| | CVE-2016-7081 |  VMware | high | 7.8 | 0.2%
| | Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Worksta… | Dec 29, 2016 | May 6, 2026 |
| | CVE-2016-7080 | VMware | high | 7.8 | 0.1%
| | The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local us… | Dec 29, 2016 | May 6, 2026 |
| | CVE-2016-7079 | VMware | high | 7.8 | 0.1%
| | The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local us… | Dec 29, 2016 | May 6, 2026 |
| | CVE-2016-5334 | VMware | medium | 5.3 | 0.2%
| | VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attac… | Dec 29, 2016 | May 6, 2026 |
| | CVE-2016-5329 | VMware | medium | 5.5 | 0.0%
| | VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection (SIP) is enabled, allows loca… | Dec 29, 2016 | May 6, 2026 |
| | CVE-2016-5328 | VMware | medium | 5.5 | 0.0%
| | VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity Protection (SIP) is enabled, … | Dec 29, 2016 | May 6, 2026 |
| | CVE-2016-9224 |  Cisco | medium | 6.5 | 0.3%
| | A vulnerability in the Cisco Jabber Guest Server could allow an unauthenticated, remote attacker to … | Dec 26, 2016 | May 6, 2026 |
| | CVE-2016-9223 | Cisco | critical | 9.8 | 1.8%
| | A vulnerability in the Docker Engine configuration of Cisco CloudCenter Orchestrator (CCO; formerly … | Dec 26, 2016 | May 6, 2026 |
| | CVE-2016-9217 | Cisco | high | 8.8 | 0.6%
| | A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers co… | Dec 26, 2016 | May 6, 2026 |
| | CVE-2016-7300 |  Microsoft | high | 7.8 | 0.5%
| | Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain pri… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7298 | Microsoft | high | 7.8 | 18.9%
| | Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Ma… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7297 | Microsoft | high | 7.5 | 35.2%
| | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a … | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7296 | Microsoft | high | 7.5 | 37.4%
| | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a … | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7291 | Microsoft | high | 7.1 | 10.9%
| | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7290 | Microsoft | high | 7.1 | 10.9%
| | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word for Mac… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7289 | Microsoft | high | 7.8 | 34.2%
| | Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of … | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7288 | Microsoft | high | 7.5 | 79.3%
| | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a … | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7287 | Microsoft | high | 7.5 | 78.3%
| | The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7286 | Microsoft | high | 7.5 | 82.7%
| | The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a … | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7284 | Microsoft | medium | 4.3 | 24.2%
| | Microsoft Internet Explorer 10 and 11 allows remote attackers to obtain sensitive information from p… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7283 | Microsoft | high | 8.8 | 23.0%
| | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause … | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7282 | Microsoft | medium | 6.1 | 5.1%
| | Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 and Microsoft E… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7281 | Microsoft | medium | 5.3 | 22.5%
| | The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows re… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7280 | Microsoft | medium | 6.1 | 7.6%
| | Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitra… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7279 | Microsoft | high | 7.5 | 32.6%
| | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitr… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7278 | Microsoft | medium | 5.3 | 20.2%
| | Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information fro… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7277 | Microsoft | critical | 9.6 | 5.0%
| | Microsoft Office 2016 allows remote attackers to execute arbitrary code or cause a denial of service… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7276 | Microsoft | high | 7.1 | 8.6%
| | Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office for Mac 2011, and Office 2016 fo… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7275 | Microsoft | high | 7.8 | 0.8%
| | Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows … | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7270 | Microsoft | high | 7.5 | 37.0%
| | The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 mishandles a developer-supplied k… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7268 | Microsoft | high | 7.1 | 10.9%
| | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer,… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7267 | Microsoft | medium | 5.5 | 21.7%
| | Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it eas… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7266 | Microsoft | high | 7.8 | 16.9%
| | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Comp… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7265 | Microsoft | high | 7.1 | 10.3%
| | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Comp… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7264 | Microsoft | high | 7.1 | 11.3%
| | Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, Excel for Mac 2011, and Excel… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7263 | Microsoft | high | 7.8 | 18.9%
| | Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7262 | Microsoft | high | 7.8 | 87.1%
| ⚠ KEV | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Comp… | Dec 20, 2016 | Apr 22, 2026 |
| | CVE-2016-7257 | Microsoft | medium | 6.5 | 13.3%
| | The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7206 | Microsoft | medium | 6.1 | 7.6%
| | Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitra… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2016-7181 | Microsoft | high | 7.5 | 27.3%
| | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memor… | Dec 20, 2016 | May 6, 2026 |
| | CVE-2015-3271 |  Apache | medium | 5.3 | 1.1%
| | Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitra… | Dec 15, 2016 | May 6, 2026 |
| | CVE-2016-9214 | Cisco | medium | 6.1 | 0.3%
| | Cisco Identity Services Engine (ISE) contains a vulnerability that could allow an unauthenticated, r… | Dec 14, 2016 | May 6, 2026 |
| | CVE-2016-9212 | Cisco | high | 7.5 | 0.9%
| | A vulnerability in the Decrypt for End-User Notification configuration parameter of Cisco AsyncOS So… | Dec 14, 2016 | May 6, 2026 |
| | CVE-2016-9211 | Cisco | high | 7.5 | 1.6%
| | A vulnerability in TCP port management in Cisco ONS 15454 Series Multiservice Provisioning Platforms… | Dec 14, 2016 | May 6, 2026 |
| | CVE-2016-9210 | Cisco | high | 7.5 | 2.3%
| | A vulnerability in the Cisco Unified Reporting upload tool accessed via the Cisco Unified Communicat… | Dec 14, 2016 | May 6, 2026 |
| | CVE-2016-9209 | Cisco | medium | 4.3 | 0.5%
| | A vulnerability in TCP processing in Cisco FirePOWER system software could allow an unauthenticated,… | Dec 14, 2016 | May 6, 2026 |
| | CVE-2016-9208 | Cisco | medium | 6.5 | 1.0%
| | A vulnerability in the File Management Utility, the Download File form, and the Serviceability appli… | Dec 14, 2016 | May 6, 2026 |
| | CVE-2016-9207 | Cisco | medium | 6.5 | 0.8%
| | A vulnerability in the HTTP traffic server component of Cisco Expressway could allow an unauthentica… | Dec 14, 2016 | May 6, 2026 |
| | CVE-2016-9206 | Cisco | medium | 6.1 | 0.4%
| | A vulnerability in the ccmadmin page of Cisco Unified Communications Manager (CUCM) could allow an u… | Dec 14, 2016 | May 6, 2026 |
| | CVE-2016-9204 | Cisco | medium | 6.5 | 0.3%
| | A vulnerability in the Cisco Intercloud Fabric (ICF) Director could allow an unauthenticated, remote… | Dec 14, 2016 | May 6, 2026 |