Export limit exceeded: 342201 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 24842 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24842 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-5250 | 2 Mozilla, Redhat | 2 Firefox, Enterprise Linux | 2025-04-12 | N/A |
| Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. | ||||
| CVE-2016-5383 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2025-04-12 | N/A |
| The web UI in Red Hat CloudForms 4.1 allows remote authenticated users to execute arbitrary code via vectors involving "Lack of field filters." | ||||
| CVE-2016-5384 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2025-04-12 | 7.8 High |
| fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cache file. | ||||
| CVE-2016-5386 | 4 Fedoraproject, Golang, Oracle and 1 more | 7 Fedora, Go, Linux and 4 more | 2025-04-12 | 8.1 High |
| The net/http package in Go through 1.6 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. | ||||
| CVE-2016-5390 | 1 Theforeman | 1 Foreman | 2025-04-12 | N/A |
| Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote authenticated users with the view_hosts permission containing a filter to obtain sensitive network interface information via a request to API routes beneath "hosts," as demonstrated by a GET request to api/v2/hosts/secrethost/interfaces. | ||||
| CVE-2016-5392 | 1 Redhat | 1 Openshift | 2025-04-12 | N/A |
| The API server in Kubernetes, as used in Red Hat OpenShift Enterprise 3.2, in a multi tenant environment allows remote authenticated users with knowledge of other project names to obtain sensitive project and user information via vectors related to the watch-cache list. | ||||
| CVE-2016-5388 | 4 Apache, Hp, Oracle and 1 more | 13 Tomcat, System Management Homepage, Linux and 10 more | 2025-04-12 | N/A |
| Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue. NOTE: the vendor states "A mitigation is planned for future releases of Tomcat, tracked as CVE-2016-5388"; in other words, this is not a CVE ID for a vulnerability. | ||||
| CVE-2016-5418 | 3 Libarchive, Oracle, Redhat | 11 Libarchive, Linux, Enterprise Linux and 8 more | 2025-04-12 | N/A |
| The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | ||||
| CVE-2016-5424 | 3 Debian, Postgresql, Redhat | 5 Debian Linux, Postgresql, Enterprise Linux and 2 more | 2025-04-12 | N/A |
| PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, 9.4.x before 9.4.9, and 9.5.x before 9.5.4 might allow remote authenticated users with the CREATEDB or CREATEROLE role to gain superuser privileges via a (1) " (double quote), (2) \ (backslash), (3) carriage return, or (4) newline character in a (a) database or (b) role name that is mishandled during an administrative operation. | ||||
| CVE-2016-5429 | 1 Jose-php Project | 1 Jose-php | 2025-04-12 | 3.7 Low |
| jose-php before 2.2.1 does not use constant-time operations for HMAC comparison, which makes it easier for remote attackers to obtain sensitive information via a timing attack, related to JWE.php and JWS.php. | ||||
| CVE-2016-5430 | 1 Jose-php Project | 1 Jose-php | 2025-04-12 | 5.3 Medium |
| The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php in jose-php before 2.2.1 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA). | ||||
| CVE-2016-5433 | 1 Citrix | 1 Ios Receiver | 2025-04-12 | N/A |
| Citrix iOS Receiver before 7.0 allows attackers to cause TLS certificates to be incorrectly validated via unspecified vectors. | ||||
| CVE-2016-5479 | 1 Oracle | 1 Flexcube Universal Banking | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, and 12.0.1 allows remote authenticated users to affect confidentiality via vectors related to INFRA. | ||||
| CVE-2016-5481 | 1 Oracle | 1 Sun Zfs Storage Appliance Kit | 2025-04-12 | N/A |
| Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) component in Oracle Sun Systems Products Suite AK 2013 allows remote attackers to affect confidentiality via vectors related to Core Services. | ||||
| CVE-2016-5596 | 1 Oracle | 1 Customer Relationship Management Technical Foundation | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 12.1.1 through 12.1.3 and 12.2.3 through 12.2.6 allows remote authenticated users to affect confidentiality via unknown vectors. | ||||
| CVE-2016-5602 | 1 Oracle | 1 Data Integrator | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine. | ||||
| CVE-2016-5603 | 1 Oracle | 1 Flexcube Universal Banking | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 through 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5621. | ||||
| CVE-2016-5611 | 1 Oracle | 1 Vm Virtualbox | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle VM VirtualBox component before 5.0.28 and 5.1.x before 5.1.8 in Oracle Virtualization allows local users to affect confidentiality via vectors related to Core. | ||||
| CVE-2016-5618 | 1 Oracle | 1 Data Integrator | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.2.0.0, 12.1.3.0.0, 12.2.1.0.0, and 12.2.1.1.0 allows remote authenticated users to affect confidentiality via vectors related to Code Generation Engine. | ||||
| CVE-2016-5621 | 1 Oracle | 1 Flexcube Universal Banking | 2025-04-12 | N/A |
| Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking component in Oracle Financial Services Applications 11.3.0, 11.4.0, 12.0.1 and 12.0.3, 12.1.0, and 12.2.0 allows remote authenticated users to affect confidentiality via vectors related to INFRA, a different vulnerability than CVE-2016-5603. | ||||