CVEs from 2016
Total
8,436
critical
critical 1,165
high
high 3,521
medium
medium 3,172
low
low 248
% Critical
13.8%
% with KEV
0.7%
% with exploit
6.8%
Top vendors
Top products
- phpmyadmin 3,382
- php 1,748
- squid 1,549
- samba 1,093
- drupal 868
- firefox 757
- moodle 700
- openssl 664
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-6914 | high | 7.8 | 8.8 | 9y ago | Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions for the installation directory, which allows local users to gain SYSTEM privileges via a Trojan horse taskkill.exe file. | |||
| CVE-2016-10701 | high | 8.8 | 8.8 | 9y ago | In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists in the Business Analytics application. | |||
| CVE-2016-10700 | high | 8.8 | 8.8 | 9y ago | auth_login.php in Cacti before 1.0.0 allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database, because the… | |||
| CVE-2016-3090 | high | 8.8 | 8.8 | 9y ago | Apache Struts RCE Vulnerability | |||
| CVE-2016-4461 | high | 8.8 | 8.8 | 9y ago | Apache Struts forced double OGNL evaluation | |||
| CVE-2016-1261 | high | 8.8 | 8.8 | 9y ago | J-Web does not validate certain input that may lead to cross-site request forgery (CSRF) issues or cause a denial of J-Web service (DoS). | |||
| CVE-2016-6806 | high | 8.8 | 8.8 | 9y ago | Apache Wicket vulnerable to CSRF attacks | |||
| CVE-2016-8744 | high | 8.8 | 8.8 | 9y ago | Deserialization of Untrusted Data in Apache Brooklyn | |||
| CVE-2016-8737 | high | 8.8 | 8.8 | 9y ago | Apache Brooklyn is vulnerable to cross-site request forgery (CSRF) | |||
| CVE-2016-0732 | high | 8.8 | 8.8 | 9y ago | The identity zones feature in Pivotal Cloud Foundry 208 through 229; UAA 2.0.0 through 2.7.3 and 3.0.0; UAA-Release 2 through 4, when configured with multiple identity zones; and Elastic Runtime 1.6.… | |||
| CVE-2016-4462 | high | 8.8 | 8.8 | 9y ago | By manipulating the URL parameter externalLoginKey, a malicious, logged in user could pass valid Freemarker directives to the Template Engine that are reflected on the webpage; a specially crafted Fr… | |||
| CVE-2016-5861 | high | 8.8 | 8.8 | 9y ago | In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, w… | |||
| CVE-2016-5716 | high | 8.8 | 8.8 | 9y ago | The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 includes unsafe string reads that potentially allows for remote code execution on the console node. | |||
| CVE-2016-9716 | high | 8.8 | 8.8 | 9y ago | IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions t… | |||
| CVE-2016-9714 | high | 8.8 | 8.8 | 9y ago | IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, 11.5, and 11.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized act… | |||
| CVE-2016-8493 | high | 8.8 | 8.8 | 9y ago | In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate privilege via a FortiClientNamedPipe vulnerability. | |||
| CVE-2016-1000218 | high | 8.8 | 8.8 | 9y ago | Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF vulnerability that could allow an attacker to generate superfluous reports whenever an authenticated Kibana user navigates to a specially… | |||
| CVE-2016-9984 | high | 8.8 | 8.8 | 9y ago | IBM Maximo Asset Management 7.5 and 7.6 could allow a remote authenticated attacker to execute arbitrary commands on the system as administrator. IBM X-Force ID: 120276. | |||
| CVE-2016-7830 | high | 8.8 | 8.8 | 9y ago | Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C devices with firmware versions prior to Ver.1.51 and PCS-XC1 devices with firmware version prior to Ver.1.22 allow an attacker o… | |||
| CVE-2016-7824 | high | 8.8 | 8.8 | 9y ago | Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier allows authenticated attackers to bypass access restriction to enable the debug option via unspecified vectors. | |||
| CVE-2016-7822 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier allows remote attackers to hijack the authentication of a logged in user to perfor… | |||
| CVE-2016-7811 | high | 8.8 | 8.8 | 9y ago | Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker on the same network segment to bypass access restriction to perform arbitrary operations via unspecified vectors. | |||
| CVE-2016-7809 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows remote attackers to hijack the authentication of logged in user to conduct unintended opera… | |||
| CVE-2016-7803 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to execute arbitrary SQL commands via "MultiReport" function. | |||
| CVE-2016-4907 | high | 8.8 | 8.8 | 9y ago | Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF tokens via unspecified vectors. | |||
| CVE-2016-4471 | high | 8.8 | 8.8 | 9y ago | ManageIQ in CloudForms before 4.1 allows remote authenticated users to execute arbitrary code. | |||
| CVE-2016-9977 | high | 8.8 | 8.8 | 9y ago | IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote attacker to hijack a user's session, caused by the failure to invalidate an existing session identifier. An attacker could exploit t… | |||
| CVE-2016-8229 | high | 8.8 | 8.8 | 9y ago | A cross-site request forgery vulnerability in Lenovo Service Bridge before version 4 could be exploited by an attacker with access to the DHCP server used by the system where LSB is installed. | |||
| CVE-2016-10377 | high | 8.8 | 8.8 | 9y ago | In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch to read past the end of the packet buffer due to an unsigned integer underflow in `lib/flow.c` in the function `miniflow_extrac… | |||
| CVE-2016-4977 | high | 8.8 | 8.8 | 9y ago | Spring Security OAuth vulnerable to remote code execution (RCE) via specially crafted request using whitelabel views | |||
| CVE-2016-9842 | high | 8.8 | 8.8 | 9y ago | The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers. | |||
| CVE-2016-9840 | high | 8.8 | 8.8 | 9y ago | RHSA-2025:8395: rsync security update (Low) | |||
| CVE-2016-5177 | high | 8.8 | 8.8 | 9y ago | arbitrary code execution in chromium | |||
| CVE-2016-6112 | high | 8.8 | 8.8 | 9y ago | IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and 10.0 could allow an authenticated user to escalate their privileges and gain administrative permissions over the web application. I… | |||
| CVE-2016-4904 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows remote attackers to hijack the authentication of a user to p… | |||
| CVE-2016-4854 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in L-04D firmware version V10a and V10b allows remote attackers to hijack the authentication of administrators to perform arbitrary operations via unsp… | |||
| CVE-2016-3403 | high | 8.8 | 8.8 | 9y ago | Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Zimbra Collaboration before 8.6.0 Patch 8 allow remote attackers to hijack the authentication of administrators for … | |||
| CVE-2016-4887 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Uploader version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||
| CVE-2016-4886 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Mail version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||
| CVE-2016-4885 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Feed version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||
| CVE-2016-4884 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in baserCMS plugin Blog version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||
| CVE-2016-4882 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. | |||
| CVE-2016-4881 | high | 8.8 | 8.8 | 9y ago | CSRF in baserCMS 3.0.10 and earlier | |||
| CVE-2016-4879 | high | 8.8 | 8.8 | 9y ago | CSRF in baserCMS 3.0.10 and earlier | |||
| CVE-2016-4878 | high | 8.8 | 8.8 | 9y ago | baserCMS Cross Site Request Forgery vulnerability | |||
| CVE-2016-4876 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in baserCMS version 3.0.10 and earlier allows remote attackers to hijack the authentication of administrators to execute arbitrary PHP code via unspeci… | |||
| CVE-2016-10277 | high | 7.8 | 8.8 | 9y ago | An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Cr… | |||
| CVE-2016-9092 | high | 8.8 | 8.8 | 9y ago | The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail Threat Defense (MTD) 1.1 management consoles are susceptible to a cross-site request forging (CSRF) vulnerability. A remote atta… | |||
| CVE-2016-5889 | high | 8.8 | 8.8 | 9y ago | IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website t… | |||
| CVE-2016-9251 | high | 8.8 | 8.8 | 9y ago | In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be able to cause an escalation of privileges through a crafted iControl REST connection. | |||
| CVE-2016-8202 | high | 8.8 | 8.8 | 9y ago | A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate t… | |||
| CVE-2016-8593 | high | 8.8 | 8.8 | 9y ago | Directory traversal vulnerability in upload.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code via a .. (dot dot) in the … | |||
| CVE-2016-8592 | high | 8.8 | 8.8 | 9y ago | log_query_system.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cach… | |||
| CVE-2016-8591 | high | 8.8 | 8.8 | 9y ago | log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_id pa… | |||
| CVE-2016-8590 | high | 8.8 | 8.8 | 9y ago | log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_i… | |||
| CVE-2016-8589 | high | 8.8 | 8.8 | 9y ago | log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the cache_i… | |||
| CVE-2016-8586 | high | 8.8 | 8.8 | 9y ago | detected_potential_files.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in … | |||
| CVE-2016-8585 | high | 8.8 | 8.8 | 9y ago | admin_sys_time.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier allows remote authenticated users to execute arbitrary code as the root user via shell metacharacters in the timezo… | |||
| CVE-2016-4313 | high | 7.8 | 8.8 | 9y ago | Directory traversal vulnerability in unzip/extract feature in eXtplorer 2.1.9 allows remote attackers to execute arbitrary files via a .. (dot dot) in an archive file. | |||
| CVE-2016-5399 | high | 7.8 | 8.8 | 9y ago | The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary co… | |||
| CVE-2016-2433 | high | 8.8 | 8.8 | 9y ago | The Broadcom Wi-Fi driver for Android, as used by BlackBerry smartphones before Build AAE570, allows remote attackers to execute arbitrary code in the context of the kernel. | |||
| CVE-2016-0720 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs before 0.9.149. | |||
| CVE-2016-5401 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS and BPMS 6 allows remote attackers to hijack the authentication of users for requests that modify instances via a crafted web pag… | |||
| CVE-2016-3734 | high | 8.8 | 8.8 | 9y ago | Moodle Cross-site request forgery (CSRF) vulnerability | |||
| CVE-2016-4862 | high | 8.8 | 8.8 | 9y ago | Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with CS-Cart Multi-Vendor 4.3.9 and earlier allow remote authenticated users to execute arbitrary PHP code on the servers. | |||
| CVE-2016-1218 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in Cybozu Garoon before 4.2.2. | |||
| CVE-2016-4889 | high | 8.8 | 8.8 | 9y ago | ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions. | |||
| CVE-2016-0727 | high | 7.8 | 8.8 | 9y ago | The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3… | |||
| CVE-2016-7834 | high | 8.8 | 8.8 | 9y ago | SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-E… | |||
| CVE-2016-5313 | high | 8.8 | 8.8 | 9y ago | Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated users to execute arbitrary OS commands. | |||
| CVE-2016-4895 | high | 8.8 | 8.8 | 9y ago | SetsucoCMS all versions allows remote authenticated attackers to conduct code injection attacks via unspecified vectors. | |||
| CVE-2016-4893 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in the SetsucoCMS all versions allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2016-4891 | high | 8.8 | 8.8 | 9y ago | Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all versions allows remote attackers to hijack the authentication of an administrator to change settings via unspecified vectors. | |||
| CVE-2016-8718 | high | 8.8 | 8.8 | 9y ago | An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a … | |||
| CVE-2016-4468 | high | 8.8 | 8.8 | 9y ago | SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; UAA 2.x before 2.7.4.4, 3.x before 3.3.0.2, and 3.4.x before 3.4.1; UAA BOSH before 11.2 and 12.x before 12.2; Elastic Runtime b… | |||
| CVE-2016-6811 | high | 8.8 | 8.8 | 9y ago | Insecure Inherited Permissions in Apache Hadoop | |||
| CVE-2016-10322 | high | 8.8 | 8.8 | 9y ago | Synology Photo Station before 6.3-2958 allows remote authenticated guest users to execute arbitrary commands via shell metacharacters in the X-Forwarded-For HTTP header to photo/login.php. | |||
| CVE-2016-5072 | high | 8.8 | 8.8 | 9y ago | OXID eShop before 2016-06-13 allows remote attackers to execute arbitrary code via a GET or POST request to the oxuser class. Fixed versions are Enterprise Edition v5.1.12, Enterprise Edition v5.2.9,… | |||
| CVE-2016-5071 | high | 8.8 | 8.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the management web application as root. | |||
| CVE-2016-5067 | high | 8.8 | 8.8 | 9y ago | Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT command injection. | |||
| CVE-2016-4319 | high | 8.8 | 8.8 | 9y ago | Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. | |||
| CVE-2016-1516 | high | 8.8 | 8.8 | 9y ago | Double Free in OpenCV | |||
| CVE-2016-6100 | high | 8.8 | 8.8 | 9y ago | IBM Disposal and Governance Management for IT and IBM Global Retention Policy and Schedule Management, components of IBM Atlas Policy Suite 6.0.3 is vulnerable to cross-site request forgery which cou… | |||
| CVE-2016-10314 | high | 8.8 | 8.8 | 9y ago | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to read … | |||
| CVE-2016-10313 | high | 8.8 | 8.8 | 9y ago | Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.04 (Rev. 4) devices allow remote attackers to condu… | |||
| CVE-2016-8917 | high | 8.8 | 8.8 | 9y ago | IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the websit… | |||
| CVE-2016-2379 | high | 8.8 | 8.8 | 9y ago | The Mxit protocol uses weak encryption when encrypting user passwords, which might allow attackers to (1) decrypt hashed passwords by leveraging knowledge of client registration codes or (2) gain log… | |||
| CVE-2016-9456 | high | 8.8 | 8.8 | 9y ago | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The Revive Adserver team conducted a security audit of the admin interface scripts in order to identify and fix other pote… | |||
| CVE-2016-9455 | high | 8.8 | 8.8 | 9y ago | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). A number of scripts in Revive Adserver's user interface are vulnerable to CSRF attacks: `www/admin/banner-acl.php`, `www/a… | |||
| CVE-2016-9127 | high | 8.8 | 8.8 | 9y ago | Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery (CSRF). The password recovery form in Revive Adserver is vulnerable to CSRF attacks. This vulnerability could be exploited to send… | |||
| CVE-2016-8960 | high | 8.8 | 8.8 | 9y ago | IBM Cognos Business Intelligence 10.2 could allow a user with lower privilege Capabilities to adopt the Capabilities of a higher-privilege user by intercepting the higher-privilege user's cookie valu… | |||
| CVE-2016-10225 | high | 7.8 | 8.8 | 9y ago | The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and H8 devices allows local users to gain root privileges by sending "rootmydevice" to /proc/sunxi_debug/sunxi_debug. | |||
| CVE-2016-10273 | high | 8.8 | 8.8 | 9y ago | Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), Air:Link 5000AC (AL5000AC) version 1.13, and Air:Link 59300 (AL59300) version 1.0… | |||
| CVE-2016-5758 | high | 8.8 | 8.8 | 9y ago | A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. | |||
| CVE-2016-5750 | high | 8.8 | 8.8 | 9y ago | The certificate upload feature in iManager in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be used to upload JSP pages that would be executed as the iManager user, allow… | |||
| CVE-2016-1597 | high | 8.8 | 8.8 | 9y ago | A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could escalate privileges to administrator. | |||
| CVE-2016-4504 | high | 8.8 | 8.8 | 9y ago | A Cross-Site Request Forgery issue was discovered in Meteocontrol WEB'log Basic 100 all versions, Light all versions, Pro all versions, and Pro Unlimited all versions. There is no CSRF Token generate… | |||
| CVE-2016-4929 | high | 8.8 | 8.8 | 9y ago | Command injection vulnerability in Junos Space before 15.2R2 allows attackers to execute arbitrary code as a root user. | |||
| CVE-2016-4928 | high | 8.8 | 8.8 | 9y ago | Cross site request forgery vulnerability in Junos Space before 15.2R2 allows remote attackers to perform certain administrative actions on Junos Space. | |||
| CVE-2016-8008 | high | 8.8 | 8.8 | 9y ago | Privilege escalation vulnerability in Windows 7 and Windows 10 in McAfee Security Scan Plus (SSP) 3.11.376 allows attackers to load a replacement of the version.dll file via McAfee McUICnt.exe onto a… |