Skip to main content
CVE-2015-6127 MEDIUM POC PATCH THREAT This Month

Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka "Windows Media Center. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 72.0%.

Information Disclosure Microsoft Windows 7 Windows 8 Windows 8 1 +1
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
72.0%
Threat
4.5
CVE-2015-6164 MEDIUM This Month

Microsoft Internet Explorer 9 through 11 improperly implements a cross-site scripting (XSS) protection mechanism, which allows remote attackers to bypass the Same Origin Policy via a crafted web. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 14.6% and no vendor patch available.

XSS Microsoft Internet Explorer
NVD
CVSS 2.0
6.8
EPSS
14.6%
CVE-2015-6170 MEDIUM This Month

Microsoft Edge allows remote attackers to gain privileges via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability.". Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Epss exploitation probability 14.4% and no vendor patch available.

Privilege Escalation Microsoft Edge
NVD
CVSS 2.0
6.8
EPSS
14.4%
CVE-2015-6176 MEDIUM POC This Month

Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS Microsoft Edge
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
4.3%
CVE-2015-6157 MEDIUM This Month

Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 22.3% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
22.3%
CVE-2015-6144 MEDIUM This Month

Microsoft Internet Explorer 8 through 11 and Microsoft Edge mishandle HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 21.3% and no vendor patch available.

XSS Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
21.3%
CVE-2015-6138 MEDIUM This Month

Microsoft Internet Explorer 8 through 11 mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 19.8% and no vendor patch available.

XSS Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
19.8%
CVE-2015-6165 MEDIUM This Month

Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 17.5% and no vendor patch available.

Information Disclosure Microsoft Silverlight
NVD
CVSS 2.0
4.3
EPSS
17.5%
CVE-2015-6114 MEDIUM This Month

Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 17.5% and no vendor patch available.

Information Disclosure Microsoft Silverlight
NVD
CVSS 2.0
4.3
EPSS
17.5%
CVE-2015-6135 MEDIUM This Month

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Microsoft Jscript Vbscript
NVD
CVSS 2.0
5.0
EPSS
8.5%
CVE-2015-6169 MEDIUM This Month

Microsoft Edge misparses HTTP responses, which allows remote attackers to redirect users to arbitrary web sites via unspecified vectors, aka "Microsoft Edge Spoofing Vulnerability.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 10.8% and no vendor patch available.

Information Disclosure Microsoft Edge
NVD
CVSS 2.0
4.3
EPSS
10.8%
CVE-2015-6161 MEDIUM This Month

Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 2.0
4.3
EPSS
10.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy