Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2016-07-13 CVE-2016-4195 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe products
Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC Classic before 15.006.30198, and Acrobat and Acrobat Reader DC Continuous before 15.017.20050 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-4191, CVE-2016-4192, CVE-2016-4193, CVE-2016-4194, CVE-2016-4196, CVE-2016-4197, CVE-2016-4198, CVE-2016-4199, CVE-2016-4200, CVE-2016-4201, CVE-2016-4202, CVE-2016-4203, CVE-2016-4204, CVE-2016-4205, CVE-2016-4206, CVE-2016-4207, CVE-2016-4208, CVE-2016-4211, CVE-2016-4212, CVE-2016-4213, CVE-2016-4214, CVE-2016-4250, CVE-2016-4251, CVE-2016-4252, and CVE-2016-4254.
6.8
2016-07-13 CVE-2016-4178 Incorrect Authorization vulnerability in Adobe Flash Player and Flash Player Desktop Runtime
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to bypass intended access restrictions and obtain sensitive information via unspecified vectors.
network
low complexity
adobe CWE-863
4.3
2016-07-13 CVE-2016-3279 7PK - Security Features vulnerability in Microsoft products
Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word 2010 SP2, Excel 2013 SP1, PowerPoint 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Excel 2016, Word 2016, Word Automation Services on SharePoint Server 2010 SP2, and Office Web Apps 2010 SP2 allow remote attackers to execute arbitrary code via a crafted XLA file, aka "Microsoft Office Remote Code Execution Vulnerability."
network
microsoft CWE-254
4.3
2016-07-13 CVE-2016-3271 Information Exposure vulnerability in Microsoft Edge
The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability."
network
microsoft CWE-200
4.3
2016-07-13 CVE-2016-3255 XML External Entity Information Disclosure vulnerability in Microsoft .NET Framework
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows remote attackers to read arbitrary files via XML data containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability." <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
network
low complexity
microsoft
5.0
2016-07-13 CVE-2016-3245 Improper Access Control vulnerability in Microsoft Internet Explorer 10/11/9
Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass Vulnerability."
network
microsoft CWE-284
4.3
2016-07-13 CVE-2016-3244 Improper Access Control vulnerability in Microsoft Edge
Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass."
network
microsoft CWE-284
4.3
2016-07-12 CVE-2016-6174 PHP Code Injection vulnerability in IPS Community Suite
applications/core/modules/front/system/content.php in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) before 4.1.13, when used with PHP before 5.4.24 or 5.5.x before 5.5.8, allows remote attackers to execute arbitrary code via the content_class parameter.
6.8
2016-07-12 CVE-2016-5774 Cryptographic Issues vulnerability in Blue Coat Packetshaper S-Series
The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before 11.5.3.2 might allow remote attackers to obtain sensitive credentials and other information via unspecified vectors, related to use of insecure cryptographic parameters.
network
blue-coat CWE-310
4.3
2016-07-12 CVE-2016-5009 Improper Input Validation vulnerability in Redhat products
The handle_command function in mon/Monitor.cc in Ceph allows remote authenticated users to cause a denial of service (segmentation fault and ceph monitor crash) via an (1) empty or (2) crafted prefix.
network
low complexity
redhat CWE-20
6.5