Search Results (26340 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2016-3234 1 Microsoft 6 Office, Office Compatibility Pack, Office Web Apps and 3 more 2025-04-12 N/A
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
CVE-2016-10005 1 Sap 1 Solution Manager 2025-04-12 N/A
Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524.
CVE-2016-2841 2 Canonical, Qemu 2 Ubuntu Linux, Qemu 2025-04-12 N/A
The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU process crash) via crafted values for the PSTART and PSTOP registers, involving ring buffer control.
CVE-2016-3303 1 Microsoft 8 Live Meeting, Lync, Office and 5 more 2025-04-12 N/A
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3304.
CVE-2016-2845 2 Google, Redhat 2 Chrome, Rhel Extras 2025-04-12 N/A
The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp.
CVE-2016-2849 3 Botan Project, Debian, Fedoraproject 3 Botan, Debian Linux, Fedora 2025-04-12 N/A
Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a constant-time algorithm to perform a modular inverse on the signature nonce k, which might allow remote attackers to obtain ECDSA secret keys via a timing side-channel attack.
CVE-2016-2850 2 Botan Project, Fedoraproject 2 Botan, Fedora 2025-04-12 N/A
Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) signature algorithms and (2) ECC curves, which allows remote attackers to conduct downgrade attacks via unspecified vectors.
CVE-2016-2931 1 Ibm 1 Bigfix Remote Control 2025-04-12 N/A
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive cleartext information by sniffing the network.
CVE-2016-3251 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2025-04-12 N/A
The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to obtain sensitive kernel-address information via a crafted application, aka "Win32k Information Disclosure Vulnerability."
CVE-2016-1858 2 Apple, Webkitgtk 4 Iphone Os, Safari, Tvos and 1 more 2025-04-12 N/A
WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, improperly tracks taint attributes, which allows remote attackers to obtain sensitive information via a crafted web site.
CVE-2016-1860 1 Apple 1 Mac Os X 2025-04-12 N/A
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1862.
CVE-2016-1862 1 Apple 1 Mac Os X 2025-04-12 N/A
Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to obtain sensitive kernel memory-layout information via a crafted app, a different vulnerability than CVE-2016-1860.
CVE-2016-1864 1 Apple 2 Iphone Os, Safari 2025-04-12 N/A
The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari before 9.1, does not properly handle redirects in block mode, which allows remote attackers to obtain sensitive information via a crafted URL.
CVE-2016-2935 1 Ibm 1 Bigfix Remote Control 2025-04-12 N/A
The broker application in IBM BigFix Remote Control before 9.1.3 allows remote attackers to cause a denial of service via an invalid HTTP request.
CVE-2016-3255 1 Microsoft 1 .net Framework 2025-04-12 N/A
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."
CVE-2016-2937 1 Ibm 1 Bigfix Remote Control 2025-04-12 N/A
IBM BigFix Remote Control before 9.1.3 allows remote attackers to obtain sensitive information or spoof e-mail transmission via a crafted POST request, related to an "untrusted information vulnerability."
CVE-2016-10100 1 Borg 1 Borg 2025-04-12 N/A
Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive names were processed during manifest recovery, potentially allowing an attacker to overwrite an archive.
CVE-2016-3261 1 Microsoft 1 Internet Explorer 2025-04-12 N/A
Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2016-10105 1 Piwigo 1 Piwigo 2025-04-12 N/A
admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections variable while using it to include files. This can cause information disclosure and code execution if it contains a .. sequence.
CVE-2016-2940 1 Ibm 1 Bigfix Remote Control 2025-04-12 N/A
Multiple unspecified vulnerabilities in IBM BigFix Remote Control before 9.1.3 allow remote attackers to obtain sensitive information via unknown vectors.