CVE-2016-0084
published 2016-02-10CVE-2016-0084: Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge…
PriorityP352high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EPSS
17.79%
96.8th percentile
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Patch Tuesday - February 2016
blogs_talos·2016-02-09·CVSS 7.8
[HIGH] Microsoft Patch Tuesday - February 2016
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains twelve bulletins addressing 37 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Windows Journal, Office and Windows PDF. The remaining seven bulletins are rated important and address vulnerabilities in the Network Policy Server (NPS), Active Directory, Windows, Remote Desktop Protocol, WebDAV, Kernel Mode Driver and the .NET Framework.
## Bulletins Rated Critical
Microsoft bulletins MS16-009, MS16-011 through MS16-013, and MS16-015 are rated as critical in this month's release.
MS16-009 and MS16-011 are this month's Internet Explorer and Edge security bulletin resp
Talos
Microsoft Patch Tuesday - February 2016
blogs_talos·2016-02-09·CVSS 7.8
[HIGH] Microsoft Patch Tuesday - February 2016
## Microsoft Patch Tuesday - February 2016
Today, Microsoft has released their monthly set of security bulletins designed to address security vulnerabilities within their products. This month’s release contains twelve bulletins addressing 37 vulnerabilities. Five bulletins are rated critical and address vulnerabilities in Internet Explorer, Edge, Windows Journal, Office and Windows PDF. The remaining seven bulletins are rated important and address vulnerabilities in the Network Policy Server (NPS), Active Directory, Windows, Remote Desktop Protocol, WebDAV, Kernel Mode Driver and the .NET Framework.
## Bulletins Rated Critical
Microsoft bulletins MS16-009, MS16-011 through MS16-013, and MS16-015 are rated as critical in this month's release.
MS16-009 and MS16-011 are this month's Inter
Bugzilla
CVE-2016-1550 ntp: libntp message digest disclosure
bugzilla·2016-04-28·CVSS 5.3
CVE-2016-1550 [MEDIUM] CVE-2016-1550 ntp: libntp message digest disclosure
CVE-2016-1550 ntp: libntp message digest disclosure
The follwing flaw was found in NTP:
An exploitable vulnerability exists in the message authentication functionality of Network Time Protocol libntp. An attacker can send a series of crafted messages to attempt to recover the message digest key.
Upstream bugs:
http://support.ntp.org/bin/view/Main/NtpBug2879
External References:
http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
http://www.talosintel.com/reports/TALOS-2016-0084/
Discussion:
Created ntp tracking bugs for this issue:
Affects: fedora-all [bug 1332160]
---
ntp-4.2.6p5-40.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
---
ntp-4.2.6p5-40.fc23 has been push
http://www.securityfocus.com/bid/82635http://www.securitytracker.com/id/1034972https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-011http://www.securityfocus.com/bid/82635http://www.securitytracker.com/id/1034972https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-011
2016-02-10
Published