Vulnerabilities > Low

DATE CVE VULNERABILITY TITLE RISK
2016-11-19 CVE-2016-6450 Improper Input Validation vulnerability in Cisco IOS XE
A vulnerability in the package unbundle utility of Cisco IOS XE Software could allow an authenticated, local attacker to gain write access to some files in the underlying operating system.
local
high complexity
cisco CWE-20
2.5
2016-11-10 CVE-2016-7239 Information Exposure vulnerability in Microsoft Edge and Internet Explorer
The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
network
high complexity
microsoft CWE-200
3.1
2016-11-10 CVE-2016-7227 Information Exposure vulnerability in Microsoft Edge and Internet Explorer
The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
network
high complexity
microsoft CWE-200
3.1
2016-11-10 CVE-2016-7220 Information Exposure vulnerability in Microsoft Windows 10
Virtual Secure Mode in Microsoft Windows 10 allows local users to obtain sensitive information via a crafted application, aka "Virtual Secure Mode Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
3.3
2016-11-10 CVE-2016-7214 Information Exposure vulnerability in Microsoft products
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to bypass the ASLR protection mechanism via a crafted application, aka "Win32k Information Disclosure Vulnerability."
local
low complexity
microsoft CWE-200
3.3
2016-11-10 CVE-2016-7204 Information Exposure vulnerability in Microsoft Edge
Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability."
network
high complexity
microsoft CWE-200
3.1
2016-11-10 CVE-2016-7199 Information Exposure vulnerability in Microsoft Edge and Internet Explorer
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
network
high complexity
microsoft CWE-200
3.1
2016-10-25 CVE-2016-8288 Improper Access Control vulnerability in Oracle Mysql
Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and 5.7.12 and earlier allows remote authenticated users to affect integrity via vectors related to Server: InnoDB Plugin.
network
high complexity
oracle CWE-284
3.1
2016-10-25 CVE-2016-8286 Information Exposure vulnerability in Oracle Mysql
Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote authenticated users to affect confidentiality via vectors related to Server: Security: Privileges.
network
high complexity
oracle CWE-200
3.1
2016-10-25 CVE-2016-8284 Unspecified vulnerability in Oracle Mysql
Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and 5.7.13 and earlier allows local users to affect availability via vectors related to Server: Replication.
local
high complexity
oracle
1.8