CVSS: 9.3EPSS: 13%CPEs: 25EXPL: 0CVE-2016-7855 – Adobe Flash Player Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2016-7855
Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. Vulnerabilidad de uso después de liberación de memoria en Adobe Flash Player en versiones anteriores a 23.0.0.205 en Windows y OS X y en versiones anteriores a 11.2.202.643 en Linux permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, según se ha explotado activamente en octubre de 2016. Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code. • http://rhn.redhat.com/errata/RHSA-2016-2119.html http://www.securityfocus.com/bid/93861 http://www.securitytracker.com/id/1037111 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-128 https://helpx.adobe.com/security/products/flash-player/apsb16-36.html https://security.gentoo.org/glsa/201610-10 https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html https://access.redhat.com/security/cve/CVE-2016-7855 https://bugzilla.redhat.com&#x • CWE-416: Use After Free •
CVSS: 9.3EPSS: 75%CPEs: 11EXPL: 0CVE-2016-3393 – Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3393
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component RCE Vulnerability." Graphics Device Interface (tambien conocido como GDI o GDI+) en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1 y Windows 10 Gold, 1511 y 1607 permite a atacantes remotos ejecutar un código arbitrario a través de una página web manipulada, vulnerabilidad también conocida como "Windows Graphics Component RCE Vulnerability". A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system. • http://www.securityfocus.com/bid/93377 http://www.securitytracker.com/id/1036988 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120 •
CVSS: 9.3EPSS: 22%CPEs: 19EXPL: 0CVE-2016-3396
https://notcve.org/view.php?id=CVE-2016-3396
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "GDI+ Remote Code Execution Vulnerability." Graphics Device Interface (también conocido como GDI o GDI+) en Microsoft Windows Vista SP2; Windows Server 2008 SP2 y R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold y R2; Windows RT 8.1; Windows 10 Gold, 1511 y 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee y Live Meeting 2007 Console permite a atacantes remotos ejecutar un código arbitrario a través de un fuente incrustada manipulada, vulnerabilidad también conocida como "GDI+ Remote Code Execution Vulnerability". • http://www.securityfocus.com/bid/93380 http://www.securitytracker.com/id/1036988 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-120 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.3EPSS: 13%CPEs: 11EXPL: 0CVE-2016-7211
https://notcve.org/view.php?id=CVE-2016-7211
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." a different vulnerability than CVE-2016-3266, CVE-2016-3376, and CVE-2016-7185. Los drivers kernel-mode en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold, 1511 y 1607 permiten a usuarios locales obtener privilegios a través de una aplicación manipulada, una vulnerabilidad también conocida como "Win32k Elevation of Privilege Vulnerability". Una vulnerabilidad diferente a CVE-2016-3266, CVE-2016-3376 y CVE-2016-7185. • http://www.securityfocus.com/bid/93556 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 28%CPEs: 7EXPL: 0CVE-2016-3341
https://notcve.org/view.php?id=CVE-2016-3341
The kernel-mode drivers in Transaction Manager in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Windows Transaction Manager Elevation of Privilege Vulnerability." Los drivers kernel-mode en Transaction Manager en Microsoft Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold, 1511 y 1607 permiten a usuarios locales obtener privilegios a través de una aplicación manipulada, una vulnerabilidad también conocida como "Windows Transaction Manager Elevation of Privilege Vulnerability". • http://www.securityfocus.com/bid/93391 http://www.securitytracker.com/id/1036996 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-123 • CWE-264: Permissions, Privileges, and Access Controls •