CVSS: 9.3EPSS: 37%CPEs: 7EXPL: 0CVE-2016-7248
https://notcve.org/view.php?id=CVE-2016-7248
Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Video Control Remote Code Execution Vulnerability." Microsoft Video Control en Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8.1, Windows RT 8.1 y Windows 10 Gold, 1511, y 1607 permite a atacantes remotos ejecutar un código arbitrario a través de un archivo manipulado, vulnerabilidad también conocida como "Microsoft Video Control Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/94028 http://www.securitytracker.com/id/1037242 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-131 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 12EXPL: 0CVE-2016-7238
https://notcve.org/view.php?id=CVE-2016-7238
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 mishandle caching for NTLM password-change requests, which allows local users to gain privileges via a crafted application, aka "Windows NTLM Elevation of Privilege Vulnerability." Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 maneja incorrectamente el almacenamiento en caché para peticiones de cambio de contraseña NTLM, lo que permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como "Windows NTLM Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/94045 http://www.securitytracker.com/id/1037249 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-137 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 12EXPL: 0CVE-2016-7184
https://notcve.org/view.php?id=CVE-2016-7184
The Common Log File System (CLFS) driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows local users to gain privileges via a crafted application, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342, and CVE-2016-3343. El controlador Common Log File System (CLFS) en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permite a usuarios locales obtener privilegios a través de una aplicación manipulada, vulnerabilidad también conocida como "Windows Common Log File System Driver Elevation of Privilege Vulnerability," una vulnerabilidad diferente a CVE-2016-0026, CVE-2016-3332, CVE-2016-3333, CVE-2016-3334, CVE-2016-3335, CVE-2016-3338, CVE-2016-3340, CVE-2016-3342 y CVE-2016-3343. • http://www.securityfocus.com/bid/94015 http://www.securitytracker.com/id/1037252 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-134 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2016-7247
https://notcve.org/view.php?id=CVE-2016-7247
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow physically proximate attackers to bypass the Secure Boot protection mechanism via a crafted boot policy, aka "Secure Boot Component Vulnerability." Microsoft Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold, 1511 y 1607 y Windows Server 2016 permiten a atacantes físicamente próximos eludir el mecanismo de protección Secure Boot a través de una política boot manipulada, vulnerabilidad también conocida como "Secure Boot Component Vulnerability". • http://www.securityfocus.com/bid/94058 http://www.securitytracker.com/id/1037255 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-140 https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05340049 • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 1%CPEs: 26EXPL: 0CVE-2016-7857 – Adobe Flash AVSegmentedSource Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-7857
Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable use-after-free vulnerability. Successful exploitation could lead to arbitrary code execution. Versiones de Adobe Flash Player 23.0.0.205 y anteriores, 11.2.202.643 y anteriores tienen una vulnerabilidad de uso después de liberación de memoria aprovechable. Una explotación exitosa podría conducir a la ejecución de código arbitrario. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Flash. • http://rhn.redhat.com/errata/RHSA-2016-2676.html http://www.securityfocus.com/bid/94153 http://www.securitytracker.com/id/1037240 http://www.zerodayinitiative.com/advisories/ZDI-16-596 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-141 https://helpx.adobe.com/security/products/flash-player/apsb16-37.html https://security.gentoo.org/glsa/201611-18 https://access.redhat.com/security/cve/CVE-2016-7857 https://bugzilla.redhat.com/show_bug.cgi?id=139308 • CWE-416: Use After Free •