Microsoft: >> Windows >> 2.0 Security Vulnerabilities
Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote attackers to have an unspecified impact via a crafted serialized Java object.
CVSS Score
7.5
EPSS Score
0.006
Published
2016-02-10
Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.932
Published
2016-02-10
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.133
Published
2016-02-10
Cross-site scripting (XSS) vulnerability in Adobe Experience Manager (AEM) 6.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a folder title field that is mishandled in the Deletion popup dialog.
CVSS Score
6.1
EPSS Score
0.003
Published
2016-02-10
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0952.
CVSS Score
9.8
EPSS Score
0.175
Published
2016-02-10
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0953.
CVSS Score
9.8
EPSS Score
0.175
Published
2016-02-10
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0952 and CVE-2016-0953.
CVSS Score
9.8
EPSS Score
0.175
Published
2016-02-10
Unspecified vulnerability in the Java SE component in Oracle Java SE 6u111, 7u95, 8u71, and 8u72, when running on Windows, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Install. NOTE: the previous information is from Oracle's Security Alert for CVE-2016-0603. Oracle has not commented on third-party claims that this is an untrusted search path issue that allows local users to gain privileges via a Trojan horse dll in the "application directory."
CVSS Score
7.6
EPSS Score
0.03
Published
2016-02-08
The filesystem storage backend in Radicale before 1.1 on Windows allows remote attackers to read or write to arbitrary files via a crafted path, as demonstrated by /c:/file/ignore.
CVSS Score
10.0
EPSS Score
0.014
Published
2016-02-03
HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.
CVSS Score
10.0
EPSS Score
0.024
Published
2016-01-30