Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-12-13 | CVE-2016-6664 | Link Following vulnerability in multiple products mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and 5.7.x through 5.7.14; MariaDB; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17, when using file-based logging, allows local users with access to the mysql account to gain root privileges via a symlink attack on error logs and possibly other files. | 7.0 |
| 2016-12-13 | CVE-2016-6663 | Race Condition vulnerability in multiple products Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table. | 7.0 |
| 2016-12-13 | CVE-2016-7952 | Improper Access Control vulnerability in multiple products X.org libXtst before 1.2.3 allows remote X servers to cause a denial of service (infinite loop) via a reply in the (1) XRecordStartOfData, (2) XRecordEndOfData, or (3) XRecordClientDied category without a client sequence and with attached data. | 7.5 |
| 2016-12-13 | CVE-2016-7946 | Improper Access Control vulnerability in multiple products X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields. | 7.5 |
| 2016-12-13 | CVE-2016-7945 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields. | 7.5 |
| 2016-12-13 | CVE-2016-6706 | Permissions, Privileges, and Access Controls vulnerability in Google Android An elevation of privilege vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. | 7.8 |
| 2016-12-13 | CVE-2016-6699 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android A remote code execution vulnerability in libstagefright in Mediaserver in Android 7.0 before 2016-11-01 could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. | 7.8 |
| 2016-12-13 | CVE-2016-5647 | Permissions, Privileges, and Access Controls vulnerability in Intel Graphics Driver The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, 15.36.x through 15.36.30.4385, and 15.40.x through 15.40.4404 on Windows allows local users to cause a denial of service (crash) or gain privileges via a crafted D3DKMTEscape request. | 7.8 |
| 2016-12-13 | CVE-2015-3418 | Divide By Zero vulnerability in X.Org Xorg-Server The ProcPutImage function in dix/dispatch.c in X.Org Server (aka xserver and xorg-server) before 1.16.4 allows attackers to cause a denial of service (divide-by-zero and crash) via a zero-height PutImage request. | 7.5 |
| 2016-12-13 | CVE-2015-3217 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by /^(?:(?(1)\\.|([^\\\\W_])?)+)+$/. | 7.5 |