Page 34 of 1318 results (0.012 seconds)

CVSS: 6.1EPSS: 2%CPEs: 3EXPL: 0

CVE-2016-3212

https://notcve.org/view.php?id=CVE-2016-3212

The XSS Filter in Microsoft Internet Explorer 9 through 11 does not properly identify JavaScript, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site, aka "Internet Explorer XSS Filter Vulnerability." El XSS Filter en Microsoft Internet Explorer 9 hasta la versión 11 no identifica adecuadamente JavaScript, lo que facilita a atacantes remotos llevar a cabo ataques de secuencias de comandos de sitios cruzados (XSS) a través de un sitio web manipulado, también conocida como "Internet Explorer XSS Filter Vulnerability". • http://www.securityfocus.com/bid/91105 http://www.securitytracker.com/id/1036096 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.6EPSS: 11%CPEs: 6EXPL: 0

CVE-2016-3207

https://notcve.org/view.php?id=CVE-2016-3207

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3206. Los motores de Microsoft (1) JScript 5.8 y (2) VBScript 5.7 y 5.8, tal como se utilizan en Internet Explorer 9 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3205 y CVE-2016-3206. • http://www.securitytracker.com/id/1036096 http://www.securitytracker.com/id/1036097 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-069 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.6EPSS: 11%CPEs: 6EXPL: 0

CVE-2016-3206

https://notcve.org/view.php?id=CVE-2016-3206

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3205 and CVE-2016-3207. Los motores de Microsoft (1) JScript 5.8 y (2) VBScript 5.7 y 5.8, tal como se utilizan en Internet Explorer 9 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3205 y CVE-2016-3207. • http://www.securitytracker.com/id/1036096 http://www.securitytracker.com/id/1036097 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-069 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.6EPSS: 11%CPEs: 6EXPL: 0

CVE-2016-3205

https://notcve.org/view.php?id=CVE-2016-3205

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3206 and CVE-2016-3207. Los motores de Microsoft (1) JScript 5.8 y (2) VBScript 5.7 y 5.8, tal como se utilizan en Internet Explorer 9 hasta la versión 11 y otros productos, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3206 y CVE-2016-3207. • http://www.securitytracker.com/id/1036096 http://www.securitytracker.com/id/1036097 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-069 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 9.3EPSS: 90%CPEs: 13EXPL: 0

CVE-2016-3213 – NetBIOS Response BadTunnel Brute Force Spoof (NAT Tunnel)

https://notcve.org/view.php?id=CVE-2016-3213

The Web Proxy Auto Discovery (WPAD) protocol implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511, and Internet Explorer 9 through 11 has an improper fallback mechanism, which allows remote attackers to gain privileges via NetBIOS name responses, aka "WPAD Elevation of Privilege Vulnerability." El protocolo de implementación Web Proxy Auto Discovery (WPAD) en Microsoft Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1, Windows 10 Gold y 1511 e Internet Explorer 9 hasta la versión 11 tienen un mecanismo de retorno indebido, lo que permite a atacantes remotos obtener privilegios a través de respuestas de nombres NetBIOS, también conocida como "WPAD Elevation of Privilege Vulnerability". • http://www.securitytracker.com/id/1036096 http://www.securitytracker.com/id/1036104 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-063 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-077 http://xlab.tencent.com/en/2016/06/17/BadTunnel-A-New-Hope • CWE-264: Permissions, Privileges, and Access Controls •