Max CVSS 9.3 Min CVSS 2.1 Total Count119
IDCVSSSummaryLast (major) updatePublished
CVE-2019-0666 7.6
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0667, CVE-2019-0772.
08-04-2019 - 19:29 08-04-2019 - 19:29
CVE-2019-0647 4.0
An information disclosure vulnerability exists when Team Foundation Server does not properly handle variables marked as secret, aka "Team Foundation Server Information Disclosure Vulnerability." This affects Team.
17-01-2019 - 13:29 17-01-2019 - 13:29
CVE-2019-0622 2.1
An elevation of privilege vulnerability exists when Skype for Andriod fails to properly handle specific authentication requests, aka "Skype for Android Elevation of Privilege Vulnerability." This affects Skype 8.35.
08-01-2019 - 16:29 08-01-2019 - 16:29
CVE-2018-8533 4.3
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability."
10-10-2018 - 09:29 10-10-2018 - 09:29
CVE-2018-8403 7.6
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8374 4.0
A tampering vulnerability exists when Microsoft Exchange Server fails to properly handle profile data, aka "Microsoft Exchange Server Tampering Vulnerability." This affects Microsoft Exchange Server.
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8373 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8371 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
15-08-2018 - 13:29 15-08-2018 - 13:29
CVE-2018-8242 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8232 4.6
A Tampering vulnerability exists when Microsoft Macro Assembler improperly validates code, aka "Microsoft Macro Assembler Tampering Vulnerability." This affects Microsoft Visual Studio.
10-07-2018 - 20:29 10-07-2018 - 20:29
CVE-2018-8267 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
14-06-2018 - 08:29 14-06-2018 - 08:29
CVE-2018-8116 2.1
A denial of service vulnerability exists in the way that Windows handles objects in memory, aka "Microsoft Graphics Component Denial of Service Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windo
11-04-2018 - 21:29 11-04-2018 - 21:29
CVE-2018-1020 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE
11-04-2018 - 21:29 11-04-2018 - 21:29
CVE-2018-0996 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
11-04-2018 - 21:29 11-04-2018 - 21:29
CVE-2018-0991 7.6
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CV
11-04-2018 - 21:29 11-04-2018 - 21:29
CVE-2018-0988 7.6
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet
11-04-2018 - 21:29 11-04-2018 - 21:29
CVE-2018-0981 2.6
An information disclosure vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Information Disclosure Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, I
11-04-2018 - 21:29 11-04-2018 - 21:29
CVE-2018-0940 4.3
Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, Microsoft Exchange Server 2013 Cumulative Update 18, Microsoft Exchange Server 2013 Cumulative Update 19, Microsoft Exchange Server 2013 Se
14-03-2018 - 13:29 14-03-2018 - 13:29
CVE-2018-0889 7.6
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique
14-03-2018 - 13:29 14-03-2018 - 13:29
CVE-2018-0833 6.3
The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in Windows 8.1 and RT 8.1 and Windows Server 2012 R2 allows a denial of service vulnerability due to how specially crafted requests are handled, aka "SMBv2/SMBv3 Null Dereference Den
14-02-2018 - 21:29 14-02-2018 - 21:29
CVE-2018-0771 4.3
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka "Microsoft Edge Security Feature Bypass".
14-02-2018 - 21:29 14-02-2018 - 21:29
CVE-2018-0785 4.3
ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability".
09-01-2018 - 20:29 09-01-2018 - 20:29
CVE-2017-11903 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11890 7.6
Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the cu
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11888 7.6
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Mem
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-11886 7.6
Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the cu
12-12-2017 - 16:29 12-12-2017 - 16:29
CVE-2017-8700 5.0
ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11876 6.8
Microsoft Project Server and Microsoft SharePoint Enterprise Server 2016 allow an attacker to use cross-site forgery to read content that they are not authorized to read, use the victim's identity to take actions on the web application on behalf of t
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11869 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11856 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11855 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an atta
14-11-2017 - 22:29 14-11-2017 - 22:29
CVE-2017-11822 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in t
13-10-2017 - 09:29 13-10-2017 - 09:29
CVE-2017-11810 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in t
13-10-2017 - 09:29 13-10-2017 - 09:29
CVE-2017-11800 7.6
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory
13-10-2017 - 09:29 13-10-2017 - 09:29
CVE-2017-11793 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in t
13-10-2017 - 09:29 13-10-2017 - 09:29
CVE-2017-8747 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the conte
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8741 7.6
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8738 7.6
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8735 4.3
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft E
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8731 7.6
Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that Microsoft Edge accesses objects in memory, aka "Microsoft Edge Memory Corruption
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8723 4.3
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain s
12-09-2017 - 21:29 12-09-2017 - 21:29
CVE-2017-8669 7.6
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context o
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8653 7.6
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in t
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8651 7.6
Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows Server 2012 allows an attacker to execute arbitrary code in the context of the current user due to Internet Explorer improperly accessing objects in memory, aka "Internet Explorer Mem
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8650 5.8
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8641 7.6
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the conte
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8640 7.6
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user due to the way that Microsoft browser JavaScript engines render content when handling objects
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8636 7.6
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the conte
08-08-2017 - 17:29 08-08-2017 - 17:29
CVE-2017-8621 5.8
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an open redirect vulnerability that could lead to spoofing, aka "Microsoft Exchange Open Redirect Vulnerability".
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-8611 4.3
Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows remote attackers to spoof web content via a crafted web site, aka "Microsoft Edge Spoofing Vulnerability."
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-8608 7.6
Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the c
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-8607 7.6
Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the conte
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-8606 7.6
Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the conte
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-8595 7.6
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Mi
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-0170 4.3
Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an information disclosure vulnerability
11-07-2017 - 17:29 11-07-2017 - 17:29
CVE-2017-8529 4.3
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do no
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8522 7.6
Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the context of the current user when th
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8517 7.6
Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an allow an attacker to execute arbitrary code in the
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8509 9.3
A remote code execution vulnerability exists in Microsoft Office when the software fails to properly handle objects in memory, aka "Office Remote Code Execution Vulnerability". This CVE ID is unique from CVE-2017-8510, CVE-2017-8511, CVE-2017-8512, C
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8498 4.3
Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Discl
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8497 7.6
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-8496 7.6
Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability".
14-06-2017 - 21:29 14-06-2017 - 21:29
CVE-2017-0207 4.3
Microsoft Outlook for Mac 2011 allows remote attackers to spoof web content via a crafted email with specific HTML tags, aka "Microsoft Browser Spoofing Vulnerability."
20-04-2017 - 14:20 12-04-2017 - 10:59
CVE-2017-0203 4.3
A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Se
20-04-2017 - 13:21 12-04-2017 - 10:59
CVE-2017-0037 7.6
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via ve
03-04-2017 - 21:59 26-02-2017 - 18:59
CVE-2016-0164 7.6
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
23-03-2017 - 21:59 12-04-2016 - 19:59
CVE-2016-0162 4.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."
23-03-2017 - 21:59 12-04-2016 - 19:59
CVE-2017-0018 7.6
Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different f
20-03-2017 - 09:48 16-03-2017 - 20:59
CVE-2017-0135 4.0
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and
17-03-2017 - 21:59 16-03-2017 - 20:59
CVE-2016-7288 7.6
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than C
10-02-2017 - 21:59 20-12-2016 - 01:59
CVE-2016-7201 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
19-01-2017 - 21:59 10-11-2016 - 01:59
CVE-2016-7200 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
19-01-2017 - 21:59 10-11-2016 - 01:59
CVE-2016-7297 7.6
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than C
27-12-2016 - 09:45 20-12-2016 - 01:59
CVE-2016-7296 7.6
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than C
27-12-2016 - 09:36 20-12-2016 - 01:59
CVE-2016-7241 7.6
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
23-12-2016 - 16:00 10-11-2016 - 01:59
CVE-2016-7267 4.3
Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses file formats, which makes it easier for remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Security Feature Bypass Vulnerability."
23-12-2016 - 15:51 20-12-2016 - 01:59
CVE-2016-0161 4.3
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158.
02-12-2016 - 22:16 12-04-2016 - 19:59
CVE-2016-0187 7.6
The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "S
30-11-2016 - 22:02 10-05-2016 - 21:59
CVE-2016-3207 7.6
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site
29-11-2016 - 22:05 15-06-2016 - 21:59
CVE-2016-3206 7.6
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site
29-11-2016 - 22:05 15-06-2016 - 21:59
CVE-2016-3202 7.6
The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a c
29-11-2016 - 22:05 15-06-2016 - 21:59
CVE-2016-7243 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7242 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7240 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7239 2.6
The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser In
28-11-2016 - 15:38 10-11-2016 - 01:59
CVE-2016-7208 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
28-11-2016 - 15:37 10-11-2016 - 01:59
CVE-2016-7203 7.6
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vu
28-11-2016 - 15:37 10-11-2016 - 01:59
CVE-2016-7199 2.6
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
28-11-2016 - 15:37 10-11-2016 - 01:59
CVE-2016-3392 2.6
The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Microsoft Browser Security Feature Bypass Vulnerability
28-11-2016 - 15:09 13-10-2016 - 22:59
CVE-2016-3391 2.6
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow context-dependent attackers to discover credentials by leveraging access to a memory dump, aka "Microsoft Browser Information Disclosure Vulnerability."
28-11-2016 - 15:09 13-10-2016 - 22:59
CVE-2016-3383 9.3
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
28-11-2016 - 15:09 13-10-2016 - 22:59
CVE-2016-3378 5.8
Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, 2013 Cumulative Update 12, 2013 Cumulative Update 13, 2016 Cumulative Update 1, and 2016 Cumulative Update 2 allows remote attackers to redirect users to arbitrary web sites and condu
28-11-2016 - 15:09 14-09-2016 - 06:59
CVE-2016-3329 2.6
Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability."
28-11-2016 - 15:08 09-08-2016 - 17:59
CVE-2016-3298 2.6
Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Inte
28-11-2016 - 15:07 13-10-2016 - 22:59
CVE-2016-3295 5.1
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
28-11-2016 - 15:07 14-09-2016 - 06:59
CVE-2016-3291 2.6
Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
28-11-2016 - 15:07 14-09-2016 - 06:59
CVE-2016-3274 2.6
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."
28-11-2016 - 15:07 12-07-2016 - 21:59
CVE-2016-3267 4.3
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
28-11-2016 - 15:07 13-10-2016 - 22:59
CVE-2016-3245 4.3
Microsoft Internet Explorer 9 through 11 allows remote attackers to trick users into making TCP connections to a restricted port via a crafted web site, aka "Internet Explorer Security Feature Bypass Vulnerability."
28-11-2016 - 15:06 12-07-2016 - 21:59
CVE-2016-3204 9.3
The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted we
28-11-2016 - 15:06 12-07-2016 - 21:59
CVE-2008-2540 9.3
Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downlo
08-11-2016 - 13:06 03-06-2008 - 11:32
CVE-2012-2531 2.1
Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability."
22-09-2016 - 13:15 13-11-2012 - 19:55
CVE-2009-2493 9.3
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2,
02-09-2016 - 17:26 29-07-2009 - 13:30
CVE-2014-2814 4.0
Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and Server 2012 Gold and R2 allows remote authenticated users to cause a denial of service (AMQP messaging outage) via crafted AMQP messages, aka "Service Bus Denial of Service Vulnera
04-12-2015 - 13:40 08-07-2014 - 18:55
CVE-2009-2495 7.8
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obt
27-11-2015 - 13:11 29-07-2009 - 13:30
CVE-2014-6317 7.1
Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.
30-10-2015 - 14:12 11-11-2014 - 17:55
CVE-2014-4077 9.3
Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Office 2007 SP3, when IMJPDCT.EXE (aka IME for Japanese) is installed, allow remote attackers to bypass a sandbox protection mechanism via a
31-12-2014 - 14:07 11-11-2014 - 17:55
CVE-2009-0901 9.3
The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1; and Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Serv
13-11-2014 - 21:59 29-07-2009 - 13:30
CVE-2012-2532 5.0
Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka
02-11-2013 - 23:24 13-11-2012 - 19:55
CVE-2012-0156 4.3
DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) insta
13-08-2012 - 23:33 13-03-2012 - 17:55
CVE-2011-2004 7.1
Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Pa
26-01-2012 - 23:00 08-11-2011 - 16:55
CVE-2011-1978 4.3
Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser a
21-09-2011 - 23:31 10-08-2011 - 17:55
CVE-2011-1971 4.7
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kern
21-09-2011 - 23:31 10-08-2011 - 17:55
CVE-2010-3937 4.0
Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
18-07-2011 - 22:40 16-12-2010 - 14:33
CVE-2010-3227 9.3
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows
18-07-2011 - 22:39 26-10-2010 - 18:00
CVE-2010-3223 7.5
The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to re
18-07-2011 - 00:00 13-10-2010 - 15:00
CVE-2010-0812 6.4
Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka
21-08-2010 - 01:40 14-04-2010 - 12:00
CVE-2010-0028 9.3
Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
21-08-2010 - 01:38 10-02-2010 - 13:30
CVE-2009-0239 4.3
Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a sea
21-08-2010 - 01:29 10-06-2009 - 14:00
Back to Top Mark selected
Back to Top