Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-3287 1 Microsoft 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more 2018-10-12 2.1 LOW 4.4 MEDIUM
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Secure Boot protection mechanism by leveraging administrative access to install a crafted policy, aka "Secure Boot Security Feature Bypass."
CVE-2016-3279 1 Microsoft 9 Excel, Excel Rt, Office and 6 more 2018-10-12 4.3 MEDIUM 5.5 MEDIUM
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka "Microsoft Office Remote Code Execution Vulnerability."
CVE-2016-3277 1 Microsoft 2 Edge, Internet Explorer 2018-10-12 2.6 LOW 5.3 MEDIUM
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
CVE-2016-3370 1 Microsoft 5 Edge, Windows 10, Windows 8.1 and 2 more 2018-10-12 4.3 MEDIUM 6.5 MEDIUM
The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3374.
CVE-2016-3261 1 Microsoft 1 Internet Explorer 2018-10-12 2.6 LOW 5.3 MEDIUM
Microsoft Internet Explorer 11 allows remote attackers to obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2016-3258 1 Microsoft 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more 2018-10-12 1.2 LOW 4.7 MEDIUM
Race condition in the kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to bypass the Low Integrity protection mechanism and write to files by leveraging unspecified object-manager features, aka "Windows File System Security Feature Bypass."
CVE-2016-3256 1 Microsoft 1 Windows 10 2018-10-12 2.1 LOW 5.0 MEDIUM
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Secure Kernel Mode protection mechanism and obtain sensitive information via a crafted application, aka "Windows Secure Kernel Mode Information Disclosure Vulnerability."
CVE-2016-3244 1 Microsoft 1 Edge 2018-10-12 4.3 MEDIUM 4.3 MEDIUM
Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass."
CVE-2016-3245 1 Microsoft 1 Internet Explorer 2018-10-12 4.3 MEDIUM 6.5 MEDIUM
Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass Vulnerability."
CVE-2016-3392 1 Microsoft 1 Edge 2018-10-12 2.6 LOW 5.3 MEDIUM
The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Microsoft Browser Security Feature Bypass Vulnerability."
CVE-2016-3391 1 Microsoft 2 Edge, Internet Explorer 2018-10-12 2.6 LOW 5.3 MEDIUM
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discover credentials by leveraging access to a memory dump, aka "Microsoft Browser Information Disclosure Vulnerability."
CVE-2016-3374 1 Microsoft 5 Edge, Windows 10, Windows 8.1 and 2 more 2018-10-12 4.3 MEDIUM 6.5 MEDIUM
The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3370.
CVE-2016-3329 1 Microsoft 2 Edge, Internet Explorer 2018-10-12 2.6 LOW 5.3 MEDIUM
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2016-3327 1 Microsoft 2 Edge, Internet Explorer 2018-10-12 2.6 LOW 5.3 MEDIUM
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3326.
CVE-2016-3326 1 Microsoft 2 Edge, Internet Explorer 2018-10-12 2.6 LOW 5.3 MEDIUM
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3327.
CVE-2016-3315 1 Microsoft 2 Onenote, Onenote For Mac 2018-10-12 4.3 MEDIUM 5.5 MEDIUM
Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to obtain sensitive information via a crafted OneNote file, aka "Microsoft OneNote Information Disclosure Vulnerability."
CVE-2016-3292 1 Microsoft 1 Internet Explorer 2018-10-12 5.1 MEDIUM 5.0 MEDIUM
Microsoft Internet Explorer 10 and 11 mishandles integrity settings and zone settings, which allows remote attackers to bypass a sandbox protection mechanism via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability."
CVE-2016-3273 1 Microsoft 2 Edge, Internet Explorer 2018-10-12 2.6 LOW 5.3 MEDIUM
The XSS Filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge does not properly restrict JavaScript code, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
CVE-2016-3271 1 Microsoft 1 Edge 2018-10-12 4.3 MEDIUM 6.5 MEDIUM
The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."
CVE-2016-3267 1 Microsoft 2 Edge, Internet Explorer 2018-10-12 4.3 MEDIUM 5.3 MEDIUM
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
CVE-2016-3263 1 Microsoft 12 Live Meeting, Lync, Office and 9 more 2018-10-12 5.0 MEDIUM 5.5 MEDIUM
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3262.
CVE-2016-3262 1 Microsoft 12 Live Meeting, Lync, Office and 9 more 2018-10-12 5.0 MEDIUM 5.5 MEDIUM
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "GDI+ Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3263.
CVE-2016-3234 1 Microsoft 6 Office, Office Compatibility Pack, Office Web Apps and 3 more 2018-10-12 4.3 MEDIUM 5.5 MEDIUM
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2, Word Automation Services on SharePoint Server 2013 SP1, Office Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to obtain sensitive information from process memory via a crafted Office document, aka "Microsoft Office Information Disclosure Vulnerability."
CVE-2016-3230 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2018-10-12 1.9 LOW 5.0 MEDIUM
The Search component in Microsoft Windows 7, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to cause a denial of service (performance degradation) via a crafted application, aka "Windows Search Component Denial of Service Vulnerability."
CVE-2016-3216 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2018-10-12 4.3 MEDIUM 4.3 MEDIUM
GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows Graphics Component Information Disclosure Vulnerability."
CVE-2016-0181 1 Microsoft 1 Windows 10 2018-10-12 2.1 LOW 5.5 MEDIUM
Microsoft Windows 10 Gold and 1511 allows local users to bypass the Virtual Secure Mode Hypervisor Code Integrity (HVCI) protection mechanism and perform RWX markings of kernel-mode pages via a crafted application, aka "Hypervisor Code Integrity Security Feature Bypass."
CVE-2016-0149 1 Microsoft 1 .net Framework 2018-10-12 4.3 MEDIUM 5.9 MEDIUM
Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."
CVE-2016-0158 1 Microsoft 1 Edge 2018-10-12 4.3 MEDIUM 6.5 MEDIUM
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0161.
CVE-2016-0161 1 Microsoft 1 Edge 2018-10-12 4.3 MEDIUM 6.5 MEDIUM
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158.
CVE-2016-0168 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2018-10-12 4.3 MEDIUM 6.5 MEDIUM
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169.
CVE-2016-0169 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2018-10-12 4.3 MEDIUM 6.5 MEDIUM
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168.
CVE-2016-0194 1 Microsoft 1 Internet Explorer 2018-10-12 2.6 LOW 5.3 MEDIUM
Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass file permissions and obtain sensitive information via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2016-0190 1 Microsoft 3 Windows 8.1, Windows Rt 8.1, Windows Server 2012 2018-10-12 2.1 LOW 5.5 MEDIUM
Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT 8.1 does not properly check whether RemoteFX RDP USB disk accesses originate from the user who mounted a disk, which allows local users to read arbitrary files on these disks via RemoteFX requests, aka "Remote Desktop Protocol Drive Redirection Information Disclosure Vulnerability."
CVE-2016-0162 1 Microsoft 1 Internet Explorer 2018-10-12 4.3 MEDIUM 4.3 MEDIUM
Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2016-0141 1 Microsoft 1 Office 2018-10-12 4.3 MEDIUM 6.5 MEDIUM
The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure Vulnerability."
CVE-2016-0138 1 Microsoft 1 Exchange Server 2018-10-12 4.0 MEDIUM 4.3 MEDIUM
Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 misparses e-mail messages, which allows remote authenticated users to obtain sensitive Outlook application information by leveraging the Send As right, aka "Microsoft Exchange Information Disclosure Vulnerability."
CVE-2016-0133 1 Microsoft 6 Windows 10, Windows 7, Windows 8.1 and 3 more 2018-10-12 7.2 HIGH 6.8 MEDIUM
The USB Mass Storage Class driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows physically proximate attackers to execute arbitrary code by inserting a crafted USB device, aka "USB Mass Storage Elevation of Privilege Vulnerability."
CVE-2016-3198 1 Microsoft 1 Edge 2018-10-12 4.3 MEDIUM 6.5 MEDIUM
Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass."
CVE-2016-3201 1 Microsoft 4 Edge, Windows 10, Windows 8.1 and 1 more 2018-10-12 4.3 MEDIUM 6.5 MEDIUM
Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215.
CVE-2016-3209 1 Microsoft 14 .net Framework, Live Meeting, Lync and 11 more 2018-10-12 5.0 MEDIUM 5.5 MEDIUM
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."
CVE-2016-0120 1 Microsoft 7 Windows 10, Windows 7, Windows 8.1 and 4 more 2018-10-12 7.1 HIGH 6.5 MEDIUM
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
CVE-2016-3212 1 Microsoft 1 Internet Explorer 2018-10-12 4.3 MEDIUM 6.1 MEDIUM
The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability."
CVE-2016-0039 1 Microsoft 1 Sharepoint Foundation 2018-10-12 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in SharePoint Server in Microsoft SharePoint Foundation 2013 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."
CVE-2016-0012 1 Microsoft 6 Excel, Office, Powerpoint and 3 more 2018-10-12 4.3 MEDIUM 4.3 MEDIUM
Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Microsoft Office ASLR Bypass."
CVE-2016-0079 1 Microsoft 1 Windows 10 2018-10-12 2.1 LOW 5.0 MEDIUM
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
CVE-2016-0077 1 Microsoft 2 Edge, Internet Explorer 2018-10-12 4.3 MEDIUM 4.3 MEDIUM
Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."
CVE-2016-0075 1 Microsoft 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more 2018-10-12 2.1 LOW 5.5 MEDIUM
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0073.
CVE-2016-0073 1 Microsoft 4 Windows 10, Windows 8.1, Windows Rt 8.1 and 1 more 2018-10-12 2.1 LOW 5.0 MEDIUM
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0075.
CVE-2016-0059 1 Microsoft 1 Internet Explorer 2018-10-12 4.3 MEDIUM 4.3 MEDIUM
The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability."
CVE-2015-6117 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2018-10-12 4.3 MEDIUM 6.1 MEDIUM
Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allow remote authenticated users to bypass intended Access Control Policy restrictions and conduct cross-site scripting (XSS) attacks by modifying a webpart, aka "Microsoft SharePoint Security Feature Bypass," a different vulnerability than CVE-2016-0011.