Skip to main content
CVE-2016-0040 HIGH POC KEV PATCH THREAT Act Now

The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Microsoft
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
78.9%
Threat
6.9
CVE-2016-0984 HIGH POC KEV PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Memory Corruption RCE Adobe Microsoft Use After Free
NVD Exploit-DB VulDB
CVSS 3.1
8.8
EPSS
75.9%
Threat
7.0
CVE-2016-0957 HIGH POC PATCH THREAT Act Now

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 93.2%.

Adobe Authentication Bypass Dispatcher Experience Manager
NVD
CVSS 3.0
7.5
EPSS
93.2%
Threat
5.8
CVE-2016-0051 HIGH POC THREAT Act Now

Microsoft Windows WebDAV client in Vista through Windows 10 contains a local privilege escalation vulnerability. Local attackers can exploit a flaw in the WebDAV Mini-Redirector driver to elevate privileges from standard user to SYSTEM, enabling complete local system compromise.

Privilege Escalation Microsoft
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
65.1%
Threat
7.0
CVE-2016-0041 HIGH POC THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 10 and 11. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and EPSS exploitation probability 58.3%.

RCE Microsoft Internet Explorer Windows 10 Windows 7 +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
58.3%
Threat
4.8
CVE-2016-0971 HIGH POC PATCH THREAT Act Now

Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.5%.

Memory Corruption RCE Buffer Overflow Microsoft Adobe +5
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
64.5%
Threat
5.2
CVE-2016-0985 HIGH POC PATCH THREAT Act Now

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 58.6%.

Adobe Memory Corruption RCE Microsoft Flash Player +4
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
58.6%
Threat
5.0
CVE-2016-0974 HIGH POC PATCH THREAT Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 58.6%.

Memory Corruption RCE Use After Free Microsoft Adobe +5
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
58.6%
Threat
5.0
CVE-2016-0967 HIGH POC PATCH THREAT Act Now

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 55.5%.

Memory Corruption RCE Denial Of Service Buffer Overflow Microsoft +6
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
55.5%
Threat
4.9
CVE-2016-0965 HIGH POC PATCH THREAT Act Now

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 55.5%.

Memory Corruption RCE Denial Of Service Buffer Overflow Microsoft +6
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
55.5%
Threat
4.9
CVE-2016-0964 HIGH POC PATCH THREAT Act Now

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 55.5%.

Memory Corruption RCE Denial Of Service Buffer Overflow Microsoft +6
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
55.5%
Threat
4.9
CVE-2016-0063 HIGH POC THREAT Act Now

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 40.6%.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
40.6%
Threat
4.5
CVE-2016-0953 CRITICAL POC PATCH THREAT Act Now

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.5%.

Denial Of Service Adobe Buffer Overflow RCE Bridge Cc +1
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
17.5%
Threat
4.0
CVE-2016-0952 CRITICAL POC PATCH THREAT Act Now

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.5%.

Denial Of Service Adobe Buffer Overflow RCE Bridge Cc +1
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
17.5%
Threat
4.0
CVE-2016-0951 CRITICAL POC PATCH THREAT Act Now

Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.5%.

Denial Of Service Adobe Buffer Overflow RCE Bridge Cc +1
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
17.5%
Threat
4.0
CVE-2016-0037 HIGH Act Now

The forms-based authentication implementation in Active Directory Federation Services (ADFS) 3.0 in Microsoft Windows Server 2012 R2 allows remote attackers to cause a denial of service (daemon. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 43.8% and no vendor patch available.

Denial Of Service Microsoft Windows Server 2012
NVD
CVSS 3.0
7.5
EPSS
43.8%
CVE-2016-0050 MEDIUM This Month

Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and R2 misparses username queries, which allows remote attackers to cause a denial of service (RADIUS. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 53.2% and no vendor patch available.

Denial Of Service Microsoft Windows Server 2008 Windows Server 2012
NVD
CVSS 3.0
5.3
EPSS
53.2%
CVE-2016-0060 HIGH Act Now

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 29.9% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge +1
NVD
CVSS 3.0
8.8
EPSS
29.9%
CVE-2016-0956 HIGH POC PATCH THREAT Act Now

The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.3%.

Adobe Information Disclosure Apache Sling Experience Manager
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
13.3%
CVE-2016-0054 HIGH Act Now

Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, Excel Viewer, Excel Services on. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 31.5% and no vendor patch available.

RCE Buffer Overflow Microsoft Excel Excel For Mac +6
NVD
CVSS 3.0
7.8
EPSS
31.5%
CVE-2016-0053 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2013. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 31.2% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +4
NVD
CVSS 3.0
7.8
EPSS
31.2%
CVE-2016-0055 HIGH Act Now

Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 30.3% and no vendor patch available.

RCE Buffer Overflow Microsoft Office
NVD
CVSS 3.0
7.8
EPSS
30.3%
CVE-2016-0044 HIGH PATCH Act Now

Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows remote attackers to cause a denial of service (SyncShareSvc service outage) via crafted "change batch" data,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 31.7%.

Denial Of Service Microsoft Windows 8 1 Windows Rt 8 1 Windows Server 2012
NVD
CVSS 3.0
7.5
EPSS
31.7%
CVE-2016-0052 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 29.9% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +5
NVD
CVSS 3.0
7.8
EPSS
29.9%
CVE-2016-0022 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 29.9% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Compatibility Pack Office Web Apps Server +4
NVD
CVSS 3.0
7.8
EPSS
29.9%
CVE-2016-0046 HIGH PATCH Act Now

Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted Reader file, aka "Microsoft Windows Reader. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 27.4%.

RCE Microsoft Windows 10 Windows 8 1 Windows Server 2012
NVD
CVSS 3.0
7.8
EPSS
27.4%
CVE-2016-0058 HIGH PATCH Act Now

Buffer overflow in the PDF Library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote attackers to execute arbitrary code via a crafted PDF document that triggers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 26.3%.

RCE Buffer Overflow Microsoft Windows 10 Windows 8 1 +1
NVD
CVSS 3.0
7.8
EPSS
26.3%
CVE-2016-0071 HIGH Act Now

Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.5% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
8.8
EPSS
20.5%
CVE-2016-0067 HIGH Act Now

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.5% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
8.8
EPSS
20.5%
CVE-2016-0064 HIGH Act Now

Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.5% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
8.8
EPSS
20.5%
CVE-2016-0056 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 24.7% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +1
NVD
CVSS 3.0
7.8
EPSS
24.7%
CVE-2016-0084 HIGH Act Now

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.9% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
8.8
EPSS
17.9%
CVE-2016-0062 HIGH Act Now

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.1% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge +1
NVD
CVSS 3.0
8.8
EPSS
17.1%
CVE-2016-0061 HIGH Act Now

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.1% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Edge +1
NVD
CVSS 3.0
8.8
EPSS
17.1%
CVE-2016-0033 HIGH Act Now

Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 does not prevent recursive compilation of XSLT transforms, which allows remote attackers to cause a denial of service (performance. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 23.4% and no vendor patch available.

RCE Denial Of Service Code Injection Microsoft Net Framework
NVD
CVSS 3.0
7.5
EPSS
23.4%
CVE-2016-0038 HIGH PATCH Act Now

Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 20.3%.

RCE Buffer Overflow Microsoft Windows 10 Windows 7 +4
NVD
CVSS 3.0
7.8
EPSS
20.3%
CVE-2016-0047 HIGH Act Now

WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to obtain sensitive information from process memory via crafted icon data, aka "Windows Forms. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 21.0% and no vendor patch available.

Information Disclosure Microsoft Net Framework
NVD
CVSS 3.0
7.5
EPSS
21.0%
CVE-2016-0982 HIGH PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.5%.

Adobe RCE Microsoft Flash Player Flash Player Desktop Runtime +3
NVD
CVSS 3.1
8.8
EPSS
14.5%
CVE-2016-0072 HIGH Act Now

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
8.8
EPSS
14.0%
CVE-2016-0036 HIGH PATCH Act Now

The Remote Desktop Protocol (RDP) implementation in Microsoft Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows remote authenticated users to execute arbitrary code. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 17.4%.

RCE Privilege Escalation Microsoft Windows 10 Windows 7 +2
NVD
CVSS 3.0
8.1
EPSS
17.4%
CVE-2016-0049 MEDIUM POC This Month

Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Microsoft Authentication Bypass Windows 10 Windows 7 Windows 8 1 +3
NVD Exploit-DB
CVSS 3.0
6.2
EPSS
3.6%
CVE-2015-7675 MEDIUM POC This Month

The "Send as attachment" feature in Ipswitch MOVEit DMZ before 8.2 and MOVEit Mobile before 1.2.2 allow remote authenticated users to bypass authorization and read uploaded files via a valid FileID. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Moveit Dmz Moveit Mobile
NVD
CVSS 3.0
6.5
EPSS
0.0%
CVE-2016-0983 HIGH PATCH This Week

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Microsoft Adobe +5
NVD
CVSS 3.1
8.8
EPSS
8.4%
CVE-2016-0949 CRITICAL Act Now

Adobe Connect before 9.5.2 allows remote attackers to have an unspecified impact via a crafted parameter in a URL. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Connect
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2016-0981 HIGH PATCH This Week

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Denial Of Service Buffer Overflow Microsoft +6
NVD
CVSS 3.1
8.8
EPSS
7.2%
CVE-2015-7679 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the query string to mobile/. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Moveit Mobile
NVD
CVSS 3.0
6.1
EPSS
0.0%
CVE-2016-0975 HIGH PATCH This Week

Use-after-free vulnerability in the instanceof function in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Microsoft Adobe +5
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2016-0973 HIGH PATCH This Week

Use-after-free vulnerability in the URLRequest object implementation in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux,. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption RCE Use After Free Microsoft Adobe +5
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2016-0980 HIGH PATCH This Week

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Denial Of Service Buffer Overflow Microsoft +6
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2016-0979 HIGH PATCH This Week

Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Memory Corruption RCE Denial Of Service Buffer Overflow Microsoft +6
NVD
CVSS 3.1
8.8
EPSS
4.6%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy