Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-17 | CVE-2016-7454 | Cross-Site Request Forgery (CSRF) vulnerability in Technicolor Xfinity Gateway Router Dpc3941T Firmware Dpc3941P2018V303R20421733160413Acmcst CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router. | 8.0 |
| 2016-12-16 | CVE-2016-8825 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges. | 7.8 |
| 2016-12-16 | CVE-2016-8824 | Improper Access Control vulnerability in Nvidia GPU Driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where improper access controls allow a regular user to write a part of the registry intended for privileged users only, leading to escalation of privileges. | 7.8 |
| 2016-12-16 | CVE-2016-8823 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where the size of an input buffer is not validated leading to a denial of service or possible escalation of privileges | 7.8 |
| 2016-12-16 | CVE-2016-8822 | Improper Input Validation vulnerability in Nvidia GPU Driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x600000E, 0x600000F, and 0x6000010 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges. | 7.8 |
| 2016-12-16 | CVE-2016-8821 | Improper Access Control vulnerability in Nvidia GPU Driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer handler for DxgDdiEscape where improper access controls may allow a user to access arbitrary physical memory, leading to an escalation of privileges. | 7.8 |
| 2016-12-16 | CVE-2016-8819 | Missing Release of File Descriptor or Handle after Effective Lifetime vulnerability in Nvidia GPU Driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where a handle to a kernel object may be returned to the user, leading to possible denial of service or escalation of privileges. | 7.8 |
| 2016-12-16 | CVE-2016-8818 | Improper Input Validation vulnerability in Nvidia GPU Driver All versions of NVIDIA Windows GPU Display contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a pointer passed from a user to the driver is used without validation, leading to denial of service or potential escalation of privileges. | 7.8 |
| 2016-12-16 | CVE-2016-8817 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nvidia GPU Driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the size input to memcpy(), causing a buffer overflow, leading to denial of service or potential escalation of privileges. | 7.8 |
| 2016-12-16 | CVE-2016-8816 | Improper Validation of Array Index vulnerability in Nvidia GPU Driver All versions of NVIDIA Windows GPU Display Driver contain a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape where a value passed from a user to the driver is used without validation as the index to an array, leading to denial of service or potential escalation of privileges. | 7.8 |