Skip to main content
CVE-2016-3235 HIGH POC KEV PATCH THREAT Act Now

Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Information Disclosure Microsoft
NVD Exploit-DB VulDB
CVSS 3.1
7.8
EPSS
81.2%
Threat
7.0
CVE-2016-4171 CRITICAL KEV THREAT Emergency

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 56.5%.

Adobe RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
56.5%
Threat
5.2
CVE-2016-3236 CRITICAL POC THREAT Emergency

The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 78.0%.

Information Disclosure Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
9.8
EPSS
78.0%
Threat
5.8
CVE-2016-3213 HIGH POC THREAT Act Now

The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 78.3%.

Privilege Escalation Microsoft Internet Explorer Windows 10 Windows 7 +5
NVD
CVSS 3.0
8.8
EPSS
78.3%
Threat
5.6
CVE-2016-0199 HIGH POC THREAT Act Now

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 70.1%.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
70.1%
Threat
5.4
CVE-2016-3222 HIGH POC THREAT Act Now

Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability.". Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.5%.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
67.5%
Threat
5.3
CVE-2016-4138 CRITICAL POC PATCH THREAT Act Now

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.7%.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
60.7%
Threat
5.3
CVE-2016-3223 HIGH POC THREAT Act Now

Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 54.8%.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
8.1
EPSS
54.8%
Threat
4.8
CVE-2016-3225 HIGH POC THREAT Act Now

The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 26.1%.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
26.1%
CVE-2016-4137 HIGH POC PATCH THREAT Act Now

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.0%.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
35.0%
Threat
4.3
CVE-2016-4136 HIGH POC PATCH THREAT Act Now

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 35.0%.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
35.0%
Threat
4.3
CVE-2016-4135 HIGH POC PATCH THREAT Act Now

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 30.3%.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD Exploit-DB
CVSS 3.1
8.8
EPSS
30.3%
Threat
4.2
CVE-2016-3203 HIGH Act Now

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 49.2% and no vendor patch available.

RCE Microsoft Edge Windows 10 Windows 8 1 +1
NVD
CVSS 3.0
7.8
EPSS
49.2%
CVE-2016-3216 MEDIUM POC THREAT This Month

GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 37.5%.

Information Disclosure Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD Exploit-DB
CVSS 3.0
4.3
EPSS
37.5%
CVE-2016-3228 HIGH Act Now

Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka "Windows Netlogon. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 33.8% and no vendor patch available.

RCE Buffer Overflow Microsoft Windows Server 2008 Windows Server 2012
NVD
CVSS 3.0
8.8
EPSS
33.8%
CVE-2016-3220 HIGH POC THREAT Act Now

atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 14.2%.

Adobe Privilege Escalation Microsoft Windows 10 Windows 7 +5
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
14.2%
CVE-2016-3219 HIGH POC THREAT Act Now

The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability.". Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.6%.

Privilege Escalation Microsoft Windows 10
NVD Exploit-DB
CVSS 3.0
7.8
EPSS
12.6%
CVE-2016-3227 CRITICAL Act Now

Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.3% and no vendor patch available.

RCE Denial Of Service Microsoft Windows Server 2012
NVD
CVSS 3.0
9.8
EPSS
20.3%
CVE-2016-3198 MEDIUM This Month

Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass.". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 34.9% and no vendor patch available.

Authentication Bypass Microsoft Edge
NVD
CVSS 3.0
6.5
EPSS
34.9%
CVE-2016-3214 HIGH PATCH Act Now

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.8%.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
8.8
EPSS
22.8%
CVE-2016-3233 HIGH Act Now

Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Epss exploitation probability 29.8% and no vendor patch available.

RCE Buffer Overflow Microsoft Excel Office Compatibility Pack
NVD
CVSS 3.0
7.3
EPSS
29.8%
CVE-2016-3215 MEDIUM PATCH This Month

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 37.8%.

Information Disclosure Microsoft Windows 10 Windows 8 1 Windows Server 2012 +1
NVD
CVSS 3.0
5.5
EPSS
37.8%
CVE-2016-4121 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.9%.

Memory Corruption RCE Use After Free Microsoft Adobe +5
NVD
CVSS 3.1
9.8
EPSS
15.9%
CVE-2016-0025 HIGH Act Now

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office 2016, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Automation. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. Epss exploitation probability 26.9% and no vendor patch available.

RCE Buffer Overflow Microsoft Office Office Compatibility Pack +6
NVD
CVSS 3.0
7.3
EPSS
26.9%
CVE-2016-3199 HIGH PATCH Act Now

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 19.2%.

Denial Of Service RCE Buffer Overflow Microsoft Edge
NVD
CVSS 3.0
8.8
EPSS
19.2%
CVE-2016-3201 MEDIUM This Month

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 30.6% and no vendor patch available.

Information Disclosure Microsoft Edge Windows 10 Windows 8 1 +1
NVD
CVSS 3.0
6.5
EPSS
30.6%
CVE-2016-3211 HIGH Act Now

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 18.5% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
8.8
EPSS
18.5%
CVE-2016-3210 HIGH Act Now

The Microsoft (1) JScript and (2) VBScript engines, as used in Internet Explorer 11, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 17.9% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
8.8
EPSS
17.9%
CVE-2016-0200 HIGH Act Now

Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 14.0% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Internet Explorer
NVD
CVSS 3.0
8.8
EPSS
14.0%
CVE-2016-4167 CRITICAL Act Now

Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe Buffer Overflow RCE Dng Software Development Kit
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2016-3234 MEDIUM This Month

Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 27.2% and no vendor patch available.

Information Disclosure Microsoft Office Office Compatibility Pack Office Web Apps +3
NVD
CVSS 3.0
5.5
EPSS
27.2%
CVE-2016-4163 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +5
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2016-4162 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +5
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2016-4161 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +5
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2016-4160 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +5
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2016-4120 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +5
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2016-3212 MEDIUM This Month

The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 22.4% and no vendor patch available.

XSS Microsoft Internet Explorer
NVD
CVSS 3.0
6.1
EPSS
22.4%
CVE-2016-4165 CRITICAL Act Now

The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Brackets
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2016-3206 HIGH Act Now

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 14.9% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Jscript +1
NVD
CVSS 3.0
7.5
EPSS
14.9%
CVE-2016-3205 HIGH Act Now

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 14.9% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Jscript +1
NVD
CVSS 3.0
7.5
EPSS
14.9%
CVE-2016-3202 HIGH PATCH Act Now

The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 14.9%.

Denial Of Service RCE Buffer Overflow Microsoft Chakra Javascript +2
NVD
CVSS 3.0
7.5
EPSS
14.9%
CVE-2016-3207 HIGH Act Now

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 13.2% and no vendor patch available.

Denial Of Service RCE Buffer Overflow Microsoft Jscript +1
NVD
CVSS 3.0
7.5
EPSS
13.2%
CVE-2016-4150 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Enterprise Linux Desktop +7
NVD
CVSS 3.1
8.8
EPSS
5.7%
CVE-2016-4156 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
8.8
EPSS
5.0%
CVE-2016-0028 MEDIUM This Month

Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 21.1% and no vendor patch available.

Information Disclosure Microsoft Outlook Web Access
NVD
CVSS 3.0
5.5
EPSS
21.1%
CVE-2016-4155 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Enterprise Linux Desktop +7
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2016-4154 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Enterprise Linux Desktop +7
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2016-4153 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Enterprise Linux Desktop +7
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2016-4152 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Enterprise Linux Desktop +7
NVD
CVSS 3.1
8.8
EPSS
4.2%
CVE-2016-4151 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Enterprise Linux Desktop +7
NVD
CVSS 3.1
8.8
EPSS
4.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy