All CVEs — 2016 (Page 6/36)

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0

2016-11-10

High

CVE-2016-7490

The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber syste…

CVSS: 7.8 CWE: CWE-59

Critical

CVE-2016-4095

Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC Classic before 15.006.30243, and Acrobat and Acrobat Reader DC Continuous before 15.020.20039 on Windows and OS X allow attacker…

CVSS: 9.8 CWE: CWE-119

Medium

CVE-2016-7252

Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows remote authenticated users to gain privileges via unspecified vectors, aka "SQL Analysis Services Information Disclosure Vulnera…

CVSS: 6.5 CWE: CWE-200

Medium

CVE-2016-7251

Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vuln…

CVSS: 6.1 CWE: CWE-79

High

CVE-2016-7248

Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted…

CVSS: 7.8 CWE: CWE-284

High

CVE-2016-7247

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protect…

CVSS: 7.5 CWE: CWE-284

High

CVE-2016-7245

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office…

CVSS: 7.8 CWE: CWE-119

Medium

CVE-2016-7244

Microsoft Office 2007 SP3 allows remote attackers to cause a denial of service (application hang) via a crafted Office document, aka "Microsoft Office Denial of Service Vulnerability."

CVSS: 5.5 CWE: CWE-284

High

CVE-2016-7243

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engi…

CVSS: 7.5 CWE: CWE-119

High

CVE-2016-7242

CVSS: 7.5 CWE: CWE-119

High

CVE-2016-7241

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memo…

CVSS: 7.5 CWE: CWE-119

High

CVE-2016-7240

CVSS: 7.5 CWE: CWE-119

Low

CVE-2016-7239

The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information…

CVSS: 3.1 CWE: CWE-79

Medium

CVE-2016-7237

Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Win…

CVSS: 6.5 CWE: CWE-284

High

CVE-2016-7236

Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka…

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-7235

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office doc…

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-7234

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services…

CVSS: 7.8 CWE: CWE-119

Medium

CVE-2016-7233

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Off…

CVSS: 6.5 CWE: CWE-200

High

CVE-2016-7232

Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsof…

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-7231

Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Mem…

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-7230

Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption…

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-7229

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers…

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-7228

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute ar…

CVSS: 7.8 CWE: CWE-119

Low

CVE-2016-7227

The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser I…

CVSS: 3.1 CWE: CWE-200

Medium

CVE-2016-7226

Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and Windows Server 2016 does not properly restrict access to files, which allows local users to gain privileges via a crafted application,…

CVSS: 6.1 CWE: CWE-284

Medium

CVE-2016-7225

CVSS: 6.1 CWE: CWE-284

Medium

CVE-2016-7224

Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 does not properly restrict access to files…

CVSS: 6.1 CWE: CWE-284

Medium

CVE-2016-7223

CVSS: 6.1 CWE: CWE-284

Low

CVE-2016-7220

Virtual Secure Mode in Microsoft Windows 10 allows local users to obtain sensitive information via a crafted application, aka "Virtual Secure Mode Information Disclosure Vulnerability."

CVSS: 3.3 CWE: CWE-200

Medium

CVE-2016-7218

Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold,…

CVSS: 4.7 CWE: CWE-200

High

CVE-2016-7217

Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code…

CVSS: 8.8 CWE: CWE-119

Medium

CVE-2016-7216

The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka…

CVSS: 5.5 CWE: CWE-200

Low

CVE-2016-7214

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 160…

CVSS: 3.3 CWE: CWE-200

High

CVE-2016-7213

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-7212

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016…

CVSS: 7.8 CWE: CWE-284

Medium

CVE-2016-7210

atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows…

CVSS: 6.5 CWE: CWE-200

Medium

CVE-2016-7209

Microsoft Edge allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability."

CVSS: 5.3 CWE: CWE-20

High

CVE-2016-7208

CVSS: 7.5 CWE: CWE-119

High

CVE-2016-7205

Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows…

CVSS: 8.8 CWE: CWE-119

Low

CVE-2016-7204

Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability."

CVSS: 3.1 CWE: CWE-200

High

CVE-2016-7203

CVSS: 7.5 CWE: CWE-119

High

CVE-2016-7202

The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted we…

CVSS: 7.5 CWE: CWE-119

High

CVE-2016-7201

CVSS: 8.8 CWE: CWE-843

High

CVE-2016-7200

CVSS: 8.8 CWE: CWE-787

Low

CVE-2016-7199

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsof…

CVSS: 3.1 CWE: CWE-200

High

CVE-2016-7198

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Br…

CVSS: 7.5 CWE: CWE-119

High

CVE-2016-7196

Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Brows…

CVSS: 7.5 CWE: CWE-119

High

CVE-2016-7195

CVSS: 7.5 CWE: CWE-119

High

CVE-2016-7184

The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Go…

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-3343

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-3342

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-3340

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-3338

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-3335

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-3334

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-3333

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-3332

CVSS: 7.8 CWE: CWE-119

High

CVE-2016-0026

CVSS: 7.8 CWE: CWE-119

2016-11-08

High

CVE-2016-8812

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce Experience R340 before GFE 2.11.4.125 and R375 before GFE 3.1.0.52 contains a vulnerability in the kernel mode layer (nvstreamkms.sys)…

CVSS: 8.8 CWE: CWE-119

High

CVE-2016-8809

For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler…

CVSS: 7.8 CWE: CWE-20

Medium

CVE-2016-7386

CVSS: 5.5 CWE: CWE-200

Medium

CVE-2016-5025

For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVAPI support layer causes a denial of service vulnerability (blue screen crash) within the NVIDIA Windows…

CVSS: 6.6 CWE: CWE-20

Medium

CVE-2016-4961

For the NVIDIA Quadro, NVS, and GeForce products, improper sanitization of parameters in the NVStreamKMS.sys API layer caused a denial of service vulnerability (blue screen crash) within the NVIDIA W…

CVSS: 5.5 CWE: CWE-20

High

CVE-2016-4960

For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA NVStreamKMS.sys service component is improperly validating user-supplied data through its API entry points causing an elevation of privile…

CVSS: 7.3 CWE: CWE-20

High

CVE-2016-4959

For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote Desktop denial of service. A successful exploit of a vulnerable system will result in a kernel null pointer dereference, causing a…

CVSS: 7.5 CWE: CWE-476

High

CVE-2016-7865

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS: 8.8 CWE: CWE-704

High

CVE-2016-7864

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS: 8.8 CWE: CWE-416

High

CVE-2016-7863

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS: 8.8 CWE: CWE-416

High

CVE-2016-7862

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS: 8.8 CWE: CWE-416

High

CVE-2016-7861

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS: 8.8 CWE: CWE-704

High

CVE-2016-7860

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS: 8.8 CWE: CWE-704

High

CVE-2016-7859

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS: 8.8 CWE: CWE-416

High

CVE-2016-7858

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS: 8.8 CWE: CWE-416

High

CVE-2016-7857

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution.

CVSS: 8.8 CWE: CWE-416

Medium

CVE-2016-7851

Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.

CVSS: 6.1 CWE: CWE-79

2016-11-07

High

CVE-2016-9242

Multiple SQL injection vulnerabilities in the update method in framework/modules/core/controllers/expRatingController.php in Exponent CMS 2.4.0 allow remote authenticated users to execute arbitrary S…

CVSS: 8.8 CWE: CWE-89

2016-11-04

Medium

CVE-2016-8910

The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) by leveragin…

CVSS: 6.0 CWE: CWE-835

Medium

CVE-2016-8909

The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and CPU consumption) via an entry wit…

CVSS: 6.0 CWE: CWE-835

High

CVE-2016-8870

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create…

CVSS: 8.1 CWE: CWE-20

Critical

CVE-2016-8869

The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use o…

CVSS: 9.8 CWE: CWE-20

Medium

CVE-2016-8669

The serial_update_parameters function in hw/char/serial.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash)…

CVSS: 6.0 CWE: CWE-369

Medium

CVE-2016-8668

The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (out-of-bounds read and QEMU process crash) by l…

CVSS: 6.0 CWE: CWE-120

Medium

CVE-2016-8667

The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (divide-by-zero error and QEMU process crash) via a large i…

CVSS: 6.0 CWE: CWE-369

Medium

CVE-2016-8577

Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (memory consumption) via vectors related to an I/O…

CVSS: 6.0 CWE: CWE-772

Medium

CVE-2016-8576

The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) by leveraging f…

CVSS: 6.0 CWE: CWE-770

High

CVE-2016-9190

Pillow before 3.3.2 allows context-dependent attackers to execute arbitrary code by using the "crafted image file" approach, related to an "Insecure Sign Extension" issue affecting the ImagingNew in…

CVSS: 7.8 CWE: CWE-284

Medium

CVE-2016-9189

Pillow before 3.3.2 allows context-dependent attackers to obtain sensitive information by using the "crafted image file" approach, related to an "Integer Overflow" issue affecting the Image.core.map_…

CVSS: 5.5 CWE: CWE-190

Medium

CVE-2016-9188

Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and…

CVSS: 6.1 CWE: CWE-79

High

CVE-2016-9187

Unrestricted file upload vulnerability in the double extension support in the "image" module in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an ex…

CVSS: 8.8 CWE: CWE-434

High

CVE-2016-9186

Unrestricted file upload vulnerability in the "legacy course files" and "file manager" modules in Moodle 3.1.2 allows remote authenticated users to execute arbitrary code by uploading a file with an…

CVSS: 8.8 CWE: CWE-434

Medium

CVE-2016-9185

In OpenStack Heat, by launching a new Heat stack with a local URL an authenticated user may conduct network discovery revealing internal network configuration. Affected versions are <=5.0.3, >=6.0.0…

CVSS: 4.3 CWE: CWE-200

High

CVE-2016-9184

In /framework/modules/core/controllers/expHTMLEditorController.php of Exponent CMS 2.4.0, untrusted input is used to construct a table name, and in the selectObject method in mysqli class, table name…

CVSS: 7.5 CWE: CWE-89

High

CVE-2016-9183

In /framework/modules/ecommerce/controllers/orderController.php of Exponent CMS 2.4.0, untrusted input is passed into selectObjectsBySql. The method selectObjectsBySql of class mysqli_database uses t…

CVSS: 7.5 CWE: CWE-200

High

CVE-2016-9182

Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Ex…

CVSS: 7.5 CWE: CWE-284

High

CVE-2016-9177

Directory traversal vulnerability in Spark 2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.

CVSS: 7.5 CWE: CWE-22

Critical

CVE-2016-9176

Stack buffer overflow in the send.exe and receive.exe components of Micro Focus Rumba 9.4 and earlier could be used by local attackers or attackers able to inject arguments to these binaries to execu…

CVSS: 9.8 CWE: CWE-119

2016-11-03

Medium

CVE-2016-6454

A cross-site request forgery (CSRF) vulnerability in the web interface of the Cisco Hosted Collaboration Mediation Fulfillment application could allow an unauthenticated, remote attacker to execute u…

CVSS: 6.5 CWE: CWE-352

High

CVE-2016-6453

A vulnerability in the web framework code of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary SQL commands on the database. More Information: CS…

CVSS: 7.3 CWE: CWE-89

Critical

CVE-2016-6452

A vulnerability in the web-based graphical user interface (GUI) of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication. The attacker could be granted full admini…

CVSS: 9.8 CWE: CWE-287

Medium

CVE-2016-6451

Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against…

CVSS: 6.1 CWE: CWE-79

Critical

CVE-2016-6448

A vulnerability in the Session Description Protocol (SDP) parser of Cisco Meeting Server could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerab…

CVSS: 9.8 CWE: CWE-119

Critical

CVE-2016-6447

A vulnerability in Cisco Meeting Server and Meeting App could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. This vulnerability affects the following produ…

CVSS: 9.8 CWE: CWE-119

Critical

CVE-2016-6441

A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR 900 Series routers could allow an unauthenticated, remote attacker to cause a reload of, or remotely execute code on, the affecte…

CVSS: 9.8 CWE: CWE-119

Medium

CVE-2016-6429

A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) att…

CVSS: 6.1 CWE: CWE-79

High

CVE-2016-9136

Artifex Software, Inc. MuJS before a0ceaf5050faf419401fe1b83acfa950ec8a8a89 allows context-dependent attackers to obtain sensitive information by using the "crafted JavaScript" approach, related to a…

CVSS: 7.5 CWE: CWE-119

High

CVE-2016-9135

Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/framework/modules/help/controllers/helpController.php" affecting the version parameter. Impact is Information Disclosure.

CVSS: 7.5 CWE: CWE-89

High

CVE-2016-9134

Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in "/expPaginator.php" affecting the order parameter. Impact is Information Disclosure.

CVSS: 7.5 CWE: CWE-89

Medium

CVE-2016-9086

GitLab versions 8.9.x and above contain a critical security flaw in the "import/export project" feature of GitLab. Added in GitLab 8.9, this feature allows a user to export and then re-import their p…

CVSS: 6.5 CWE: CWE-200

Critical

CVE-2016-7453

The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to perform an fid SQL Injection.

CVSS: 9.8 CWE: CWE-89

High

CVE-2016-7452

The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could be used to upload a malicious file to any folder on the site via a cpi directory traversal.

CVSS: 7.5 CWE: CWE-434

High

CVE-2016-7160

A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248.

CVSS: 7.5 CWE: CWE-476

Critical

CVE-2016-7095

Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a malicious script file using redirection to place the script in an unprotected folder, one allowing script execution.

CVSS: 9.8 CWE: CWE-434

Critical

CVE-2015-8969

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "g…

CVSS: 9.8 CWE: CWE-77

High

CVE-2015-8968

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can instruct a user to run a recursive clone from a repository they control, they can get a clien…

CVSS: 8.8 CWE: CWE-77

2016-11-02

High

CVE-2016-8864

named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and 9.11.x before 9.11.0-P1 allows remote attackers to cause a denial of service (assertion failure and daemon exit) via a DNAME record…

CVSS: 7.5 CWE: CWE-617

2016-11-01

High

CVE-2016-7855

Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as…

CVSS: 8.8 CWE: CWE-416

2016-10-31

High

CVE-2016-8203

A memory corruption in the IPsec code path of Brocade NetIron OS on Brocade MLXs 5.8.00 through 5.8.00e, 5.9.00 through 5.9.00bd, 6.0.00, and 6.0.00a images could allow attackers to cause a denial of…

CVSS: 7.5 CWE: CWE-119

Medium

CVE-2016-8879

The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to cause a denial of service (out-of-bounds write and a…

CVSS: 6.5 CWE: CWE-787

High

CVE-2016-8878

Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows, when the gflags app is enabled, allows remote attackers to execute arbitrary code via a crafted BMP image embedd…

CVSS: 8.8 CWE: CWE-125

High

CVE-2016-8877

Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit Reader and PhantomPDF before 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted JPEG2000 image embedded i…

CVSS: 8.8 CWE: CWE-787