Microsoft Internet Explorer 6.0 and possibly others allows remote attackers to upload arbitrary file contents when users press a key corresponding to the JavaScript (1) event.ctrlKey or (2) event.shiftKey onkeydown event contained in a webpage. NOTE: it was reported that the vendor has disputed...
7.2AI Score
0.017EPSS
A vulnerability in London Trust Media Private Internet Access (PIA) VPN Client v77 for Windows could allow an unauthenticated, local attacker to run executable files with elevated privileges. The vulnerability is due to insufficient implementation of access controls. The "Changelog" and "Help"...
7.8CVSS
7.6AI Score
0.0004EPSS
Microsoft Internet Explorer 6 through 9 does not prevent capture of data about the times of Same Origin Policy violations during IFRAME loading attempts, which makes it easier for remote attackers to determine whether a document exists in the browser cache via crafted JavaScript...
6.5AI Score
0.005EPSS
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the...
8AI Score
0.512EPSS
Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with SeaMonkey installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a mailto URI, which are...
8AI Score
0.512EPSS
Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary...
3.3CVSS
4.3AI Score
0.0004EPSS
Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious...
5.3CVSS
5.3AI Score
0.001EPSS
7.5CVSS
8.1AI Score
0.098EPSS
The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary....
9.6CVSS
9.5AI Score
0.002EPSS
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption...
7.5CVSS
8.1AI Score
0.017EPSS
Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode....
9.8CVSS
9.3AI Score
0.002EPSS
An information disclosure vulnerability exists in the way that affected Microsoft browsers handle cross-origin requests, aka 'Microsoft Browser Information Disclosure...
4.3CVSS
5.5AI Score
0.004EPSS
A spoofing vulnerability exists when Microsoft Browsers improperly handle browser cookies, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from...
4.3CVSS
6.3AI Score
0.001EPSS
A spoofing vulnerability exists when Microsoft Browsers does not properly parse HTTP content, aka 'Microsoft Browser Spoofing Vulnerability'. This CVE ID is unique from...
4.3CVSS
6.3AI Score
0.001EPSS
A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass...
4.3CVSS
6AI Score
0.001EPSS
A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins. The vulnerability allows Microsoft browsers to bypass Same-Origin Policy (SOP) restrictions, and to allow requests that should otherwise be ignored. An attacker who successfully.....
4.3CVSS
4.2AI Score
0.001EPSS
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption...
7.5CVSS
7.7AI Score
0.014EPSS
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka 'Microsoft Browser Information Disclosure...
6.5CVSS
6.2AI Score
0.003EPSS
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption...
7.5CVSS
7.7AI Score
0.014EPSS
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption...
7.5CVSS
7.5AI Score
0.14EPSS
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption...
7.5CVSS
8.1AI Score
0.014EPSS
A spoofing vulnerability exists when Microsoft browsers improperly handles specific redirects, aka 'Microsoft Browser Spoofing...
4.3CVSS
6.3AI Score
0.001EPSS
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...
8.8CVSS
8.8AI Score
0.011EPSS
An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer...
4.2CVSS
4.8AI Score
0.006EPSS
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer...
7.5CVSS
7AI Score
0.064EPSS
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow cross-frame interaction, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft Edge, Internet Explorer...
6.5CVSS
6.1AI Score
0.023EPSS
An elevation of privilege vulnerability exists in Microsoft browsers allowing sandbox escape, aka "Microsoft Browser Elevation of Privilege Vulnerability." This affects Internet Explorer 11, Microsoft...
8.3CVSS
8.4AI Score
0.004EPSS
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft...
7.5CVSS
8.1AI Score
0.061EPSS
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability." This affects Internet Explorer 11, Microsoft...
4.3CVSS
5.4AI Score
0.003EPSS
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information...
4.3CVSS
5.1AI Score
0.009EPSS
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows information...
4.3CVSS
5.1AI Score
0.009EPSS
Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML.....
6.1CVSS
6.3AI Score
0.002EPSS
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML...
7.5CVSS
7.4AI Score
0.933EPSS
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain....
7.5CVSS
7.3AI Score
0.007EPSS
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the...
7.5CVSS
7.2AI Score
0.928EPSS
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the....
7.5CVSS
7.1AI Score
0.044EPSS
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the....
7.5CVSS
7.2AI Score
0.928EPSS
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to obtain specific information used in the...
4.3CVSS
4.8AI Score
0.008EPSS
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft browsers...
7.5CVSS
8.1AI Score
0.078EPSS
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that...
7.5CVSS
7.9AI Score
0.955EPSS
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to Microsoft.....
7.5CVSS
8.1AI Score
0.078EPSS
Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user due to the way that...
7.5CVSS
7.9AI Score
0.955EPSS
Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a spoofing vulnerability in the way they parse HTTP content, aka "Microsoft Browser Spoofing...
6.5CVSS
6.3AI Score
0.005EPSS
Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests,...
6.5CVSS
6.5AI Score
0.007EPSS
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka...
6.5CVSS
6AI Score
0.002EPSS
A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing...
4.3CVSS
5.6AI Score
0.006EPSS
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and...
4.3CVSS
4.3AI Score
0.461EPSS
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and...
4.3CVSS
4.3AI Score
0.461EPSS
Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065,.....
Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets....