Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-09-14 | CVE-2016-3306 | Data Processing Errors vulnerability in Microsoft products The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3305. | 7.8 |
| 2016-09-14 | CVE-2016-3305 | Data Processing Errors vulnerability in Microsoft products The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3306. | 7.8 |
| 2016-09-14 | CVE-2016-3297 | Unspecified vulnerability in Microsoft Edge and Internet Explorer Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | 8.8 |
| 2016-09-14 | CVE-2016-3295 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge and Internet Explorer Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | 7.5 |
| 2016-09-14 | CVE-2016-3294 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3330. | 7.5 |
| 2016-09-14 | CVE-2016-3247 | Unspecified vulnerability in Microsoft Edge and Internet Explorer Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | 7.5 |
| 2016-09-12 | CVE-2016-6399 | Improper Input Validation vulnerability in Cisco products Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine appliances through A5 3.3 allow remote attackers to cause a denial of service (device reload) via crafted (1) SSL or (2) TLS packets, aka Bug ID CSCvb16317. | 7.5 |
| 2016-09-12 | CVE-2016-6371 | Path Traversal vulnerability in Cisco Hosted Collaboration Mediation Fulfillment 10.6(1)Base/10.6(2)Base/10.6(3)Base Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) 10.6(3) and earlier allows remote attackers to write to arbitrary files via a crafted URL, aka Bug ID CSCuz64717. | 7.5 |
| 2016-09-12 | CVE-2016-7133 | Integer Overflow or Wraparound vulnerability in PHP Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a long pathname. | 8.1 |
| 2016-09-12 | CVE-2016-7132 | NULL Pointer Dereference vulnerability in PHP ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly have unspecified other impact via an invalid wddxPacket XML document that is mishandled in a wddx_deserialize call, as demonstrated by a stray element inside a boolean element, leading to incorrect pop processing. | 7.5 |