Total
3087 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-0091 | 1 Microsoft | 7 .net Framework, Windows 2000, Windows 7 and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability." | |||||
| CVE-2009-3673 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 7 and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability." | |||||
| CVE-2009-2510 | 1 Microsoft | 6 Windows 2000, Windows 2003 Server, Windows 7 and 3 more | 2025-04-09 | 6.8 MEDIUM | N/A |
| The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408. | |||||
| CVE-2010-0249 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 7 and 4 more | 2025-04-09 | 9.3 HIGH | 8.8 HIGH |
| Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability." | |||||
| CVE-2009-2497 | 1 Microsoft | 7 .net Framework, Windows 2000, Windows 7 and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
| The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability." | |||||
| CVE-2008-4033 | 1 Microsoft | 13 Expression Web, Groove, Office and 10 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability." | |||||
| CVE-2009-0090 | 1 Microsoft | 7 .net Framework, Windows 2000, Windows 7 and 4 more | 2025-04-09 | 9.3 HIGH | N/A |
| Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability." | |||||
| CVE-2009-1547 | 1 Microsoft | 7 Internet Explorer, Windows 2000, Windows 7 and 4 more | 2025-04-09 | 9.3 HIGH | 8.8 HIGH |
| Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability." | |||||
| CVE-2009-1044 | 2 Microsoft, Mozilla | 2 Windows 7, Firefox | 2025-04-09 | 9.3 HIGH | N/A |
| Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009. | |||||
| CVE-2009-2511 | 1 Microsoft | 6 Windows 2000, Windows 7, Windows Server 2003 and 3 more | 2025-04-09 | 7.5 HIGH | N/A |
| Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability." | |||||
| CVE-2020-0674 | 1 Microsoft | 15 Internet Explorer, Windows 10 1507, Windows 10 1607 and 12 more | 2025-04-08 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767. | |||||
| CVE-2019-0703 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1703 and 12 more | 2025-04-08 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0704, CVE-2019-0821. | |||||
| CVE-2018-8174 | 1 Microsoft | 10 Windows 10 1607, Windows 10 1703, Windows 10 1709 and 7 more | 2025-04-08 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2020-0968 | 1 Microsoft | 15 Internet Explorer, Windows 10 1507, Windows 10 1607 and 12 more | 2025-04-08 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970. | |||||
| CVE-2020-1027 | 1 Microsoft | 17 Windows 10 1507, Windows 10 1607, Windows 10 1709 and 14 more | 2025-04-08 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1003. | |||||
| CVE-2018-8373 | 1 Microsoft | 12 Internet Explorer, Windows 10 1507, Windows 10 1607 and 9 more | 2025-04-08 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8371, CVE-2018-8372, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. | |||||
| CVE-2019-0752 | 1 Microsoft | 14 Internet Explorer, Windows 10 1507, Windows 10 1607 and 11 more | 2025-04-08 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862. | |||||
| CVE-2018-8611 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1703, Windows 10 1709 and 9 more | 2025-04-08 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka "Windows Kernel Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers. | |||||
| CVE-2019-1315 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1703, Windows 10 1709 and 10 more | 2025-04-08 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1339, CVE-2019-1342. | |||||
| CVE-2019-1367 | 1 Microsoft | 14 Internet Explorer, Windows 10 1607, Windows 10 1703 and 11 more | 2025-04-08 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221. | |||||