Skip to main content
CVE-2016-4171 CRITICAL KEV THREAT Emergency

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in June 2016. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 56.5%.

Adobe RCE
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
56.5%
Threat
5.2
CVE-2016-3236 CRITICAL POC THREAT Emergency

The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 78.0%.

Information Disclosure Microsoft Windows 10 Windows 7 Windows 8 1 +4
NVD
CVSS 3.0
9.8
EPSS
78.0%
Threat
5.8
CVE-2016-4138 CRITICAL POC PATCH THREAT Act Now

Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 60.7%.

Adobe Information Disclosure Microsoft Enterprise Linux Desktop Enterprise Linux Server +6
NVD Exploit-DB
CVSS 3.1
9.8
EPSS
60.7%
Threat
5.3
CVE-2016-3227 CRITICAL Act Now

Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 20.3% and no vendor patch available.

RCE Denial Of Service Microsoft Windows Server 2012
NVD
CVSS 3.0
9.8
EPSS
20.3%
CVE-2016-4121 CRITICAL PATCH Act Now

Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 15.9%.

Memory Corruption RCE Use After Free Microsoft Adobe +5
NVD
CVSS 3.1
9.8
EPSS
15.9%
CVE-2016-4167 CRITICAL Act Now

Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Adobe Buffer Overflow RCE Dng Software Development Kit
NVD
CVSS 3.0
9.8
EPSS
6.5%
CVE-2016-4163 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +5
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2016-4162 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +5
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2016-4161 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +5
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2016-4160 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +5
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2016-4120 CRITICAL PATCH Act Now

Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

RCE Denial Of Service Buffer Overflow Microsoft Adobe +5
NVD
CVSS 3.1
9.8
EPSS
5.2%
CVE-2016-4165 CRITICAL Act Now

The extension manager in Adobe Brackets before 1.7 allows attackers to have an unspecified impact via invalid input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Brackets
NVD
CVSS 3.0
9.8
EPSS
3.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy