2016 VULNERABILITY DATABASE

 

 

CVE-2016-4126

Summary: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Published: 6/16/2016 10:59:07 AM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-4125

Summary: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Published: 6/16/2016 10:59:06 AM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-4124

Summary: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Published: 6/16/2016 10:59:05 AM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-4123

Summary: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Published: 6/16/2016 10:59:03 AM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-4122

Summary: Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-083.

Published: 6/16/2016 10:59:02 AM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-4121

Summary: Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, and CVE-2016-4110.

Published: 6/16/2016 10:59:01 AM

 

CVE-2016-4120

Summary: Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163.

Published: 6/16/2016 10:59:00 AM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 7.5 HIGH

 

CVE-2016-3236

Summary: The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandles proxy discovery, which allows remote attackers to redirect network traffic via unspecified vectors, aka "Windows WPAD Proxy Discovery Elevation of Privilege Vulnerability."

Published: 6/15/2016 9:59:37 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

 

CVE-2016-3235

Summary: Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, Visio Viewer 2007 SP3, and Visio Viewer 2010 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Microsoft Office OLE DLL Side Loading Vulnerability."

Published: 6/15/2016 9:59:36 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-3234

Summary: Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."

Published: 6/15/2016 9:59:36 PM

 

CVSS Severity: v3 - 5.5 MEDIUM      v2 - 4.3 MEDIUM

 

CVE-2016-3233

Summary: Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."

Published: 6/15/2016 9:59:35 PM

 

CVSS Severity: v3 - 7.3 HIGH      v2 - 9.3 HIGH

 

CVE-2016-3232

Summary: The Virtual PCI (VPCI) virtual service provider in Microsoft Windows Server 2012 Gold and R2 allows local users to obtain sensitive information from uninitialized memory locations via a crafted application, aka "Windows Virtual PCI Information Disclosure Vulnerability."

Published: 6/15/2016 9:59:34 PM

 

CVSS Severity: v3 - 5.0 MEDIUM      v2 - 2.1 LOW

 

CVE-2016-3231

Summary: The Standard Collector service in Windows Diagnostics Hub mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability."

Published: 6/15/2016 9:59:33 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 7.2 HIGH

 

CVE-2016-3230

Summary: The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka "Windows Search Component Denial of Service Vulnerability."

Published: 6/15/2016 9:59:31 PM

 

CVSS Severity: v3 - 5.0 MEDIUM      v2 - 1.9 LOW

 

CVE-2016-3228

Summary: Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 Gold and R2 allow remote authenticated users to execute arbitrary code via a crafted NetLogon request, aka "Windows Netlogon Memory Corruption Remote Code Execution Vulnerability."

Published: 6/15/2016 9:59:30 PM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 9.0 HIGH

 

CVE-2016-3227

Summary: Use-after-free vulnerability in the DNS Server component in Microsoft Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted requests, aka "Windows DNS Server Use After Free Vulnerability."

Published: 6/15/2016 9:59:29 PM

 

CVSS Severity: v3 - 9.8 CRITICAL      v2 - 10.0 HIGH

 

CVE-2016-3226

Summary: Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (service hang) by creating many machine accounts, aka "Active Directory Denial of Service Vulnerability."

Published: 6/15/2016 9:59:28 PM

 

CVSS Severity: v3 - 6.5 MEDIUM      v2 - 4.0 MEDIUM

 

CVE-2016-3225

Summary: The SMB server component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application that forwards an authentication request to an unintended service, aka "Windows SMB Server Elevation of Privilege Vulnerability."

Published: 6/15/2016 9:59:27 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 6.9 MEDIUM

 

CVE-2016-3223

Summary: Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mishandle LDAP authentication, which allows man-in-the-middle attackers to gain privileges by modifying group-policy update data within a domain-controller data stream, aka "Group Policy Elevation of Privilege Vulnerability."

Published: 6/15/2016 9:59:26 PM

 

CVSS Severity: v3 - 8.1 HIGH      v2 - 9.3 HIGH

 

CVE-2016-3222

Summary: Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."

Published: 6/15/2016 9:59:25 PM

 

CVSS Severity: v3 - 8.8 HIGH      v2 - 9.3 HIGH

 

CVE-2016-3221

Summary: The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3218.

Published: 6/15/2016 9:59:25 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 6.9 MEDIUM

 

CVE-2016-3220

Summary: atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "ATMFD.dll Elevation of Privilege Vulnerability."

Published: 6/15/2016 9:59:24 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 6.9 MEDIUM

 

CVE-2016-3219

Summary: The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

Published: 6/15/2016 9:59:23 PM

 

CVSS Severity: v3 - 7.8 HIGH      v2 - 6.9 MEDIUM

 

 

<<< New  Older >>>