2016-5635 Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect ...
S
CVE-2016-5636 Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x ...
S
CVE-2016-5637 The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 mishandles the transquant_bypass_enabl...
CVE-2016-5638 Netgear WNDR4500 running firmware version V1.0.1.40_1.0.6877 reveals some sensitive information such as 2.4GHz & 5GHz Wireless Network Name (SSID) and Network Key (Password) in clear text
S
CVE-2016-5639 Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firm...
E
CVE-2016-5640 Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron AirMedia AM-100 devices with fir...
CVE-2016-5642 Opmantek NMIS before 8.5.12G has XSS via SNMP....
CVE-2016-5645 Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, 1766-L32BXB, 1766-L32BWAA, 1766-L3...
M
CVE-2016-5646 An exploitable heap overflow vulnerability exists in the Compound Binary File Format (CBFF) parser f...
E
CVE-2016-5647 The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385...
E S
CVE-2016-5648 Acer Portal app before 3.9.4.2000 for Android does not properly validate SSL certificates, which all...
E
CVE-2016-5649 Netgear DGN2200 and DGND3700 disclose the administrator password
E S
CVE-2016-5650 ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 configuration setting, which allows rem...
CVE-2016-5652 An exploitable heap-based buffer overflow exists in the handling of TIFF images in LibTIFF's TIFF2PD...
E
CVE-2016-5653 Multiple SQL injection vulnerabilities in Misys FusionCapital Opics Plus allow remote authenticated ...
CVE-2016-5654 Misys FusionCapital Opics Plus allows remote authenticated users to gain privileges via a man-in-the...
CVE-2016-5655 Misys FusionCapital Opics Plus does not verify X.509 certificates from SSL servers, which allows man...
CVE-2016-5660 Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in Accela Civic Platform Citizen Ac...
CVE-2016-5661 Accela Civic Platform Citizen Access portal relies on the client to restrict file types for uploads,...
CVE-2016-5662 Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, whi...
CVE-2016-5663 Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks app...
CVE-2016-5664 Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remot...
CVE-2016-5666 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 rely on the client to...
CVE-2016-5667 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attacker...
CVE-2016-5668 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attacker...
CVE-2016-5669 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 use a hardcoded 0xb9e...
CVE-2016-5670 Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 have a hardcoded pass...
CVE-2016-5671 Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron Electronics DM-TXRX-100-STR d...
CVE-2016-5672 Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x before 21.51.546.0, and 22.x befo...
CVE-2016-5673 UltraVNC Repeater before 1300 does not restrict destination IP addresses or TCP ports, which allows ...
CVE-2016-5674 __debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3....
E
CVE-2016-5675 handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, N...
E
CVE-2016-5676 cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and NETGEAR ...
E
CVE-2016-5677 NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, and NETGEAR ReadyNAS Surveilla...
E
CVE-2016-5678 NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credenti...
E
CVE-2016-5679 cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allow...
E
CVE-2016-5680 Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR Re...
E
CVE-2016-5681 Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 2.07 before 2.07WWB05, DIR-817 Ax...
CVE-2016-5682 Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section....
CVE-2016-5683 ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Co...
CVE-2016-5684 An exploitable out-of-bounds write vulnerability exists in the XMP image handling functionality of t...
M
CVE-2016-5685 Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow authenticated users to gain Bas...
CVE-2016-5686 Johnson & Johnson Animas OneTouch Ping devices mishandle acknowledgements, which makes it easier for...
M
CVE-2016-5687 The VerticalFilter function in the DDS coder in ImageMagick before 6.9.4-3 and 7.x before 7.0.1-4 al...
CVE-2016-5688 The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, when a memory limit is set, all...
S
CVE-2016-5689 The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have ...
E
CVE-2016-5690 The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows ...
E
CVE-2016-5691 The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 allows remote attackers to have ...
E
CVE-2016-5696 net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challeng...
E S
CVE-2016-5697 Ruby-saml before 1.3.0 allows attackers to perform XML signature wrapping attacks via unspecified ve...
S
CVE-2016-5699 CRLF injection vulnerability in the HTTPConnection.putheader function in urllib2 and urllib in CPyth...
E S
CVE-2016-5700 Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, ...
CVE-2016-5701 setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, 4.4.15.x before 4.4.15.7, and 4....
S
CVE-2016-5702 phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF value, allows remote attackers ...
S
CVE-2016-5703 SQL injection vulnerability in libraries/central_columns.lib.php in phpMyAdmin 4.4.x before 4.4.15.7...
S
CVE-2016-5704 Cross-site scripting (XSS) vulnerability in the table-structure page in phpMyAdmin 4.6.x before 4.6....
S
CVE-2016-5705 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.4.x before 4.4.15.7 and 4.6.x be...
S
CVE-2016-5706 js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before ...
S
CVE-2016-5709 SolarWinds Virtualization Manager 6.3.1 and earlier uses weak encryption to store passwords in /etc/...
CVE-2016-5710 NetApp Snap Creator Framework before 4.3P1 allows remote authenticated users to conduct clickjacking...
CVE-2016-5711 NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a non-unique certificate, which ...
S
CVE-2016-5713 Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) ag...
CVE-2016-5714 Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet Agent 1.3.6 through 1.7.0 allow re...
CVE-2016-5715 Open redirect vulnerability in the Console in Puppet Enterprise 2015.x and 2016.x before 2016.4.0 al...
E
CVE-2016-5716 The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads th...
CVE-2016-5720 Multiple untrusted search path vulnerabilities in Microsoft Skype allow local users to execute arbit...
CVE-2016-5721 Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remot...
CVE-2016-5722 Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 V3, and 18500 V3 before V300R003...
CVE-2016-5723 Huawei FusionInsight HD before V100R002C60SPC200 allows local users to gain root privileges via unsp...
CVE-2016-5724 Cloudera CDH before 5.9 has Potentially Sensitive Information in Diagnostic Support Bundles....
CVE-2016-5725 Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelS...
E
CVE-2016-5726 Packages.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object inject...
S
CVE-2016-5727 LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote attackers to conduct PHP object inject...
S
CVE-2016-5728 Race condition in the vop_ioctl function in drivers/misc/mic/vop/vop_vringh.c in the MIC VOP driver ...
CVE-2016-5729 Lenovo BIOS EFI Driver allows local administrators to execute arbitrary code with System Management ...
CVE-2016-5730 phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allows remote attac...
S
CVE-2016-5731 Cross-site scripting (XSS) vulnerability in examples/openid.php in phpMyAdmin 4.0.x before 4.0.10.16...
S
CVE-2016-5732 Multiple cross-site scripting (XSS) vulnerabilities in the partition-range implementation in templat...
S
CVE-2016-5733 Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x befo...
S
CVE-2016-5734 phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly c...
E S
CVE-2016-5735 Integer overflow in the rwpng_read_image24_libpng function in rwpng.c in pngquant 2.7.0 allows remot...
E S
CVE-2016-5736 The default configuration of the IPsec IKE peer listener in F5 BIG-IP LTM, Analytics, APM, ASM, and ...
CVE-2016-5737 The Gerrit configuration in the Openstack Puppet module for Gerrit (aka puppet-gerrit) improperly ma...
S
CVE-2016-5739 The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4...
S
CVE-2016-5740 An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used ...
E M
CVE-2016-5742 SQL injection vulnerability in the XML-RPC interface in Movable Type Pro and Advanced 6.x before 6.1...
CVE-2016-5743 Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, SIMATIC BATCH before 8.1 SP1 Upd...
M
CVE-2016-5744 Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers to read arbitrary WinCC statio...
M
CVE-2016-5745 F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before 11.4.1 HF11, 11.5.0, 11.5.1 bef...
CVE-2016-5746 libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devic...
CVE-2016-5747 A security vulnerability in cookie handling in the http stack implementation in NDSD in Novell eDire...
CVE-2016-5748 External Entity Processing (XXE) vulnerability in the "risk score" application of NetIQ Access Manag...
CVE-2016-5749 NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was parsing incoming SAML requests w...
CVE-2016-5750 The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4....
CVE-2016-5751 An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access...
CVE-2016-5752 The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 bef...
CVE-2016-5754 Presence of a .htaccess file could leak information in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix...
CVE-2016-5755 NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was vulnerable to clickjacking ...
CVE-2016-5756 Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 befo...
CVE-2016-5757 iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 was v...
CVE-2016-5758 A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1...
CVE-2016-5759 The mkdumprd script called "dracut" in the current working directory "." allows local users to trick...
CVE-2016-5760 Multiple cross-site scripting (XSS) vulnerabilities in the administrator console in Novell GroupWise...
CVE-2016-5761 Cross-site scripting (XSS) vulnerability in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patch...
CVE-2016-5762 Integer overflow in the Post Office Agent in Novell GroupWise before 2014 R2 Service Pack 1 Hot Patc...
CVE-2016-5763 Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before Scheduled Maintenance Update 1099...
CVE-2016-5764 Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to corrupt the stack and allow ar...
E
CVE-2016-5765 Administrative Server in Micro Focus Host Access Management and Security Server (MSS) and Reflection...
CVE-2016-5766 Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD Graphics Library (aka libgd) be...
E S
CVE-2016-5767 Integer overflow in the gdImageCreate function in gd.c in the GD Graphics Library (aka libgd) before...
CVE-2016-5768 Double free vulnerability in the _php_mb_regex_ereg_replace_exec function in php_mbregex.c in the mb...
E S
CVE-2016-5769 Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP before 5.5.37, 5.6.x before 5....
S
CVE-2016-5770 Integer overflow in the SplFileObject::fread function in spl_directory.c in the SPL extension in PHP...
E S
CVE-2016-5771 spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before 5.6.23 improperly interacts w...
E S
CVE-2016-5772 Double free vulnerability in the php_wddx_process_data function in wddx.c in the WDDX extension in P...
E S
CVE-2016-5773 php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before 5.6.23, and 7.x before 7.0.8 impro...
E S
CVE-2016-5774 The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attack...
CVE-2016-5781 Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code vi...
CVE-2016-5782 An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, LGate 100, LGate 101, LGate ...
CVE-2016-5786 An issue was discovered in OmniMetrix OmniView, Version 1.2. The OmniView web application transmits ...
M
CVE-2016-5787 General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 27 mishandles service DA...
CVE-2016-5788 General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M...
CVE-2016-5789 A Cross-site Request Forgery issue was discovered in JanTek JTC-200, all versions. An attacker could...
CVE-2016-5790 Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to bypass authentication and res...
CVE-2016-5791 An Improper Authentication issue was discovered in JanTek JTC-200, all versions. The improper authen...
CVE-2016-5792 SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote attackers to execute arbitrary ...
CVE-2016-5793 Unquoted Windows search path vulnerability in Moxa Active OPC Server before 2.4.19 allows local user...
CVE-2016-5794 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-5795 An XXE issue was discovered in Automated Logic Corporation (ALC) Liebert SiteScan Web Version 6.5 an...
M
CVE-2016-5796 An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Design...
M
CVE-2016-5797 Tollgrade LightHouse SMS before 5.1 patch 3 provides different error messages for failed authenticat...
CVE-2016-5798 An issue was discovered in Fatek Automation PM Designer V3 Version 2.1.2.2, and Automation FV Design...
M
CVE-2016-5799 Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do not ...
M
CVE-2016-5800 A malicious attacker can trigger a remote buffer overflow in the Communication Server in Fatek Autom...
CVE-2016-5801 An issue was discovered in OmniMetrix OmniView, Version 1.2. Insufficient password requirements for ...
M
CVE-2016-5802 An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions ...
CVE-2016-5803 An issue was discovered in CA Unified Infrastructure Management Version 8.47 and earlier. The Unifie...
M
CVE-2016-5804 Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 before 2.6, MGate MB3170 before ...
CVE-2016-5805 An issue was discovered in Delta Electronics WPLSoft, Versions prior to V2.42.11, ISPSoft, Versions ...
CVE-2016-5806 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-5807 Tollgrade LightHouse SMS before 5.1 patch 3 allows remote authenticated users to bypass an intended ...
CVE-2016-5808 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-5809 An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX se...
E
CVE-2016-5810 upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote authenticated administrators ...
CVE-2016-5811 An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. ...
CVE-2016-5812 Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 use cle...
M
CVE-2016-5813 An issue was discovered in Visonic PowerLink2, all versions prior to October 2016 firmware release. ...
CVE-2016-5814 Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, RSLogix Micro Developer, RSLogix ...
S
CVE-2016-5815 An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX se...
CVE-2016-5816 A Use of Hard-Coded Cryptographic Key issue was discovered in MRD-305-DIN versions older than 1.7.5....
CVE-2016-5817 SQL injection vulnerability in news pages in Cargotec Navis WebAccess before 2016-08-10 allows remot...
CVE-2016-5818 An issue was discovered in Schneider Electric PowerLogic PM8ECC device 2.651 and older. Undocumented...
S
CVE-2016-5819 Moxa G3100V2 Series, editions prior to Version 2.8, and OnCell G3111/G3151/G3211/G3251 Series, editi...
CVE-2016-5820 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2016-5821 Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE...
E
CVE-2016-5822 Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers to cause a denial of service ...
CVE-2016-5823 The icalproperty_new_clone function in libical 0.47 and 1.0 allows remote attackers to cause a denia...
CVE-2016-5824 libical 1.0 allows remote attackers to cause a denial of service (use-after-free) via a crafted ics ...
S
CVE-2016-5825 The icalparser_parse_string function in libical 0.47 and 1.0 allows remote attackers to cause a deni...
CVE-2016-5826 The parser_get_next_char function in libical 0.47 and 1.0 allows remote attackers to cause a denial ...
CVE-2016-5827 The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers to cause a denial ...
CVE-2016-5828 The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powe...
S
CVE-2016-5829 Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev...
CVE-2016-5832 The customizer in WordPress before 4.5.3 allows remote attackers to bypass intended redirection rest...
S
CVE-2016-5833 Cross-site scripting (XSS) vulnerability in the column_title function in wp-admin/includes/class-wp-...
S
CVE-2016-5834 Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link function in wp-includes/post-...
S
CVE-2016-5835 WordPress before 4.5.3 allows remote attackers to obtain sensitive revision-history information by l...
S
CVE-2016-5836 The oEmbed protocol implementation in WordPress before 4.5.3 allows remote attackers to cause a deni...
S
CVE-2016-5837 WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a c...
S
CVE-2016-5838 WordPress before 4.5.3 allows remote attackers to bypass intended password-change restrictions by le...
S
CVE-2016-5839 WordPress before 4.5.3 allows remote attackers to bypass the sanitize_file_name protection mechanism...
CVE-2016-5840 hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3....
E
CVE-2016-5841 Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to ca...
E S
CVE-2016-5842 MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote attackers to obtain sensitive memo...
E S
CVE-2016-5843 Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5....
S
CVE-2016-5844 Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a den...
E S
CVE-2016-5845 SAP SAPCAR does not check the return value of file operations when extracting files, which allows re...
E
CVE-2016-5847 SAP SAPCAR allows local users to change the permissions of arbitrary files and consequently gain pri...
E
CVE-2016-5848 Siemens SICAM PAS before 8.07 does not properly restrict password data in the database, which makes ...
CVE-2016-5849 Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by l...
CVE-2016-5850 Cross-site scripting (XSS) vulnerability in the volume backup service module in Huawei Public Cloud ...
CVE-2016-5851 python-docx before 0.8.6 allows context-dependent attackers to conduct XML External Entity (XXE) att...
S
CVE-2016-5852 For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and NVTray Plugin unquoted service ...
S
CVE-2016-5853 In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, w...
S
CVE-2016-5854 In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kerne...
S
CVE-2016-5855 In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a use...
S
CVE-2016-5856 Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android kernel 2017-03-05 allows local ...
S
CVE-2016-5857 The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within ...
CVE-2016-5858 In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Androi...
S
CVE-2016-5859 In a sound driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android,...
S
CVE-2016-5860 In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android...
S
CVE-2016-5861 In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Androi...
S
CVE-2016-5862 When a control related to codec is issued from userspace in all Qualcomm products with Android for M...
S
CVE-2016-5863 In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Androi...
S
CVE-2016-5864 In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QR...
S
CVE-2016-5867 In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from users...
S
CVE-2016-5868 drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver in Android allows remote atta...
S
CVE-2016-5870 The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c in the ipc_router component ...
S
CVE-2016-5871 In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow ...
CVE-2016-5872 In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several...
CVE-2016-5873 Buffer overflow in the HTTP URL parsing functions in pecl_http before 3.0.1 might allow remote attac...
E S
CVE-2016-5874 Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers to cause a denial of service (...
M
CVE-2016-5875 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candida...
R
CVE-2016-5876 ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery app is enabled, allows remote at...
S
CVE-2016-5878 Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before 4.0.2.14 allows remote authenticat...
S
CVE-2016-5879 MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users to execute arbitrary shell comm...
CVE-2016-5880 IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...
S
CVE-2016-5881 IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...
CVE-2016-5882 IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...
S
CVE-2016-5883 IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to emb...
S
CVE-2016-5884 IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary...
S
CVE-2016-5888 IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site scripting. This vulnerability allow...
S
CVE-2016-5889 IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow a...
S
CVE-2016-5890 IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before 5020602_1 allows remote authenti...
S
CVE-2016-5892 Cross-site scripting (XSS) vulnerability in IBM 10x, as used in Multi-Enterprise Integration Gateway...
S
CVE-2016-5893 IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to be stored locally which can be ...
S
CVE-2016-5894 IBM WebSphere Commerce Enterprise, Professional, Express, and Developer 7.0 and 8.0 is vulnerable to...
S
CVE-2016-5896 IBM Maximo Asset Management could disclose sensitive information from a stack trace after submitting...
S
CVE-2016-5897 IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A remote attacker could inject mal...
S
CVE-2016-5898 IBM Jazz Reporting Service (JRS) could allow a remote attacker to obtain sensitive information, caus...
S
CVE-2016-5899 IBM Jazz Reporting Service (JRS) is vulnerable to cross-site scripting. This vulnerability allows us...
S
CVE-2016-5900 IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could allow a remote attacker to obt...
S
CVE-2016-5901 Cross-site scripting (XSS) vulnerability in a test page in IBM Business Process Manager Advanced 8.5...
S
CVE-2016-5902 IBM Maximo Asset Management is vulnerable to cross-site scripting. This vulnerability allows users t...
S
CVE-2016-5905 Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.10 IF3 and ...
S
CVE-2016-5918 IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in...
S
CVE-2016-5919 IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses weaker than expected cryptographic ...
S
CVE-2016-5920 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) fo...
S
CVE-2016-5927 IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect for Space Management) 6.3.x be...
S
CVE-2016-5932 IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site scripting. This vulnerability all...
CVE-2016-5933 IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host header injection attack that could ...
CVE-2016-5934 IBM Tivoli Storage Manager FastBack installer could allow a remote attacker to execute arbitrary cod...
CVE-2016-5935 IBM Jazz for Service Management could allow a remote attacker to obtain sensitive information, cause...
CVE-2016-5937 IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request forgery which could allow an at...
S
CVE-2016-5938 IBM Kenexa LMS on Cloud allows web pages to be stored locally which can be read by another user on t...
S
CVE-2016-5939 IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote attacker could send specially-craft...
S
CVE-2016-5940 IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to em...
S
CVE-2016-5941 IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An atta...
S
CVE-2016-5942 IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This vulnerability allows users to em...
S
CVE-2016-5943 IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote...
S
CVE-2016-5944 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum Control (formerly Tivoli Stor...
S
CVE-2016-5945 IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote...
S
CVE-2016-5946 Directory traversal vulnerability in IBM Spectrum Control (formerly Tivoli Storage Productivity Cent...
S
CVE-2016-5947 IBM Spectrum Control (formerly Tivoli Storage Productivity Center) 5.2.x before 5.2.11 allows remote...
S
CVE-2016-5948 IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows us...
S
CVE-2016-5949 IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to obtain sensitive user data wit...
S
CVE-2016-5950 IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in clear text which can be read by...
S
CVE-2016-5951 IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site scripting. This vulnerability allows us...
S
CVE-2016-5952 IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A remote attacker could send specia...
S
CVE-2016-5953 IBM Sterling Order Management transmits the session identifier within the URL. When a user is unable...
S
CVE-2016-5954 IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 C...
S
CVE-2016-5955 Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next Generation 6.0.2 before iFix004 ...
CVE-2016-5957 IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remot...
S
CVE-2016-5958 IBM Security Privileged Identity Manager could allow a remote attacker to obtain sensitive informati...
S
CVE-2016-5959 IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores sensitive information in URL paramet...
S
CVE-2016-5960 IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user credentials in plain in clear t...
CVE-2016-5963 IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 does not pro...
S
CVE-2016-5964 IBM Security Privileged Identity Manager Virtual Appliance version 2.0.2 uses an inadequate account ...
S
CVE-2016-5966 IBM Security Privileged Identity Manager Virtual Appliance could allow a remote attacker to obtain s...
S
CVE-2016-5967 The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 before FP10 allows local users...
CVE-2016-5968 The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0....
CVE-2016-5970 Directory traversal vulnerability in IBM Security Privileged Identity Manager (ISPIM) Virtual Applia...
S
CVE-2016-5971 IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 allows remot...
S
CVE-2016-5972 IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x before 2.0.2 FP8 uses weak pe...
S
CVE-2016-5974 Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security Privileged Identity Manager (...
S
CVE-2016-5975 Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Exp...
CVE-2016-5976 The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9,...
CVE-2016-5977 Open redirect vulnerability in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 F...
CVE-2016-5978 Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Exp...
CVE-2016-5979 IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged authenticated user to create a...
S
CVE-2016-5980 IBM TRIRIGA Application Platform is vulnerable to cross-site scripting. This vulnerability allows us...
S
CVE-2016-5981 Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT through 1.1.5.2-WPXT-LA011 and ...
M
CVE-2016-5983 IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before 8.0.0.13, 8.5 before 8.5.5.11...
S
CVE-2016-5984 IBM InfoSphere Information Server is vulnerable to cross-frame scripting, caused by insufficient HTM...
S
CVE-2016-5985 The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is vulnerable to a buffer overflow ...
S
CVE-2016-5986 IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x before 8.0.0.13, 8.5.x before 8.5....
S
CVE-2016-5987 IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 IF4, and 7.6 before 7.6.0.5 IF...
S
CVE-2016-5988 IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in g...
S
CVE-2016-5990 IBM Security Privileged Identity Manager Virtual Appliance allows an authenticated user to upload ma...
S
CVE-2016-5991 IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 o...
S
CVE-2016-5992 IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 iFix008, and 4.7.0 before 4.7.0.4 o...
S
CVE-2016-5994 IBM InfoSphere Information Server contains a vulnerability that would allow an authenticated user to...
S
CVE-2016-5995 Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 through FP5, 10.5 before FP8, ...
S
CVE-2016-5996 The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9,...
CVE-2016-5997 The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9,...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.