2016 VULNERABILITY DATABASE

 

 

CVE-2016-3264

Summary: Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

Published: 7/12/2016 9:59:23 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 7.6 HIGH

 

CVE-2016-3261

Summary: Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."

Published: 7/12/2016 9:59:22 PM

 

CVSS Severity: v3 - 5.3 MEDIUM      v2 - 2.6 LOW

 

CVE-2016-3260

Summary: The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

Published: 7/12/2016 9:59:21 PM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-3259

Summary: The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3248.

Published: 7/12/2016 9:59:20 PM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-3258

Summary: Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka "Windows File System Security Feature Bypass."

Published: 7/12/2016 9:59:19 PM

 

CVSS Severity: v3 - 4.7 MEDIUM      v2 - 1.2 LOW

 

CVE-2016-3256

Summary: Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection mechanism and obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode Information Disclosure Vulnerability."

Published: 7/12/2016 9:59:18 PM

 

CVSS Severity: v3 - 5.0 MEDIUM      v2 - 2.1 LOW

 

CVE-2016-3255

Summary: Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

Published: 7/12/2016 9:59:16 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 5.0 MEDIUM

 

CVE-2016-3254

Summary: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3249, CVE-2016-3252, and CVE-2016-3286.

Published: 7/12/2016 9:59:15 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH

 

CVE-2016-3252

Summary: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3249, CVE-2016-3254, and CVE-2016-3286.

Published: 7/12/2016 9:59:14 PM

 

CVSS Severity: v3 - 7.3 HIGH      v2 - 7.2 HIGH

 

CVE-2016-3251

Summary: The GDI component in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to obtain sensitive kernel-address information via a crafted application, aka "Win32k Information Disclosure Vulnerability."

Published: 7/12/2016 9:59:13 PM

 

CVSS Severity: v3 - 2.8 LOW      v2 - 2.1 LOW

 

CVE-2016-3250

Summary: The kernel-mode drivers in Microsoft Windows Server 2012 and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Published: 7/12/2016 9:59:12 PM

 

CVSS Severity: v3 - 7.3 HIGH      v2 - 7.2 HIGH

 

CVE-2016-3249

Summary: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3252, CVE-2016-3254, and CVE-2016-3286.

Published: 7/12/2016 9:59:11 PM

 

CVSS Severity: v3 - 7.3 HIGH      v2 - 7.2 HIGH

 

CVE-2016-3248

Summary: The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3259.

Published: 7/12/2016 9:59:10 PM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-3246

Summary: Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."

Published: 7/12/2016 9:59:09 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 7.6 HIGH

 

CVE-2016-3245

Summary: Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass Vulnerability."

Published: 7/12/2016 9:59:08 PM

 

CVSS Severity: v3 - 6.5 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-3244

Summary: Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass."

Published: 7/12/2016 9:59:07 PM

 

CVSS Severity: v3 - 4.3 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-3243

Summary: Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."

Published: 7/12/2016 9:59:06 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 7.6 HIGH

 

CVE-2016-3242

Summary: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3240 and CVE-2016-3241.

Published: 7/12/2016 9:59:05 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 7.6 HIGH

 

CVE-2016-3241

Summary: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3240 and CVE-2016-3242.

Published: 7/12/2016 9:59:04 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 7.6 HIGH

 

CVE-2016-3240

Summary: Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3241 and CVE-2016-3242.

Published: 7/12/2016 9:59:03 PM

 

CVSS Severity: v3 - 7.5 HIGH      v2 - 7.6 HIGH

 

<<< New  Older >>>