CVEs from 2016
Total
8,436
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-7637 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7633 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Directory Services" component. It allows local users to gain privileges or cause a denial … | |||
| CVE-2016-7621 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-7617 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. macOS before 10.12.2 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged contex… | |||
| CVE-2016-7612 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allow… | |||
| CVE-2016-4669 | high | 7.8 | 8.8 | 9y ago | An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves th… | |||
| CVE-2016-8972 | high | 7.8 | 8.8 | 9y ago | IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root privileges using a specially crafted command within the bellmail client. IBM APARs: IV91006, IV91007, IV91008, IV91010, IV91011. | |||
| CVE-2016-6079 | high | 7.8 | 8.8 | 9y ago | IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. IBM APARs: IV88658, IV87981, IV88419, IV87640, IV88… | |||
| CVE-2016-3053 | high | 7.8 | 8.8 | 10y ago | IBM AIX contains an unspecified vulnerability that would allow a locally authenticated user to obtain root level privileges. | |||
| CVE-2016-2399 | high | 7.8 | 8.8 | 10y ago | Integer overflow in the quicktime_read_pascal function in libquicktime 1.2.4 and earlier allows remote attackers to cause a denial of service or possibly have other unspecified impact via a crafted h… | |||
| CVE-2016-10156 | high | 7.8 | 8.8 | 10y ago | A flaw in systemd v228 in /src/basic/fs-util.c caused world writable suid files to be created when using the systemd timers features, allowing local attackers to escalate their privileges to root. Th… | |||
| CVE-2016-6253 | high | 7.8 | 8.8 | 10y ago | mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on th… | |||
| CVE-2016-6772 | high | 7.8 | 8.8 | 10y ago | An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate becau… | |||
| CVE-2016-10081 | high | 7.8 | 8.8 | 10y ago | /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action. | |||
| CVE-2016-7084 | high | 7.8 | 8.8 | 10y ago | tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execu… | |||
| CVE-2016-7083 | high | 7.8 | 8.8 | 10y ago | VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary co… | |||
| CVE-2016-9793 | high | 7.8 | 8.8 | 10y ago | The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory … | |||
| CVE-2016-9950 | high | 7.8 | 8.8 | 10y ago | An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package sp… | |||
| CVE-2016-9949 | high | 7.8 | 8.8 | 10y ago | An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers t… | |||
| CVE-2016-9566 | high | 7.8 | 8.8 | 10y ago | base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged … | |||
| CVE-2016-8655 | high | 7.8 | 8.8 | 10y ago | Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capabilit… | |||
| CVE-2016-1247 | high | 7.8 | 8.8 | 10y ago | The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu… | |||
| CVE-2016-6707 | high | 7.8 | 8.8 | 10y ago | An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the con… | |||
| CVE-2016-9151 | high | 7.8 | 8.8 | 10y ago | Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted v… | |||
| CVE-2016-8811 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-8810 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-8809 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-8808 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-8807 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-8806 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-8805 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-7391 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-7390 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-7387 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-7385 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler … | |||
| CVE-2016-7384 | high | 7.8 | 8.8 | 10y ago | For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) where un… | |||
| CVE-2016-7188 | high | 7.8 | 8.8 | 10y ago | The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted applicatio… | |||
| CVE-2016-7185 | high | 7.8 | 8.8 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and… | |||
| CVE-2016-3376 | high | 7.8 | 8.8 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and… | |||
| CVE-2016-5425 | high | 7.8 | 8.8 | 10y ago | The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows l… | |||
| CVE-2016-6434 | high | 7.8 | 8.8 | 10y ago | Cisco Firepower Management Center 6.0.1 has hardcoded database credentials, which allows local users to obtain sensitive information by leveraging CLI access, aka Bug ID CSCva30370. | |||
| CVE-2016-1240 | high | 7.8 | 8.8 | 10y ago | The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 … | |||
| CVE-2016-3357 | high | 7.8 | 8.8 | 10y ago | Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Word for Mac 2011, Word 2016 for Mac, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2… | |||
| CVE-2016-3861 | high | 7.8 | 8.8 | 10y ago | LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles conversions between Unicode character encodings with differen… | |||
| CVE-2016-1464 | high | 7.8 | 8.8 | 10y ago | Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, allows remote attackers to execute arbitrary code via a crafted file, aka Bug ID CSCva09375. | |||
| CVE-2016-7089 | high | 7.8 | 8.8 | 10y ago | WatchGuard RapidStream appliances allow local users to gain privileges and execute arbitrary commands via a crafted ifconfig command, aka ESCALATEPLOWMAN. | |||
| CVE-2016-3316 | high | 7.8 | 8.8 | 10y ago | Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability." | |||
| CVE-2016-3313 | high | 7.8 | 8.8 | 10y ago | Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, Word 2016 for Mac, and Word Viewer allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Mem… | |||
| CVE-2016-3304 | high | 7.8 | 8.8 | 10y ago | The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync… | |||
| CVE-2016-3303 | high | 7.8 | 8.8 | 10y ago | The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync… | |||
| CVE-2016-3301 | high | 7.8 | 8.8 | 10y ago | The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 16… | |||
| CVE-2016-5330 | high | 7.8 | 8.8 | 10y ago | Untrusted search path vulnerability in the HGFS (aka Shared Folders) feature in VMware Tools 10.0.5 in VMware ESXi 5.0 through 6.0, VMware Workstation Pro 12.1.x before 12.1.1, VMware Workstation Pla… | |||
| CVE-2016-6187 | high | 7.8 | 8.8 | 10y ago | The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor … | |||
| CVE-2016-1611 | high | 7.8 | 8.8 | 10y ago | Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses world-writable permissions for /etc/profile.d/vainit.sh, which allows local users to gain privileges by replacing this file's conten… | |||
| CVE-2016-4625 | high | 7.8 | 8.8 | 10y ago | Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors. | |||
| CVE-2016-1863 | high | 7.8 | 8.8 | 10y ago | The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspe… | |||
| CVE-2016-4997 | high | 7.8 | 8.8 | 10y ago | The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of … | |||
| CVE-2016-1583 | high | 7.8 | 8.8 | 10y ago | The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via vecto… | |||
| CVE-2016-1861 | high | 7.8 | 8.8 | 10y ago | The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted ap… | |||
| CVE-2016-3225 | high | 7.8 | 8.8 | 10y ago | The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 … | |||
| CVE-2016-3220 | high | 7.8 | 8.8 | 10y ago | atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Wi… | |||
| CVE-2016-3219 | high | 7.8 | 8.8 | 10y ago | The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." | |||
| CVE-2016-2494 | high | 7.8 | 8.8 | 10y ago | Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as de… | |||
| CVE-2016-1887 | high | 7.8 | 8.8 | 10y ago | Integer signedness error in the sockargs function in sys/kern/uipc_syscalls.c in FreeBSD 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to cause a denial of service (memory o… | |||
| CVE-2016-1886 | high | 7.8 | 8.8 | 10y ago | Integer signedness error in the genkbd_commonioctl function in sys/dev/kbd/kbd.c in FreeBSD 9.3 before p42, 10.1 before p34, 10.2 before p17, and 10.3 before p3 allows local users to obtain sensitive… | |||
| CVE-2016-4557 | high | 7.8 | 8.8 | 10y ago | The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in the Linux kernel before 4.5.5 does not properly maintain an fd data structure, which allows local users to gain privileges or caus… | |||
| CVE-2016-1848 | high | 7.8 | 8.8 | 10y ago | QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file. | |||
| CVE-2016-1846 | high | 7.8 | 8.8 | 10y ago | The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of… | |||
| CVE-2016-1828 | high | 7.8 | 8.8 | 10y ago | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service … | |||
| CVE-2016-1827 | high | 7.8 | 8.8 | 10y ago | The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service … | |||
| CVE-2016-1825 | high | 7.8 | 8.8 | 10y ago | IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||
| CVE-2016-1823 | high | 7.8 | 8.8 | 10y ago | The IOHIDDevice::handleReportWithTime function in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged c… | |||
| CVE-2016-1821 | high | 7.8 | 8.8 | 10y ago | IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted app. | |||
| CVE-2016-1819 | high | 7.8 | 8.8 | 10y ago | Use-after-free vulnerability in the IOAccelContext2::clientMemoryForType method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute… | |||
| CVE-2016-1813 | high | 7.8 | 8.8 | 10y ago | The IOAccelSharedUserClient2::page_off_resource method in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a priv… | |||
| CVE-2016-1803 | high | 7.8 | 8.8 | 10y ago | CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before 9.2.1, and watchOS before 2.2.1 allows attackers to execute arbitrary code in a privileged context or cause a denial of service… | |||
| CVE-2016-1794 | high | 7.8 | 8.8 | 10y ago | The AppleGraphicsControlClient::checkArguments method in AppleGraphicsControl in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of serv… | |||
| CVE-2016-1793 | high | 7.8 | 8.8 | 10y ago | AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (NULL pointer dereference) via a crafted … | |||
| CVE-2016-0173 | high | 7.8 | 8.8 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |||
| CVE-2016-0171 | high | 7.8 | 8.8 | 10y ago | The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 a… | |||
| CVE-2016-2854 | high | 7.8 | 8.8 | 10y ago | The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory. | |||
| CVE-2016-2853 | high | 7.8 | 8.8 | 10y ago | The aufs module for the Linux kernel 3.x and 4.x does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an aufs filesystem on top of a FUSE filesystem… | |||
| CVE-2016-1576 | high | 7.8 | 8.8 | 10y ago | The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top o… | |||
| CVE-2016-1575 | high | 7.8 | 8.8 | 10y ago | The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid direc… | |||
| CVE-2016-3672 | high | 7.8 | 8.8 | 10y ago | The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the int… | |||
| CVE-2016-3135 | high | 7.8 | 8.8 | 10y ago | Integer overflow in the xt_alloc_table_info function in net/netfilter/x_tables.c in the Linux kernel through 4.5.2 on 32-bit platforms allows local users to gain privileges or cause a denial of servi… | |||
| CVE-2016-2203 | high | 7.8 | 8.8 | 10y ago | The management console on Symantec Messaging Gateway (SMG) Appliance devices before 10.6.1 allows local users to discover an encrypted AD password by leveraging certain read privileges. | |||
| CVE-2016-3943 | high | 7.8 | 8.8 | 10y ago | Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which al… | |||
| CVE-2016-0143 | high | 7.8 | 8.8 | 10y ago | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 al… | |||
| CVE-2016-0122 | high | 7.8 | 8.8 | 10y ago | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary… | |||
| CVE-2016-3986 | high | 7.8 | 8.8 | 10y ago | Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing. | |||
| CVE-2016-2288 | high | 7.8 | 8.8 | 10y ago | Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file. | |||
| CVE-2016-1769 | high | 7.8 | 8.8 | 10y ago | QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file. | |||
| CVE-2016-1768 | high | 7.8 | 8.8 | 10y ago | QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than … | |||
| CVE-2016-1767 | high | 7.8 | 8.8 | 10y ago | QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than … | |||
| CVE-2016-1755 | high | 7.8 | 8.8 | 10y ago | The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before 9.2, and watchOS before 2.2 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memor… | |||
| CVE-2016-1749 | high | 7.8 | 8.8 | 10y ago | IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | |||
| CVE-2016-1744 | high | 7.8 | 8.8 | 10y ago | The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via… | |||
| CVE-2016-1743 | high | 7.8 | 8.8 | 10y ago | The Intel driver in the Graphics Drivers subsystem in Apple OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via… | |||
| CVE-2016-0094 | high | 7.8 | 8.8 | 10y ago | The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 al… |