VYPR

CVEs

100,075 total · page 1942 of 2,002

  • CVE-2016-3331HigOct 14, 2016
    risk 0.50cvss 7.5epss 0.14

    Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

  • CVE-2016-3270HigOct 14, 2016
    risk 0.51cvss 7.8epss 0.07

    The Graphics component in the kernel in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted…

  • CVE-2016-3266HigOct 14, 2016
    risk 0.51cvss 7.8epss 0.06

    The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka…

  • CVE-2016-0142HigOct 14, 2016
    risk 0.52cvss 7.8epss 0.20

    Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Video Control Remote Code Execution Vulnerability."

  • CVE-2016-6992HigOct 13, 2016
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion."

  • CVE-2016-6990HigOct 13, 2016
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than…

  • CVE-2016-6989HigOct 13, 2016
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than…

  • CVE-2016-6987HigOct 13, 2016
    risk 0.58cvss 8.8epss 0.05

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6981.

  • CVE-2016-6986HigOct 13, 2016
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than…

  • CVE-2016-6985HigOct 13, 2016
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than…

  • CVE-2016-6984HigOct 13, 2016
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than…

  • CVE-2016-6983HigOct 13, 2016
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than…

  • CVE-2016-6982HigOct 13, 2016
    risk 0.58cvss 8.8epss 0.05

    Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than…

  • CVE-2016-6981HigOct 13, 2016
    risk 0.58cvss 8.8epss 0.05

    Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-6987.

  • CVE-2016-6935HigOct 13, 2016
    risk 0.51cvss 7.8epss 0.01

    Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.8.0.310 on Windows allows local users to gain privileges via a Trojan horse executable file in the %SYSTEMDRIVE% directory.

  • CVE-2016-4286HigOct 13, 2016
    risk 0.58cvss 8.8epss 0.06

    Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to bypass intended access restrictions via unspecified vectors.

  • CVE-2016-4273HigOct 13, 2016
    risk 0.62cvss 8.8epss 0.20

    Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before 23.0.0.185 on Windows and OS X and before 11.2.202.637 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than…

  • CVE-2016-7065HigOct 13, 2016
    risk 0.61cvss 8.8epss 0.12

    The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.

  • CVE-2016-6325HigOct 13, 2016
    risk 0.51cvss 7.8epss 0.01

    The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

  • CVE-2016-5425HigOct 13, 2016
    risk 0.54cvss 7.8epss 0.04

    The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

  • CVE-2016-3946HigOct 13, 2016
    risk 0.51cvss 7.8epss 0.00

    SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP Server login credentials by reading the Windows registry, aka SAP Security Note 2121461.

  • CVE-2016-3635HigOct 13, 2016
    risk 0.49cvss 7.5epss 0.02

    SAP Netweaver 7.4 allows remote authenticated users to bypass an intended Unified Connectivity (UCON) access control list and execute arbitrary Remote Function Modules (RFM) by leveraging a connection created from earlier execution of an anonymous RFM included in a Communication…

  • CVE-2016-8563HigOct 13, 2016
    risk 0.49cvss 7.5epss 0.03

    Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 allows remote attackers to cause a denial of service (ALM service outage) via crafted packets to TCP port 4410.

  • CVE-2016-1000216HigOct 10, 2016
    risk 0.58cvss 8.8epss 0.07

    Ruckus Wireless H500 web management interface authenticated command injection

  • CVE-2016-8101HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.00

    The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local users to gain privileges via unspecified vectors.

  • CVE-2016-6680HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes an iw_set_priv ioctl call, aka Android internal bug 29982678 and…

  • CVE-2016-6676HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a GET_CFG ioctl…

  • CVE-2016-6675HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a linkspeed…

  • CVE-2016-6674HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.00

    system_server in Android before 2016-10-05 on Nexus devices allows attackers to gain privileges via a crafted application, aka internal bug 30445380.

  • CVE-2016-6673HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.00

    The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 30204201.

  • CVE-2016-6672HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.00

    The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka internal bug 30537088.

  • CVE-2016-3940HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.00

    The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus 6P and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 30141991.

  • CVE-2016-3939HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30874196 and Qualcomm internal bug CR…

  • CVE-2016-3938HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30019716 and Qualcomm internal bug…

  • CVE-2016-3937HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30030994 and MediaTek internal bug ALPS02834874.

  • CVE-2016-3936HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019037 and MediaTek internal bug ALPS02829568.

  • CVE-2016-3935HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug…

  • CVE-2016-3934HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies on variable-length arrays, which allows attackers to gain privileges via a…

  • CVE-2016-3933HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.00

    mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 29421408.

  • CVE-2016-3932HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.00

    mediaserver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 29161895 and MediaTek internal bug ALPS02770870.

  • CVE-2016-3931HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29157595 and Qualcomm internal bug CR…

  • CVE-2016-3930HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.00

    The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28760138.

  • CVE-2016-3928HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    The MediaTek video driver in Android before 2016-10-05 allows attackers to gain privileges via a crafted application, aka Android internal bug 30019362 and MediaTek internal bug ALPS02829384.

  • CVE-2016-3922HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.00

    libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 relies on variable-length arrays, which allows attackers to gain privileges via a crafted application, aka internal bug 30202619.

  • CVE-2016-3921HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    libsysutils/src/FrameworkListener.cpp in Framework Listener in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 29831647.

  • CVE-2016-3917HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.00

    The fingerprint login feature in Android 6.0.1 before 2016-10-01 and 7.0 before 2016-10-01 does not track the user account during the authentication process, which allows physically proximate attackers to authenticate as an arbitrary user by leveraging lockscreen access, aka…

  • CVE-2016-3916HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30741779.

  • CVE-2016-3915HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    camera/src/camera_metadata.c in the Camera service in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 30591838.

  • CVE-2016-3914HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.00

    Race condition in providers/telephony/MmsProvider.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows attackers to gain privileges via a crafted application that modifies a database…

  • CVE-2016-3913HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate a certain static_cast operation, which allows attackers to gain privileges…