Total
7549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-6924 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, and CVE-2016-6922. | |||||
| CVE-2016-6923 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6921, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932. | |||||
| CVE-2016-6922 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4274, CVE-2016-4275, CVE-2016-4276, CVE-2016-4280, CVE-2016-4281, CVE-2016-4282, CVE-2016-4283, CVE-2016-4284, CVE-2016-4285, and CVE-2016-6924. | |||||
| CVE-2016-6921 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before 23.0.0.162 on Windows and OS X and before 11.2.202.635 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4272, CVE-2016-4279, CVE-2016-6923, CVE-2016-6925, CVE-2016-6926, CVE-2016-6927, CVE-2016-6929, CVE-2016-6930, CVE-2016-6931, and CVE-2016-6932. | |||||
| CVE-2016-6914 | 2 Microsoft, Ui | 2 Windows, Unifi Video | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. | |||||
| CVE-2016-6804 | 2 Apache, Microsoft | 2 Openoffice, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| The Apache OpenOffice installer (versions prior to 4.1.3, including some branded as OpenOffice.org) for Windows contains a defective operation that allows execution of arbitrary code with elevated privileges. This requires that the location in which the installer is run has been previously poisoned by a file that impersonates a dynamic-link library that the installer depends upon. | |||||
| CVE-2016-6803 | 2 Apache, Microsoft | 2 Openoffice, Windows | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| An installer defect known as an "unquoted Windows search path vulnerability" affected the Apache OpenOffice before 4.1.3 installers for Windows. The PC must have previously been infected by a Trojan Horse application (or user) running with administrative privilege. Any installer with the unquoted search path vulnerability becomes a delayed trigger for the exploit. | |||||
| CVE-2016-6154 | 2 Microsoft, Watchguard | 2 Windows, Fireware | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | |||||
| CVE-2016-6110 | 3 Ibm, Linux, Microsoft | 4 Tivoli Storage Manager, Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Linux Kernel and 1 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| IBM Tivoli Storage Manager discloses unencrypted login credentials to Vmware vCenter that could be obtained by a local user. | |||||
| CVE-2016-6034 | 2 Ibm, Microsoft | 2 Tivoli Storage Manager For Virtual Environments Data Protection For Vmware, Windows | 2024-11-21 | 4.0 MEDIUM | 6.8 MEDIUM |
| IBM Tivoli Storage Manager for Virtual Environments (VMware) could disclose the Windows domain credentials to a user with a high level of privileges. | |||||
| CVE-2016-5918 | 2 Ibm, Microsoft | 2 Tivoli Storage Manager For Space Management, Windows | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| IBM Tivoli Storage Manager HSM for Windows displays the encrypted Tivoli Storage Manager password in application trace output if the password access option is prompt and the password is changed. | |||||
| CVE-2016-5725 | 2 Jcraft, Microsoft | 2 Jsch, Windows | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command. | |||||
| CVE-2016-5330 | 3 Apple, Microsoft, Vmware | 7 Mac Os X, Windows, Esxi and 4 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Player 12.1.x before 12.1.1, and VMware Fusion 8.1.x before 8.1.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory. | |||||
| CVE-2016-5308 | 2 Microsoft, Symantec | 2 Windows, Client Intrusion Detection System | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| The Client Intrusion Detection System (CIDS) driver before 15.0.6 in Symantec Endpoint Protection (SEP) and before 15.1.2 in Norton Security allows remote attackers to cause a denial of service (memory corruption and system crash) via a malformed Portable Executable (PE) file. | |||||
| CVE-2016-5295 | 2 Microsoft, Mozilla | 2 Windows, Firefox | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a variant of MFSA2013-44. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox < 50. | |||||
| CVE-2016-5294 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50. | |||||
| CVE-2016-5293 | 3 Debian, Microsoft, Mozilla | 4 Debian Linux, Windows, Firefox and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox ESR < 45.5 and Firefox < 50. | |||||
| CVE-2016-5202 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
| browser/extensions/api/dial/dial_registry.cc in Google Chrome before 54.0.2840.98 on macOS, before 54.0.2840.99 on Windows, and before 54.0.2840.100 on Linux neglects to copy a device ID before an erase() call, which causes the erase operation to access data that that erase operation will destroy. | |||||
| CVE-2016-5198 | 5 Apple, Google, Linux and 2 more | 8 Macos, Android, Chrome and 5 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac included incorrect optimisation assumptions, which allowed a remote attacker to perform arbitrary read/write operations, leading to code execution, via a crafted HTML page. | |||||
| CVE-2016-5101 | 2 Microsoft, Opera | 2 Windows, Opera Mail | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows allows user-assisted remote attackers to execute arbitrary code via a crafted e-mail message. | |||||