Skip to main content
CVE-2016-0034 HIGH KEV PATCH THREAT Act Now

Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets during decoding, which allows remote attackers to execute arbitrary code or cause a denial of service (object-header corruption). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 52.8%.

Denial Of Service Microsoft RCE
NVD VulDB
CVSS 3.1
8.8
EPSS
52.8%
Threat
4.8
CVE-2016-0015 HIGH POC PATCH THREAT Act Now

DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 65.1%.

RCE Buffer Overflow Microsoft Windows 10 Windows 7 +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
65.1%
Threat
5.0
CVE-2016-0010 HIGH Act Now

Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office 2016, Excel for Mac 2011, PowerPoint for Mac 2011, Word for Mac 2011, Excel 2016 for Mac, PowerPoint 2016 for. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 53.9% and no vendor patch available.

RCE Buffer Overflow Microsoft Excel For Mac Office +3
NVD
CVSS 3.0
7.8
EPSS
53.9%
CVE-2016-0002 HIGH Act Now

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 47.2% and no vendor patch available.

RCE Buffer Overflow Microsoft Jscript Vbscript
NVD
CVSS 3.0
7.5
EPSS
47.2%
CVE-2016-0024 HIGH PATCH Act Now

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via unspecified vectors, aka "Scripting Engine Memory Corruption Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 32.4%.

RCE Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
8.8
EPSS
32.4%
CVE-2016-0009 HIGH Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows 10 Gold and 1511 allow remote attackers to execute arbitrary code via unspecified vectors, aka "Win32k. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.6% and no vendor patch available.

RCE Privilege Escalation Microsoft Windows 10 Windows 7 +2
NVD
CVSS 3.0
8.8
EPSS
24.6%
CVE-2016-0016 HIGH POC PATCH This Week

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

RCE Microsoft Windows 10 Windows 7 Windows 8 +6
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
5.6%
CVE-2016-0035 HIGH Act Now

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 24.4% and no vendor patch available.

RCE Buffer Overflow Microsoft Excel Excel For Mac +2
NVD
CVSS 3.0
7.8
EPSS
24.4%
CVE-2016-0006 HIGH POC PATCH This Week

The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Public exploit code available.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 +6
NVD Exploit-DB
CVSS 3.0
7.3
EPSS
5.2%
CVE-2016-0007 HIGH POC PATCH This Week

The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 +6
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
1.8%
CVE-2016-0019 HIGH This Week

The Remote Desktop Protocol (RDP) service implementation in Microsoft Windows 10 Gold and 1511 allows remote attackers to bypass intended access restrictions and establish sessions for blank-password. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Microsoft Windows 10
NVD
CVSS 3.0
8.1
EPSS
9.9%
CVE-2016-0018 HIGH PATCH This Week

Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 R2, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

RCE Microsoft Windows 10 Windows 7 Windows 8 +2
NVD
CVSS 3.0
7.3
EPSS
6.8%
CVE-2015-8607 HIGH This Week

The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ubuntu Linux Pathtools Debian Linux
NVD
CVSS 3.0
7.3
EPSS
5.7%
CVE-2016-0014 HIGH PATCH This Week

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Microsoft Windows 10 Windows 7 Windows 8 +6
NVD
CVSS 3.0
7.8
EPSS
2.5%
CVE-2016-0020 HIGH This Week

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "MAPI DLL Loading. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 7 Windows Server 2008
NVD
CVSS 3.0
7.8
EPSS
0.7%
CVE-2015-8466 HIGH PATCH This Week

Swift3 before 1.9 allows remote attackers to conduct replay attacks via an Authorization request that lacks a Date header. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Fedora Swift3
NVD GitHub
CVSS 3.0
7.4
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy