Vendor CVEs
Microsoft
All CVEs
14,318 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-0736 | 0.03 | — | 0.32 | Aug 12, 2002 | Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank. | |||
| CVE-2002-0074 | 0.03 | — | 0.34 | Apr 22, 2002 | Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session. | |||
| CVE-2002-0071 | 0.03 | — | 0.34 | Apr 22, 2002 | Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names. | |||
| CVE-2002-0075 | 0.03 | — | 0.34 | Apr 22, 2002 | Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message. | |||
| CVE-2002-0022 | 0.03 | — | 0.40 | Mar 8, 2002 | Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated. | |||
| CVE-2002-0053 | 0.03 | — | 0.38 | Mar 8, 2002 | Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other… | |||
| CVE-2002-0055 | 0.03 | — | 0.38 | Mar 8, 2002 | SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. | |||
| CVE-2001-1518 | 0.03 | — | 0.06 | Dec 31, 2001 | RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this… | |||
| CVE-2001-1560 | 0.03 | — | 0.05 | Dec 31, 2001 | Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message. | |||
| CVE-2001-1519 | 0.03 | — | 0.06 | Dec 31, 2001 | RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are… | |||
| CVE-2001-0505 | 0.03 | — | 0.33 | Oct 30, 2001 | Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service. | |||
| CVE-2001-0709 | 0.03 | — | 0.36 | Sep 20, 2001 | Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode. | |||
| CVE-2001-1122 | 0.03 | — | 0.04 | Aug 3, 2001 | Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode. | |||
| CVE-2001-0146 | 0.03 | — | 0.37 | Jun 2, 2001 | IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's. | |||
| CVE-2001-1347 | 0.03 | — | 0.05 | May 24, 2001 | Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as… | |||
| CVE-2000-1085 | 0.03 | — | 0.05 | Jan 9, 2001 | The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a… | |||
| CVE-2000-1083 | 0.03 | — | 0.05 | Jan 9, 2001 | The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial… | |||
| CVE-2000-1081 | 0.03 | — | 0.05 | Jan 9, 2001 | The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause… | |||
| CVE-2000-0737 | 0.03 | — | 0.04 | Oct 20, 2000 | The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability. | |||
| CVE-2000-0232 | 0.03 | — | 0.04 | Mar 30, 2000 | Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request. | |||
| CVE-2000-0155 | 0.03 | — | 0.04 | Feb 18, 2000 | Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive. | |||
| CVE-2000-0167 | 0.03 | — | 0.03 | Feb 15, 2000 | IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory. | |||
| CVE-2000-0129 | 0.03 | — | 0.04 | Feb 4, 2000 | Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file. | |||
| CVE-2000-0121 | 0.03 | — | 0.05 | Feb 1, 2000 | The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability. | |||
| CVE-1999-1084 | 0.03 | — | 0.04 | Dec 31, 1999 | The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash. | |||
| CVE-2000-0100 | 0.03 | — | 0.03 | Dec 29, 1999 | The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program. | |||
| CVE-2000-0025 | 0.03 | — | 0.35 | Dec 21, 1999 | IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability. | |||
| CVE-1999-0975 | 0.03 | — | 0.03 | Dec 10, 1999 | The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed. | |||
| CVE-1999-0899 | 0.03 | — | 0.03 | Nov 4, 1999 | The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider. | |||
| CVE-1999-1235 | 0.03 | — | 0.03 | Aug 25, 1999 | Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the… | |||
| CVE-2000-0325 | 0.03 | — | 0.04 | Aug 20, 1999 | The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability. | |||
| CVE-1999-0700 | 0.03 | — | 0.05 | Jul 29, 1999 | Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file. | |||
| CVE-1999-0715 | 0.03 | — | 0.06 | May 20, 1999 | Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry. | |||
| CVE-1999-0716 | 0.03 | — | 0.06 | May 17, 1999 | Buffer overflow in Windows NT 4.0 help file utility via a malformed help file. | |||
| CVE-1999-0382 | 0.03 | — | 0.03 | Mar 12, 1999 | The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges. | |||
| CVE-1999-0376 | 0.03 | — | 0.02 | Feb 20, 1999 | Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs. | |||
| CVE-1999-0372 | 0.03 | — | 0.05 | Feb 12, 1999 | The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. | |||
| CVE-1999-0360 | 0.03 | — | 0.06 | Jan 30, 1999 | MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. | |||
| CVE-2019-0568 | Hig | 0.02 | 7.5 | 0.69 | Jan 8, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539,… | ||
| CVE-2019-0567 | Hig | 0.02 | 7.5 | 0.80 | Jan 8, 2019 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539,… | ||
| CVE-2018-8467 | Hig | 0.02 | 7.5 | 0.69 | Sep 13, 2018 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367,… | ||
| CVE-2018-8466 | Hig | 0.02 | 7.5 | 0.69 | Sep 13, 2018 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367,… | ||
| CVE-2018-8291 | Hig | 0.02 | 7.5 | 0.70 | Jul 11, 2018 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from… | ||
| CVE-2018-8288 | Hig | 0.02 | 7.5 | 0.70 | Jul 11, 2018 | A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from… | ||
| CVE-2018-8229 | Hig | 0.02 | 7.5 | 0.71 | Jun 14, 2018 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227. | ||
| CVE-2015-6161 | 0.02 | — | 0.20 | Dec 9, 2015 | Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass." | |||
| CVE-2015-6160 | 0.02 | — | 0.19 | Dec 9, 2015 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142,… | |||
| CVE-2015-6159 | 0.02 | — | 0.20 | Dec 9, 2015 | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140,… | |||
| CVE-2015-6151 | 0.02 | — | 0.20 | Dec 9, 2015 | Microsoft Internet Explorer 8 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than… | |||
| CVE-2015-6150 | 0.02 | — | 0.19 | Dec 9, 2015 | Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6154. |
- CVE-2002-0736Aug 12, 2002risk 0.03cvss —epss 0.32
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
- CVE-2002-0074Apr 22, 2002risk 0.03cvss —epss 0.34
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.
- CVE-2002-0071Apr 22, 2002risk 0.03cvss —epss 0.34
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.
- CVE-2002-0075Apr 22, 2002risk 0.03cvss —epss 0.34
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.
- CVE-2002-0022Mar 8, 2002risk 0.03cvss —epss 0.40
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.
- CVE-2002-0053Mar 8, 2002risk 0.03cvss —epss 0.38
Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows NT 4.0, Windows 2000, and Windows XP allows remote attackers to cause a denial of service or execute arbitrary code via a malformed management request. NOTE: this candidate may be split or merged with other…
- CVE-2002-0055Mar 8, 2002risk 0.03cvss —epss 0.38
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
- CVE-2001-1518Dec 31, 2001risk 0.03cvss —epss 0.06
RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service. NOTE: the vendor disputes this…
- CVE-2001-1560Dec 31, 2001risk 0.03cvss —epss 0.05
Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.
- CVE-2001-1519Dec 31, 2001risk 0.03cvss —epss 0.06
RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are…
- CVE-2001-0505Oct 30, 2001risk 0.03cvss —epss 0.33
Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
- CVE-2001-0709Sep 20, 2001risk 0.03cvss —epss 0.36
Microsoft IIS 4.0 and before, when installed on a FAT partition, allows a remote attacker to obtain source code of ASP files via a URL encoded with Unicode.
- CVE-2001-1122Aug 3, 2001risk 0.03cvss —epss 0.04
Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in 'SPECIAL' mode.
- CVE-2001-0146Jun 2, 2001risk 0.03cvss —epss 0.37
IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
- CVE-2001-1347May 24, 2001risk 0.03cvss —epss 0.05
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as…
- CVE-2000-1085Jan 9, 2001risk 0.03cvss —epss 0.05
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a…
- CVE-2000-1083Jan 9, 2001risk 0.03cvss —epss 0.05
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial…
- CVE-2000-1081Jan 9, 2001risk 0.03cvss —epss 0.05
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause…
- CVE-2000-0737Oct 20, 2000risk 0.03cvss —epss 0.04
The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability.
- CVE-2000-0232Mar 30, 2000risk 0.03cvss —epss 0.04
Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.
- CVE-2000-0155Feb 18, 2000risk 0.03cvss —epss 0.04
Windows NT Autorun executes the autorun.inf file on non-removable media, which allows local attackers to specify an alternate program to execute when other users access a drive.
- CVE-2000-0167Feb 15, 2000risk 0.03cvss —epss 0.03
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
- CVE-2000-0129Feb 4, 2000risk 0.03cvss —epss 0.04
Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP server allows attackers to cause a denial of service by performing a LIST command on a malformed .lnk file.
- CVE-2000-0121Feb 1, 2000risk 0.03cvss —epss 0.05
The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.
- CVE-1999-1084Dec 31, 1999risk 0.03cvss —epss 0.04
The "AEDebug" registry key is installed with insecure permissions, which allows local users to modify the key to specify a Trojan Horse debugger which is automatically executed on a system crash.
- CVE-2000-0100Dec 29, 1999risk 0.03cvss —epss 0.03
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.
- CVE-2000-0025Dec 21, 1999risk 0.03cvss —epss 0.35
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
- CVE-1999-0975Dec 10, 1999risk 0.03cvss —epss 0.03
The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.
- CVE-1999-0899Nov 4, 1999risk 0.03cvss —epss 0.03
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.
- CVE-1999-1235Aug 25, 1999risk 0.03cvss —epss 0.03
Internet Explorer 5.0 records the username and password for FTP servers in the URL history, which could allow (1) local users to read the information from another user's index.dat, or (2) people who are physically observing ("shoulder surfing") another user to read the…
- CVE-2000-0325Aug 20, 1999risk 0.03cvss —epss 0.04
The Microsoft Jet database engine allows an attacker to execute commands via a database query, aka the "VBA Shell" vulnerability.
- CVE-1999-0700Jul 29, 1999risk 0.03cvss —epss 0.05
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
- CVE-1999-0715May 20, 1999risk 0.03cvss —epss 0.06
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.
- CVE-1999-0716May 17, 1999risk 0.03cvss —epss 0.06
Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.
- CVE-1999-0382Mar 12, 1999risk 0.03cvss —epss 0.03
The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.
- CVE-1999-0376Feb 20, 1999risk 0.03cvss —epss 0.02
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.
- CVE-1999-0372Feb 12, 1999risk 0.03cvss —epss 0.05
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
- CVE-1999-0360Jan 30, 1999risk 0.03cvss —epss 0.06
MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely.
- risk 0.02cvss 7.5epss 0.69
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539,…
- risk 0.02cvss 7.5epss 0.80
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539,…
- risk 0.02cvss 7.5epss 0.69
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367,…
- risk 0.02cvss 7.5epss 0.69
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8367,…
- risk 0.02cvss 7.5epss 0.70
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from…
- risk 0.02cvss 7.5epss 0.70
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. This CVE ID is unique from…
- risk 0.02cvss 7.5epss 0.71
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227.
- CVE-2015-6161Dec 9, 2015risk 0.02cvss —epss 0.20
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass."
- CVE-2015-6160Dec 9, 2015risk 0.02cvss —epss 0.19
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142,…
- CVE-2015-6159Dec 9, 2015risk 0.02cvss —epss 0.20
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140,…
- CVE-2015-6151Dec 9, 2015risk 0.02cvss —epss 0.20
Microsoft Internet Explorer 8 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than…
- CVE-2015-6150Dec 9, 2015risk 0.02cvss —epss 0.19
Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6154.
Page 225 of 287