Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3383 1 Microsoft 1 Internet Explorer 2018-10-12 9.3 HIGH 7.5 HIGH
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
CVE-2016-3384 1 Microsoft 1 Internet Explorer 2018-10-12 9.3 HIGH 7.5 HIGH
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2016-3385 1 Microsoft 1 Internet Explorer 2018-10-12 9.3 HIGH 7.5 HIGH
The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
CVE-2016-3386 1 Microsoft 1 Edge 2018-10-12 9.3 HIGH 7.5 HIGH
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3389, CVE-2016-7190, and CVE-2016-7194.
CVE-2016-3387 1 Microsoft 2 Edge, Internet Explorer 2018-10-12 6.8 MEDIUM 7.5 HIGH
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3388.
CVE-2016-3389 1 Microsoft 1 Edge 2018-10-12 7.6 HIGH 7.5 HIGH
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-7190, and CVE-2016-7194.
CVE-2016-3390 1 Microsoft 2 Edge, Internet Explorer 2018-10-12 7.6 HIGH 7.5 HIGH
The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by the Chakra JavaScript engine, aka "Scripting Engine Memory Corruption Vulnerability."
CVE-2016-3393 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2018-10-12 9.3 HIGH 7.8 HIGH
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Graphics Component RCE Vulnerability."
CVE-2016-3396 1 Microsoft 12 Live Meeting, Lync, Office and 9 more 2018-10-12 9.3 HIGH 7.8 HIGH
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "GDI+ Remote Code Execution Vulnerability."
CVE-2016-0090 1 Microsoft 3 Windows 10, Windows 8.1, Windows Server 2012 2018-10-12 2.1 LOW 7.1 HIGH
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
CVE-2016-0091 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2018-10-12 6.8 MEDIUM 7.8 HIGH
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0092.
CVE-2016-0092 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2018-10-12 9.3 HIGH 7.8 HIGH
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Memory Remote Code Execution Vulnerability," a different vulnerability than CVE-2016-0091.
CVE-2016-0095 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2018-10-12 7.2 HIGH 7.8 HIGH
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0096.
CVE-2016-0084 1 Microsoft 1 Edge 2018-10-12 9.3 HIGH 8.8 HIGH
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
CVE-2016-0089 1 Microsoft 3 Windows 10, Windows 8.1, Windows Server 2012 2018-10-12 2.1 LOW 7.1 HIGH
Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 allows guest OS users to obtain sensitive information from host OS memory via a crafted application, aka "Hyper-V Information Disclosure Vulnerability."
CVE-2016-1109 2 Adobe, Microsoft 3 Flash Player, Edge, Internet Explorer 2018-10-12 7.6 HIGH 7.5 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
CVE-2016-0096 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2018-10-12 7.2 HIGH 7.8 HIGH
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0094, and CVE-2016-0095.
CVE-2016-0113 1 Microsoft 1 Internet Explorer 2018-10-12 7.6 HIGH 7.5 HIGH
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0111, and CVE-2016-0112.
CVE-2016-1110 2 Adobe, Microsoft 3 Flash Player, Edge, Internet Explorer 2018-10-12 7.6 HIGH 7.5 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
CVE-2016-0094 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2018-10-12 7.2 HIGH 7.8 HIGH
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0095, and CVE-2016-0096.
CVE-2016-1103 2 Adobe, Microsoft 3 Flash Player, Edge, Internet Explorer 2018-10-12 7.6 HIGH 7.5 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
CVE-2016-0093 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2018-10-12 7.2 HIGH 7.8 HIGH
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0094, CVE-2016-0095, and CVE-2016-0096.
CVE-2016-0087 1 Microsoft 3 Windows 7, Windows Server 2008, Windows Vista 2018-10-12 7.2 HIGH 7.8 HIGH
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 do not properly validate handles, which allows local users to gain privileges via a crafted application, aka "Windows Elevation of Privilege Vulnerability."
CVE-2016-3204 1 Microsoft 1 Internet Explorer 2018-10-12 9.3 HIGH 8.8 HIGH
The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
CVE-2016-3203 1 Microsoft 4 Edge, Windows 10, Windows 8.1 and 1 more 2018-10-12 9.3 HIGH 7.8 HIGH
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows PDF Remote Code Execution Vulnerability."
CVE-2016-0150 1 Microsoft 1 Windows 10 2018-10-12 7.8 HIGH 7.5 HIGH
HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via crafted HTTP 2.0 requests, aka "HTTP.sys Denial of Service Vulnerability."
CVE-2016-0151 1 Microsoft 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more 2018-10-12 7.2 HIGH 7.8 HIGH
The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 mismanages process tokens, which allows local users to gain privileges via a crafted application, aka "Windows CSRSS Security Feature Bypass Vulnerability."
CVE-2016-0152 1 Microsoft 2 Windows Server 2008, Windows Vista 2018-10-12 7.2 HIGH 7.8 HIGH
Internet Information Services (IIS) in Microsoft Windows Vista SP2 and Server 2008 SP2 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows DLL Loading Remote Code Execution Vulnerability."
CVE-2016-1017 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2018-10-12 9.3 HIGH 8.8 HIGH
Use-after-free vulnerability in the LoadVars.decode function in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1013, CVE-2016-1016, and CVE-2016-1031.
CVE-2016-0118 1 Microsoft 1 Windows 10 2018-10-12 9.3 HIGH 7.8 HIGH
The PDF library in Microsoft Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted PDF document, aka "Windows Remote Code Execution Vulnerability."
CVE-2016-0121 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2018-10-12 9.3 HIGH 8.8 HIGH
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
CVE-2016-0153 1 Microsoft 6 Windows 7, Windows 8.1, Windows Rt 8.1 and 3 more 2018-10-12 9.3 HIGH 7.8 HIGH
OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 allows remote attackers to execute arbitrary code via a crafted file, aka "Windows OLE Remote Code Execution Vulnerability."
CVE-2016-1099 2 Adobe, Microsoft 3 Flash Player, Edge, Internet Explorer 2018-10-12 7.6 HIGH 7.5 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
CVE-2016-0122 1 Microsoft 4 Excel, Excel Viewer, Office Compatibility Pack and 1 more 2018-10-12 9.3 HIGH 7.8 HIGH
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
CVE-2016-0123 1 Microsoft 1 Edge 2018-10-12 7.6 HIGH 7.5 HIGH
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130.
CVE-2016-0154 1 Microsoft 2 Edge, Internet Explorer 2018-10-12 7.6 HIGH 7.5 HIGH
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
CVE-2016-0155 1 Microsoft 1 Edge 2018-10-12 7.6 HIGH 7.5 HIGH
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0156 and CVE-2016-0157.
CVE-2016-0156 1 Microsoft 1 Edge 2018-10-12 7.6 HIGH 7.5 HIGH
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0155 and CVE-2016-0157.
CVE-2016-1018 5 Adobe, Apple, Google and 2 more 7 Flash Player, Mac Os X, Chrome Os and 4 more 2018-10-12 9.3 HIGH 8.8 HIGH
Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via crafted JPEG-XR data.
CVE-2016-0124 1 Microsoft 1 Edge 2018-10-12 7.6 HIGH 7.5 HIGH
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0129, and CVE-2016-0130.
CVE-2016-0127 1 Microsoft 6 Office, Office Compatibility Pack, Office Web Apps Server and 3 more 2018-10-12 9.3 HIGH 7.8 HIGH
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
CVE-2016-0129 1 Microsoft 1 Edge 2018-10-12 7.6 HIGH 7.5 HIGH
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0130.
CVE-2016-0130 1 Microsoft 1 Edge 2018-10-12 7.6 HIGH 7.5 HIGH
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0129.
CVE-2016-0134 1 Microsoft 7 Office, Office Compatibility Pack, Office Web Apps Server and 4 more 2018-10-12 9.3 HIGH 7.8 HIGH
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Word 2016, Word for Mac 2011, Word 2016 for Mac, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Office Web Apps 2010 SP2, and Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
CVE-2016-0135 1 Microsoft 1 Windows 10 2018-10-12 7.2 HIGH 8.4 HIGH
The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Secondary Logon Elevation of Privilege Vulnerability."
CVE-2016-1104 2 Adobe, Microsoft 3 Flash Player, Edge, Internet Explorer 2018-10-12 7.6 HIGH 7.5 HIGH
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
CVE-2016-0116 1 Microsoft 1 Edge 2018-10-12 7.6 HIGH 7.5 HIGH
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0123, CVE-2016-0124, CVE-2016-0129, and CVE-2016-0130.
CVE-2016-0114 1 Microsoft 1 Internet Explorer 2018-10-12 7.6 HIGH 7.5 HIGH
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, and CVE-2016-0109.
CVE-2016-0104 1 Microsoft 1 Internet Explorer 2018-10-12 7.6 HIGH 7.5 HIGH
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2016-0147 1 Microsoft 1 Xml Core Services 2018-10-12 9.3 HIGH 8.8 HIGH
Microsoft XML Core Services 3.0 allows remote attackers to execute arbitrary code via a crafted web site, aka "MSXML 3.0 Remote Code Execution Vulnerability."