Total
2876 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-4187 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4172, CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. | |||||
| CVE-2016-3345 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 9.0 HIGH | 8.8 HIGH |
| The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via crafted packets, aka "Windows SMB Authenticated Remote Code Execution Vulnerability." | |||||
| CVE-2016-0095 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096. | |||||
| CVE-2015-0008 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 8.3 HIGH | N/A |
| The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remote attackers to execute arbitrary code by making crafted data available on a UNC share, as demonstrated by Group Policy data from a spoofed domain controller, aka "Group Policy Remote Code Execution Vulnerability." | |||||
| CVE-2015-0079 | 1 Microsoft | 4 Windows 7, Windows 8, Windows 8.1 and 1 more | 2025-04-12 | 7.8 HIGH | N/A |
| The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to cause a denial of service (memory consumption and RDP outage) by establishing many RDP sessions that do not properly free allocated memory, aka "Remote Desktop Protocol (RDP) Denial of Service Vulnerability." | |||||
| CVE-2015-2529 | 1 Microsoft | 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more | 2025-04-12 | 2.1 LOW | N/A |
| The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability." | |||||
| CVE-2015-8820 | 5 Adobe, Apple, Google and 2 more | 15 Air, Air Desktop Runtime, Air Sdk and 12 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8658. | |||||
| CVE-2016-0046 | 1 Microsoft | 3 Windows 10, Windows 8.1, Windows Server 2012 | 2025-04-12 | 9.3 HIGH | 7.8 HIGH |
| Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted Reader file, aka "Microsoft Windows Reader Vulnerability." | |||||
| CVE-2016-4172 | 5 Adobe, Apple, Google and 2 more | 8 Flash Player, Flash Player Desktop Runtime, Mac Os X and 5 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4175, CVE-2016-4179, CVE-2016-4180, CVE-2016-4181, CVE-2016-4182, CVE-2016-4183, CVE-2016-4184, CVE-2016-4185, CVE-2016-4186, CVE-2016-4187, CVE-2016-4188, CVE-2016-4189, CVE-2016-4190, CVE-2016-4217, CVE-2016-4218, CVE-2016-4219, CVE-2016-4220, CVE-2016-4221, CVE-2016-4233, CVE-2016-4234, CVE-2016-4235, CVE-2016-4236, CVE-2016-4237, CVE-2016-4238, CVE-2016-4239, CVE-2016-4240, CVE-2016-4241, CVE-2016-4242, CVE-2016-4243, CVE-2016-4244, CVE-2016-4245, and CVE-2016-4246. | |||||
| CVE-2016-0985 | 5 Adobe, Apple, Google and 2 more | 13 Air Desktop Runtime, Air Sdk, Air Sdk \& Compiler and 10 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion." | |||||
| CVE-2016-0042 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability." | |||||
| CVE-2015-2550 | 1 Microsoft | 9 Windows 10, Windows 7, Windows 8 and 6 more | 2025-04-12 | 7.2 HIGH | N/A |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability." | |||||
| CVE-2016-7215 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-04-12 | 7.2 HIGH | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||||
| CVE-2016-3352 | 1 Microsoft | 3 Windows 10, Windows 8.1, Windows Rt 8.1 | 2025-04-12 | 4.3 MEDIUM | 8.8 HIGH |
| Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check NTLM SSO requests for MSA logins, which makes it easier for remote attackers to determine passwords via a brute-force attack on NTLM password hashes, aka "Microsoft Information Disclosure Vulnerability." | |||||
| CVE-2015-1679 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 2.1 LOW | N/A |
| The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to bypass the ASLR protection mechanism via a crafted function call, aka "Microsoft Windows Kernel Memory Disclosure Vulnerability," a different vulnerability than CVE-2015-1676, CVE-2015-1677, CVE-2015-1678, and CVE-2015-1680. | |||||
| CVE-2016-3306 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2025-04-12 | 4.6 MEDIUM | 7.8 HIGH |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3305. | |||||
| CVE-2015-0092 | 1 Microsoft | 9 Windows 7, Windows 8, Windows 8.1 and 6 more | 2025-04-12 | 9.3 HIGH | N/A |
| Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "Adobe Font Driver Remote Code Execution Vulnerability," a different vulnerability than CVE-2015-0088, CVE-2015-0090, CVE-2015-0091, and CVE-2015-0093. | |||||
| CVE-2015-2429 | 1 Microsoft | 8 Windows 7, Windows 8, Windows 8.1 and 5 more | 2025-04-12 | 9.3 HIGH | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow attackers to bypass an application sandbox protection mechanism and perform unspecified registry actions via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability." | |||||
| CVE-2016-4145 | 8 Adobe, Apple, Google and 5 more | 16 Flash Player, Flash Player Desktop Runtime, Macos and 13 more | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083. | |||||
| CVE-2014-0300 | 1 Microsoft | 10 Windows 7, Windows 8, Windows 8.1 and 7 more | 2025-04-12 | 7.2 HIGH | N/A |
| win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||||