Total
2819 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3713 | 1 Linux | 1 Linux Kernel | 2024-08-06 | N/A |
| The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or write to the kvm_arch_vcpu data structure, and consequently obtain sensitive information or cause a denial of service (system crash), via a crafted ioctl call. | ||||
| CVE-2016-3698 | 4 Canonical, Debian, Libndp and 1 more | 11 Ubuntu Linux, Debian Linux, Libndp and 8 more | 2024-08-06 | N/A |
| libndp before 1.6, as used in NetworkManager, does not properly validate the origin of Neighbor Discovery Protocol (NDP) messages, which allows remote attackers to conduct man-in-the-middle attacks or cause a denial of service (network connectivity disruption) by advertising a node as a router from a non-local network. | ||||
| CVE-2016-3707 | 3 Linux, Novell, Redhat | 6 Linux Kernel-rt, Suse Linux Enterprise Real Time Extension, Enterprise Linux For Real Time and 3 more | 2024-08-06 | N/A |
| The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org projects/rt patches for the Linux kernel, as used in the kernel-rt package before 3.10.0-327.22.1 in Red Hat Enterprise Linux for Real Time 7 and other products, allows remote attackers to execute SysRq commands via crafted ICMP Echo Request packets, as demonstrated by a brute-force attack to discover a cookie, or an attack that occurs after reading the local icmp_echo_sysrq file. | ||||
| CVE-2016-3738 | 1 Redhat | 1 Openshift | 2024-08-06 | N/A |
| Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-pod. | ||||
| CVE-2016-3703 | 1 Redhat | 1 Openshift | 2024-08-06 | N/A |
| Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the origin of a request when anonymous access is granted to a service/proxy or pod/proxy API for a specific pod, which allows remote attackers to access API credentials in the web browser localStorage via an access_token in the query parameter. | ||||
| CVE-2016-3733 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
| The "restore teacher" feature in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to overwrite the course idnumber. | ||||
| CVE-2016-3729 | 1 Moodle | 1 Moodle | 2024-08-06 | N/A |
| The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to edit profile fields locked by the administrator. | ||||
| CVE-2016-3635 | 1 Sap | 1 Netweaver | 2024-08-06 | N/A |
| SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication Assembly, aka SAP Security Note 2139366. | ||||
| CVE-2016-3345 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-08-05 | N/A |
| The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Authenticated Remote Code Execution Vulnerability." | ||||
| CVE-2016-3392 | 1 Microsoft | 1 Edge | 2024-08-05 | N/A |
| The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Microsoft Browser Security Feature Bypass Vulnerability." | ||||
| CVE-2016-3366 | 1 Microsoft | 1 Outlook | 2024-08-05 | N/A |
| Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, Outlook 2013 RT SP1, Outlook 2016, and Outlook 2016 for Mac do not properly implement RFC 2046, which allows remote attackers to bypass virus or spam detection via crafted MIME data in an e-mail attachment, aka "Microsoft Office Spoofing Vulnerability." | ||||
| CVE-2016-3274 | 1 Microsoft | 2 Edge, Internet Explorer | 2024-08-05 | N/A |
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | ||||
| CVE-2016-3276 | 1 Microsoft | 1 Internet Explorer | 2024-08-05 | N/A |
| Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | ||||
| CVE-2016-3244 | 1 Microsoft | 1 Edge | 2024-08-05 | N/A |
| Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass." | ||||
| CVE-2016-3245 | 1 Microsoft | 1 Internet Explorer | 2024-08-05 | N/A |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass Vulnerability." | ||||
| CVE-2016-3319 | 1 Microsoft | 4 Edge, Windows 10, Windows 8.1 and 1 more | 2024-08-05 | N/A |
| The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution Vulnerability." | ||||
| CVE-2016-3299 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2024-08-05 | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow remote attackers to hijack network traffic or bypass intended Enhanced Protected Mode (EPM) or application container protection mechanisms, and consequently render untrusted content in a browser, by leveraging how NetBIOS validates responses, aka "NetBIOS Spoofing Vulnerability." | ||||
| CVE-2016-3226 | 1 Microsoft | 2 Windows Server 2008, Windows Server 2012 | 2024-08-05 | N/A |
| Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory Denial of Service Vulnerability." | ||||
| CVE-2016-3158 | 3 Fedoraproject, Oracle, Xen | 3 Fedora, Vm Server, Xen | 2024-08-05 | N/A |
| The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive register content information from another guest by leveraging pending exception and mask bits. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-2076. | ||||
| CVE-2016-3162 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2024-08-05 | N/A |
| The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows remote authenticated users to bypass access restrictions and read, delete, or substitute a link to a file uploaded to an unprocessed form by leveraging permission to create content or comment and upload files. | ||||