VIR Vulnerability Intelligence Relay

Search

Found 6,360 results in 1241ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2017-2361 medium 6.1 7.1 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Help Viewer" component, which allows XSS attacks via a crafted web site.
CVE-2017-2360 high 7.8 8.8 EXPFIX macos macos webkitgtk 9y ago An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. macOS before 10.12.3 is affected. tvOS before 10.1.1 is affected. watchOS before 3.1.3 is affected. The issue involve…
CVE-2017-2353 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex…
CVE-2016-7661 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain pr…
CVE-2016-7660 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "syslog" component. It allow…
CVE-2016-7644 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…
CVE-2016-7637 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…
CVE-2016-7633 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial …
CVE-2016-7626 high 8.8 9.8 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows …
CVE-2016-7621 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…
CVE-2016-7617 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex…
CVE-2016-7612 high 7.8 8.8 EXP macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow…
CVE-2016-7608 medium 5.5 6.5 EXP macos macos 9y ago An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "IOFireWireFamily" component, which allows local users to obtain sensitive information from…
CVE-2016-4669 high 7.8 8.8 EXPFIX macos macos 9y ago An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th…
CVE-2017-6074 high 7.8 8.8 EXPFIX arch arch slesdebian debian 9y ago The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain r…
CVE-2016-4316 medium 6.1 7.1 EXP wso2 9y ago WSO2 Carbon vulnerable to Cross-site Scripting
CVE-2016-4315 medium 5.7 6.7 EXP wso2 9y ago Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action…
CVE-2016-4314 medium 4.9 5.9 EXP wso2 9y ago WSO2 Carbon directory traversal vulnerability
CVE-2016-4312 high 7.5 8.5 EXP wso2 9y ago XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to …
CVE-2016-4311 high 8.8 9.8 EXP wso2 9y ago Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that proc…
CVE-2017-0313 high 7.8 8.8 EXP nvidia 9y ago All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) implementation of the SubmitCommandVirtual DDI (DxgkDdiSubmitCommandVirtual) where un…
CVE-2017-0312 high 7.8 8.8 EXP nvidia 9y ago All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscapeID 0x100008b where user provided input is used as the limit …
CVE-2016-8972 high 7.8 8.8 EXP ibm 9y ago IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011.
CVE-2016-6079 high 7.8 8.8 EXP ibm 9y ago IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88…
CVE-2017-5991 high 7.5 8.5 EXPFIX debian debian artifex 9y ago An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pix…
CVE-2017-2992 high 8.8 9.8 EXP macos macos linux-kernelwindows windows adobe 9y ago Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2988 high 8.8 9.8 EXP macos macos linux-kernelwindows windows adobe 9y ago Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code executi…
CVE-2017-2986 high 8.8 9.8 EXP linux-kernelmacos macoswindows windows adobe 9y ago Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2985 high 8.8 9.8 EXP linux-kernelmacos macoswindows windows adobe 9y ago Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execut…
CVE-2017-5972 high 7.5 8.5 EXPFIX slesdebian debian linux-kernel 9y ago The TCP stack in the Linux kernel 3.x does not properly implement a SYN cookie protection mechanism for the case of a fast network connection, which allows remote attackers to cause a denial of servi…
CVE-2017-5146 high 7.5 8.5 EXP 9y ago An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV prior to firmware Version A17. Sensitive information is stored in clear-text.
CVE-2016-9351 high 7.0 8.0 EXP advantech 9y ago An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. The directory traversal/file upload error allows an attacker to upload and unpack a zip file.
CVE-2016-9349 high 7.5 8.5 EXP advantech 9y ago An issue was discovered in Advantech SUISAccess Server Version 3.0 and prior. An attacker could traverse the file system and extract files that can result in information disclosure.
CVE-2016-9332 high 7.5 8.5 EXP moxa 9y ago An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. Moxa SoftCMS Webserver does not properly validate input. An attacker could provide unexpected values and cause the program to cr…
CVE-2016-8377 high 8.0 9.0 EXP 9y ago An issue was discovered in Fatek Automation PLC WinProladder Version 3.11 Build 14701. A stack-based buffer overflow vulnerability exists when the software application connects to a malicious server,…
CVE-2016-5809 high 8.8 9.8 EXP 9y ago An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. There is no CSRF Token gen…
CVE-2016-6210 medium 5.9 6.9 EXPFIX slesdebian debian openbsd 9y ago sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user password hashing, uses BLOWFISH hashing on a static password when the username does not exist, which allows remote attackers to enu…
CVE-2017-5180 high 8.8 9.8 EXPFIX arch archdebian debian firejail_project 9y ago Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not consider the .Xauthority case during its attempt to prevent accessing user files with an euid of zero, which allows local users …
CVE-2017-3813 high 7.8 8.8 EXP cisco 9y ago A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with th…
CVE-2017-3807 high 8.8 9.8 EXP 9y ago A vulnerability in Common Internet Filesystem (CIFS) code in the Clientless SSL VPN functionality of Cisco ASA Software, Major Releases 9.0-9.6, could allow an authenticated, remote attacker to cause…
CVE-2016-9244 high 7.5 8.5 EXP f5 9y ago A BIG-IP virtual server configured with a Client SSL profile that has the non-default Session Tickets option enabled may leak up to 31 bytes of uninitialized memory. A remote attacker may exploit thi…
CVE-2015-6023 high 7.3 8.3 EXP 9y ago ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01_R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE:…
CVE-2017-0412 high 7.8 8.8 EXP 9y ago An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as H…
CVE-2017-0411 high 7.8 8.8 EXP 9y ago An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as H…
CVE-2016-2539 high 8.8 9.8 EXP atutor 10y ago Cross-site request forgery (CSRF) vulnerability in install_modules.php in ATutor before 2.2.2 allows remote attackers to hijack the authentication of users for requests that upload arbitrary files an…
CVE-2017-5630 high 7.5 8.5 EXP slesdebian debian php 10y ago PEAR core file overwrite vulnerability
CVE-2016-3053 high 7.8 8.8 EXP 10y ago IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges.
CVE-2016-10079 high 7.5 8.5 EXP sap 10y ago SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of Service vulnerability (service crash) with a long string to TCP port 515.
CVE-2017-3823 high 8.8 9.8 EXP cisco 10y ago An issue was discovered in the Cisco WebEx Extension before 1.0.7 on Google Chrome, the ActiveTouch General Plugin Container before 106 on Mozilla Firefox, the GpcContainer Class ActiveX control plug…
CVE-2016-6267 high 8.8 9.8 EXP trendmicro 10y ago SnmpUtils in Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before build 2106, and 3.0 before build 1330 allows remote authenticated users to execute arbitrary commands via shell meta…
CVE-2016-2399 high 7.8 8.8 EXPFIX slesdebian debian libquicktime 10y ago Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted h…
CVE-2016-9554 high 7.2 8.2 EXP sophos 10y ago The Sophos Web Appliance Remote / Secure Web Gateway server (version 4.2.1.3) is vulnerable to a Remote Command Injection vulnerability in its web administrative interface. These vulnerabilities occu…
CVE-2016-9553 high 7.2 8.2 EXP sophos 10y ago The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote Command Injection vulnerabilities affecting its web administrative interface. These vulnerabilities occur in the MgrReport.php (…
CVE-2017-5329 high 7.8 8.8 EXP paloaltonetworks 10y ago Palo Alto Networks Terminal Services Agent before 7.0.7 allows local users to gain privileges via vectors that trigger an out-of-bounds write operation.
CVE-2017-3316 high 8.4 9.4 EXPFIX debian debian oracle 10y ago Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: GUI). Supported versions that are affected are VirtualBox prior to 5.0.32 and prior to 5.1.14. Easily explo…
CVE-2017-5594 high 7.5 8.5 EXP pagekit 10y ago Pagekit Weak Password Recovery Mechanism for Forgotten Password
CVE-2016-6601 high 7.5 8.5 EXP zohocorp 10y ago Directory traversal vulnerability in the file download functionality in ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parame…
CVE-2016-5237 medium 4.8 5.8 EXP 10y ago Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse …
CVE-2016-4793 high 7.5 8.5 EXPFIX debian debian cakephp 10y ago CakePHP allows remote attackers to spoof their IP
CVE-2016-4340 high 8.8 9.8 EXP gitlab 10y ago The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as …
CVE-2016-4338 high 8.1 9.1 EXPFIX debian debian zabbix 10y ago The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, all…
CVE-2016-10156 high 7.8 8.8 EXPFIX debian debian systemd_project 10y ago A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. Th…
CVE-2016-6253 high 7.8 8.8 EXP freebsd freebsd 10y ago mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on th…
CVE-2014-2045 medium 6.1 7.1 EXP 10y ago Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the usernam…
CVE-2016-5725 medium 5.9 6.9 EXPFIX debian debian jcraft 10y ago Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
CVE-2016-6283 medium 6.1 7.1 EXP atlassian 10y ago Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.a…
CVE-2016-3411 medium 6.1 7.1 EXP synacor 10y ago Cross-site scripting (XSS) vulnerability in Zimbra Collaboration before 8.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bug 103609.
CVE-2016-6897 medium 6.5 7.5 EXPFIX debian debian wordpress 10y ago Cross-site request forgery (CSRF) vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress before 4.6 allows remote attackers to hijack the authenticatio…
CVE-2016-6896 high 7.1 8.1 EXPFIX debian debian wordpress 10y ago Directory traversal vulnerability in the wp_ajax_update_plugin function in wp-admin/includes/ajax-actions.php in WordPress 4.5.3 allows remote authenticated users to cause a denial of service or read…
CVE-2016-7998 high 8.8 9.8 EXPFIX debian debian spip 10y ago The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag a…
CVE-2016-7982 high 7.5 8.5 EXPFIX debian debian spip 10y ago Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml acti…
CVE-2016-7980 high 8.8 9.8 EXPFIX debian debian spip 10y ago Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execu…
CVE-2016-2233 high 7.5 8.5 EXPFIX slesdebian debian hexchat_project 10y ago Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service (crash) via a large number of options in a CAP …
CVE-2016-2087 high 7.4 8.4 EXPFIX slesdebian debian hexchat_project 10y ago Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the server name.
CVE-2017-5223 medium 5.5 6.5 EXPFIX slesdebian debian phpmailer_project 10y ago Local file disclosure in PHPMailer
CVE-2017-5487 medium 5.3 6.3 EXPFIX arch archdebian debian wordpress 10y ago wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in the REST API implementation in WordPress 4.7 before 4.7.1 does not properly restrict listings of post authors, which allows remote…
CVE-2017-5473 high 8.8 9.8 EXP ntop 10y ago Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 allows remote attackers to hijack the authentication of arbitrary users, as demonstrated by admin/add_user.lua, admin/change_user…
CVE-2016-9813 medium 5.5 6.5 EXPFIX slesdebian debian gstreamer 10y ago The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
CVE-2016-7434 high 7.5 8.5 EXPFIX slesarch archdebian debian ntphpe 10y ago The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVE-2016-6772 high 7.8 8.8 EXP 10y ago An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate becau…
CVE-2016-4808 high 8.8 9.8 EXP web2py 10y ago Web2py Cross-Site Request Forgery vulnerability
CVE-2016-4807 medium 4.8 5.8 EXP web2py 10y ago Web2py Reflected XSS vulnerability
CVE-2016-4806 high 7.5 8.5 EXP web2py 10y ago Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files.
CVE-2017-2935 high 8.8 9.8 EXP sleswindows windowsmacos macos adobe 10y ago Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitra…
CVE-2017-2934 high 8.8 9.8 EXP sleswindows windowsmacos macos adobe 10y ago Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execut…
CVE-2017-2933 high 8.8 9.8 EXP sleswindows windowsmacos macos adobe 10y ago Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2932 high 8.8 9.8 EXP sleswindows windowsmacos macos adobe 10y ago Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-2931 high 8.8 9.8 EXP sleswindows windowsmacos macos adobe 10y ago Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code exe…
CVE-2017-2930 high 8.8 9.8 EXP sleswindows windowsmacos macos adobe 10y ago Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead …
CVE-2015-4593 high 8.8 9.8 EXP eclinicalworks 10y ago eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content a…
CVE-2015-4592 high 8.8 9.8 EXP eclinicalworks 10y ago eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as…
CVE-2015-4591 medium 6.1 7.1 EXP eclinicalworks 10y ago eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage para…
CVE-2016-10010 high 7.0 8.0 EXPFIX slesarch archdebian debian openbsd 10y ago sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to …
CVE-2016-10009 high 7.3 8.3 EXPFIX slesarch archdebian debian openbsd 10y ago Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-s…
CVE-2016-10081 high 7.8 8.8 EXPFIX debian debian shutter-project 10y ago /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.
CVE-2016-7084 high 7.8 8.8 EXP vmware 10y ago tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execu…
CVE-2016-7083 high 7.8 8.8 EXP vmware 10y ago VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary co…
CVE-2016-9793 high 7.8 8.8 EXPFIX slesdebian debian linux-kernel 10y ago The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory …
CVE-2016-10031 high 7.5 8.5 EXP wampserver 10y ago WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged l…
CVE-2016-7288 high 7.5 8.5 EXP microsoft 10y ago The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corrupti…