Total
1737 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-0752 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2023-03-17 | 7.6 HIGH | 7.5 HIGH |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862. | |||||
CVE-2015-6042 | 1 Microsoft | 1 Internet Explorer | 2023-02-13 | 9.3 HIGH | N/A |
Use-after-free vulnerability in the CWindow object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
CVE-2015-6051 | 1 Microsoft | 1 Internet Explorer | 2023-02-13 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
CVE-2015-6048 | 1 Microsoft | 1 Internet Explorer | 2023-02-13 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6049. | |||||
CVE-2011-1587 | 2 Mediawiki, Microsoft | 2 Mediawiki, Internet Explorer | 2023-02-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .html located before a ? (question mark) in a query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578. | |||||
CVE-2011-1765 | 2 Mediawiki, Microsoft | 2 Mediawiki, Internet Explorer | 2023-02-12 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, when Internet Explorer 6 or earlier is used, allows remote attackers to inject arbitrary web script or HTML via an uploaded file accessed with a dangerous extension such as .shtml at the end of the query string, in conjunction with a modified URI path that has a %2E sequence in place of the . (dot) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-1578 and CVE-2011-1587. | |||||
CVE-2015-4000 | 12 Apple, Canonical, Debian and 9 more | 25 Iphone Os, Mac Os X, Safari and 22 more | 2023-02-09 | 4.3 MEDIUM | 3.7 LOW |
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. | |||||
CVE-2019-0988 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2023-01-31 | 7.6 HIGH | 7.5 HIGH |
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0920, CVE-2019-1005, CVE-2019-1055, CVE-2019-1080. | |||||
CVE-2015-8960 | 7 Apple, Google, Ietf and 4 more | 18 Safari, Chrome, Transport Layer Security and 15 more | 2023-01-30 | 6.8 MEDIUM | 8.1 HIGH |
The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue. | |||||
CVE-2011-3389 | 9 Canonical, Debian, Google and 6 more | 17 Ubuntu Linux, Debian Linux, Chrome and 14 more | 2022-11-29 | 4.3 MEDIUM | N/A |
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack. | |||||
CVE-2017-8529 | 1 Microsoft | 9 Edge, Internet Explorer, Windows 10 and 6 more | 2022-10-18 | 4.3 MEDIUM | 6.5 MEDIUM |
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability". | |||||
CVE-2000-0028 | 1 Microsoft | 2 Ie, Internet Explorer | 2022-08-17 | 2.6 LOW | N/A |
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function. | |||||
CVE-1999-0967 | 1 Microsoft | 3 Internet Explorer, Outlook Express, Windows Explorer | 2022-08-17 | 10.0 HIGH | N/A |
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol. | |||||
CVE-1999-0537 | 2 Microsoft, Netscape | 2 Internet Explorer, Communicator | 2022-08-17 | 7.5 HIGH | N/A |
A configuration in a web browser such as Internet Explorer or Netscape Navigator allows execution of active content such as ActiveX, Java, Javascript, etc. | |||||
CVE-1999-0469 | 1 Microsoft | 1 Internet Explorer | 2022-08-17 | 5.0 MEDIUM | N/A |
Internet Explorer 5.0 allows window spoofing, allowing a remote attacker to spoof a legitimate web site and capture information from the client. | |||||
CVE-1999-0331 | 1 Microsoft | 1 Internet Explorer | 2022-08-17 | 7.5 HIGH | N/A |
Buffer overflow in Internet Explorer 4.0(1). | |||||
CVE-1999-0827 | 2 Microsoft, Netscape | 3 Ie, Internet Explorer, Navigator | 2022-08-17 | 2.6 LOW | N/A |
By default, Internet Explorer 5.0 and other versions enables the "Navigate sub-frames across different domains" option, which allows frame spoofing. | |||||
CVE-1999-0280 | 1 Microsoft | 1 Internet Explorer | 2022-08-17 | 7.5 HIGH | N/A |
Remote command execution in Microsoft Internet Explorer using .lnk and .url files. | |||||
CVE-2017-11869 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2022-05-23 | 7.6 HIGH | 7.5 HIGH |
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | |||||
CVE-2017-11848 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2022-05-23 | 4.3 MEDIUM | 4.3 MEDIUM |
Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server 2008 SP2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to detect the navigation of the user leaving a maliciously crafted page, due to how page content is handled by Internet Explorer, aka "Internet Explorer Information Disclosure Vulnerability". |