CVE Daily – Internet Explorer

[Critical] CVE-2026-9264 – A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components...

Fri, 22 May 2026 02:16:35 +0000

Critical CVE-2026-9264

A cross-site scripting (XSS) vulnerability in SketchUp 2026's Dynamic Components feature allows remote code execution and local file exfiltration through maliciously crafted SKP files. The vulnerability stems from improper input sanitization in the component options window, enabling attackers to execute arbitrary system commands and read local files without user interaction by exploiting an embed…

CVSS: 9.3 · CWE: CWE-94

View on NVD

[Medium] CVE-2019-25463 – SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vu...

Wed, 11 Mar 2026 19:15:59 +0000

Medium CVE-2019-25463

SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during registration to trigger a buffer overflow and crash the application.

CVSS: 6.2 · CWE: CWE-787

View on NVD

[High] CVE-2023-53875 – GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Int...

Mon, 15 Dec 2025 21:15:50 +0000

High CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server interaction.

CVSS: 8.8 · CWE: CWE-319

View on NVD

[High] CVE-2025-59295 – Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker ...

Tue, 14 Oct 2025 17:16:12 +0000

High CVE-2025-59295

Heap-based buffer overflow in Internet Explorer allows an unauthorized attacker to execute code over a network.

CVSS: 8.8 · CWE: CWE-122

View on NVD

[High] CVE-2008-20001 – activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vuln...

Sat, 30 Aug 2025 14:15:33 +0000

High CVE-2008-20001

activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in In…

CVSS: 7.5 · CWE: CWE-121

View on NVD

[Medium] CVE-2025-31488 – Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use ...

Sun, 06 Apr 2025 20:15:14 +0000

Medium CVE-2025-31488

Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE background to access the specified webpage without knowing it. This vulnerability is fixed in 2.9.3.

CVSS: 4.9 · CWE: CWE-20

View on NVD

[High] CVE-2025-21326 – Internet Explorer Remote Code Execution Vulnerability

Tue, 14 Jan 2025 18:15:57 +0000

High CVE-2025-21326

Internet Explorer Remote Code Execution Vulnerability

CVSS: 7.8 · CWE: CWE-843

View on NVD

[High] CVE-2023-40290 – An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devi...

Wed, 27 Mar 2024 04:15:10 +0000

High CVE-2023-40290

An issue was discovered on Supermicro X11SSM-F, X11SAE-F, and X11SSE-F 1.66 devices. An attacker could exploit an XSS issue that affects Internet Explorer 11 on Windows.

CVSS: 8.3 · CWE: CWE-79

View on NVD

[Medium] CVE-2022-25869 – All versions of the package angular; all versions of the package angularjs.core;...

Fri, 15 Jul 2022 20:15:08 +0000

Medium CVE-2022-25869

All versions of the package angular; all versions of the package angularjs.core; all versions of the package angularjs are vulnerable to Cross-site Scripting (XSS) due to insecure page caching in the Internet Explorer browser, which allows interpolation of elements.</p> <p><strong>CVSS:</strong> 4.2 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-25869">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2022-30119 – XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Exp...</h1> <p>Fri, 24 Jun 2022 15:15:10 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2022-30119</strong></p> <p>XSS in /dashboard/reports/logs/view - old browsers only. When using Internet Explorer with the XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2. This cannot be exploited in modern-day web browsers due to an automatic input escape mechanism. Concrete CMS Security team ranked this vuln…</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-30119">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2022-30118 – Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUI...</h1> <p>Fri, 24 Jun 2022 15:15:10 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2022-30118</strong></p> <p>Title for CVE: XSS in /dashboard/system/express/entities/forms/save_control/[GUID]: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can allow XSS. This cannot be exploited in modern-day web browsers due to an automatic input escape mec…</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-30118">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2022-1756 – The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_...</h1> <p>Mon, 13 Jun 2022 13:15:11 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2022-1756</strong></p> <p>The Newsletter WordPress plugin before 7.4.5 does not sanitize and escape the $_SERVER['REQUEST_URI'] before echoing it back in admin pages. Although this uses addslashes, and most modern browsers automatically URLEncode requests, this is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below.</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-1756">View on NVD</a></p> </article> <article> <h1>[Critical] CVE-2022-32269 – In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript:...</h1> <p>Fri, 03 Jun 2022 06:15:07 +0000</p> <p><strong><span class="badge risk critical">Critical</span> CVE-2022-32269</strong></p> <p>In Real Player 20.0.8.310, the G2 Control allows injection of unsafe javascript: URIs in local HTTP error pages (displayed by Internet Explorer core). This leads to arbitrary code execution.</p> <p><strong>CVSS:</strong> 9.8 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2022-32269">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2021-43551 – A remote attacker with write access to PI Vision could inject code into a displa...</h1> <p>Wed, 17 Nov 2021 19:15:09 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2021-43551</strong></p> <p>A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim's user permissions.</p> <p><strong>CVSS:</strong> 6.5 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-43551">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2021-38492 – When delegating navigations to the operating system, Firefox would accept the `m...</h1> <p>Wed, 03 Nov 2021 01:15:07 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2021-38492</strong></p> <p>When delegating navigations to the operating system, Firefox would accept the `mk` scheme which might allow attackers to launch pages and execute scripts in Internet Explorer in unprivileged mode. *This bug only affects Firefox for Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 92, Thunderbird < 91.1, Thunderbird < 78.14, Firefox ESR < 78.14, and Firefox E…</p> <p><strong>CVSS:</strong> 6.5 · <strong>CWE:</strong> N/A</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-38492">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2021-39857 – Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005.20060 (an...</h1> <p>Wed, 29 Sep 2021 16:15:10 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2021-39857</strong></p> <p>Adobe Acrobat Reader DC add-on for Internet Explorer versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to check for existence of local files. Exploitation of this issue requires user interaction in that a victim must visit an att…</p> <p><strong>CVSS:</strong> 4.3 · <strong>CWE:</strong> CWE-200</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-39857">View on NVD</a></p> </article> <article> <h1>[High] CVE-2021-34412 – During the installation process for all versions of the Zoom Client for Meetings...</h1> <p>Mon, 27 Sep 2021 14:15:08 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2021-34412</strong></p> <p>During the installation process for all versions of the Zoom Client for Meetings for Windows before 5.4.0, it is possible to launch Internet Explorer. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.</p> <p><strong>CVSS:</strong> 7.8 · <strong>CWE:</strong> CWE-269</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-34412">View on NVD</a></p> </article> <article> <h1>[High] CVE-2021-34411 – During the installation process forZoom Rooms for Conference Room for Windows be...</h1> <p>Mon, 27 Sep 2021 14:15:08 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2021-34411</strong></p> <p>During the installation process forZoom Rooms for Conference Room for Windows before version 5.3.0 it is possible to launch Internet Explorer with elevated privileges. If the installer was launched with elevated privileges such as by SCCM this can result in a local privilege escalation.</p> <p><strong>CVSS:</strong> 7.8 · <strong>CWE:</strong> CWE-269</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-34411">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2021-32782 – Nextcloud Circles is an open source social network built for the nextcloud ecosy...</h1> <p>Tue, 07 Sep 2021 20:15:07 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2021-32782</strong></p> <p>Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Circl…</p> <p><strong>CVSS:</strong> 5.8 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-32782">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2021-35240 – A security researcher stored XSS via a Help Server setting. This affects custome...</h1> <p>Tue, 31 Aug 2021 16:15:07 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2021-35240</strong></p> <p>A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.</p> <p><strong>CVSS:</strong> 6.5 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-35240">View on NVD</a></p> </article> <article> <h1>[High] CVE-2020-7863 – A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary comma...</h1> <p>Thu, 05 Aug 2021 21:15:09 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2020-7863</strong></p> <p>A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting the parameter to the command they want to execute. A successful exploit could allow the attacker to e…</p> <p><strong>CVSS:</strong> 8.8 · <strong>CWE:</strong> CWE-20</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-7863">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2021-34630 – In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_reques...</h1> <p>Fri, 30 Jul 2021 21:15:08 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2021-34630</strong></p> <p>In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER['REQUEST_URI']. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below, or in cases where an…</p> <p><strong>CVSS:</strong> 5.0 · <strong>CWE:</strong> CWE-116</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-34630">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2021-30151 – Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the...</h1> <p>Tue, 06 Apr 2021 06:15:15 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2021-30151</strong></p> <p>Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used.</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-30151">View on NVD</a></p> </article> <article> <h1>[High] CVE-2021-27085 – Internet Explorer Remote Code Execution Vulnerability</h1> <p>Thu, 11 Mar 2021 16:15:18 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2021-27085</strong></p> <p>Internet Explorer Remote Code Execution Vulnerability</p> <p><strong>CVSS:</strong> 8.8 · <strong>CWE:</strong> N/A</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-27085">View on NVD</a></p> </article> <article> <h1>[High] CVE-2021-26411 – Internet Explorer Memory Corruption Vulnerability</h1> <p>Thu, 11 Mar 2021 16:15:13 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2021-26411</strong></p> <p>Internet Explorer Memory Corruption Vulnerability</p> <p><strong>CVSS:</strong> 8.8 · <strong>CWE:</strong> CWE-416</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-26411">View on NVD</a></p> </article> <article> <h1>[High] CVE-2021-27232 – The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464...</h1> <p>Tue, 16 Feb 2021 15:15:13 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2021-27232</strong></p> <p>The RTSPLive555.dll ActiveX control in Pelco Digital Sentry Server 7.18.72.11464 has a SetCameraConnectionParameter stack-based buffer overflow. This can be exploited by a remote attacker to potentially execute arbitrary attacker-supplied code. The victim would have to visit a malicious webpage using Internet Explorer where the exploit could be triggered.</p> <p><strong>CVSS:</strong> 8.8 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2021-27232">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2020-8294 – A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 all...</h1> <p>Wed, 03 Feb 2021 17:15:16 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2020-8294</strong></p> <p>A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format.</p> <p><strong>CVSS:</strong> 5.4 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-8294">View on NVD</a></p> </article> <article> <h1>[High] CVE-2020-17053 – Internet Explorer Memory Corruption Vulnerability</h1> <p>Wed, 11 Nov 2020 07:15:16 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2020-17053</strong></p> <p>Internet Explorer Memory Corruption Vulnerability</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-17053">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2020-25786 – webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices...</h1> <p>Sat, 19 Sep 2020 20:15:11 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2020-25786</strong></p> <p>webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP reques…</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-25786">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2020-16884 – <p>A remote code execution vulnerability exists in the way that the IEToEdge Bro...</h1> <p>Fri, 11 Sep 2020 17:15:17 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2020-16884</strong></p> <p><p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current…</p> <p><strong>CVSS:</strong> 4.2 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-16884">View on NVD</a></p> </article> <article> <h1>[High] CVE-2020-1570 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Mon, 17 Aug 2020 19:15:20 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2020-1570</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is l…</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-1570">View on NVD</a></p> </article> <article> <h1>[High] CVE-2020-1380 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Mon, 17 Aug 2020 19:15:14 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2020-1380</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is l…</p> <p><strong>CVSS:</strong> 7.8 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-1380">View on NVD</a></p> </article> <article> <h1>[High] CVE-2020-15138 – Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewer...</h1> <p>Fri, 07 Aug 2020 17:15:10 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2020-15138</strong></p> <p>Prism is vulnerable to Cross-Site Scripting. The easing preview of the Previewers plugin has an XSS vulnerability that allows attackers to execute arbitrary code in Safari and Internet Explorer. This impacts all Safari and Internet Explorer users of Prism >=v1.1.0 that use the _Previewers_ plugin (>=v1.10.0) or the _Previewer: Easing_ plugin (v1.1.0 to v1.9.0). This problem is fixed in version 1.…</p> <p><strong>CVSS:</strong> 7.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-15138">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2020-1432 – An information disclosure vulnerability exists when Skype for Business is access...</h1> <p>Tue, 14 Jul 2020 23:15:18 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2020-1432</strong></p> <p>An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'.</p> <p><strong>CVSS:</strong> 4.3 · <strong>CWE:</strong> N/A</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-1432">View on NVD</a></p> </article> <article> <h1>[Critical] CVE-2020-9633 – Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player fo...</h1> <p>Fri, 12 Jun 2020 14:15:11 +0000</p> <p><strong><span class="badge risk critical">Critical</span> CVE-2020-9633</strong></p> <p>Adobe Flash Player Desktop Runtime 32.0.0.371 and earlier, Adobe Flash Player for Google Chrome 32.0.0.371 and earlier, and Adobe Flash Player for Microsoft Edge and Internet Explorer 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.</p> <p><strong>CVSS:</strong> 9.8 · <strong>CWE:</strong> CWE-416</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-9633">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2020-1315 – An information disclosure vulnerability exists when Internet Explorer improperly...</h1> <p>Tue, 09 Jun 2020 20:15:20 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2020-1315</strong></p> <p>An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'.</p> <p><strong>CVSS:</strong> 5.3 · <strong>CWE:</strong> N/A</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-1315">View on NVD</a></p> </article> <article> <h1>[Critical] CVE-2019-20830 – An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out...</h1> <p>Thu, 04 Jun 2020 17:15:12 +0000</p> <p><strong><span class="badge risk critical">Critical</span> CVE-2019-20830</strong></p> <p>An issue was discovered in Foxit Reader and PhantomPDF before 9.6. It has an out-of-bounds write when Internet Explorer is used.</p> <p><strong>CVSS:</strong> 9.8 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-20830">View on NVD</a></p> </article> <article> <h1>[Critical] CVE-2019-20825 – An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-boun...</h1> <p>Thu, 04 Jun 2020 17:15:12 +0000</p> <p><strong><span class="badge risk critical">Critical</span> CVE-2019-20825</strong></p> <p>An issue was discovered in Foxit PhantomPDF before 8.3.11. It has an out-of-bounds write when Internet Explorer is used.</p> <p><strong>CVSS:</strong> 9.8 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-20825">View on NVD</a></p> </article> <article> <h1>[High] CVE-2020-1092 – A remote code execution vulnerability exists when Internet Explorer improperly a...</h1> <p>Thu, 21 May 2020 23:15:13 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2020-1092</strong></p> <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1062.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-1092">View on NVD</a></p> </article> <article> <h1>[High] CVE-2020-1062 – A remote code execution vulnerability exists when Internet Explorer improperly a...</h1> <p>Thu, 21 May 2020 23:15:12 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2020-1062</strong></p> <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1092.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-1062">View on NVD</a></p> </article> <article> <h1>[High] CVE-2020-0968 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Wed, 15 Apr 2020 15:15:18 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2020-0968</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0970.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-0968">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2009-5159 – Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Expl...</h1> <p>Fri, 13 Mar 2020 15:15:11 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2009-5159</strong></p> <p>Invision Power Board (aka IPB or IP.Board) 2.x through 3.0.4, when Internet Explorer 5 is used, allows XSS via a .txt attachment.</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2009-5159">View on NVD</a></p> </article> <article> <h1>[High] CVE-2020-0833 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Thu, 12 Mar 2020 16:15:17 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2020-0833</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-0833">View on NVD</a></p> </article> <article> <h1>[High] CVE-2020-0832 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Thu, 12 Mar 2020 16:15:17 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2020-0832</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-0832">View on NVD</a></p> </article> <article> <h1>[High] CVE-2020-0824 – A remote code execution vulnerability exists when Internet Explorer improperly a...</h1> <p>Thu, 12 Mar 2020 16:15:17 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2020-0824</strong></p> <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-0824">View on NVD</a></p> </article> <article> <h1>[High] CVE-2020-0674 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Tue, 11 Feb 2020 22:15:14 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2020-0674</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0673, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-416</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-0674">View on NVD</a></p> </article> <article> <h1>[High] CVE-2020-0673 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Tue, 11 Feb 2020 22:15:14 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2020-0673</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0674, CVE-2020-0710, CVE-2020-0711, CVE-2020-0712, CVE-2020-0713, CVE-2020-0767.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-0673">View on NVD</a></p> </article> <article> <h1>[High] CVE-2020-0640 – A remote code execution vulnerability exists when Internet Explorer improperly a...</h1> <p>Tue, 14 Jan 2020 23:15:32 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2020-0640</strong></p> <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2020-0640">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2019-18652 – A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 throu...</h1> <p>Tue, 07 Jan 2020 22:15:12 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2019-18652</strong></p> <p>A DOM based XSS vulnerability has been identified on the WatchGuard XMT515 through 12.1.3, allowing a remote attacker to execute JavaScript in the victim's browser by tricking the victim into clicking on a crafted link. The payload was tested in Microsoft Internet Explorer 11.418.18362.0 and Microsoft Edge 44.18362.387.0 (Microsoft EdgeHTML 18.18362).</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-18652">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-1429 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Tue, 12 Nov 2019 19:15:14 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-1429</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-416</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1429">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2019-18209 – templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not enco...</h1> <p>Sat, 19 Oct 2019 01:15:10 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2019-18209</strong></p> <p>templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as demonstrated by Internet Explorer.</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-18209">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-1371 – A remote code execution vulnerability exists when Internet Explorer improperly a...</h1> <p>Thu, 10 Oct 2019 14:15:18 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-1371</strong></p> <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1371">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2019-17070 – The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for Wo...</h1> <p>Thu, 10 Oct 2019 12:10:19 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2019-17070</strong></p> <p>The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for WordPress allows XSS with Internet Explorer.</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-17070">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-1367 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Mon, 23 Sep 2019 20:15:13 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-1367</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1221.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1367">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2019-16216 – Zulip server before 2.0.5 incompletely validated the MIME types of uploaded file...</h1> <p>Wed, 18 Sep 2019 12:15:10 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2019-16216</strong></p> <p>Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explo…</p> <p><strong>CVSS:</strong> 5.4 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-16216">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-1221 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Wed, 11 Sep 2019 22:15:14 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-1221</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1221">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-1194 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Wed, 14 Aug 2019 21:15:17 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-1194</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is l…</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1194">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-1133 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Wed, 14 Aug 2019 21:15:14 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-1133</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is l…</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1133">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-1057 – A remote code execution vulnerability exists when the Microsoft XML Core Service...</h1> <p>Wed, 14 Aug 2019 21:15:13 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-1057</strong></p> <p>A remote code execution vulnerability exists when the Microsoft XML Core Services MSXML parser processes user input. An attacker who successfully exploited the vulnerability could run malicious code remotely to take control of the user’s system. To exploit the vulnerability, an attacker could host a specially crafted website designed to invoke MSXML through a web browser. However, an attacker wou…</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-611</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1057">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2019-11702 – A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:,...</h1> <p>Tue, 23 Jul 2019 14:15:14 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2019-11702</strong></p> <p>A hyperlink using protocols associated with Internet Explorer, such as IE.HTTP:, can be used to open local files at a known location with Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67.0.2.</p> <p><strong>CVSS:</strong> 6.5 · <strong>CWE:</strong> CWE-862</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11702">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2019-11700 – A hyperlink using the res: protocol can be used to open local files at a known l...</h1> <p>Tue, 23 Jul 2019 14:15:14 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2019-11700</strong></p> <p>A hyperlink using the res: protocol can be used to open local files at a known location in Internet Explorer if a user approves execution when prompted. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox < 67.</p> <p><strong>CVSS:</strong> 6.5 · <strong>CWE:</strong> CWE-862</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-11700">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-1063 – A remote code execution vulnerability exists when Internet Explorer improperly a...</h1> <p>Mon, 15 Jul 2019 19:15:16 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-1063</strong></p> <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1063">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-1059 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Mon, 15 Jul 2019 19:15:16 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-1059</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1056.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1059">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-1056 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Mon, 15 Jul 2019 19:15:16 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-1056</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1004, CVE-2019-1059.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1056">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-1004 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Mon, 15 Jul 2019 19:15:16 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-1004</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1001, CVE-2019-1056, CVE-2019-1059.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1004">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2019-1043 – A remote code execution vulnerability exists in the way that comctl32.dll handle...</h1> <p>Wed, 12 Jun 2019 14:29:03 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2019-1043</strong></p> <p>A remote code execution vulnerability exists in the way that comctl32.dll handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative…</p> <p><strong>CVSS:</strong> 6.4 · <strong>CWE:</strong> N/A</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-1043">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2019-7090 – Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for G...</h1> <p>Fri, 24 May 2019 19:29:02 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2019-7090</strong></p> <p>Flash Player Desktop Runtime versions 32.0.0.114 and earlier, Flash Player for Google Chrome versions 32.0.0.114 and earlier, and Flash Player for Microsoft Edge and Internet Explorer 11 versions 32.0.0.114 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.</p> <p><strong>CVSS:</strong> 6.5 · <strong>CWE:</strong> CWE-125</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-7090">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-0995 – A security feature bypass vulnerability exists when urlmon.dll improperly handle...</h1> <p>Thu, 16 May 2019 19:29:05 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-0995</strong></p> <p>A security feature bypass vulnerability exists when urlmon.dll improperly handles certain Mark of the Web queries, aka 'Internet Explorer Security Feature Bypass Vulnerability'.</p> <p><strong>CVSS:</strong> 8.8 · <strong>CWE:</strong> N/A</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0995">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2019-0930 – An information disclosure vulnerability exists when Internet Explorer improperly...</h1> <p>Thu, 16 May 2019 19:29:03 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2019-0930</strong></p> <p>An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory, aka 'Internet Explorer Information Disclosure Vulnerability'.</p> <p><strong>CVSS:</strong> 6.5 · <strong>CWE:</strong> N/A</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0930">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-0929 – A remote code execution vulnerability exists when Internet Explorer improperly a...</h1> <p>Thu, 16 May 2019 19:29:03 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-0929</strong></p> <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0929">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2019-0921 – An spoofing vulnerability exists when Internet Explorer improperly handles URLs,...</h1> <p>Thu, 16 May 2019 19:29:02 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2019-0921</strong></p> <p>An spoofing vulnerability exists when Internet Explorer improperly handles URLs, aka 'Internet Explorer Spoofing Vulnerability'.</p> <p><strong>CVSS:</strong> 6.5 · <strong>CWE:</strong> N/A</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0921">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-0862 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Tue, 09 Apr 2019 21:29:02 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-0862</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0753.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0862">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-0753 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Tue, 09 Apr 2019 21:29:00 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-0753</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0752, CVE-2019-0862.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0753">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-0752 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Tue, 09 Apr 2019 21:29:00 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-0752</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0739, CVE-2019-0753, CVE-2019-0862.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-843</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0752">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-0783 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Tue, 09 Apr 2019 03:29:00 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-0783</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0783">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2019-0768 – A security feature bypass vulnerability exists when Internet Explorer VBScript e...</h1> <p>Tue, 09 Apr 2019 02:29:00 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2019-0768</strong></p> <p>A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.</p> <p><strong>CVSS:</strong> 4.3 · <strong>CWE:</strong> CWE-20</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0768">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-0763 – A remote code execution vulnerability exists when Internet Explorer improperly a...</h1> <p>Tue, 09 Apr 2019 02:29:00 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-0763</strong></p> <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0763">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2019-0761 – A security feature bypass vulnerability exists when Internet Explorer fails to v...</h1> <p>Tue, 09 Apr 2019 02:29:00 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2019-0761</strong></p> <p>A security feature bypass vulnerability exists when Internet Explorer fails to validate the correct Security Zone of requests for specific URLs, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0768.</p> <p><strong>CVSS:</strong> 6.5 · <strong>CWE:</strong> CWE-863</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0761">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-0680 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Tue, 09 Apr 2019 00:29:00 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-0680</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0680">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2019-9644 – An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 al...</h1> <p>Tue, 12 Mar 2019 09:29:00 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2019-9644</strong></p> <p>An XSSI (cross-site inclusion) vulnerability in Jupyter Notebook before 5.7.6 allows inclusion of resources on malicious pages when visited by users who are authenticated with a Jupyter server. Access to the content of resources has been demonstrated with Internet Explorer through capturing of error messages, though not reproduced with other browsers. This occurs because Internet Explorer's error…</p> <p><strong>CVSS:</strong> 5.4 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-9644">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2019-0676 – An information disclosure vulnerability exists when Internet Explorer improperly...</h1> <p>Tue, 05 Mar 2019 23:29:02 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2019-0676</strong></p> <p>An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited this vulnerability could test for the presence of files on disk, aka 'Internet Explorer Information Disclosure Vulnerability'.</p> <p><strong>CVSS:</strong> 6.5 · <strong>CWE:</strong> N/A</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0676">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-0606 – A remote code execution vulnerability exists when Internet Explorer improperly a...</h1> <p>Tue, 05 Mar 2019 23:29:00 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-0606</strong></p> <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0606">View on NVD</a></p> </article> <article> <h1>[High] CVE-2019-0541 – A remote code execution vulnerability exists in the way that the MSHTML engine i...</h1> <p>Tue, 08 Jan 2019 21:29:00 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2019-0541</strong></p> <p>A remote code execution vulnerability exists in the way that the MSHTML engine inproperly validates input, aka "MSHTML Engine Remote Code Execution Vulnerability." This affects Microsoft Office, Microsoft Office Word Viewer, Internet Explorer 9, Internet Explorer 11, Microsoft Excel Viewer, Internet Explorer 10, Office 365 ProPlus.</p> <p><strong>CVSS:</strong> 8.8 · <strong>CWE:</strong> CWE-77</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2019-0541">View on NVD</a></p> </article> <article> <h1>[High] CVE-2018-8653 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Thu, 20 Dec 2018 13:29:00 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2018-8653</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8643.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-8653">View on NVD</a></p> </article> <article> <h1>[High] CVE-2018-8643 – A remote code execution vulnerability exists in the way that the scripting engin...</h1> <p>Wed, 12 Dec 2018 00:29:01 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2018-8643</strong></p> <p>A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-8643">View on NVD</a></p> </article> <article> <h1>[High] CVE-2018-8631 – A remote code execution vulnerability exists when Internet Explorer improperly a...</h1> <p>Wed, 12 Dec 2018 00:29:01 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2018-8631</strong></p> <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-8631">View on NVD</a></p> </article> <article> <h1>[High] CVE-2018-8625 – A remote code execution vulnerability exists in the way that the VBScript engine...</h1> <p>Wed, 12 Dec 2018 00:29:01 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2018-8625</strong></p> <p>A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-416</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-8625">View on NVD</a></p> </article> <article> <h1>[High] CVE-2018-8619 – A remote code execution vulnerability exists when the Internet Explorer VBScript...</h1> <p>Wed, 12 Dec 2018 00:29:01 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2018-8619</strong></p> <p>A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-269</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-8619">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2018-19787 – An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.htm...</h1> <p>Sun, 02 Dec 2018 10:29:00 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2018-19787</strong></p> <p>An issue was discovered in lxml before 4.2.5. lxml/html/clean.py in the lxml.html.clean module does not remove javascript: URLs that use escaping, allowing a remote attacker to conduct XSS attacks, as demonstrated by "j a v a s c r i p t:" in Internet Explorer. This is a similar issue to CVE-2014-3146.</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-19787">View on NVD</a></p> </article> <article> <h1>[Low] CVE-2018-19421 – In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explo...</h1> <p>Wed, 21 Nov 2018 21:29:00 +0000</p> <p><strong><span class="badge risk low">Low</span> CVE-2018-19421</strong></p> <p>In GetSimpleCMS 3.3.15, admin/upload.php blocks .html uploads but Internet Explorer render HTML elements in a .eml file, because of admin/upload-uploadify.php, and validate_safe_file in admin/inc/security_functions.php.</p> <p><strong>CVSS:</strong> 3.8 · <strong>CWE:</strong> CWE-434</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-19421">View on NVD</a></p> </article> <article> <h1>[High] CVE-2018-8570 – A remote code execution vulnerability exists when Internet Explorer improperly a...</h1> <p>Wed, 14 Nov 2018 01:29:01 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2018-8570</strong></p> <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-8570">View on NVD</a></p> </article> <article> <h1>[High] CVE-2018-8552 – An information disclosure vulnerability exists when VBScript improperly disclose...</h1> <p>Wed, 14 Nov 2018 01:29:01 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2018-8552</strong></p> <p>An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-119</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-8552">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2018-18966 – osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the ...</h1> <p>Tue, 06 Nov 2018 04:29:00 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2018-18966</strong></p> <p>osCommerce 2.3.4.1 has an incomplete '.htaccess' for blacklist filtering in the "product" page. The .htaccess file in catalog/images/ bans the html extension, but Internet Explorer render HTML elements in a .eml file.</p> <p><strong>CVSS:</strong> 4.9 · <strong>CWE:</strong> N/A</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-18966">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2018-17925 – Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For...</h1> <p>Wed, 10 Oct 2018 17:29:04 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2018-17925</strong></p> <p>Multiple instances of this vulnerability (Unsafe ActiveX Control Marked Safe For Scripting) have been identified in the third-party ActiveX object provided to GE iFIX versions 2.0 - 5.8 by Gigasoft. Only the independent use of the Gigasoft charting package outside the iFIX product may expose users to the reported vulnerability. The reported method shown to impact Internet Explorer is not exposed…</p> <p><strong>CVSS:</strong> 4.8 · <strong>CWE:</strong> CWE-623</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-17925">View on NVD</a></p> </article> <article> <h1>[High] CVE-2018-8491 – A remote code execution vulnerability exists when Internet Explorer improperly a...</h1> <p>Wed, 10 Oct 2018 13:29:03 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2018-8491</strong></p> <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8460.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-8491">View on NVD</a></p> </article> <article> <h1>[High] CVE-2018-8460 – A remote code execution vulnerability exists when Internet Explorer improperly a...</h1> <p>Wed, 10 Oct 2018 13:29:02 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2018-8460</strong></p> <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8491.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-8460">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2018-17039 – MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI becau...</h1> <p>Fri, 14 Sep 2018 07:29:00 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2018-17039</strong></p> <p>MiniCMS 1.10, when Internet Explorer is used, allows XSS via a crafted URI because $_SERVER['REQUEST_URI'] is mishandled.</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-17039">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2018-17031 – In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sn...</h1> <p>Fri, 14 Sep 2018 02:29:00 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2018-17031</strong></p> <p>In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent.</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-17031">View on NVD</a></p> </article> <article> <h1>[Medium] CVE-2018-8470 – A security feature bypass vulnerability exists in Internet Explorer due to how s...</h1> <p>Thu, 13 Sep 2018 00:29:06 +0000</p> <p><strong><span class="badge risk medium">Medium</span> CVE-2018-8470</strong></p> <p>A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.</p> <p><strong>CVSS:</strong> 6.1 · <strong>CWE:</strong> CWE-79</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-8470">View on NVD</a></p> </article> <article> <h1>[High] CVE-2018-8461 – A remote code execution vulnerability exists when Internet Explorer improperly a...</h1> <p>Thu, 13 Sep 2018 00:29:05 +0000</p> <p><strong><span class="badge risk high">High</span> CVE-2018-8461</strong></p> <p>A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 11. This CVE ID is unique from CVE-2018-8447.</p> <p><strong>CVSS:</strong> 7.5 · <strong>CWE:</strong> CWE-787</p> <p><a href="https://nvd.nist.gov/vuln/detail/CVE-2018-8461">View on NVD</a></p> </article> </main></body></html>