Total
211 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-5265 | 2 Mozilla, Oracle | 3 Firefox, Firefox Esr, Linux | 2019-12-27 | 4.0 MEDIUM | 5.5 MEDIUM |
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow user-assisted remote attackers to bypass the Same Origin Policy, and conduct Universal XSS (UXSS) attacks or read arbitrary files, by arranging for the presence of a crafted HTML document and a crafted shortcut file in the same local directory. | |||||
CVE-2016-5408 | 2 Oracle, Redhat | 3 Linux, Enterprise Linux Server, Enterprise Linux Workstation | 2019-12-27 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in the munge_other_line function in cachemgr.cgi in the squid package before 3.1.23-16.el6_8.6 in Red Hat Enterprise Linux 6 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-4051. | |||||
CVE-2016-5418 | 3 Libarchive, Oracle, Redhat | 10 Libarchive, Linux, Enterprise Linux Desktop and 7 more | 2019-12-27 | 5.0 MEDIUM | 7.5 HIGH |
The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file. | |||||
CVE-2016-5440 | 6 Canonical, Debian, Ibm and 3 more | 12 Ubuntu Linux, Debian Linux, Powerkvm and 9 more | 2019-12-27 | 4.0 MEDIUM | 4.9 MEDIUM |
Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 and earlier, and 5.7.12 and earlier and MariaDB before 5.5.50, 10.0.x before 10.0.26, and 10.1.x before 10.1.15 allows remote administrators to affect availability via vectors related to Server: RBR. | |||||
CVE-2016-5444 | 4 Ibm, Mariadb, Oracle and 1 more | 11 Powerkvm, Mariadb, Linux and 8 more | 2019-12-27 | 4.3 MEDIUM | 3.7 LOW |
Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 and earlier, and 5.7.11 and earlier and MariaDB before 5.5.49, 10.0.x before 10.0.25, and 10.1.x before 10.1.14 allows remote attackers to affect confidentiality via vectors related to Server: Connection. | |||||
CVE-2016-5844 | 3 Libarchive, Oracle, Redhat | 10 Libarchive, Linux, Solaris and 7 more | 2019-12-27 | 4.3 MEDIUM | 6.5 MEDIUM |
Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file. | |||||
CVE-2016-6197 | 2 Linux, Oracle | 3 Linux Kernel, Linux, Vm Server | 2019-12-27 | 4.9 MEDIUM | 5.5 MEDIUM |
fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink and rename system-call processing, which allows local users to cause a denial of service (system crash) via a rename system call that specifies a self-hardlink. | |||||
CVE-2016-6198 | 2 Linux, Oracle | 3 Linux Kernel, Linux, Vm Server | 2019-12-27 | 4.9 MEDIUM | 5.5 MEDIUM |
The filesystem layer in the Linux kernel before 4.5.5 proceeds with post-rename operations after an OverlayFS file is renamed to a self-hardlink, which allows local users to cause a denial of service (system crash) via a rename system call, related to fs/namei.c and fs/open.c. | |||||
CVE-2016-6250 | 2 Libarchive, Oracle | 2 Libarchive, Linux | 2019-12-27 | 7.5 HIGH | 8.6 HIGH |
Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow. | |||||
CVE-2016-0617 | 1 Oracle | 1 Linux | 2017-09-09 | 4.6 MEDIUM | 5.5 MEDIUM |
Unspecified vulnerability in the kernel-uek component in Oracle Linux 6 allows local users to affect availability via unknown vectors. | |||||
CVE-2011-2306 | 1 Oracle | 1 Linux | 2011-12-14 | 5.5 MEDIUM | N/A |
Unspecified vulnerability in Oracle Linux 4 and 5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to "Oracle validated." |