Skip to main content
CVE-2016-4166 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Flash Player Desktop Runtime +1
NVD
CVSS 3.1
8.8
EPSS
3.7%
CVE-2016-4149 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

Adobe Memory Corruption Information Disclosure Microsoft Flash Player Desktop Runtime +7
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4148 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4147 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4146 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Flash Player Flash Player Desktop Runtime +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4145 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4144 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4143 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4142 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4141 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4140 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4139 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4134 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4133 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4132 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4131 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD
CVSS 3.1
8.8
EPSS
2.9%
CVE-2016-4130 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Enterprise Linux Desktop +7
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2016-4129 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Enterprise Linux Desktop +7
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2016-4128 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Enterprise Linux Desktop +7
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2016-4127 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Enterprise Linux Desktop +7
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2016-4125 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Enterprise Linux Desktop +7
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2016-4124 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Enterprise Linux Desktop +7
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2016-4123 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Enterprise Linux Desktop +7
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2016-4122 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow Microsoft Enterprise Linux Desktop +7
NVD
CVSS 3.1
8.8
EPSS
2.7%
CVE-2016-3062 HIGH PATCH This Week

The mov_read_dref function in libavformat/mov.c in Libav before 11.7 and FFmpeg before 0.11 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Denial Of Service RCE Buffer Overflow Libav Ffmpeg +2
NVD GitHub
CVSS 3.0
8.8
EPSS
2.5%
CVE-2016-3226 MEDIUM This Month

Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts,. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 13.4% and no vendor patch available.

Microsoft Denial Of Service Authentication Bypass Windows Server 2008 Windows Server 2012
NVD
CVSS 3.0
6.5
EPSS
13.4%
CVE-2016-4126 HIGH PATCH This Week

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Information Disclosure Microsoft Air Desktop Runtime
NVD
CVSS 3.1
8.8
EPSS
1.3%
CVE-2016-3231 HIGH This Week

The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows Diagnostics Hub
NVD
CVSS 3.0
7.8
EPSS
3.1%
CVE-2016-3232 MEDIUM This Month

The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. Epss exploitation probability 16.8% and no vendor patch available.

Information Disclosure Microsoft Windows Server 2012
NVD
CVSS 3.0
5.0
EPSS
16.8%
CVE-2016-3221 HIGH This Week

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
0.9%
CVE-2016-5300 HIGH PATCH This Week

The XML parser in Expat does not use sufficient entropy for hash initialization, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted identifiers in an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Ubuntu Linux Debian Linux Libexpat Android
NVD
CVSS 3.0
7.5
EPSS
2.2%
CVE-2016-3218 HIGH This Week

The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2016-5361 HIGH PATCH This Week

programs/pluto/ikev1.c in libreswan before 3.17 retransmits in initial-responder states, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed UDP packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Libreswan
NVD GitHub
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-4158 HIGH This Week

Unquoted Windows search path vulnerability in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse executable file in the. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Adobe Privilege Escalation Microsoft Windows Creative Cloud
NVD
CVSS 3.0
7.3
EPSS
1.6%
CVE-2016-4157 HIGH This Week

Untrusted search path vulnerability in the installer in Adobe Creative Cloud Desktop Application before 3.7.0.272 on Windows allows local users to gain privileges via a Trojan horse resource in an. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Adobe Privilege Escalation Microsoft Creative Cloud
NVD
CVSS 3.0
7.3
EPSS
0.2%
CVE-2016-2538 HIGH This Week

Multiple integer overflows in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 allow local guest OS administrators to cause a denial of service (QEMU process crash) or obtain. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu
NVD
CVSS 3.0
7.1
EPSS
0.1%
CVE-2016-2392 MEDIUM This Month

The is_rndis function in the USB Net device emulator (hw/usb/dev-network.c) in QEMU before 2.5.1 does not properly validate USB configuration descriptor objects, which allows local guest OS. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu Ubuntu Linux
NVD
CVSS 3.0
6.5
EPSS
0.1%
CVE-2016-4159 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 20, 11 before Update 9, and 2016 before Update 2 allows remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Coldfusion
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2016-4164 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Brackets
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2012-6702 MEDIUM This Month

Expat, when used in a parser that has not called XML_SetHashSalt or passed it a seed of 0, makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via vectors. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Libexpat Ubuntu Linux Debian Linux Android
NVD
CVSS 3.0
5.9
EPSS
0.6%
CVE-2016-2841 MEDIUM This Month

The ne2000_receive function in the NE2000 NIC emulation support (hw/net/ne2000.c) in QEMU before 2.5.1 allows local guest OS administrators to cause a denial of service (infinite loop and QEMU. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Qemu Ubuntu Linux
NVD
CVSS 3.0
6.0
EPSS
0.1%
CVE-2016-3687 MEDIUM This Month

Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, and 11.6.x before 11.6.0 HF6 and Edge Gateway 11.2.1, when using multi-domain single sign-on (SSO), allows remote attackers to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Open Redirect Big Ip Access Policy Manager Big Ip Edge Gateway
NVD
CVSS 3.0
5.3
EPSS
0.4%
CVE-2016-3230 MEDIUM This Month

The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Microsoft Windows 10 Windows 7 Windows 8 1 +3
NVD
CVSS 3.0
5.0
EPSS
1.3%
CVE-2016-2391 MEDIUM PATCH This Month

The ohci_bus_start function in the USB OHCI emulation support (hw/usb/hcd-ohci.c) in QEMU allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Qemu Ubuntu Linux Debian Linux
NVD
CVSS 3.1
5.0
EPSS
0.1%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy