LiveActive security incident?Get immediate response
CVE archive

December 2016

Browse CVE records published in December 2016, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 530 matching CVEs · Page 1 of 11.

Medium · CVSS 5.9

CVE-2016-9159: A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family...

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions), SIMATIC S7-410 V8 CPU family (All versions), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants) (All versions). An attacker with network access to port 102/tcp (ISO-TSAP) or via Profibus could obtain credentials from the PLC if protection-level 2 is configured on the affected devices.

Published Dec 17, 2016 · Updated Jun 2, 2026

High · CVSS 7.5

CVE-2016-9158: A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family...

A vulnerability has been identified in SIMATIC S7-300 CPU family (All versions), SIMATIC S7-300 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 PN/DP V7 CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 V6 and earlier CPU family (All versions), SIMATIC S7-400 V7 CPU family (All versions). Specially crafted packets sent to port 80/tcp could cause the affected devices to go into defect mode. A cold restart is required to recover the system.

Published Dec 17, 2016 · Updated Jun 2, 2026

High · CVSS 8.8 · CISA KEV

CVE-2016-6277: NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 bef...

NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.

Published Dec 14, 2016 · Updated Oct 21, 2025

High · CVSS 7.8 · CISA KEV

CVE-2016-7262: Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibili...

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, and Excel Viewer allow user-assisted remote attackers to execute arbitrary commands via a crafted cell that is mishandled upon a click, aka "Microsoft Office Security Feature Bypass Vulnerability."

Published Dec 20, 2016 · Updated Oct 21, 2025

Unknown · CVSS Not scored

CVE-2016-9422: An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31.

An issue was discovered in the Tatsuya Kinoshita w3m fork before 0.5.3-31. The feed_table_tag function in w3m doesn't properly validate the value of table span, which allows remote attackers to cause a denial of service (stack and/or heap buffer overflow) and possibly execute arbitrary code via a crafted HTML page.

Published Dec 12, 2016 · Updated Nov 14, 2024

Unknown · CVSS Not scored

CVE-2016-1000107: inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect ap...

inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Published Dec 10, 2019 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-1000108: yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore doe...

yaws before 2.0.4 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect a CGI application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an "httpoxy" issue.

Published Dec 10, 2019 · Updated Aug 6, 2024

Medium · CVSS 4.6

CVE-2016-15036: Deis Workflow Manager race condition

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Deis Workflow Manager up to 2.3.2. It has been classified as problematic. This affects an unknown part. The manipulation leads to race condition. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 2.3.3 is able to address this issue. The patch is named 31fe3bccbdde134a185752e53380330d16053f7f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248847. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published Dec 23, 2023 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10074: The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote atta...

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer before 5.4.5 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the (1) From, (2) ReturnPath, or (3) Sender header.

Published Dec 30, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10041: An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0.

An issue was discovered in Sprecher Automation SPRECON-E Service Program before 3.43 SP0. Under certain preconditions, it is possible to execute telegram simulation as a non-admin user. As prerequisites, a user must have created an online-connection, validly authenticated and authorized as administrator, and executed telegram simulation. After that, the online-connection must have been closed. Incorrect caching of client data then may lead to privilege escalation, where a subsequently acting non-admin user is permitted to do telegram simulation. In order to exploit this vulnerability, a potential attacker would need to have both a valid engineering-account in the SPRECON RBAC system as well as access to a service/maintenance computer with SPRECON-E Service Program running. Additionally, a valid admin-user must have closed the service connection beforehand without closing the program, having executed telegram simulation; the attacker then has access to the running software instance. Hence, there is no risk from external attackers.

Published Dec 25, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10045: The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to th...

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code by leveraging improper interaction between the escapeshellarg function and internal escaping performed in the mail function in PHP. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-10033.

Published Dec 30, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10082: include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a poss...

include/functions_installer.inc.php in Serendipity through 2.0.5 is vulnerable to File Inclusion and a possible Code Execution attack during a first-time installation because it fails to sanitize the dbType POST parameter before adding it to an include() call in the bundled-libs/serendipity_generateFTPChecksums.php file.

Published Dec 30, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-9951: An issue was discovered in Apport before 2.20.4.

An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.

Published Dec 17, 2016 · Updated Aug 6, 2024

Medium · CVSS 5.3

CVE-2016-10072: WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify.

WampServer 3.0.6 has two files called 'wampmanager.exe' and 'unins000.exe' with a weak ACL for Modify. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called wampmanager.exe or unins000.exe and replace the original files. The next time one of these programs is launched by a more privileged user, malicious code chosen by the local attacker will run. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer.

Published Dec 27, 2016 · Updated Aug 6, 2024

Unknown · CVSS Not scored

CVE-2016-10088: The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situat...

The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.

Published Dec 30, 2016 · Updated Aug 6, 2024