CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4291 | high | 7.8 | 7.8 | 10y ago | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will use a field from the structure in an operation that can cause the integer to overfl… | |||
| CVE-2016-4290 | high | 7.8 | 7.8 | 10y ago | When opening a Hangul HShow Document (.hpt) and processing a structure within the document, Hancom Office 2014 will attempt to allocate space for a block of data within the file. When calculating thi… | |||
| CVE-2016-9754 | high | 7.8 | 7.8 | 10y ago | The ring_buffer_resize function in kernel/trace/ring_buffer.c in the profiling subsystem in the Linux kernel before 4.6.1 mishandles certain integer calculations, which allows local users to gain pri… | |||
| CVE-2016-10012 | high | 7.8 | 7.8 | 10y ago | The shared memory manager (associated with pre-authentication compression) in sshd in OpenSSH before 7.4 does not ensure that a bounds check is enforced by all compilers, which might allows local use… | |||
| CVE-2016-7086 | high | 7.8 | 7.8 | 10y ago | The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via a Trojan horse setup64.exe file in the… | |||
| CVE-2016-7085 | high | 7.8 | 7.8 | 10y ago | Untrusted search path vulnerability in the installer in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows allows local users to gain privileges via… | |||
| CVE-2016-7082 | high | 7.8 | 7.8 | 10y ago | VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary co… | |||
| CVE-2016-7081 | high | 7.8 | 7.8 | 10y ago | Multiple heap-based buffer overflows in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allo… | |||
| CVE-2016-7080 | high | 7.8 | 7.8 | 10y ago | The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vect… | |||
| CVE-2016-7079 | high | 7.8 | 7.8 | 10y ago | The graphic acceleration functions in VMware Tools 9.x and 10.x before 10.0.9 on OS X allow local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecified vect… | |||
| CVE-2016-2246 | high | 7.8 | 7.8 | 10y ago | HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control panel and virtual keyboard application, which allows local users to bypass intended access restrictions and gain privileges via unspe… | |||
| CVE-2016-9806 | high | 7.8 | 7.8 | 10y ago | Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified oth… | |||
| CVE-2016-9794 | high | 7.8 | 7.8 | 10y ago | Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or … | |||
| CVE-2016-9777 | high | 7.8 | 7.8 | 10y ago | KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does not properly restrict the VCPU index, which allows guest OS users to gain host OS privileges or cause a denial of service (out-of… | |||
| CVE-2016-9755 | high | 7.8 | 7.8 | 10y ago | The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 reassembly, which allows local users to cause a denial of service (integer overflow, out-of-bounds write, and GPF) or possibly h… | |||
| CVE-2016-9576 | high | 7.8 | 7.8 | 10y ago | The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel me… | |||
| CVE-2016-8707 | high | 7.8 | 7.8 | 10y ago | An exploitable out of bounds write exists in the handling of compressed TIFF images in ImageMagicks's convert utility. A crafted TIFF document can lead to an out of bounds write which in particular c… | |||
| CVE-2016-7502 | high | 7.8 | 7.8 | 10y ago | The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when decoding with cavs_decode. | |||
| CVE-2016-7450 | high | 7.8 | 7.8 | 10y ago | The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before 3.1.4 is vulnerable to reading out-of-bounds memory when it decodes a malformed AIFF file. | |||
| CVE-2016-6671 | high | 7.8 | 7.8 | 10y ago | The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted SWF file. | |||
| CVE-2016-9675 | high | 7.8 | 7.8 | 10y ago | openjpeg: A heap-based buffer overflow flaw was found in the patch for CVE-2013-6045. A crafted j2k image could cause the application to crash, or potentially execute arbitrary code. | |||
| CVE-2016-7300 | high | 7.8 | 7.8 | 10y ago | Untrusted search path vulnerability in Microsoft Auto Updater for Mac allows local users to gain privileges via a Trojan horse executable file, aka "Microsoft (MAU) Office Elevation of Privilege Vuln… | |||
| CVE-2016-7298 | high | 7.8 | 7.8 | 10y ago | Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for Mac 2011, and Office 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption)… | |||
| CVE-2016-7292 | high | 7.8 | 7.8 | 10y ago | The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Win… | |||
| CVE-2016-7289 | high | 7.8 | 7.8 | 10y ago | Microsoft Publisher 2010 SP2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Memory Corruption Vulnera… | |||
| CVE-2016-7275 | high | 7.8 | 7.8 | 10y ago | Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loadin… | |||
| CVE-2016-7271 | high | 7.8 | 7.8 | 10y ago | The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, 1511, and 1607 and Windows Server 2016 allows local users to bypass the virtual trust level (VTL) protection mechanism via a crafte… | |||
| CVE-2016-7266 | high | 7.8 | 7.8 | 10y ago | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Office Compatibility Pack SP3, Excel Viewer, and Excel 2016 for Mac mishandle a registry check, which allows u… | |||
| CVE-2016-7263 | high | 7.8 | 7.8 | 10y ago | Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted document, aka "Microsoft Office Mem… | |||
| CVE-2016-7260 | high | 7.8 | 7.8 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 160… | |||
| CVE-2016-7259 | high | 7.8 | 7.8 | 10y ago | The Graphics Component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Wind… | |||
| CVE-2016-8825 | high | 7.8 | 7.8 | 10y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where the size of an input buffer is not validated, leading … | |||
| CVE-2016-8824 | high | 7.8 | 7.8 | 10y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where improper access controls allow a regular user to write… | |||
| CVE-2016-8823 | high | 7.8 | 7.8 | 10y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of s… | |||
| CVE-2016-8822 | high | 7.8 | 7.8 | 10y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000E, 0x600000F, and 0x6000010 where a value passed … | |||
| CVE-2016-8821 | high | 7.8 | 7.8 | 10y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physica… | |||
| CVE-2016-8819 | high | 7.8 | 7.8 | 10y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the us… | |||
| CVE-2016-8818 | high | 7.8 | 7.8 | 10y ago | All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without va… | |||
| CVE-2016-8817 | high | 7.8 | 7.8 | 10y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used witho… | |||
| CVE-2016-8816 | high | 7.8 | 7.8 | 10y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used witho… | |||
| CVE-2016-8815 | high | 7.8 | 7.8 | 10y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used witho… | |||
| CVE-2016-8814 | high | 7.8 | 7.8 | 10y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, … | |||
| CVE-2016-8813 | high | 7.8 | 7.8 | 10y ago | All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where multiple pointers are used without checking for NULL, … | |||
| CVE-2016-9031 | high | 7.8 | 7.8 | 10y ago | An exploitable integer overflow exists in the Joyent SmartOS 20161110T013148Z Hyprlofs file system. The vulnerability is present in the Ioctl system call with the command HYPRLOFS_ADD_ENTRIES when de… | |||
| CVE-2016-9215 | high | 7.8 | 7.8 | 10y ago | A vulnerability in Cisco IOS XR Software could allow an authenticated, local attacker to log in to the device with the privileges of the root user. More Information: CSCva38434. Known Affected Releas… | |||
| CVE-2016-9192 | high | 7.8 | 7.8 | 10y ago | A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to install and execute an arbitrary executable file with privileges equivalent to t… | |||
| CVE-2016-6470 | high | 7.8 | 7.8 | 10y ago | A vulnerability in the installation procedure of the Cisco Hybrid Media Service could allow an authenticated, local attacker to elevate privileges to the root level. More Information: CSCvb81344. Kno… | |||
| CVE-2016-6449 | high | 7.8 | 7.8 | 10y ago | A vulnerability in the system management of certain FireAMP system processes in Cisco FireAMP Connector Endpoint software could allow an authenticated, local attacker to stop certain protected FireAM… | |||
| CVE-2016-2334 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the NArchive::NHfs::CHandler::ExtractZlibFile method in 7zip before 16.00 and p7zip allows remote attackers to execute arbitrary code via a crafted HFS+ image. | |||
| CVE-2016-6706 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a … | |||
| CVE-2016-6699 | high | 7.8 | 7.8 | 10y ago | A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media… | |||
| CVE-2016-5647 | high | 7.8 | 7.8 | 10y ago | The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385, and 15.40.x through 15.40.4404 on Windows allows local users to cause a denial of service (crash)… | |||
| CVE-2016-9120 | high | 7.8 | 7.8 | 10y ago | Race condition in the ion_ioctl function in drivers/staging/android/ion/ion.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) by cal… | |||
| CVE-2016-8102 | high | 7.8 | 7.8 | 10y ago | Unquoted service path vulnerability in Intel Wireless Bluetooth Drivers 16.x, 17.x, and before 18.1.1607.3129 allows local users to launch processes with elevated privileges. | |||
| CVE-2016-9638 | high | 7.8 | 7.8 | 10y ago | In BMC Patrol before 9.13.10.02, the binary "listguests64" is configured with the setuid bit. However, when executing it, it will look for a binary named "virsh" using the PATH environment variable. … | |||
| CVE-2016-2946 | high | 7.8 | 7.8 | 10y ago | Stack-based buffer overflow in the ax Shared Libraries in the Agent in IBM Tivoli Monitoring (ITM) 6.2.2 before FP9, 6.2.3 before FP5, and 6.3.0 before FP2 on Linux and UNIX allows local users to gai… | |||
| CVE-2016-2871 | high | 7.8 | 7.8 | 10y ago | IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses cleartext storage for unspecified passwords, which allows local users to obtain sensitive information by reading a configuration file. | |||
| CVE-2016-2948 | high | 7.8 | 7.8 | 10y ago | IBM BigFix Remote Control before 9.1.3 allows local users to discover hardcoded credentials via unspecified vectors. | |||
| CVE-2016-8223 | high | 7.8 | 7.8 | 10y ago | During an internal security review, Lenovo identified a local privilege escalation vulnerability in Lenovo System Interface Foundation software installed on some Windows 10 PCs where a user with loca… | |||
| CVE-2016-9644 | high | 7.8 | 7.8 | 10y ago | The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the Linux kernel 4.4.22 through 4.4.28 contains extended asm statements that are incompatible with the exception table, which allows l… | |||
| CVE-2016-9313 | high | 7.8 | 7.8 | 10y ago | security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial o… | |||
| CVE-2016-9084 | high | 7.8 | 7.8 | 10y ago | drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other i… | |||
| CVE-2016-9083 | high | 7.8 | 7.8 | 10y ago | drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact… | |||
| CVE-2016-8632 | high | 7.8 | 7.8 | 10y ago | The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local… | |||
| CVE-2016-6745 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the… | |||
| CVE-2016-6744 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the… | |||
| CVE-2016-6743 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the… | |||
| CVE-2016-6742 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the Synaptics touchscreen driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the… | |||
| CVE-2016-6741 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kerne… | |||
| CVE-2016-6740 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kerne… | |||
| CVE-2016-6739 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kerne… | |||
| CVE-2016-6738 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the Qualcomm crypto engine driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of th… | |||
| CVE-2016-6737 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel.… | |||
| CVE-2016-6736 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-6735 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-6734 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the NVIDIA GPU driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. Th… | |||
| CVE-2016-6729 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the Qualcomm bootloader in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. … | |||
| CVE-2016-6728 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the kernel ION subsystem in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel.… | |||
| CVE-2016-6705 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in Mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malicious application t… | |||
| CVE-2016-6704 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in Mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-11-01, and 7.0 before 2016-11-01 could enable a local malic… | |||
| CVE-2016-6703 | high | 7.8 | 7.8 | 10y ago | A remote code execution vulnerability in an Android runtime library in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-11-01 could enable an attacker using a spe… | |||
| CVE-2016-6702 | high | 7.8 | 7.8 | 10y ago | A remote code execution vulnerability in libjpeg in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable an attacker using a specially crafted file to execute arbitrary c… | |||
| CVE-2016-6701 | high | 7.8 | 7.8 | 10y ago | A remote code execution vulnerability in libskia in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data process… | |||
| CVE-2016-6700 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in libzipfile in Android 4.x before 4.4.4, 5.0.x before 5.0.2, and 5.1.x before 5.1.1 could enable a local malicious application to execute arbitrary code with… | |||
| CVE-2016-3904 | high | 7.8 | 7.8 | 10y ago | An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. … | |||
| CVE-2016-1248 | high | 7.8 | 7.8 | 10y ago | vim before patch 8.0.0056 does not properly validate values for the 'filetype', 'syntax' and 'keymap' options, which may result in the execution of arbitrary code if a file with a specially crafted m… | |||
| CVE-2016-7913 | high | 7.8 | 7.8 | 10y ago | The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors in… | |||
| CVE-2016-7912 | high | 7.8 | 7.8 | 10y ago | Use-after-free vulnerability in the ffs_user_copy_worker function in drivers/usb/gadget/function/f_fs.c in the Linux kernel before 4.5.3 allows local users to gain privileges by accessing an I/O data… | |||
| CVE-2016-7911 | high | 7.8 | 7.8 | 10y ago | Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted iop… | |||
| CVE-2016-7910 | high | 7.8 | 7.8 | 10y ago | Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop opera… | |||
| CVE-2016-9274 | high | 7.8 | 7.8 | 10y ago | Untrusted search path vulnerability in Git 1.x for Windows allows local users to gain privileges via a Trojan horse git.exe file in the current working directory. NOTE: 2.x is unaffected. | |||
| CVE-2016-7490 | high | 7.8 | 7.8 | 10y ago | The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber syste… | |||
| CVE-2016-7488 | high | 7.8 | 7.8 | 10y ago | Teradata Virtual Machine Community Edition v15.10 has insecure file permissions on /etc/luminex/pkgmgr. These could allow a local user to modify its contents and execute commands as root. | |||
| CVE-2016-7248 | high | 7.8 | 7.8 | 10y ago | Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted… | |||
| CVE-2016-7246 | high | 7.8 | 7.8 | 10y ago | The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 … | |||
| CVE-2016-7245 | high | 7.8 | 7.8 | 10y ago | Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, and Office 2016 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office … | |||
| CVE-2016-7238 | high | 7.8 | 7.8 | 10y ago | Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 … | |||
| CVE-2016-7236 | high | 7.8 | 7.8 | 10y ago | Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka … | |||
| CVE-2016-7235 | high | 7.8 | 7.8 | 10y ago | Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac 2011, Excel for Mac 2011, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office doc… | |||
| CVE-2016-7234 | high | 7.8 | 7.8 | 10y ago | Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Excel for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation Services… |