Skip to main content
CVE-2016-7866 CRITICAL POC PATCH THREAT Act Now

Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 64.4%.

Adobe Buffer Overflow RCE Animate
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
64.4%
Threat
5.4
CVE-2016-7892 HIGH KEV PATCH THREAT Act Now

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the TextField class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and EPSS exploitation probability 23.3%.

Memory Corruption Denial Of Service RCE Adobe Use After Free
NVD
CVSS 3.1
8.8
EPSS
23.3%
Threat
4.0
CVE-2016-9565 CRITICAL POC THREAT Emergency

MagpieRSS, as used in the front-end component in Nagios Core before 4.2.2 might allow remote attackers to read or write to arbitrary files by spoofing a crafted response from the Nagios RSS feed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 19.9%.

Authentication Bypass Nagios
NVD Exploit-DB
CVSS 3.0
9.8
EPSS
19.9%
Threat
4.1
CVE-2016-9566 HIGH POC PATCH This Week

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Nagios
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
8.6%
CVE-2016-7886 CRITICAL Act Now

Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0.0 and earlier have an exploitable memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 10.5% and no vendor patch available.

Adobe Buffer Overflow RCE Indesign Indesign Server
NVD
CVSS 3.1
9.8
EPSS
10.5%
CVE-2015-6574 HIGH POC This Week

The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP products allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Mms Ease Firmware Ax S4 Iccp Firmware
NVD
CVSS 3.0
7.5
EPSS
1.0%
CVE-2016-7856 CRITICAL Act Now

Adobe DNG Converter versions 9.7 and earlier have an exploitable memory corruption vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Buffer Overflow RCE Dng Converter
NVD
CVSS 3.0
9.8
EPSS
3.8%
CVE-2016-6851 MEDIUM POC This Month

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ox Guard
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
1.4%
CVE-2016-5740 MEDIUM POC This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Open Xchange Appsuite
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.9%
CVE-2016-6854 MEDIUM POC This Month

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ox Guard
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.8%
CVE-2016-6853 MEDIUM POC This Month

An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Ox Guard
NVD Exploit-DB
CVSS 3.0
6.1
EPSS
0.8%
CVE-2016-7881 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class when handling conversion to an object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption RCE Denial Of Service Use After Free Adobe +2
NVD
CVSS 3.1
8.8
EPSS
5.9%
CVE-2016-7880 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability when setting the length property of an array object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption RCE Denial Of Service Use After Free Adobe +2
NVD
CVSS 3.1
8.8
EPSS
5.9%
CVE-2016-7877 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the Action Message Format serialization (AFM0). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption RCE Denial Of Service Use After Free Adobe +2
NVD
CVSS 3.1
8.8
EPSS
5.9%
CVE-2016-7876 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Clipboard class related to data handling functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow RCE Flash Player Desktop Runtime +1
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2016-7874 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the NetConnection class when handling the proxy types. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow RCE Flash Player Desktop Runtime +1
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2016-7873 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the PSDK class related to ad policy functionality method. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow RCE Flash Player Desktop Runtime +1
NVD
CVSS 3.1
8.8
EPSS
5.1%
CVE-2016-7879 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the NetConnection class when handling an attached script object. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption RCE Denial Of Service Use After Free Adobe +2
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2016-7878 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the PSDK's MediaPlayer class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption RCE Denial Of Service Use After Free Adobe +2
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2016-7872 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable use after free vulnerability in the MovieClip class related to objects at multiple presentation. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Memory Corruption RCE Denial Of Service Use After Free Adobe +2
NVD
CVSS 3.1
8.8
EPSS
3.8%
CVE-2016-7875 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable integer overflow vulnerability in the BitmapData class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Adobe RCE Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2016-7871 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable memory corruption vulnerability in the Worker class. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow RCE Flash Player Desktop Runtime +1
NVD
CVSS 3.1
8.8
EPSS
2.8%
CVE-2016-7887 HIGH This Week

Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and earlier have an important vulnerability that could lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Adobe Information Disclosure Coldfusion Builder
NVD
CVSS 3.1
7.5
EPSS
8.6%
CVE-2016-7885 HIGH PATCH This Week

Adobe Experience Manager versions 6.2 and earlier have a vulnerability that could be used in Cross-Site Request Forgery attacks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Adobe CSRF Experience Manager
NVD
CVSS 3.0
8.8
EPSS
1.2%
CVE-2016-7870 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class for specific search strategies. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow RCE Flash Player Desktop Runtime +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2016-7869 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to backtrack search. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow RCE Flash Player Desktop Runtime +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2016-7868 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to alternation functionality. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow RCE Flash Player Desktop Runtime +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2016-7867 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have an exploitable buffer overflow / underflow vulnerability in the RegExp class related to bookmarking in searches. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Adobe Memory Corruption Buffer Overflow RCE Flash Player Desktop Runtime +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2016-7890 HIGH PATCH This Week

Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and earlier have security bypass vulnerability in the implementation of the same origin policy. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Adobe Authentication Bypass Flash Player Desktop Runtime Flash Player
NVD
CVSS 3.1
8.8
EPSS
0.4%
CVE-2015-8542 HIGH This Week

An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Ox Guard
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-7889 HIGH PATCH This Week

Adobe Digital Editions versions 4.5.2 and earlier has an issue with parsing crafted XML entries that could lead to information disclosure. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Adobe Information Disclosure Digital Editions
NVD
CVSS 3.0
7.5
EPSS
2.0%
CVE-2016-4028 HIGH This Week

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Authentication Bypass Ox Guard
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-3174 HIGH This Week

An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Open Xchange Appsuite
NVD
CVSS 3.0
7.4
EPSS
0.2%
CVE-2016-7884 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.1 and earlier have an input validation issue in the DAM create assets that could be used in cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2016-7883 MEDIUM PATCH This Month

Adobe Experience Manager version 6.2 has an input validation issue in create Launch wizard that could be used in cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2016-7882 MEDIUM PATCH This Month

Adobe Experience Manager versions 6.2 and earlier have an input validation issue in the WCMDebug filter that could be used in cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager
NVD
CVSS 3.0
6.1
EPSS
1.3%
CVE-2016-6933 MEDIUM PATCH This Month

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the AACComponent that could be used in cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager Livecycle
NVD
CVSS 3.0
6.1
EPSS
1.2%
CVE-2016-7891 MEDIUM PATCH This Month

Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier have an input validation issue that could be used in cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Robohelp
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2016-6934 MEDIUM PATCH This Month

Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle 11.0.1, LiveCycle 10.0.4 have an input validation issue in the PMAdmin module that could be used in cross-site scripting attacks. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Adobe Experience Manager Forms Livecycle
NVD
CVSS 3.0
6.1
EPSS
0.9%
CVE-2016-2840 MEDIUM This Month

An issue was discovered in Open-Xchange Server 6 / OX AppSuite before 7.8.0-rev26. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2016-5124 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev14. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS RCE Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.5%
CVE-2016-6850 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6847 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6845 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6844 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-6842 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.3%
CVE-2016-4045 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-4026 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-6843 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Open Xchange Appsuite
NVD
CVSS 3.0
6.1
EPSS
0.2%
CVE-2016-4046 MEDIUM This Month

An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Open Xchange Appsuite
NVD
CVSS 3.0
5.8
EPSS
0.2%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy