Total
5268 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-3239 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via vectors involving filesystem write operations, aka "Windows Print Spooler Elevation of Privilege Vulnerability." | |||||
| CVE-2016-3237 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2026-06-17 | 6.8 MEDIUM | 7.5 HIGH |
| Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows man-in-the-middle attackers to bypass authentication via vectors related to a fallback to NTLM authentication during a domain account password change, aka "Kerberos Security Feature Bypass Vulnerability." | |||||
| CVE-2016-3225 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2026-06-17 | 6.9 MEDIUM | 7.8 HIGH |
| The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability." | |||||
| CVE-2016-3223 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2026-06-17 | 9.3 HIGH | 8.1 HIGH |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authentication, which allows man-in-the-middle attackers to gain privileges by modifying group-policy update data within a domain-controller data stream, aka "Group Policy Elevation of Privilege Vulnerability." | |||||
| CVE-2016-3221 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2026-06-17 | 6.9 MEDIUM | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3218. | |||||
| CVE-2016-3220 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2026-06-17 | 6.9 MEDIUM | 7.8 HIGH |
| atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "ATMFD.dll Elevation of Privilege Vulnerability." | |||||
| CVE-2016-3219 | 1 Microsoft | 1 Windows 10 | 2026-06-17 | 6.9 MEDIUM | 7.8 HIGH |
| The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||||
| CVE-2016-3218 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2026-06-17 | 6.9 MEDIUM | 7.8 HIGH |
| The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3221. | |||||
| CVE-2016-3213 | 1 Microsoft | 8 Internet Explorer, Windows 10, Windows 7 and 5 more | 2026-06-17 | 9.3 HIGH | 8.8 HIGH |
| The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability." | |||||
| CVE-2016-3188 | 1 Prepopulate Project | 1 Prepopulate | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| The _prepopulate_request_walk function in the Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the (1) actions, (2) container, (3) token, (4) password, (5) password_confirm, (6) text_format, or (7) markup field type, and consequently have unspecified impact, via unspecified vectors. | |||||
| CVE-2016-3187 | 1 Prepopulate Project | 1 Prepopulate | 2026-06-17 | 7.5 HIGH | 7.3 HIGH |
| The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to modify the REQUEST superglobal array, and consequently have unspecified impact, via a base64-encoded pp parameter. | |||||
| CVE-2016-3169 | 2 Debian, Drupal | 2 Debian Linux, Drupal | 2026-06-17 | 6.8 MEDIUM | 8.1 HIGH |
| The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array. | |||||
| CVE-2016-3157 | 2 Canonical, Xen | 2 Ubuntu Linux, Xen | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access. | |||||
| CVE-2016-3114 | 1 Kallithea | 1 Kallithea | 2026-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access. | |||||
| CVE-2016-3084 | 2 Cloudfoundry, Pivotal Software | 5 Cloud Foundry Uaa Bosh, Cloud Foundry, Cloud Foundry Elastic Runtime and 2 more | 2026-06-17 | 4.3 MEDIUM | 8.1 HIGH |
| The UAA reset password flow in Cloud Foundry release v236 and earlier versions, UAA release v3.3.0 and earlier versions, all versions of Login-server, UAA release v10 and earlier versions and Pivotal Elastic Runtime versions prior to 1.7.2 is vulnerable to a brute force attack due to multiple active codes at a given time. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected. | |||||
| CVE-2016-3067 | 1 Cygwin | 1 Cygwin | 2026-06-17 | 7.5 HIGH | 9.8 CRITICAL |
| Cygwin before 2.5.0 does not properly handle updating permissions when changing users, which allows attackers to gain privileges. | |||||
| CVE-2016-3065 | 1 Postgresql | 1 Postgresql | 2026-06-17 | 8.5 HIGH | 9.1 CRITICAL |
| The (1) brin_page_type and (2) brin_metapage_info functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service (server crash) via a crafted bytea value in a BRIN index page. | |||||
| CVE-2016-3053 | 1 Ibm | 1 Aix | 2026-06-17 | 7.2 HIGH | 7.8 HIGH |
| IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | |||||
| CVE-2016-3051 | 1 Ibm | 1 Security Access Manager 9.0 Firmware | 2026-06-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Security Access Manager for Web 9.0.0 could allow an authenticated user to access some privileged functionality of the server. IBM X-Force ID: 114714. | |||||
| CVE-2016-2988 | 1 Ibm | 1 Tivoli Storage Manager For Virtual Environments | 2026-06-17 | 4.6 MEDIUM | 8.5 HIGH |
| IBM Tivoli Storage Manger for Virtual Environments: Data Protection for VMware (aka Spectrum Protect for Virtual Environments) 6.4.x before 6.4.3.4 and 7.1.x before 7.1.6 allows remote authenticated users to bypass a TSM credential requirement and obtain administrative access by leveraging multiple simultaneous logins. | |||||