Skip to main content
CVE-2016-0168 MEDIUM POC THREAT This Month

GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 69.6%.

Information Disclosure Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
69.6%
Threat
4.9
CVE-2016-0169 MEDIUM POC THREAT This Month

GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 62.7%.

Information Disclosure Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
62.7%
Threat
4.7
CVE-2016-0149 MEDIUM This Month

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 15.8% and no vendor patch available.

Information Disclosure Microsoft Net Framework
NVD
CVSS 3.0
5.9
EPSS
15.8%
CVE-2016-1115 MEDIUM This Month

Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 mishandles wildcards in name fields of X.509 certificates, which might allow man-in-the-middle attackers to spoof. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Adobe Information Disclosure Coldfusion
NVD
CVSS 3.1
5.9
EPSS
2.5%
CVE-2016-1113 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Coldfusion
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2016-1236 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Websvn Debian Linux
NVD
CVSS 3.0
6.1
EPSS
0.4%
CVE-2016-0190 MEDIUM This Month

Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 8 1 Windows Rt 8 1 Windows Server 2012
NVD
CVSS 3.0
5.5
EPSS
2.4%
CVE-2016-0181 MEDIUM This Month

Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity (HVCI) protection mechanism and perform RWX markings of kernel-mode pages via a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-3712 MEDIUM PATCH This Month

Integer overflow in the VGA module in QEMU allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) by editing VGA registers in VBE mode. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Integer Overflow Denial Of Service Buffer Overflow Vm Server Qemu +9
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2016-0194 MEDIUM This Month

Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 3.0
5.3
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy