Skip to main content
CVE-2016-3261 MEDIUM This Month

Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability.". Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 36.7% and no vendor patch available.

Information Disclosure Microsoft Internet Explorer
NVD
CVSS 3.0
5.3
EPSS
36.7%
CVE-2016-3279 MEDIUM This Month

Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Epss exploitation probability 34.4% and no vendor patch available.

RCE Microsoft Excel Excel Rt Office +6
NVD
CVSS 3.0
5.5
EPSS
34.4%
CVE-2016-3277 MEDIUM This Month

Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability.". Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 32.5% and no vendor patch available.

Information Disclosure Microsoft Edge Internet Explorer
NVD
CVSS 3.0
5.3
EPSS
32.5%
CVE-2016-3271 MEDIUM This Month

The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability.". Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 26.0% and no vendor patch available.

Information Disclosure Microsoft Edge
NVD
CVSS 3.0
6.5
EPSS
26.0%
CVE-2016-3273 MEDIUM This Month

The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 22.9% and no vendor patch available.

XSS Information Disclosure Microsoft Edge Internet Explorer
NVD
CVSS 3.0
5.3
EPSS
22.9%
CVE-2016-3244 MEDIUM This Month

Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass.". Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 25.7% and no vendor patch available.

Microsoft Authentication Bypass Edge
NVD
CVSS 3.0
4.3
EPSS
25.7%
CVE-2016-3245 MEDIUM This Month

Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.5% and no vendor patch available.

Microsoft Authentication Bypass Internet Explorer
NVD
CVSS 3.0
6.5
EPSS
10.5%
CVE-2016-3256 MEDIUM This Month

Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection mechanism and obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Microsoft Windows 10
NVD
CVSS 3.0
5.0
EPSS
4.7%
CVE-2015-8808 MEDIUM This Month

The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 allows remote attackers to cause a denial of service (uninitialized memory access) via a crafted GIF file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Graphicsmagick Linux Enterprise Debuginfo Studio Onsite +2
NVD
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-4247 MEDIUM PATCH This Month

Race condition in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.

Adobe Race Condition Information Disclosure Microsoft Flash Player Desktop Runtime +1
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2016-5092 MEDIUM This Month

Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 allows remote authenticated administrators with read and write privileges to read arbitrary files by leveraging the autolearn. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Fortinet Fortiweb
NVD
CVSS 3.0
4.9
EPSS
0.3%
CVE-2016-3258 MEDIUM This Month

Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection. Rated medium severity (CVSS 4.7). No vendor patch available.

Privilege Escalation Microsoft Windows 10 Windows 8 1 Windows Rt 8 1 +1
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2016-3287 MEDIUM This Month

Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Microsoft Windows 10 Windows 8 1 Windows Rt 8 1 +1
NVD
CVSS 3.0
4.4
EPSS
0.5%
CVE-2016-4178 MEDIUM PATCH This Month

Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Microsoft Adobe Authentication Bypass Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2016-5109 MEDIUM This Month

Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for iOS before 10.3.6 might allow physically proximate attackers to bypass in-application Apple Touch ID authentication via. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Apple Citrix Authentication Bypass Xenmobile Mdx Toolkit Worx Home
NVD
CVSS 3.0
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy