| | CVE-2016-3364 | Microsoft | high | 7.8 | 19.3%
| | Microsoft Visio 2016 allows remote attackers to execute arbitrary code via a crafted document, aka "… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3363 | Microsoft | high | 7.8 | 27.6%
| | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Comp… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3362 | Microsoft | high | 7.8 | 19.8%
| | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Comp… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3361 | Microsoft | high | 7.8 | 19.8%
| | Microsoft Excel 2010 SP2 allows remote attackers to execute arbitrary code via a crafted document, a… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3360 | Microsoft | high | 7.8 | 17.4%
| | Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 SP1, PowerPoint 2013 RT SP1, Pow… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3359 | Microsoft | high | 7.8 | 19.8%
| | Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remo… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3358 | Microsoft | high | 7.8 | 28.6%
| | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel 2016 … | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3357 | Microsoft | high | 7.8 | 32.4%
| | Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word f… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3353 | Microsoft | high | 8.3 | 11.3%
| | Microsoft Internet Explorer 9 through 11 mishandles .url files from the Internet zone, which allows … | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3351 | Microsoft | medium | 6.5 | 40.3%
| ⚠ KEV | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensiti… | Sep 14, 2016 | Apr 22, 2026 |
| | CVE-2016-3350 | Microsoft | high | 7.5 | 15.9%
| | The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or … | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3330 | Microsoft | high | 7.5 | 15.9%
| | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memor… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3325 | Microsoft | low | 3.1 | 24.3%
| | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive informa… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3324 | Microsoft | high | 8.8 | 11.7%
| | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause … | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3297 | Microsoft | high | 8.8 | 18.1%
| | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitr… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3295 | Microsoft | high | 7.5 | 21.4%
| | Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3294 | Microsoft | high | 7.5 | 15.9%
| | Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memor… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3292 | Microsoft | medium | 5.0 | 6.1%
| | Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows … | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3291 | Microsoft | low | 2.4 | 1.8%
| | Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remo… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-3247 | Microsoft | high | 7.5 | 50.8%
| | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code o… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-0141 | Microsoft | medium | 6.5 | 7.7%
| | The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certific… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-0138 | Microsoft | medium | 4.3 | 14.0%
| | Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative U… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-0137 | Microsoft | low | 3.3 | 6.5%
| | The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to by… | Sep 14, 2016 | May 6, 2026 |
| | CVE-2016-6399 | Cisco | high | 7.5 | 0.7%
| | Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE 4700 Application Control Engine… | Sep 12, 2016 | May 6, 2026 |
| | CVE-2016-6396 | Cisco | medium | 5.3 | 0.4%
| | Cisco Firepower Management Center before 6.1 and FireSIGHT System Software before 6.1, when certain … | Sep 12, 2016 | May 6, 2026 |
| | CVE-2016-6395 | Cisco | medium | 5.4 | 0.2%
| | Cross-site scripting (XSS) vulnerability in the web-based management interface in Cisco Firepower Ma… | Sep 12, 2016 | May 6, 2026 |
| | CVE-2016-6394 | Cisco | critical | 9.1 | 0.3%
| | Session fixation vulnerability in Cisco Firepower Management Center and Cisco FireSIGHT System Softw… | Sep 12, 2016 | May 6, 2026 |
| | CVE-2016-6371 | Cisco | high | 7.5 | 7.3%
| | Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfi… | Sep 12, 2016 | May 6, 2026 |
| | CVE-2016-6370 | Cisco | medium | 4.3 | 0.5%
| | Directory traversal vulnerability in the web interface in Cisco Hosted Collaboration Mediation Fulfi… | Sep 12, 2016 | May 6, 2026 |
| | CVE-2016-6375 | Cisco | medium | 5.3 | 0.3%
| | Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x and 8.2.x before 8.2.121.0, and … | Sep 12, 2016 | May 6, 2026 |
| | CVE-2016-4381 | HPE | medium | 4.5 | 0.1%
| | HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x before 8.4.1-02, when Replication… | Sep 8, 2016 | May 6, 2026 |
| | CVE-2016-4380 | HPE | medium | 5.4 | 0.3%
| | Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21… | Sep 8, 2016 | May 6, 2026 |
| | CVE-2016-6876 | F5 | high | 7.5 | 0.7%
| | The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link Controller 10.2.1 through 10.2… | Sep 7, 2016 | May 6, 2026 |
| | CVE-2016-5022 | F5 | critical | 9.8 | 3.1%
| | F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before 11.2.1 HF16, 11.3.x, 11.4.x, 1… | Sep 7, 2016 | May 6, 2026 |
| | CVE-2016-7153 | Microsoft | medium | 5.3 | 1.3%
| | The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information… | Sep 6, 2016 | May 6, 2026 |
| | CVE-2016-7152 | Microsoft | medium | 5.3 | 1.3%
| | The HTTPS protocol does not consider the role of the TCP congestion window in providing information … | Sep 6, 2016 | May 6, 2026 |
| | CVE-2016-6377 | Cisco | high | 8.1 | 0.3%
| | Media Origination System Suite Software 2.6 and earlier in Cisco Virtual Media Packager (VMP) allows… | Sep 3, 2016 | May 6, 2026 |
| | CVE-2016-1464 | Cisco | high | 7.8 | 4.5%
| | Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to exe… | Sep 3, 2016 | May 6, 2026 |
| | CVE-2016-1415 | Cisco | medium | 5.5 | 4.1%
| | Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to cau… | Sep 3, 2016 | May 6, 2026 |
| | CVE-2016-6376 | Cisco | medium | 6.5 | 0.3%
| | The Adaptive Wireless Intrusion Prevention System (wIPS) feature on Cisco Wireless LAN Controller (W… | Sep 2, 2016 | May 6, 2026 |
| | CVE-2016-1473 | Cisco | critical | 9.8 | 2.6%
| | Cisco Small Business 220 devices with firmware before 1.0.1.1 have a hardcoded SNMP community, which… | Sep 2, 2016 | May 6, 2026 |
| | CVE-2016-1472 | Cisco | high | 7.5 | 1.2%
| | The web-based management interface on Cisco Small Business 220 devices with firmware before 1.0.1.1 … | Sep 2, 2016 | May 6, 2026 |
| | CVE-2016-1471 | Cisco | medium | 6.1 | 0.3%
| | Cross-site scripting (XSS) vulnerability in the web-based management interface on Cisco Small Busine… | Sep 2, 2016 | May 6, 2026 |
| | CVE-2016-1470 | Cisco | high | 8.8 | 0.1%
| | Cross-site request forgery (CSRF) vulnerability in the web-based management interface on Cisco Small… | Sep 2, 2016 | May 6, 2026 |
| | CVE-2016-2183 | Cisco | high | 7.5 | 37.8%
| | The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and… | Sep 1, 2016 | May 29, 2026 |
| | CVE-2016-5336 | VMware | critical | 9.8 | 1.9%
| | VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to execute arbitrary code via un… | Aug 31, 2016 | May 6, 2026 |
| | CVE-2016-5335 | VMware | high | 7.8 | 0.0%
| | VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to… | Aug 31, 2016 | May 6, 2026 |
| | CVE-2016-5332 | VMware | medium | 5.3 | 0.2%
| | Directory traversal vulnerability in VMware vRealize Log Insight 2.x and 3.x before 3.6.0 allows rem… | Aug 31, 2016 | May 6, 2026 |
| | CVE-2016-4378 | HPE | high | 7.5 | 0.8%
| | The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication Manager, (4) Replication Monitor… | Aug 26, 2016 | May 6, 2026 |
| | CVE-2016-5023 | F5 | high | 7.5 | 3.0%
| | Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 HF4 through HF10, 11.5.3 throu… | Aug 26, 2016 | May 6, 2026 |