Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-2382

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-03 Jun, 2011 | 17:00
Updated At-17 Sep, 2024 | 02:41
Rejected At-
Credits

Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:03 Jun, 2011 | 17:00
Updated At:17 Sep, 2024 | 02:41
Rejected At:
â–¼CVE Numbering Authority (CNA)

Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.informationweek.com/news/security/vulnerabilities/229700031
x_refsource_MISC
http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388
x_refsource_MISC
http://news.cnet.com/8301-1009_3-20066419-83.html
x_refsource_MISC
http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/
x_refsource_MISC
http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/
x_refsource_MISC
http://www.youtube.com/watch?v=VsSkcnIFCxM
x_refsource_MISC
http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt
x_refsource_MISC
http://www.networkworld.com/community/node/74259
x_refsource_MISC
http://www.youtube.com/watch?v=V95CX-3JpK0
x_refsource_MISC
https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt
x_refsource_MISC
Hyperlink: http://www.informationweek.com/news/security/vulnerabilities/229700031
Resource:
x_refsource_MISC
Hyperlink: http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388
Resource:
x_refsource_MISC
Hyperlink: http://news.cnet.com/8301-1009_3-20066419-83.html
Resource:
x_refsource_MISC
Hyperlink: http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/
Resource:
x_refsource_MISC
Hyperlink: http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/
Resource:
x_refsource_MISC
Hyperlink: http://www.youtube.com/watch?v=VsSkcnIFCxM
Resource:
x_refsource_MISC
Hyperlink: http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt
Resource:
x_refsource_MISC
Hyperlink: http://www.networkworld.com/community/node/74259
Resource:
x_refsource_MISC
Hyperlink: http://www.youtube.com/watch?v=V95CX-3JpK0
Resource:
x_refsource_MISC
Hyperlink: https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://www.informationweek.com/news/security/vulnerabilities/229700031
x_refsource_MISC
x_transferred
http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388
x_refsource_MISC
x_transferred
http://news.cnet.com/8301-1009_3-20066419-83.html
x_refsource_MISC
x_transferred
http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/
x_refsource_MISC
x_transferred
http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/
x_refsource_MISC
x_transferred
http://www.youtube.com/watch?v=VsSkcnIFCxM
x_refsource_MISC
x_transferred
http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt
x_refsource_MISC
x_transferred
http://www.networkworld.com/community/node/74259
x_refsource_MISC
x_transferred
http://www.youtube.com/watch?v=V95CX-3JpK0
x_refsource_MISC
x_transferred
https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt
x_refsource_MISC
x_transferred
Hyperlink: http://www.informationweek.com/news/security/vulnerabilities/229700031
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://news.cnet.com/8301-1009_3-20066419-83.html
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.youtube.com/watch?v=VsSkcnIFCxM
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.networkworld.com/community/node/74259
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://www.youtube.com/watch?v=V95CX-3JpK0
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:03 Jun, 2011 | 17:55
Updated At:29 Apr, 2026 | 01:13

Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 beta, does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:N/A:N
CPE Matches

Microsoft Corporation
microsoft
>>ie>>9
cpe:2.3:a:microsoft:ie:9:beta:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>Versions up to 8(inclusive)
cpe:2.3:a:microsoft:internet_explorer:*:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>3.0
cpe:2.3:a:microsoft:internet_explorer:3.0:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>3.0.1
cpe:2.3:a:microsoft:internet_explorer:3.0.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>3.0.2
cpe:2.3:a:microsoft:internet_explorer:3.0.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>3.1
cpe:2.3:a:microsoft:internet_explorer:3.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>3.2
cpe:2.3:a:microsoft:internet_explorer:3.2:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.0
cpe:2.3:a:microsoft:internet_explorer:4.0:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.0.1
cpe:2.3:a:microsoft:internet_explorer:4.0.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.0.1
cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.0.1
cpe:2.3:a:microsoft:internet_explorer:4.0.1:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.01
cpe:2.3:a:microsoft:internet_explorer:4.01:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.1
cpe:2.3:a:microsoft:internet_explorer:4.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.01
cpe:2.3:a:microsoft:internet_explorer:4.01:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.5
cpe:2.3:a:microsoft:internet_explorer:4.5:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.40.308
cpe:2.3:a:microsoft:internet_explorer:4.40.308:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.40.520
cpe:2.3:a:microsoft:internet_explorer:4.40.520:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.70.1155
cpe:2.3:a:microsoft:internet_explorer:4.70.1155:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.70.1158
cpe:2.3:a:microsoft:internet_explorer:4.70.1158:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.70.1215
cpe:2.3:a:microsoft:internet_explorer:4.70.1215:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.70.1300
cpe:2.3:a:microsoft:internet_explorer:4.70.1300:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.71.544
cpe:2.3:a:microsoft:internet_explorer:4.71.544:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.71.1008.3
cpe:2.3:a:microsoft:internet_explorer:4.71.1008.3:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.71.1712.6
cpe:2.3:a:microsoft:internet_explorer:4.71.1712.6:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.72.2106.8
cpe:2.3:a:microsoft:internet_explorer:4.72.2106.8:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.72.3110.8
cpe:2.3:a:microsoft:internet_explorer:4.72.3110.8:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>4.72.3612.1713
cpe:2.3:a:microsoft:internet_explorer:4.72.3612.1713:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5
cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.0
cpe:2.3:a:microsoft:internet_explorer:5.0:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.0.1
cpe:2.3:a:microsoft:internet_explorer:5.0.1:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.0.1
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp1:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.0.1
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp2:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.0.1
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp3:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.0.1
cpe:2.3:a:microsoft:internet_explorer:5.0.1:sp4:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.0518.10
cpe:2.3:a:microsoft:internet_explorer:5.00.0518.10:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.0910.1309
cpe:2.3:a:microsoft:internet_explorer:5.00.0910.1309:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.2014.0216
cpe:2.3:a:microsoft:internet_explorer:5.00.2014.0216:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.2314.1003
cpe:2.3:a:microsoft:internet_explorer:5.00.2314.1003:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.2516.1900
cpe:2.3:a:microsoft:internet_explorer:5.00.2516.1900:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.2614.3500
cpe:2.3:a:microsoft:internet_explorer:5.00.2614.3500:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.2919.800
cpe:2.3:a:microsoft:internet_explorer:5.00.2919.800:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.2919.3800
cpe:2.3:a:microsoft:internet_explorer:5.00.2919.3800:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.2919.6307
cpe:2.3:a:microsoft:internet_explorer:5.00.2919.6307:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.2920.0000
cpe:2.3:a:microsoft:internet_explorer:5.00.2920.0000:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.3103.1000
cpe:2.3:a:microsoft:internet_explorer:5.00.3103.1000:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.3105.0106
cpe:2.3:a:microsoft:internet_explorer:5.00.3105.0106:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.3314.2101
cpe:2.3:a:microsoft:internet_explorer:5.00.3314.2101:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.3315.1000
cpe:2.3:a:microsoft:internet_explorer:5.00.3315.1000:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.3502.1000
cpe:2.3:a:microsoft:internet_explorer:5.00.3502.1000:*:*:*:*:*:*:*
Microsoft Corporation
microsoft
>>internet_explorer>>5.00.3700.1000
cpe:2.3:a:microsoft:internet_explorer:5.00.3700.1000:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388cve@mitre.org
N/A
http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.pptcve@mitre.org
N/A
http://news.cnet.com/8301-1009_3-20066419-83.htmlcve@mitre.org
N/A
http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/cve@mitre.org
N/A
http://www.informationweek.com/news/security/vulnerabilities/229700031cve@mitre.org
N/A
http://www.networkworld.com/community/node/74259cve@mitre.org
N/A
http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/cve@mitre.org
N/A
http://www.youtube.com/watch?v=V95CX-3JpK0cve@mitre.org
N/A
http://www.youtube.com/watch?v=VsSkcnIFCxMcve@mitre.org
N/A
https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.pptcve@mitre.org
N/A
http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388af854a3a-2127-422b-91ae-364da2661108
N/A
http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.pptaf854a3a-2127-422b-91ae-364da2661108
N/A
http://news.cnet.com/8301-1009_3-20066419-83.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.informationweek.com/news/security/vulnerabilities/229700031af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.networkworld.com/community/node/74259af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.youtube.com/watch?v=V95CX-3JpK0af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.youtube.com/watch?v=VsSkcnIFCxMaf854a3a-2127-422b-91ae-364da2661108
N/A
https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.pptaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://news.cnet.com/8301-1009_3-20066419-83.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.informationweek.com/news/security/vulnerabilities/229700031
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.networkworld.com/community/node/74259
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.youtube.com/watch?v=V95CX-3JpK0
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.youtube.com/watch?v=VsSkcnIFCxM
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://conference.hackinthebox.org/hitbsecconf2011ams/?page_id=1388
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://ju12.tistory.com/attachment/cfile4.uf%40151FAB4C4DDC9E0002A6FE.ppt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://news.cnet.com/8301-1009_3-20066419-83.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.eweek.com/c/a/Security/IE-Flaw-Lets-Attackers-Steal-Cookies-Access-User-Accounts-402503/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.informationweek.com/news/security/vulnerabilities/229700031
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.networkworld.com/community/node/74259
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.theregister.co.uk/2011/05/25/microsoft_internet_explorer_cookiejacking/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.youtube.com/watch?v=V95CX-3JpK0
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.youtube.com/watch?v=VsSkcnIFCxM
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://sites.google.com/site/tentacoloviola/cookiejacking/Cookiejacking2011_final.ppt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

2280Records found

CVE-2015-2412
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-17.85% / 96.81%
||
7 Day CHG~0.00%
Published-14 Jul, 2015 | 21:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 10 and 11 allows remote attackers to read arbitrary local files via a crafted pathname, aka "Internet Explorer Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-36006
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-1.75% / 75.15%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:10
Updated-23 Apr, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Photoshop MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

Adobe Photoshop versions 21.2.9 (and earlier) and 22.4.2 (and earlier) are affected by an Improper input validation vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-windowsphotoshopmacosPhotoshop
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-665
Improper Initialization
CVE-2021-36014
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-1.86% / 76.72%
||
7 Day CHG~0.00%
Published-20 Aug, 2021 | 18:10
Updated-23 Apr, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe Media Encoder MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

Adobe Media Encoder version 15.2 (and earlier) is affected by an uninitialized pointer vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to read arbitrary file system information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsmedia_encoderMedia Encoder
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-824
Access of Uninitialized Pointer
CVE-2021-21060
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-4.6||MEDIUM
EPSS-1.57% / 72.27%
||
7 Day CHG~0.00%
Published-11 Feb, 2021 | 19:42
Updated-23 Apr, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Pro DC Improper File Parsing Could Lead to Information Disclosure

Adobe Acrobat Pro DC versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier) and 2017.011.30188 (and earlier) are affected by an improper input validation vulnerability. An unauthenticated attacker could leverage this vulnerability to disclose sensitive information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Apple Inc.Microsoft Corporation
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-20
Improper Input Validation
CVE-2021-21126
Matching Score-10
Assigner-Chrome
ShareView Details
Matching Score-10
Assigner-Chrome
CVSS Score-6.5||MEDIUM
EPSS-8.73% / 94.50%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 13:56
Updated-03 Aug, 2024 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient policy enforcement in extensions in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension.

Action-Not Available
Vendor-Google LLCMicrosoft Corporation
Product-chromeedge_chromiumChrome
CWE ID-CWE-20
Improper Input Validation
CVE-2011-1962
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-13.28% / 95.92%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 9 does not properly handle unspecified character sequences, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site that triggers "inactive filtering," aka "Shift JIS Character Encoding Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_7windows_server_2008windows_vistawindows_xpwindows_server_2003n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2011-2383
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-20.85% / 97.24%
||
7 Day CHG~0.00%
Published-03 Jun, 2011 | 17:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 and earlier does not properly restrict cross-zone drag-and-drop actions, which allows user-assisted remote attackers to read cookie files via vectors involving an IFRAME element with a SRC attribute containing an http: URL that redirects to a file: URL, as demonstrated by a Facebook game, related to a "cookiejacking" issue, aka "Drag and Drop Information Disclosure Vulnerability." NOTE: this vulnerability exists because of an incomplete fix in the Internet Explorer 9 release.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-24427
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-2.42% / 82.14%
||
7 Day CHG~0.00%
Published-05 Nov, 2020 | 19:31
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Acrobat Reader DC Codec Input Validation Vulnerability Could Lead to Information Disclosure

Acrobat Reader versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an input validation vulnerability when decoding a crafted codec that could result in the disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader
CWE ID-CWE-20
Improper Input Validation
CVE-2013-3159
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-17.38% / 96.74%
||
7 Day CHG~0.00%
Published-11 Sep, 2013 | 10:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel Viewer; and Microsoft Office Compatibility Pack SP3 allow remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "XML External Entities Resolution Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exceln/a
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1204
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-4.42% / 90.18%
||
7 Day CHG~0.00%
Published-14 Aug, 2019 | 20:55
Updated-20 Feb, 2026 | 21:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Outlook Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft Outlook initiates processing of incoming messages without sufficient validation of the formatting of the messages. An attacker who successfully exploited the vulnerability could attempt to force Outlook to load a local or remote message store (over SMB). To exploit the vulnerability, the attacker could send a specially crafted email to a victim. Outlook would then attempt to open a pre-configured message store contained in the email upon receipt of the email. This update addresses the vulnerability by ensuring Office fully validates incoming email formatting before processing message content.

Action-Not Available
Vendor-Microsoft Corporation
Product-outlookofficeoffice_365_proplusMicrosoft Outlook 2010 Service Pack 2Microsoft Outlook 2013 Service Pack 1Microsoft Outlook 2016Office 365 ProPlusMicrosoft Office 2019
CWE ID-CWE-20
Improper Input Validation
CVE-2019-1079
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-6.12% / 92.57%
||
7 Day CHG~0.00%
Published-15 Jul, 2019 | 18:56
Updated-04 Aug, 2024 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-visual_studioMicrosoft Visual Studio
CWE ID-CWE-20
Improper Input Validation
CVE-2019-0768
Matching Score-10
Assigner-Microsoft Corporation
ShareView Details
Matching Score-10
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-48.50% / 98.72%
||
7 Day CHG~0.00%
Published-09 Apr, 2019 | 01:37
Updated-04 Aug, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.

Action-Not Available
Vendor-Microsoft Corporation
Product-internet_explorerwindows_server_2019windows_10Internet Explorer 11
CWE ID-CWE-20
Improper Input Validation
CVE-2017-7064
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-5.5||MEDIUM
EPSS-4.12% / 89.56%
||
7 Day CHG~0.00%
Published-20 Jul, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected. iTunes before 12.6.2 on Windows is affected. The issue involves the "WebKit" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswindowsiphone_ossafariicloudn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2017-2479
Matching Score-10
Assigner-Apple Inc.
ShareView Details
Matching Score-10
Assigner-Apple Inc.
CVSS Score-6.5||MEDIUM
EPSS-5.74% / 92.14%
||
7 Day CHG~0.00%
Published-02 Apr, 2017 | 01:36
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-ituneswindowsiphone_ossafaritvosicloudn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2020-29075
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-7.1||HIGH
EPSS-7.82% / 93.95%
||
7 Day CHG~0.00%
Published-23 Feb, 2021 | 03:18
Updated-16 Sep, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
PDF Injection BlackHat Talk

Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobat_dcacrobat_readeracrobatacrobat_reader_dcwindowsmacosAcrobat Reader DC
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-35995
Matching Score-10
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-10
Assigner-Adobe Systems Incorporated
CVSS Score-3.3||LOW
EPSS-1.77% / 75.37%
||
7 Day CHG+0.03%
Published-02 Sep, 2021 | 17:00
Updated-23 Apr, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Adobe After Effects MP4 File Parsing Uninitialized Variable Information Disclosure Vulnerability

Adobe After Effects version 18.2.1 (and earlier) is affected by an Improper input validation vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to disclose arbitrary memory information in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-windowsafter_effectsAfter Effects
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-665
Improper Initialization
CVE-2018-0939
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-5.72% / 92.10%
||
7 Day CHG~0.00%
Published-14 Mar, 2018 | 17:00
Updated-16 Sep, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0891.

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_10ChakraCore, Microsoft Edge
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-0771
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-5.89% / 92.32%
||
7 Day CHG~0.00%
Published-15 Feb, 2018 | 02:00
Updated-17 Sep, 2024 | 00:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka "Microsoft Edge Security Feature Bypass".

Action-Not Available
Vendor-Microsoft Corporation
Product-edgewindows_server_2016windows_10Microsoft Edge
CVE-2011-4848
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.05% / 60.23%
||
7 Day CHG~0.00%
Published-16 Dec, 2011 | 11:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 includes a submitted password within an HTTP response body, which allows remote attackers to obtain sensitive information by sniffing the network, as demonstrated by password handling in certain files under client@1/domain@1/backup/local-repository/.

Action-Not Available
Vendor-n/aMicrosoft CorporationParallels International Gmbh
Product-parallels_plesk_panelwindows_2003_serverwindows_server_2008n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0059
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-23.66% / 97.53%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Hyperlink Object Library in Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted URL in a (1) e-mail message or (2) Office document, aka "Internet Explorer Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0141
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.90% / 91.02%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 export a certificate-store private key during a document-save operation, which allows attackers to obtain sensitive information via unspecified vectors, aka "Microsoft Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0028
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-22.55% / 97.43%
||
7 Day CHG~0.00%
Published-16 Jun, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, Cumulative Update 11, and Cumulative Update 12 and 2016 Gold and Cumulative Update 1 does not properly restrict loading of IMG elements, which makes it easier for remote attackers to track users via a crafted HTML e-mail message, aka "Microsoft Exchange Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-exchange_serveroutlook_web_accessn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0012
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-11.20% / 95.42%
||
7 Day CHG~0.00%
Published-13 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, Word 2013 SP1, Excel 2013 RT SP1, PowerPoint 2013 RT SP1, Word 2013 RT SP1, Office 2016, Excel 2016, PowerPoint 2016, Visio 2016, Word 2016, and Visual Basic 6.0 Runtime allow remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Microsoft Office ASLR Bypass."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-visual_basicsvisiopowerpointexcelofficewordn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0080
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-15.38% / 96.38%
||
7 Day CHG~0.00%
Published-10 Feb, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR Bypass."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-edgen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0137
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-3.3||LOW
EPSS-6.77% / 93.19%
||
7 Day CHG~0.00%
Published-14 Sep, 2016 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and 2016 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Microsoft APP-V ASLR Bypass."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-officen/a
CVE-2016-0162
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-22.09% / 97.37%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 23:00
Updated-21 Apr, 2026 | 19:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-14||Apply updates per vendor instructions.

Microsoft Internet Explorer 9 through 11 allows remote attackers to determine the existence of files via crafted JavaScript code, aka "Internet Explorer Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_7windows_8.1windows_server_2008windows_10_1511windows_vistawindows_10_1507windows_rt_8.1windows_server_2012n/aInternet Explorer
CVE-2016-0008
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-13.84% / 96.07%
||
7 Day CHG~0.00%
Published-13 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The graphics device interface in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows GDI32.dll ASLR Bypass Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_rtwindows_7windows_8.1windows_server_2008windows_vistawindows_8windows_rt_8.1windows_server_2012n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0169
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-43.25% / 98.56%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_vistawindows_rt_8.1windows_server_2012n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0149
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.9||MEDIUM
EPSS-8.39% / 94.30%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 allows man-in-the-middle attackers to obtain sensitive cleartext information via vectors involving injection of cleartext data into the client-server data stream, aka "TLS/SSL Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0168
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-43.25% / 98.56%
||
7 Day CHG~0.00%
Published-11 May, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_10windows_7windows_8.1windows_server_2008windows_vistawindows_rt_8.1windows_server_2012n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-8643
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-5.84% / 92.27%
||
7 Day CHG~0.00%
Published-13 Sep, 2017 | 01:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8597 and CVE-2017-8648.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10edgeMicrosoft Edge
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-1960
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-17.60% / 96.78%
||
7 Day CHG~0.00%
Published-10 Aug, 2011 | 21:16
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 6 through 9 does not properly implement JavaScript event handlers, which allows remote attackers to access content from a different (1) domain or (2) zone via unspecified script code, aka "Event Handlers Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerwindows_7windows_server_2008windows_vistawindows_xpwindows_server_2003n/a
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2020-1445
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-5.5||MEDIUM
EPSS-6.12% / 92.57%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1342.

Action-Not Available
Vendor-Microsoft Corporation
Product-office_web_appsoffice_online_serverofficewordsharepoint_enterprise_server365_appsMicrosoft OfficeMicrosoft Office Online ServerMicrosoft WordMicrosoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft SharePoint Enterprise ServerMicrosoft Office Web AppsMicrosoft SharePoint ServerMicrosoft 365 Apps for Enterprise for 64-bit Systems
CVE-2017-11232
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-6.5||MEDIUM
EPSS-7.61% / 93.81%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 19:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and earlier, 2015.006.30306 and earlier, and 11.0.20 and earlier has an exploitable use after free vulnerability when processing Enhanced Metafile Format (EMF) data related to brush manipulation. Successful exploitation could lead to arbitrary code execution.

Action-Not Available
Vendor-Apple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readermac_os_xacrobat_reader_dcreaderwindowsacrobat_dcAcrobat Reader
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-416
Use After Free
CVE-2020-1432
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-4.45% / 90.25%
||
7 Day CHG~0.00%
Published-14 Jul, 2020 | 22:54
Updated-04 Aug, 2024 | 06:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-internet_explorerwindows_server_2016windows_server_2012windows_8.1windows_rt_8.1windows_7windows_10windows_server_2019windows_server_2008Internet Explorer 11 on Windows 10 Version 2004 for ARM64-based SystemsInternet Explorer 11 on Windows 10 Version 1903 for x64-based SystemsInternet Explorer 11 on Windows 10 Version 2004 for 32-bit SystemsInternet Explorer 11 on Windows 10 Version 2004 for x64-based SystemsInternet Explorer 11 on Windows 10 Version 1909 for ARM64-based SystemsInternet Explorer 11Internet Explorer 11 on Windows 10 Version 1903 for 32-bit SystemsInternet Explorer 11 on Windows 10 Version 1903 for ARM64-based SystemsInternet Explorer 11 on Windows 10 Version 1909 for x64-based SystemsInternet Explorer 11 on Windows Server 2012Internet Explorer 11 on Windows 10 Version 1909 for 32-bit Systems
CVE-2002-2435
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-14.42% / 96.19%
||
7 Day CHG~0.00%
Published-07 Dec, 2011 | 19:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Cascading Style Sheets (CSS) implementation in Microsoft Internet Explorer 8.0 and earlier does not properly handle the :visited pseudo-class, which allows remote attackers to obtain sensitive information about visited web pages via a crafted HTML document, a related issue to CVE-2010-2264.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorerien/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-6699
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-3.84% / 88.82%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The addForegroundSprite function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2015-6703
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-3.84% / 88.82%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The loadFlashMovie function in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via invalid arguments, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6701, CVE-2015-6702, and CVE-2015-6704.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2015-6701
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-3.84% / 88.82%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ambientIlluminationColor property implementation in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to obtain sensitive information from process memory via a function call, a different vulnerability than CVE-2015-6697, CVE-2015-6699, CVE-2015-6700, CVE-2015-6702, CVE-2015-6703, and CVE-2015-6704.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-772
Missing Release of Resource after Effective Lifetime
CVE-2015-6088
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-31.03% / 98.04%
||
7 Day CHG~0.00%
Published-11 Nov, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_exploreredgen/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5583
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-4.04% / 89.38%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to bypass intended sandbox restrictions and obtain sensitive PDF information by launching a print job on a remote printer, a different vulnerability than CVE-2015-6705, CVE-2015-6706, and CVE-2015-7624.

Action-Not Available
Vendor-n/aApple Inc.Microsoft CorporationAdobe Inc.
Product-acrobatacrobat_readeracrobat_reader_dcwindowsmacosacrobat_dcn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-6046
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-14.00% / 96.10%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-0244
Matching Score-8
Assigner-Apple Inc.
ShareView Details
Matching Score-8
Assigner-Apple Inc.
CVSS Score-4.3||MEDIUM
EPSS-1.48% / 70.75%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS feeds.

Action-Not Available
Vendor-n/aMicrosoft CorporationApple Inc.
Product-webkitwindows_7mac_os_xwindows_vistawindows_xpsafarimac_os_x_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-1229
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.84% / 88.84%
||
7 Day CHG~0.00%
Published-09 Jun, 2020 | 19:43
Updated-04 Aug, 2024 | 06:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security feature bypass vulnerability exists in Microsoft Outlook when Office fails to enforce security settings configured on a system, aka 'Microsoft Outlook Security Feature Bypass Vulnerability'.

Action-Not Available
Vendor-Microsoft Corporation
Product-word365_appsofficeMicrosoft WordMicrosoft OfficeMicrosoft 365 Apps for Enterprise for 32-bit SystemsMicrosoft 365 Apps for Enterprise for 64-bit Systems
CVE-2015-6052
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-14.90% / 96.29%
||
7 Day CHG~0.00%
Published-14 Oct, 2015 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-internet_explorervbscriptjscriptn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-10903
Matching Score-8
Assigner-Zero Day Initiative
ShareView Details
Matching Score-8
Assigner-Zero Day Initiative
CVSS Score-3.3||LOW
EPSS-3.40% / 87.39%
||
7 Day CHG+0.03%
Published-22 Apr, 2020 | 20:51
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects embedded in a PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10463.

Action-Not Available
Vendor-Microsoft CorporationFoxit Software Incorporated
Product-phantompdfreaderwindowsPhantomPDF
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-6127
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-46.01% / 98.66%
||
7 Day CHG~0.00%
Published-09 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka "Windows Media Center Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-windows_vistawindows_7windows_8windows_8.1n/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-6096
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-61.02% / 99.04%
||
7 Day CHG~0.00%
Published-11 Nov, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka ".NET Information Disclosure Vulnerability."

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-.net_frameworkn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-6165
Matching Score-8
Assigner-Microsoft Corporation
ShareView Details
Matching Score-8
Assigner-Microsoft Corporation
CVSS Score-4.3||MEDIUM
EPSS-16.63% / 96.63%
||
7 Day CHG~0.00%
Published-09 Dec, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6114.

Action-Not Available
Vendor-n/aMicrosoft Corporation
Product-silverlightn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-5571
Matching Score-8
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-8
Assigner-Adobe Systems Incorporated
CVSS Score-4.3||MEDIUM
EPSS-3.34% / 87.16%
||
7 Day CHG~0.00%
Published-22 Sep, 2015 | 10:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 do not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against JSONP endpoints, and obtain sensitive information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API. NOTE: this issue exists because of an incomplete fix for CVE-2014-4671 and CVE-2014-5333.

Action-Not Available
Vendor-n/aApple Inc.Google LLCLinux Kernel Organization, IncMicrosoft CorporationAdobe Inc.
Product-linux_kernelmac_os_xwindowsflash_playerair_sdkandroidairair_sdk_\&_compilern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 45
  • 46
  • Next
Details not found