Total
1740 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-0492 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2023-12-10 | 9.3 HIGH | N/A |
Use-after-free vulnerability in mstime.dll in Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code via vectors related to the TIME2 behavior, the CTimeAction object, and destruction of markup, leading to memory corruption, aka "HTML Object Memory Corruption Vulnerability." | |||||
CVE-2011-1245 | 1 Microsoft | 6 Internet Explorer, Windows 2003 Server, Windows Server 2003 and 3 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 6 and 7 does not properly restrict script access to content from a (1) different domain or (2) different zone, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Javascript Information Disclosure Vulnerability." | |||||
CVE-2010-2556 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | |||||
CVE-2011-1258 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 6 through 8 does not properly restrict web script, which allows user-assisted remote attackers to obtain sensitive information from a different (1) domain or (2) zone via vectors involving a drag-and-drop operation, aka "Drag and Drop Information Disclosure Vulnerability." | |||||
CVE-2011-1346 | 1 Microsoft | 2 Internet Explorer, Windows 7 | 2023-12-10 | 9.3 HIGH | N/A |
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. | |||||
CVE-2011-1999 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability." | |||||
CVE-2011-1252 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability." | |||||
CVE-2010-2429 | 2 Microsoft, Splunk | 2 Internet Explorer, Splunk | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer in a "404 Not Found" response. | |||||
CVE-2011-4345 | 2 Microsoft, Namazu | 2 Internet Explorer, Namazu | 2023-12-10 | 2.6 LOW | N/A |
Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when Internet Explorer 6 or 7 is used, allows remote attackers to inject arbitrary web script or HTML via a cookie. | |||||
CVE-2009-4804 | 3 Mario Matzulla, Microsoft, Typo3 | 3 Calendar Base, Internet Explorer, Typo3 | 2023-12-10 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters." | |||||
CVE-2010-2091 | 1 Microsoft | 3 Exchange Server, Internet Explorer, Windows Server 2003 | 2023-12-10 | 4.3 MEDIUM | N/A |
Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value. | |||||
CVE-2010-0245 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671, CVE-2009-3674, and CVE-2010-0246. | |||||
CVE-2011-1255 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2023-12-10 | 9.3 HIGH | N/A |
The Timed Interactive Multimedia Extensions (aka HTML+TIME) implementation in Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Time Element Memory Corruption Vulnerability." | |||||
CVE-2010-1259 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | |||||
CVE-2011-1347 | 1 Microsoft | 2 Internet Explorer, Windows 7 | 2023-12-10 | 8.8 HIGH | N/A |
Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011. | |||||
CVE-2011-1260 | 1 Microsoft | 7 Internet Explorer, Windows 2003 Server, Windows 7 and 4 more | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 8 and 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Layout Memory Corruption Vulnerability." | |||||
CVE-2010-0489 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 2003 Server and 4 more | 2023-12-10 | 9.3 HIGH | N/A |
Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted HTML document that triggers memory corruption, aka "Race Condition Memory Corruption Vulnerability." | |||||
CVE-2010-2442 | 1 Microsoft | 1 Internet Explorer | 2023-12-10 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer, possibly 8, does not properly restrict focus changes, which allows remote attackers to read keystrokes via "cross-domain IFRAME gadgets." | |||||
CVE-2011-1254 | 1 Microsoft | 6 Internet Explorer, Windows 7, Windows Server 2003 and 3 more | 2023-12-10 | 9.3 HIGH | N/A |
Microsoft Internet Explorer 6 through 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Drag and Drop Memory Corruption Vulnerability." | |||||
CVE-2010-2118 | 1 Microsoft | 2 Ie, Internet Explorer | 2023-12-10 | 4.3 MEDIUM | N/A |
Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows remote attackers to cause a denial of service (resource consumption) via JavaScript code containing an infinite loop that creates IFRAME elements for invalid news:// URIs. |