CVEs

31,424 total · page 611 of 629

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	KEV	Published	Description
CVE-2016-0979	Adobe Inc. Air SDK	Hig	0.57	8.8	0.03		Feb 10, 2016	Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0978	Adobe Inc. Air SDK	Hig	0.57	8.8	0.03		Feb 10, 2016	Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0977	Adobe Inc. Air SDK	Hig	0.57	8.8	0.03		Feb 10, 2016	Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0976	Adobe Inc. Air SDK	Hig	0.57	8.8	0.03		Feb 10, 2016	Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0975	Adobe Inc. Air SDK	Hig	0.58	8.8	0.04		Feb 10, 2016	Use-after-free vulnerability in the instanceof function in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler…
CVE-2016-0974	Adobe Inc. Air SDK	Hig	0.65	8.8	0.59		Feb 10, 2016	Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows…
CVE-2016-0973	Adobe Inc. Air SDK	Hig	0.58	8.8	0.04		Feb 10, 2016	Use-after-free vulnerability in the URLRequest object implementation in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK…
CVE-2016-0972	Adobe Inc. Air SDK	Hig	0.57	8.8	0.03		Feb 10, 2016	Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0971	Adobe Inc. Air SDK	Hig	0.65	8.8	0.59		Feb 10, 2016	Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows…
CVE-2016-0970	Adobe Inc. Air SDK	Hig	0.57	8.8	0.03		Feb 10, 2016	Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0969	Adobe Inc. Air SDK	Hig	0.57	8.8	0.03		Feb 10, 2016	Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0968	Adobe Inc. Air SDK	Hig	0.57	8.8	0.03		Feb 10, 2016	Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0967	Adobe Inc. Air SDK	Hig	0.64	8.8	0.49		Feb 10, 2016	Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0966	Adobe Inc. Air SDK	Hig	0.57	8.8	0.03		Feb 10, 2016	Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0965	Adobe Inc. Air SDK	Hig	0.64	8.8	0.49		Feb 10, 2016	Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0964	Adobe Inc. Air SDK	Hig	0.64	8.8	0.49		Feb 10, 2016	Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0958	Adobe Inc. Experience Manager	Hig	0.49	7.5	0.01		Feb 10, 2016	Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.
CVE-2016-0957	Adobe Inc. Experience Manager	Hig	0.56	7.5	0.93		Feb 10, 2016	Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.
CVE-2016-0956	Apache Sling	Hig	0.53	7.5	0.13		Feb 10, 2016	The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-0948	Adobe Inc. Connect	Hig	0.57	8.8	0.00		Feb 10, 2016	Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-7678	Ipswitch, Inc. Moveit Mobile	Hig	0.57	8.8	0.00		Feb 10, 2016	Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2016-0084	Microsoft Edge	Hig	0.59	8.8	0.18		Feb 10, 2016	Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
CVE-2016-0072	Microsoft Internet Explorer	Hig	0.58	8.8	0.14		Feb 10, 2016	Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060,…
CVE-2016-0071	Microsoft Internet Explorer	Hig	0.59	8.8	0.20		Feb 10, 2016	Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2016-0067	Microsoft Internet Explorer	Hig	0.59	8.8	0.20		Feb 10, 2016	Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060,…
CVE-2016-0064	Microsoft Internet Explorer	Hig	0.59	8.8	0.20		Feb 10, 2016	Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2016-0063	Microsoft Internet Explorer	Hig	0.63	8.8	0.41		Feb 10, 2016	Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060,…
CVE-2016-0062	Microsoft Internet Explorer	Hig	0.59	8.8	0.17		Feb 10, 2016	Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
CVE-2016-0061	Microsoft Internet Explorer	Hig	0.59	8.8	0.17		Feb 10, 2016	Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than…
CVE-2016-0060	Microsoft Internet Explorer	Hig	0.60	8.8	0.30		Feb 10, 2016	Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than…
CVE-2016-0058	Microsoft Windows Server 2012	Hig	0.53	7.8	0.26		Feb 10, 2016	Buffer overflow in the PDF Library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted PDF document that triggers API calls, aka "Microsoft PDF Library Buffer Overflow Vulnerability."
CVE-2016-0056	Microsoft Word	Hig	0.53	7.8	0.25		Feb 10, 2016	Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
CVE-2016-0055	Microsoft Office	Hig	0.53	7.8	0.30		Feb 10, 2016	Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
CVE-2016-0054	Microsoft Excel	Hig	0.53	7.8	0.32		Feb 10, 2016	Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel…
CVE-2016-0053	Microsoft Word	Hig	0.53	7.8	0.31		Feb 10, 2016	Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote…
CVE-2016-0052	Microsoft Word	Hig	0.53	7.8	0.30		Feb 10, 2016	Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and…
CVE-2016-0051	Microsoft Windows	Hig	0.59	7.8	0.66		Feb 10, 2016	The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation…
CVE-2016-0048	Microsoft Windows	Hig	0.51	7.8	0.00		Feb 10, 2016	The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k…
CVE-2016-0047	Microsoft .net Framework	Hig	0.50	7.5	0.17		Feb 10, 2016	WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."
CVE-2016-0046	Microsoft Windows Server 2012	Hig	0.53	7.8	0.27		Feb 10, 2016	Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted Reader file, aka "Microsoft Windows Reader Vulnerability."
CVE-2016-0044	Microsoft Windows Server 2012	Hig	0.51	7.5	0.27		Feb 10, 2016	Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability."
CVE-2016-0042	Microsoft Windows	Hig	0.51	7.8	0.01		Feb 10, 2016	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "Windows…
CVE-2016-0041	Microsoft Internet Explorer	Hig	0.58	7.8	0.58		Feb 10, 2016	Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a…
CVE-2016-0040	Microsoft Windows	Hig	0.72	7.8	0.76	KEV	Feb 10, 2016	The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
CVE-2016-0038	Microsoft Windows	Hig	0.52	7.8	0.20		Feb 10, 2016	Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Memory…
CVE-2016-0037	Microsoft Windows Server 2012	Hig	0.52	7.5	0.38		Feb 10, 2016	The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service (daemon outage) via crafted data, aka "Microsoft Active Directory Federation Services Denial…
CVE-2016-0036	Microsoft Windows 7	Hig	0.54	8.1	0.17		Feb 10, 2016	The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote authenticated users to execute arbitrary code via crafted data, aka "Remote Desktop Protocol (RDP) Elevation of Privilege…
CVE-2016-0033	Microsoft .net Framework	Hig	0.50	7.5	0.19		Feb 10, 2016	Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of…
CVE-2016-0022	Microsoft Word	Hig	0.53	7.8	0.30		Feb 10, 2016	Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and…
CVE-2016-2200	Siemens Foundation Simatic S7 1500 CPU Firmware	Hig	0.49	7.5	0.06		Feb 8, 2016	Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.

CVE-2016-0979HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.57cvss 8.8epss 0.03
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0978HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.57cvss 8.8epss 0.03
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0977HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.57cvss 8.8epss 0.03
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0976HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.57cvss 8.8epss 0.03
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0975HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.58cvss 8.8epss 0.04
Use-after-free vulnerability in the instanceof function in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler…
CVE-2016-0974HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.65cvss 8.8epss 0.59
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows…
CVE-2016-0973HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.58cvss 8.8epss 0.04
Use-after-free vulnerability in the URLRequest object implementation in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK…
CVE-2016-0972HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.57cvss 8.8epss 0.03
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0971HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.65cvss 8.8epss 0.59
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows…
CVE-2016-0970HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.57cvss 8.8epss 0.03
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0969HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.57cvss 8.8epss 0.03
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0968HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.57cvss 8.8epss 0.03
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0967HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.64cvss 8.8epss 0.49
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0966HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.57cvss 8.8epss 0.03
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0965HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.64cvss 8.8epss 0.49
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0964HigFeb 10, 2016
Adobe Inc.
Air SDK
risk 0.64cvss 8.8epss 0.49
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code…
CVE-2016-0958HigFeb 10, 2016
Adobe Inc.
Experience Manager
risk 0.49cvss 7.5epss 0.01
Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.
CVE-2016-0957HigFeb 10, 2016
Adobe Inc.
Experience Manager
risk 0.56cvss 7.5epss 0.93
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.
CVE-2016-0956HigFeb 10, 2016
Apache
Sling
risk 0.53cvss 7.5epss 0.13
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2016-0948HigFeb 10, 2016
Adobe Inc.
Connect
risk 0.57cvss 8.8epss 0.00
Cross-site request forgery (CSRF) vulnerability in Adobe Connect before 9.5.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2015-7678HigFeb 10, 2016
Ipswitch, Inc.
Moveit Mobile
risk 0.57cvss 8.8epss 0.00
Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch MOVEit Mobile 1.2.0.962 and earlier allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2016-0084HigFeb 10, 2016
Microsoft
Edge
risk 0.59cvss 8.8epss 0.18
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
CVE-2016-0072HigFeb 10, 2016
Microsoft
Internet Explorer
risk 0.58cvss 8.8epss 0.14
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060,…
CVE-2016-0071HigFeb 10, 2016
Microsoft
Internet Explorer
risk 0.59cvss 8.8epss 0.20
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2016-0067HigFeb 10, 2016
Microsoft
Internet Explorer
risk 0.59cvss 8.8epss 0.20
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060,…
CVE-2016-0064HigFeb 10, 2016
Microsoft
Internet Explorer
risk 0.59cvss 8.8epss 0.20
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2016-0063HigFeb 10, 2016
Microsoft
Internet Explorer
risk 0.63cvss 8.8epss 0.41
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060,…
CVE-2016-0062HigFeb 10, 2016
Microsoft
Internet Explorer
risk 0.59cvss 8.8epss 0.17
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
CVE-2016-0061HigFeb 10, 2016
Microsoft
Internet Explorer
risk 0.59cvss 8.8epss 0.17
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than…
CVE-2016-0060HigFeb 10, 2016
Microsoft
Internet Explorer
risk 0.60cvss 8.8epss 0.30
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than…
CVE-2016-0058HigFeb 10, 2016
Microsoft
Windows Server 2012
risk 0.53cvss 7.8epss 0.26
Buffer overflow in the PDF Library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted PDF document that triggers API calls, aka "Microsoft PDF Library Buffer Overflow Vulnerability."
CVE-2016-0056HigFeb 10, 2016
Microsoft
Word
risk 0.53cvss 7.8epss 0.25
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
CVE-2016-0055HigFeb 10, 2016
Microsoft
Office
risk 0.53cvss 7.8epss 0.30
Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
CVE-2016-0054HigFeb 10, 2016
Microsoft
Excel
risk 0.53cvss 7.8epss 0.32
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on SharePoint Server 2007 SP3, Excel Services on SharePoint Server 2010 SP2, Excel…
CVE-2016-0053HigFeb 10, 2016
Microsoft
Word
risk 0.53cvss 7.8epss 0.31
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and SharePoint Server 2013 SP1 allow remote…
CVE-2016-0052HigFeb 10, 2016
Microsoft
Word
risk 0.53cvss 7.8epss 0.30
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and…
CVE-2016-0051HigFeb 10, 2016
Microsoft
Windows
risk 0.59cvss 7.8epss 0.66
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation…
CVE-2016-0048HigFeb 10, 2016
Microsoft
Windows
risk 0.51cvss 7.8epss 0.00
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k…
CVE-2016-0047HigFeb 10, 2016
Microsoft
.net Framework
risk 0.50cvss 7.5epss 0.17
WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms Information Disclosure Vulnerability."
CVE-2016-0046HigFeb 10, 2016
Microsoft
Windows Server 2012
risk 0.53cvss 7.8epss 0.27
Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted Reader file, aka "Microsoft Windows Reader Vulnerability."
CVE-2016-0044HigFeb 10, 2016
Microsoft
Windows Server 2012
risk 0.51cvss 7.5epss 0.27
Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data, aka "Windows DLL Loading Denial of Service Vulnerability."
CVE-2016-0042HigFeb 10, 2016
Microsoft
Windows
risk 0.51cvss 7.8epss 0.01
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "Windows…
CVE-2016-0041HigFeb 10, 2016
Microsoft
Internet Explorer
risk 0.58cvss 7.8epss 0.58
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11 mishandle DLL loading, which allows local users to gain privileges via a…
CVE-2016-0040HigKEVFeb 10, 2016
Microsoft
Windows
risk 0.72cvss 7.8epss 0.76
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
CVE-2016-0038HigFeb 10, 2016
Microsoft
Windows
risk 0.52cvss 7.8epss 0.20
Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted Journal file, aka "Windows Journal Memory…
CVE-2016-0037HigFeb 10, 2016
Microsoft
Windows Server 2012
risk 0.52cvss 7.5epss 0.38
The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service (daemon outage) via crafted data, aka "Microsoft Active Directory Federation Services Denial…
CVE-2016-0036HigFeb 10, 2016
Microsoft
Windows 7
risk 0.54cvss 8.1epss 0.17
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote authenticated users to execute arbitrary code via crafted data, aka "Remote Desktop Protocol (RDP) Elevation of Privilege…
CVE-2016-0033HigFeb 10, 2016
Microsoft
.net Framework
risk 0.50cvss 7.5epss 0.19
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance degradation) via crafted XSLT data, aka ".NET Framework Stack Overflow Denial of…
CVE-2016-0022HigFeb 10, 2016
Microsoft
Word
risk 0.53cvss 7.8epss 0.30
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps Server 2013 SP1, and…
CVE-2016-2200HigFeb 8, 2016
Siemens Foundation
Simatic S7 1500 CPU Firmware
risk 0.49cvss 7.5epss 0.06
Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote attackers to cause a denial of service (STOP mode transition) via crafted packets on TCP port 102.