Export limit exceeded: 367163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25566 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25566 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-3286 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | N/A |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3249, CVE-2016-3252, and CVE-2016-3254. | ||||
| CVE-2016-3292 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." | ||||
| CVE-2016-3293 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability." | ||||
| CVE-2015-6701 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | N/A |
| The ambientIlluminationColor property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via a function call, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704. | ||||
| CVE-2015-6111 | 1 Microsoft | 6 Windows 10, Windows 8, Windows 8.1 and 3 more | 2025-04-12 | N/A |
| IPSec in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles encryption negotiation, which allows remote authenticated users to cause a denial of service (system hang) via crafted IP traffic, aka "Windows IPSec Denial of Service Vulnerability." | ||||
| CVE-2016-1000 | 7 Adobe, Apple, Google and 4 more | 16 Air, Air Desktop Runtime, Air Sdk and 13 more | 2025-04-12 | 8.8 High |
| Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999. | ||||
| CVE-2015-6700 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | N/A |
| The setBackground function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704. | ||||
| CVE-2015-6112 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | N/A |
| SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 lacks the required extended master-secret binding support to ensure that a server's X.509 certificate is the same during renegotiation as it was before renegotiation, which allows man-in-the-middle attackers to obtain sensitive information or modify TLS session data via a "triple handshake attack," aka "Schannel TLS Triple Handshake Vulnerability." | ||||
| CVE-2015-6125 | 1 Microsoft | 2 Windows Server 2008, Windows Server 2012 | 2025-04-12 | N/A |
| Use-after-free vulnerability in the DNS server in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Use After Free Vulnerability." | ||||
| CVE-2015-6699 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | N/A |
| The addForegroundSprite function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704. | ||||
| CVE-2015-6695 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-04-12 | N/A |
| Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted use of the value attribute, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, and CVE-2015-7622. | ||||
| CVE-2016-3388 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387. | ||||
| CVE-2015-6134 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6141. | ||||
| CVE-2015-6140 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6158, CVE-2015-6159, and CVE-2015-6160. | ||||
| CVE-2015-6141 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6134. | ||||
| CVE-2015-6147 | 1 Microsoft | 1 Internet Explorer | 2025-04-12 | N/A |
| Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6149. | ||||
| CVE-2016-3301 | 1 Microsoft | 12 Live Meeting, Lync, Office and 9 more | 2025-04-12 | N/A |
| The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability." | ||||
| CVE-2015-6170 | 1 Microsoft | 1 Edge | 2025-04-12 | N/A |
| Microsoft Edge allows remote attackers to gain privileges via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability." | ||||
| CVE-2016-3302 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2025-04-12 | N/A |
| Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607, when the lock screen is enabled, do not properly restrict the loading of web content, which allows physically proximate attackers to execute arbitrary code via a (1) crafted Wi-Fi access point or (2) crafted mobile-broadband device, aka "Windows Lock Screen Elevation of Privilege Vulnerability." | ||||
| CVE-2015-6176 | 1 Microsoft | 1 Edge | 2025-04-12 | N/A |
| Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass Vulnerability." | ||||