CVEs from 2016
Total
8,461
critical
critical 1,164
high
high 3,521
medium
medium 3,173
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4130 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4129 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4128 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4127 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4126 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4125 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4124 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4123 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-4122 | high | 8.8 | 8.8 | 10y ago | Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack… | |||
| CVE-2016-3228 | high | 8.8 | 8.8 | 10y ago | Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka "Windows Netlogon Memor… | |||
| CVE-2016-3225 | high | 7.8 | 8.8 | 10y ago | The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 … | |||
| CVE-2016-3220 | high | 7.8 | 8.8 | 10y ago | atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Wi… | |||
| CVE-2016-3219 | high | 7.8 | 8.8 | 10y ago | The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||
| CVE-2016-3214 | high | 8.8 | 8.8 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-3211 | high | 8.8 | 8.8 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-3210 | high | 8.8 | 8.8 | 10y ago | The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted we… | |||
| CVE-2016-3199 | high | 8.8 | 8.8 | 10y ago | ChakraCore RCE Vulnerability | |||
| CVE-2016-0200 | high | 8.8 | 8.8 | 10y ago | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru… | |||
| CVE-2016-2834 | high | 8.8 | 8.8 | 10y ago | Mozilla Network Security Services (NSS) before 3.23, as used in Mozilla Firefox before 47.0, allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly… | |||
| CVE-2016-2831 | high | 8.8 | 8.8 | 10y ago | Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ensure that the user approves the fullscreen and pointerlock settings, which allows remote attackers to cause a denial of service (… | |||
| CVE-2016-2828 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allows remote attackers to execute arbitrary code via WebGL content that triggers texture access after des… | |||
| CVE-2016-2824 | high | 8.8 | 8.8 | 10y ago | The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 on Windows, allows remote attackers to cause a denial of service (out-of-bounds write and… | |||
| CVE-2016-2818 | high | 8.8 | 8.8 | 10y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow remote attackers to cause a denial of service (memory corruption and a… | |||
| CVE-2016-2815 | high | 8.8 | 8.8 | 10y ago | Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 47.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly exe… | |||
| CVE-2016-2494 | high | 7.8 | 8.8 | 10y ago | Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as de… | |||
| CVE-2016-4494 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability on KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allows remote attackers to hijack the authentication of unspecified victims for request… | |||
| CVE-2016-0910 | high | 8.8 | 8.8 | 10y ago | EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 before 5.7.2.0 stores session identifiers of GUI users in a world-readable file, which allows local users to hijack arbitrary acco… | |||
| CVE-2016-4370 | high | 8.8 | 8.8 | 10y ago | HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before 9.32.0002 allows remote authenticated users to execute arbitrary commands or obtain sensitive information via unspecified vector… | |||
| CVE-2016-3738 | high | 8.8 | 8.8 | 10y ago | Red Hat OpenShift Enterprise 3.2 does not properly restrict access to STI builds, which allows remote authenticated users to access the Docker socket and gain privileges via vectors related to build-… | |||
| CVE-2016-2160 | high | 8.8 | 8.8 | 10y ago | Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote authenticated users to execute commands with root privileges by changing the root password in an sti builder image. | |||
| CVE-2016-4369 | high | 8.8 | 8.8 | 10y ago | HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, 9.32, 9.32 update 1, 9.32 update 2, and 9.32 update 3 allows remote authenticated users to execute arbitrary commands via a crafted s… | |||
| CVE-2016-2335 | high | 8.8 | 8.8 | 10y ago | The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip 9.20 and 15.05 beta and p7zip allows remote attackers to cause a denial of service (out-of-bounds read) or execute arbitrary code … | |||
| CVE-2016-1703 | high | 8.8 | 8.8 | 10y ago | Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2016-1701 | high | 8.8 | 8.8 | 10y ago | The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to … | |||
| CVE-2016-1697 | high | 8.8 | 8.8 | 10y ago | The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detac… | |||
| CVE-2016-1696 | high | 8.8 | 8.8 | 10y ago | The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||
| CVE-2016-1695 | high | 8.8 | 8.8 | 10y ago | Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | |||
| CVE-2016-1681 | high | 8.8 | 8.8 | 10y ago | Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service … | |||
| CVE-2016-1680 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, as used in Google Chrome before 51.0.2704.63, allows remote attackers to cause a denial of service (heap memory corruption) or p… | |||
| CVE-2016-1679 | high | 8.8 | 8.8 | 10y ago | The ToV8Value function in content/child/v8_value_converter_impl.cc in the V8 bindings in Google Chrome before 51.0.2704.63 does not properly restrict use of getters and setters, which allows remote a… | |||
| CVE-2016-1678 | high | 8.8 | 8.8 | 10y ago | objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service (hea… | |||
| CVE-2016-1676 | high | 8.8 | 8.8 | 10y ago | extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Polic… | |||
| CVE-2016-1675 | high | 8.8 | 8.8 | 10y ago | Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to Fra… | |||
| CVE-2016-1674 | high | 8.8 | 8.8 | 10y ago | The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||
| CVE-2016-1673 | high | 8.8 | 8.8 | 10y ago | Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors. | |||
| CVE-2016-1672 | high | 8.8 | 8.8 | 10y ago | The ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attacker… | |||
| CVE-2016-4563 | high | 8.8 | 8.8 | 10y ago | The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles the relationship between the BezierQuantum value and certain strokes data, which a… | |||
| CVE-2016-4562 | high | 8.8 | 8.8 | 10y ago | The DrawDashPolygon function in MagickCore/draw.c in ImageMagick before 6.9.4-0 and 7.x before 7.0.1-2 mishandles calculations of certain vertices integer data, which allows remote attackers to cause… | |||
| CVE-2016-1391 | high | 8.8 | 8.8 | 10y ago | Cisco Prime Network Analysis Module (NAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2(2) and Prime Virtual Network Analysis Module (vNAM) before 6.1(1) patch.6.1-2-final and 6.2.x before 6.2… | |||
| CVE-2016-4505 | high | 8.8 | 8.8 | 10y ago | Resource Data Management (RDM) Intuitive 650 TDB Controller devices before 2.1.24 allow remote authenticated users to modify arbitrary passwords via unspecified vectors. | |||
| CVE-2016-2285 | high | 8.8 | 8.8 | 10y ago | Cross-site request forgery (CSRF) vulnerability on Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, MiiNePort_E1_7080 devices with firmware 1.1.10 Build 09120714, MiiNePort_E2_1242… | |||
| CVE-2016-1887 | high | 7.8 | 8.8 | 10y ago | Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory o… | |||
| CVE-2016-1886 | high | 7.8 | 8.8 | 10y ago | Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive… | |||
| CVE-2016-1406 | high | 8.8 | 8.8 | 10y ago | The API web interface in Cisco Prime Infrastructure before 3.1 and Cisco Evolved Programmable Network Manager before 1.2.4 allows remote authenticated users to bypass intended RBAC restrictions and o… | |||
| CVE-2016-4782 | high | 8.8 | 8.8 | 10y ago | Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote attackers to have unspecified impact via a crafted intent: URL, aka an "intent scheme URL attack." | |||
| CVE-2016-4557 | high | 7.8 | 8.8 | 10y ago | The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or caus… | |||
| CVE-2016-2157 | high | 8.8 | 8.8 | 10y ago | Moodle cross-site request forgery (CSRF) vulnerability | |||
| CVE-2016-4343 | high | 8.8 | 8.8 | 10y ago | The phar_make_dirstream function in ext/phar/dirstream.c in PHP before 5.6.18 and 7.x before 7.0.3 mishandles zero-size ././@LongLink files, which allows remote attackers to cause a denial of service… | |||
| CVE-2016-4342 | high | 8.8 | 8.8 | 10y ago | ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memor… | |||
| CVE-2016-3728 | high | 8.8 | 8.8 | 10y ago | Eval injection vulnerability in tftp_api.rb in the TFTP module in the Smart-Proxy in Foreman before 1.10.4 and 1.11.x before 1.11.2 allows remote attackers to execute arbitrary code via the PXE templ… | |||
| CVE-2016-1859 | high | 8.8 | 8.8 | 10y ago | The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruptio… | |||
| CVE-2016-1857 | high | 8.8 | 8.8 | 10y ago | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted… | |||
| CVE-2016-1856 | high | 8.8 | 8.8 | 10y ago | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted… | |||
| CVE-2016-1855 | high | 8.8 | 8.8 | 10y ago | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted… | |||
| CVE-2016-1854 | high | 8.8 | 8.8 | 10y ago | WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and tvOS before 9.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted… | |||
| CVE-2016-1848 | high | 7.8 | 8.8 | 10y ago | QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | |||
| CVE-2016-1847 | high | 8.8 | 8.8 | 10y ago | OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory cor… | |||
| CVE-2016-1846 | high | 7.8 | 8.8 | 10y ago | The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of… | |||
| CVE-2016-1841 | high | 8.8 | 8.8 | 10y ago | libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1, allows remote attackers to execute arbitrary code or cause a denial of service (memory co… | |||
| CVE-2016-1835 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in the xmlSAX2AttributeNs function in libxml2 before 2.9.4, as used in Apple iOS before 9.3.2 and OS X before 10.11.5, allows remote attackers to cause a denial of servic… | |||
| CVE-2016-1828 | high | 7.8 | 8.8 | 10y ago | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service … | |||
| CVE-2016-1827 | high | 7.8 | 8.8 | 10y ago | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service … | |||
| CVE-2016-1825 | high | 7.8 | 8.8 | 10y ago | IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||
| CVE-2016-1823 | high | 7.8 | 8.8 | 10y ago | The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged c… | |||
| CVE-2016-1821 | high | 7.8 | 8.8 | 10y ago | IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||
| CVE-2016-1819 | high | 7.8 | 8.8 | 10y ago | Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute… | |||
| CVE-2016-1813 | high | 7.8 | 8.8 | 10y ago | The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a priv… | |||
| CVE-2016-1803 | high | 7.8 | 8.8 | 10y ago | CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service… | |||
| CVE-2016-1800 | high | 8.8 | 8.8 | 10y ago | Captive Network Assistant in Apple OS X before 10.11.5 mishandles a custom URL scheme, which allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2016-1794 | high | 7.8 | 8.8 | 10y ago | The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of serv… | |||
| CVE-2016-1793 | high | 7.8 | 8.8 | 10y ago | AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted … | |||
| CVE-2016-1669 | high | 8.8 | 8.8 | 10y ago | The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows rem… | |||
| CVE-2016-1668 | high | 8.8 | 8.8 | 10y ago | The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows… | |||
| CVE-2016-1667 | high | 8.8 | 8.8 | 10y ago | The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution duri… | |||
| CVE-2016-1663 | high | 8.8 | 8.8 | 10y ago | The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishand… | |||
| CVE-2016-1660 | high | 8.8 | 8.8 | 10y ago | Blink, as used in Google Chrome before 50.0.2661.94, mishandles assertions in the WTF::BitArray and WTF::double_conversion::Vector classes, which allows remote attackers to cause a denial of service … | |||
| CVE-2016-3710 | high | 8.8 | 8.8 | 10y ago | The VGA module in QEMU improperly performs bounds checking on banked access to video memory, which allows local guest OS administrators to execute arbitrary code on the host by changing access modes … | |||
| CVE-2016-0195 | high | 8.8 | 8.8 | 10y ago | The Imaging Component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 all… | |||
| CVE-2016-0188 | high | 8.8 | 8.8 | 10y ago | The User Mode Code Integrity (UMCI) implementation in Device Guard in Microsoft Internet Explorer 11 allows remote attackers to bypass a code-signing protection mechanism via unspecified vectors, aka… | |||
| CVE-2016-0184 | high | 8.8 | 8.8 | 10y ago | Use-after-free vulnerability in GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gol… | |||
| CVE-2016-0183 | high | 8.8 | 8.8 | 10y ago | The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allows remote attackers to execute arbitrary… | |||
| CVE-2016-0178 | high | 8.8 | 8.8 | 10y ago | The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishan… | |||
| CVE-2016-0173 | high | 7.8 | 8.8 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |||
| CVE-2016-0171 | high | 7.8 | 8.8 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |||
| CVE-2016-2439 | high | 8.8 | 8.8 | 10y ago | Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-05-01 allows remote attackers to execute arbitrary code via… | |||
| CVE-2016-2352 | high | 8.8 | 8.8 | 10y ago | The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role. | |||
| CVE-2016-2009 | high | 8.8 | 8.8 | 10y ago | HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to execute arbitrary commands via a crafted serialized Java object, related to the Apache … | |||
| CVE-2016-1541 | high | 8.8 | 8.8 | 10y ago | Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-si… | |||
| CVE-2016-2854 | high | 7.8 | 8.8 | 10y ago | The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. | |||
| CVE-2016-2853 | high | 7.8 | 8.8 | 10y ago | The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem… |