CVEs from 2016
Total
8,455
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-3305 | high | 7.8 | 7.8 | 10y ago | The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishand… | |||
| CVE-2016-3887 | high | 7.8 | 7.8 | 10y ago | providers/settings/SettingsProvider.java in Android 7.0 before 2016-09-01 does not properly enforce the DISALLOW_CONFIG_VPN setting, which allows attackers to bypass an intended always-on VPN state v… | |||
| CVE-2016-3885 | high | 7.8 | 7.8 | 10y ago | debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations an… | |||
| CVE-2016-3874 | high | 7.8 | 7.8 | 10y ago | CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges vi… | |||
| CVE-2016-3873 | high | 7.8 | 7.8 | 10y ago | The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 29518457. | |||
| CVE-2016-3872 | high | 7.8 | 7.8 | 10y ago | Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 al… | |||
| CVE-2016-3871 | high | 7.8 | 7.8 | 10y ago | Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016… | |||
| CVE-2016-3870 | high | 7.8 | 7.8 | 10y ago | omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 does not prevent … | |||
| CVE-2016-3869 | high | 7.8 | 7.8 | 10y ago | The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka And… | |||
| CVE-2016-3868 | high | 7.8 | 7.8 | 10y ago | The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm interna… | |||
| CVE-2016-3867 | high | 7.8 | 7.8 | 10y ago | The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28919863 and Qualcomm internal … | |||
| CVE-2016-3866 | high | 7.8 | 7.8 | 10y ago | The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm int… | |||
| CVE-2016-3865 | high | 7.8 | 7.8 | 10y ago | The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389. | |||
| CVE-2016-3864 | high | 7.8 | 7.8 | 10y ago | The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka And… | |||
| CVE-2016-3863 | high | 7.8 | 7.8 | 10y ago | Multiple stack-based buffer overflows in the AVCC reassembly implementation in Utils.cpp in libstagefright in MediaMuxer in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x befor… | |||
| CVE-2016-3862 | high | 7.8 | 7.8 | 10y ago | media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 does not properly interact with the use of static variables in l… | |||
| CVE-2016-3859 | high | 7.8 | 7.8 | 10y ago | The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28815326 and Qualcomm… | |||
| CVE-2016-3858 | high | 7.8 | 7.8 | 10y ago | Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the Qualcomm subsystem driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted appl… | |||
| CVE-2016-6318 | high | 7.8 | 7.8 | 10y ago | Stack-based buffer overflow in the FascistGecosUser function in lib/fascist.c in cracklib allows local users to cause a denial of service (application crash) or gain privileges via a long GECOS field… | |||
| CVE-2016-4853 | high | 7.8 | 7.8 | 10y ago | AKABEi SOFT2 games allow remote attackers to execute arbitrary OS commands via crafted saved data, as demonstrated by Happy Wardrobe. | |||
| CVE-2016-5335 | high | 7.8 | 7.8 | 10y ago | VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x before 7.1 allow local users to obtain root access via unspecified vectors. | |||
| CVE-2016-5342 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center … | |||
| CVE-2016-5683 | high | 7.8 | 7.8 | 10y ago | ReadyDesk 9.1 allows local users to determine cleartext SQL Server credentials by reading the SQL_Config.aspx file and decrypting data with a hardcoded key in the ReadyDesk.dll file. | |||
| CVE-2016-5662 | high | 7.8 | 7.8 | 10y ago | Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2016-6369 | high | 7.8 | 7.8 | 10y ago | Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x before 4.3.02039 mishandles pathnames, which allows local users to gain privileges via a crafted INF file, aka Bug ID CSCuz92464. | |||
| CVE-2016-6362 | high | 7.8 | 7.8 | 10y ago | Cisco Aironet 1800, 2800, and 3800 devices with software before 8.2.110.0, 8.2.12x before 8.2.121.0, and 8.3.x before 8.3.102.0 allow local users to gain privileges via crafted CLI parameters, aka Bu… | |||
| CVE-2016-4654 | high | 7.8 | 7.8 | 10y ago | IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||
| CVE-2016-5384 | high | 7.8 | 7.8 | 10y ago | fontconfig before 2.12.1 does not validate offsets, which allows local users to trigger arbitrary free calls and consequently conduct double free attacks and execute arbitrary code via a crafted cach… | |||
| CVE-2016-3318 | high | 7.8 | 7.8 | 10y ago | Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow remote attackers to execute arbitrary code via a crafted file, aka "Graphics Component Memory Corruption Vulnerability." | |||
| CVE-2016-3317 | high | 7.8 | 7.8 | 10y ago | Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac 2011, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Offi… | |||
| CVE-2016-3311 | high | 7.8 | 7.8 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and… | |||
| CVE-2016-3310 | high | 7.8 | 7.8 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and… | |||
| CVE-2016-3308 | high | 7.8 | 7.8 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and… | |||
| CVE-2016-3300 | high | 7.8 | 7.8 | 10y ago | The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 improperly establishes secure communications channels, which allows local users to gain privileges b… | |||
| CVE-2016-6486 | high | 7.8 | 7.8 | 10y ago | Siemens SINEMA Server uses weak permissions for the application folder, which allows local users to gain privileges via unspecified vectors. | |||
| CVE-2016-5340 | high | 7.8 | 7.8 | 10y ago | The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Lin… | |||
| CVE-2016-2065 | high | 7.8 | 7.8 | 10y ago | sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other pr… | |||
| CVE-2016-2064 | high | 7.8 | 7.8 | 10y ago | sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other pr… | |||
| CVE-2016-2063 | high | 7.8 | 7.8 | 10y ago | Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) … | |||
| CVE-2016-6162 | high | 7.8 | 7.8 | 10y ago | net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to cause a denial of service (panic) or possibly have unspecified other impact via certain IPv6 socket operations. | |||
| CVE-2016-3070 | high | 7.8 | 7.8 | 10y ago | The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel before 4.4 improperly interacts with mm/migrate.c, which allows local users to cause a denial of … | |||
| CVE-2016-3856 | high | 7.8 | 7.8 | 10y ago | netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka … | |||
| CVE-2016-3855 | high | 7.8 | 7.8 | 10y ago | drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bound… | |||
| CVE-2016-3854 | high | 7.8 | 7.8 | 10y ago | drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds arr… | |||
| CVE-2016-3857 | high | 7.8 | 7.8 | 10y ago | The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518. | |||
| CVE-2016-3849 | high | 7.8 | 7.8 | 10y ago | The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740. | |||
| CVE-2016-3847 | high | 7.8 | 7.8 | 10y ago | The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433. | |||
| CVE-2016-3845 | high | 7.8 | 7.8 | 10y ago | The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876. | |||
| CVE-2016-3844 | high | 7.8 | 7.8 | 10y ago | mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517. | |||
| CVE-2016-3843 | high | 7.8 | 7.8 | 10y ago | Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance… | |||
| CVE-2016-3842 | high | 7.8 | 7.8 | 10y ago | The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm inter… | |||
| CVE-2016-3833 | high | 7.8 | 7.8 | 10y ago | The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypa… | |||
| CVE-2016-3832 | high | 7.8 | 7.8 | 10y ago | The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows att… | |||
| CVE-2016-3826 | high | 7.8 | 7.8 | 10y ago | services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger ef… | |||
| CVE-2016-3825 | high | 7.8 | 7.8 | 10y ago | mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attack… | |||
| CVE-2016-3824 | high | 7.8 | 7.8 | 10y ago | omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows… | |||
| CVE-2016-3823 | high | 7.8 | 7.8 | 10y ago | The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, … | |||
| CVE-2016-3822 | high | 7.8 | 7.8 | 10y ago | exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary … | |||
| CVE-2016-2504 | high | 7.8 | 7.8 | 10y ago | The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Q… | |||
| CVE-2016-1278 | high | 7.8 | 7.8 | 10y ago | Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow loca… | |||
| CVE-2016-1513 | high | 7.8 | 7.8 | 10y ago | The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read or write) or execute arbitrary code via crafted MetaActions in an (1) … | |||
| CVE-2016-6193 | high | 7.8 | 7.8 | 10y ago | Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with software before GRA-CL00C92B363 allows attackers to cause a denial of service (system crash) or gain privileges via a crafted applica… | |||
| CVE-2016-2408 | high | 7.8 | 7.8 | 10y ago | Pulse Secure Desktop before 5.2R2 and Pulse Secure Installer Service before 8.2R2 and below for Windows allow restricted users to gain privileges via unspecified vectors. | |||
| CVE-2016-1712 | high | 7.8 | 7.8 | 10y ago | Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x before 6.0.14, 6.1.x before 6.1.12, and 7.0.x before 7.0.8 might allow local users to gain privileges by leveraging improper saniti… | |||
| CVE-2016-6185 | high | 7.8 | 7.8 | 10y ago | The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under… | |||
| CVE-2016-1238 | high | 7.8 | 7.8 | 10y ago | (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encod… | |||
| CVE-2016-6289 | high | 7.8 | 7.8 | 10y ago | Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (stack… | |||
| CVE-2016-4653 | high | 7.8 | 7.8 | 10y ago | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspe… | |||
| CVE-2016-4647 | high | 7.8 | 7.8 | 10y ago | Audio in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted file. | |||
| CVE-2016-4640 | high | 7.8 | 7.8 | 10y ago | Login Window in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context, obtain sensitive user information, or cause a denial of service (memory corruption) via a… | |||
| CVE-2016-4638 | high | 7.8 | 7.8 | 10y ago | Login Window in Apple OS X before 10.11.6 allows attackers to gain privileges via a crafted app that leverages a "type confusion." | |||
| CVE-2016-4634 | high | 7.8 | 7.8 | 10y ago | The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. | |||
| CVE-2016-4633 | high | 7.8 | 7.8 | 10y ago | Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||
| CVE-2016-4627 | high | 7.8 | 7.8 | 10y ago | IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) via unspecifie… | |||
| CVE-2016-4626 | high | 7.8 | 7.8 | 10y ago | IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (NULL pointer dereference) v… | |||
| CVE-2016-4621 | high | 7.8 | 7.8 | 10y ago | libc++abi in Apple OS X before 10.11.6 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||
| CVE-2016-4599 | high | 7.8 | 7.8 | 10y ago | QuickTime in Apple OS X before 10.11.6 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop document. | |||
| CVE-2016-4594 | high | 7.8 | 7.8 | 10y ago | The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows attackers to access the process list via a crafted app that makes an … | |||
| CVE-2016-4582 | high | 7.8 | 7.8 | 10y ago | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspe… | |||
| CVE-2016-5472 | high | 7.8 | 7.8 | 10y ago | Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.54 and 8.55 allows local users to affect confidentiality, integrity, and availability via … | |||
| CVE-2016-1456 | high | 7.8 | 7.8 | 10y ago | The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to execute arbitrary OS commands in a privileged context by leveraging unspecified container access, aka Bug ID CSCuz62721. | |||
| CVE-2016-5821 | high | 7.8 | 7.8 | 10y ago | Huawei HiSuite before 4.0.4.204_ove (Out of China) and before 4.0.4.301 (China) use a weak ACL (FILE_WRITE_DATA for BUILTIN\Users) for the HiSuite service directory, which allows local users to gain … | |||
| CVE-2016-3284 | high | 7.8 | 7.8 | 10y ago | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers… | |||
| CVE-2016-3283 | high | 7.8 | 7.8 | 10y ago | Microsoft Word Viewer allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||
| CVE-2016-3282 | high | 7.8 | 7.8 | 10y ago | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation … | |||
| CVE-2016-3281 | high | 7.8 | 7.8 | 10y ago | Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps… | |||
| CVE-2016-3280 | high | 7.8 | 7.8 | 10y ago | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, and Word Viewer allow remote attackers t… | |||
| CVE-2016-3278 | high | 7.8 | 7.8 | 10y ago | Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||
| CVE-2016-3254 | high | 7.8 | 7.8 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |||
| CVE-2016-3239 | high | 7.8 | 7.8 | 10y ago | The Print Spooler service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511… | |||
| CVE-2016-4994 | high | 7.8 | 7.8 | 10y ago | Use-after-free vulnerability in the xcf_load_image function in app/xcf/xcf-load.c in GIMP allows remote attackers to cause a denial of service (program crash) or possibly execute arbitrary code via a… | |||
| CVE-2016-5781 | high | 7.8 | 7.8 | 10y ago | Stack-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file. | |||
| CVE-2016-4831 | high | 7.8 | 7.8 | 10y ago | Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 and earlier on Windows allows local users to gain privileges via a Trojan horse DLL in an unspecified directory. | |||
| CVE-2016-4533 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in WECON LeviStudio allows remote attackers to execute arbitrary code via a crafted file. | |||
| CVE-2016-3811 | high | 7.8 | 7.8 | 10y ago | The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556. | |||
| CVE-2016-3808 | high | 7.8 | 7.8 | 10y ago | The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009. | |||
| CVE-2016-3807 | high | 7.8 | 7.8 | 10y ago | The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196. | |||
| CVE-2016-3806 | high | 7.8 | 7.8 | 10y ago | The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal … | |||
| CVE-2016-3805 | high | 7.8 | 7.8 | 10y ago | The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek … | |||
| CVE-2016-3804 | high | 7.8 | 7.8 | 10y ago | The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek … |