Total
1441 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2017-3045 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader Dc and 3 more | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have a memory address leak vulnerability in the JPEG 2000 parser, related to the palette box. | |||||
CVE-2016-4760 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support. | |||||
CVE-2016-2078 | 2 Microsoft, Vmware | 2 Windows, Vcenter Server | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in the Web Client in VMware vCenter Server 5.1 before update 3d, 5.5 before update 3d, and 6.0 before update 2 on Windows allows remote attackers to inject arbitrary web script or HTML via the flashvars parameter. | |||||
CVE-2015-7416 | 2 Ibm, Microsoft | 2 I Access, Windows | 2023-12-10 | 2.1 LOW | 4.0 MEDIUM |
AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote attackers to cause a denial of service (viewer crash) via a crafted workbench file. | |||||
CVE-2016-4278 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4271 and CVE-2016-4277. | |||||
CVE-2016-4178 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2023-12-10 | 4.3 MEDIUM | 4.3 MEDIUM |
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors. | |||||
CVE-2016-1715 | 2 Mcafee, Microsoft | 2 Application Control, Windows | 2023-12-10 | 5.5 MEDIUM | 6.6 MEDIUM |
The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 before build 706, 6.1.1 before build 404, 6.1.2 before build 449, 6.1.3 before build 441, and 6.2.0 before build 505 on 32-bit Windows platforms allows local users to cause a denial of service (memory corruption and system crash) or gain privileges via a 768 syscall, which triggers a zero to be written to an arbitrary kernel memory location. | |||||
CVE-2016-1976 | 3 Microsoft, Mozilla, Webrtc Project | 3 Windows, Firefox, Webrtc | 2023-12-10 | 6.8 MEDIUM | 5.5 MEDIUM |
Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
CVE-2016-2809 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2023-12-10 | 5.8 MEDIUM | 5.5 MEDIUM |
The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 on Windows allows user-assisted remote attackers to delete arbitrary files by leveraging certain local file execution. | |||||
CVE-2016-4763 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2023-12-10 | 4.9 MEDIUM | 6.8 MEDIUM |
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | |||||
CVE-2016-0955 | 4 Adobe, Apple, Linux and 1 more | 4 Experience Manager, Mac Os X, Linux Kernel and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog. | |||||
CVE-2016-4271 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4277 and CVE-2016-4278, aka a "local-with-filesystem Flash sandbox bypass" issue. | |||||
CVE-2016-4247 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2023-12-10 | 2.6 LOW | 5.3 MEDIUM |
Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information via unspecified vectors. | |||||
CVE-2016-0754 | 2 Haxx, Microsoft | 2 Curl, Windows | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. | |||||
CVE-2015-7422 | 2 Ibm, Microsoft | 2 I Access, Windows | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
Buffer overflow in IBM i Access 7.1 on Windows allows local users to cause a denial of service (application crash) via unspecified vectors. | |||||
CVE-2016-7386 | 2 Microsoft, Nvidia | 2 Windows, Gpu Driver | 2023-12-10 | 2.1 LOW | 5.5 MEDIUM |
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer. | |||||
CVE-2016-1156 | 3 Apple, Linecorp, Microsoft | 3 Mac Os X, Line, Windows | 2023-12-10 | 3.5 LOW | 5.7 MEDIUM |
LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X allows remote authenticated users to cause a denial of service (application crash) via a crafted post that is mishandled when displaying a Timeline. | |||||
CVE-2016-4758 | 2 Apple, Microsoft | 4 Iphone Os, Itunes, Safari and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site. | |||||
CVE-2016-5308 | 2 Microsoft, Symantec | 2 Windows, Client Intrusion Detection System | 2023-12-10 | 7.1 HIGH | 5.5 MEDIUM |
The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file. | |||||
CVE-2016-4277 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors, a different vulnerability than CVE-2016-4271 and CVE-2016-4278. |