Max CVSS 9.3 Min CVSS 2.1 Total Count75
IDCVSSSummaryLast (major) updatePublished
CVE-2016-8635 4.3
It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired g
01-08-2018 - 09:29 01-08-2018 - 09:29
CVE-2016-9077 6.8
Canvas allows the use of the "feDisplacementMap" filter on images loaded cross-origin. The rendering by the filter is variable depending on the input pixel, allowing for timing attacks when the images are loaded from third party locations. This vulne
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9076 4.3
An issue where a "<select>" dropdown menu can be used to cover location bar content, resulting in potential spoofing attacks. This attack requires e10s to be enabled in order to function. This vulnerability affects Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9075 7.5
An issue where WebExtensions can use the mozAddonManager API to elevate privilege due to privileged pages being allowed in the permissions list. This allows a malicious extension to then install additional extensions without explicit user permission.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9074 4.3
An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9073 5.0
WebExtensions can bypass security checks to load privileged URLs and potentially escape the WebExtension sandbox. This vulnerability affects Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9072 5.0
When a new Firefox profile is created on 64-bit Windows installations, the sandbox for 64-bit NPAPI plugins is not enabled by default. Note: This issue only affects 64-bit Windows. 32-bit Windows and other operating systems are unaffected. This vulne
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9071 5.0
Content Security Policy combined with HTTP to HTTPS redirection can be used by malicious server to verify whether a known site is within a user's browser history. This vulnerability affects Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9070 6.8
A maliciously crafted page loaded to the sidebar through a bookmark can reference a privileged chrome window and engage in limited JavaScript operations violating cross-origin protections. This vulnerability affects Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9068 5.0
A use-after-free during web animations when working with timelines resulting in a potentially exploitable crash. This vulnerability affects Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9067 5.0
Two use-after-free errors during DOM operations resulting in potentially exploitable crashes. This vulnerability affects Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9066 5.0
A buffer overflow resulting in a potentially exploitable crash due to memory allocation issues when handling large amounts of incoming data. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9065 5.0
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9064 4.3
Add-on updates failed to verify that the add-on ID inside the signed package matched the ID of the add-on being updated. An attacker who could perform a man-in-the-middle attack on the user's connection to the update server and defeat the certificate
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9063 7.5
An integer overflow during the parsing of XML using the Expat library. This vulnerability affects Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9062 2.1
Private browsing mode leaves metadata information, such as URLs, for sites visited in "browser.db" and "browser.db-wal" files within the Firefox profile after the mode is exited. Note: This issue only affects Firefox for Android. Other versions and o
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-9061 5.0
A previously installed malicious Android application which defines a specific signature-level permissions used by Firefox can access API keys meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating syst
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5299 5.0
A previously installed malicious Android application with same signature-level permissions as Firefox can intercept AuthTokens meant for Firefox only. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffec
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5298 4.3
A mechanism where disruption of the loading of a new web page can cause the previous page's favicon and SSL indicator to not be reset when the new page is loaded. Note: this issue only affects Firefox for Android. Desktop Firefox is unaffected. This
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5297 7.5
An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5296 5.0
A heap-buffer-overflow in Cairo when processing SVG content caused by compiler optimization, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5295 4.6
This vulnerability allows an attacker to use the Mozilla Maintenance Service to escalate privilege by having the Maintenance Service invoke the Mozilla Updater to run malicious local files. This vulnerability requires local system access and is a var
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5294 2.1
The Mozilla Updater can be made to choose an arbitrary target working directory for output files resulting from the update process. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnera
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5293 2.1
When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operatin
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5292 4.3
During URL parsing, a maliciously crafted URL can cause a potentially exploitable crash. This vulnerability affects Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5291 4.9
A same-origin policy bypass with local shortcut files to load arbitrary local content from disk. This vulnerability affects Thunderbird < 45.5, Firefox ESR < 45.5, and Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5290 7.5
Memory safety bugs were reported in Firefox 49 and Firefox ESR 45.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affect
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5289 7.5
Memory safety bugs were reported in Firefox 49. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 50.
11-06-2018 - 17:29 11-06-2018 - 17:29
CVE-2016-5416 5.0
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to read the
08-06-2017 - 15:29 08-06-2017 - 15:29
CVE-2016-5405 5.0
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to obtain u
08-06-2017 - 15:29 08-06-2017 - 15:29
CVE-2016-4992 5.0
389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer th
08-06-2017 - 15:29 08-06-2017 - 15:29
CVE-2013-5653 4.3
The getenv and filenameforall functions in Ghostscript 9.10 ignore the "-dSAFER" argument, which allows remote attackers to read data via a crafted postscript file.
08-03-2017 - 21:59 07-03-2017 - 10:59
CVE-2016-3191 7.5
The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 and pcre2_compile.c in PCRE2 before 10.22 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arb
28-02-2017 - 21:59 17-03-2016 - 19:59
CVE-2016-1283 7.5
The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\){97)?J)?J)(?'R'(?'R'\){99|(:(?|(?'R')(\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgrou
28-02-2017 - 21:59 02-01-2016 - 19:59
CVE-2016-7578 6.8
An issue was discovered in certain Apple products. iOS before 10.1 is affected. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" compo
21-02-2017 - 11:18 20-02-2017 - 03:59
CVE-2016-4613 4.3
An issue was discovered in certain Apple products. Safari before 10.0.1 is affected. iCloud before 6.0.1 is affected. iTunes before 12.5.2 is affected. tvOS before 10.0.1 is affected. The issue involves the "WebKit" component. It allows remote attack
21-02-2017 - 10:40 20-02-2017 - 03:59
CVE-2016-4764 6.8
An issue was discovered in certain Apple products. iOS before 10 is affected. Safari before 10 is affected. iTunes before 12.5.1 is affected. tvOS before 10 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute
21-02-2017 - 10:02 20-02-2017 - 03:59
CVE-2016-7236 9.3
Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
10-02-2017 - 21:59 10-11-2016 - 01:59
CVE-2016-7234 9.3
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Ser
10-02-2017 - 21:59 10-11-2016 - 01:59
CVE-2016-7233 4.3
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, Word Viewer, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2013 SP1, and Office Web Apps 2010 SP2 allow remote attackers to obt
10-02-2017 - 21:59 10-11-2016 - 01:59
CVE-2016-7232 9.3
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
10-02-2017 - 21:59 10-11-2016 - 01:59
CVE-2016-9119 4.3
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
03-02-2017 - 10:59 30-01-2017 - 17:59
CVE-2016-7148 4.3
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
31-01-2017 - 21:59 10-11-2016 - 12:59
CVE-2016-7146 4.3
MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) co
31-01-2017 - 21:59 10-11-2016 - 12:59
CVE-2016-8642 5.0
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
25-01-2017 - 15:23 20-01-2017 - 03:59
CVE-2016-8643 4.0
In Moodle 2.x and 3.x, non-admin site managers may accidentally edit admins via web services.
25-01-2017 - 15:23 20-01-2017 - 03:59
CVE-2016-8644 5.0
In Moodle 2.x and 3.x, the capability to view course notes is checked in the wrong context.
25-01-2017 - 15:23 20-01-2017 - 03:59
CVE-2016-7038 5.0
In Moodle 2.x and 3.x, web service tokens are not invalidated when the user password is changed or forced to be changed.
25-01-2017 - 15:19 20-01-2017 - 03:59
CVE-2016-7545 7.2
SELinux policycoreutils allows local users to execute arbitrary commands outside of the sandbox via a crafted TIOCSTI ioctl call.
20-01-2017 - 14:00 19-01-2017 - 15:59
CVE-2016-9299 7.5
The remoting module in Jenkins before 2.32 and LTS before 2.19.3 allows remote attackers to execute arbitrary code via a crafted serialized Java object, which triggers an LDAP query to a third-party server.
18-01-2017 - 12:15 12-01-2017 - 18:59
CVE-2016-5584 3.5
Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption.
11-01-2017 - 15:19 25-10-2016 - 10:30
CVE-2016-7440 2.1
The C software implementation of AES Encryption and Decryption in wolfSSL (formerly CyaSSL) before 3.9.10 makes it easier for local users to discover AES keys by leveraging cache-bank timing differences.
06-01-2017 - 22:00 13-12-2016 - 11:59
CVE-2015-8380 7.5
The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regul
29-12-2016 - 08:45 01-12-2015 - 20:59
CVE-2015-5073 6.4
Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection me
15-12-2016 - 13:40 13-12-2016 - 11:59
CVE-2015-3217 5.0
PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_]
15-12-2016 - 12:48 13-12-2016 - 11:59
CVE-2015-3210 7.5
Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 allows remote attackers to execute arbitrary code via a crafted regular expression, as demonstrated by /^(?P=B)((?P=B)(?J:(?P<B>c)(?P<B>a(?P=B)))>WGXCREDITS)/, a different vulnerabi
15-12-2016 - 12:25 13-12-2016 - 11:59
CVE-2016-2143 6.9
The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted appli
02-12-2016 - 22:24 27-04-2016 - 13:59
CVE-2016-7235 9.3
Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vuln
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7231 9.3
Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7229 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office doc
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7228 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Mi
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7213 9.3
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Mi
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-4769 6.8
WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
28-11-2016 - 15:21 25-09-2016 - 07:00
CVE-2016-4768 6.8
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability
28-11-2016 - 15:21 25-09-2016 - 07:00
CVE-2016-4767 6.8
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability
28-11-2016 - 15:21 25-09-2016 - 07:00
CVE-2016-4766 6.8
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4765 6.8
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4763 4.9
WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly verify X.509 certificates from HTTPS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informati
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4762 6.8
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud before 6.0 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site.
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4760 4.3
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to conduct DNS rebinding attacks against non-HTTP Safari sessions by leveraging HTTP/0.9 support.
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4759 6.8
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4758 4.3
WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 does not properly restrict access to the location variable, which allows remote attackers to obtain sensitive information via a crafted web site.
28-11-2016 - 15:21 25-09-2016 - 06:59
CVE-2016-4728 6.8
WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on Windows, and Safari before 10 mishandles error prototypes, which allows remote attackers to execute arbitrary code via a crafted web site.
28-11-2016 - 15:20 25-09-2016 - 06:59
CVE-2016-2834 9.3
Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unknown vectors.
28-11-2016 - 15:05 13-06-2016 - 06:59
CVE-2016-1583 7.2
The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vectors involving crafted mmap calls for /proc pathnames
28-11-2016 - 15:00 27-06-2016 - 06:59
Back to Top Mark selected
Back to Top