CVE-2015-6127

Public exploit
Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, Windows 8, and Windows 8.1 allows remote attackers to read arbitrary files via a crafted .mcl file, aka "Windows Media Center Information Disclosure Vulnerability."
Max CVSS
4.3
EPSS Score
85.69%
Published
2015-12-09
Updated
2019-05-15

CVE-2015-4000

Public exploit
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.
Max CVSS
4.3
EPSS Score
97.46%
Published
2015-05-21
Updated
2023-02-09

CVE-2015-0072

Public exploit
Cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the Same Origin Policy and inject arbitrary web script or HTML via vectors involving an IFRAME element that triggers a redirect, a second IFRAME element that does not trigger a redirect, and an eval of a WindowProxy object, aka "Universal XSS (UXSS)."
Max CVSS
4.3
EPSS Score
97.23%
Published
2015-02-07
Updated
2018-10-12

CVE-2013-7331

Known exploited
Public exploit
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier allows remote attackers to determine the existence of local pathnames, UNC share pathnames, intranet hostnames, and intranet IP addresses by examining error codes, as demonstrated by a res:// URL, and exploited in the wild in February 2014.
Max CVSS
4.3
EPSS Score
53.72%
Published
2014-02-26
Updated
2019-05-14
CISA KEV Added
2022-05-25

CVE-2013-3896

Known exploited
Public exploit
Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application, aka "Silverlight Vulnerability."
Max CVSS
4.3
EPSS Score
23.94%
Published
2013-10-09
Updated
2018-10-12
CISA KEV Added
2022-05-25

CVE-2011-3389

Public exploit
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
Max CVSS
4.3
EPSS Score
0.85%
Published
2011-09-06
Updated
2022-11-29

CVE-2010-1899

Public exploit
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
Max CVSS
4.3
EPSS Score
96.96%
Published
2010-09-15
Updated
2021-02-05
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-03-22
Updated
2024-03-26
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Max CVSS
4.7
EPSS Score
0.04%
Published
2024-03-22
Updated
2024-03-26
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
Max CVSS
4.3
EPSS Score
N/A
Published
2024-03-21
Updated
2024-03-21
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Max CVSS
4.3
EPSS Score
0.05%
Published
2024-02-23
Updated
2024-02-26
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Max CVSS
4.7
EPSS Score
0.06%
Published
2024-03-14
Updated
2024-03-19
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Max CVSS
4.8
EPSS Score
0.05%
Published
2024-02-23
Updated
2024-02-26
Microsoft Edge for Android Information Disclosure Vulnerability
Max CVSS
4.3
EPSS Score
0.06%
Published
2024-01-26
Updated
2024-01-31
Windows Kernel Information Disclosure Vulnerability
Max CVSS
4.6
EPSS Score
0.05%
Published
2024-02-13
Updated
2024-02-20
Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability
Max CVSS
4.4
EPSS Score
0.05%
Published
2024-01-09
Updated
2024-01-12
Trusted Compute Base Elevation of Privilege Vulnerability
Max CVSS
4.1
EPSS Score
0.05%
Published
2024-02-13
Updated
2024-02-27
Windows Themes Information Disclosure Vulnerability
Max CVSS
4.7
EPSS Score
0.05%
Published
2024-01-09
Updated
2024-01-14
Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability
Max CVSS
4.9
EPSS Score
0.10%
Published
2024-01-09
Updated
2024-01-12
Azure Apache Hadoop Spoofing Vulnerability
Max CVSS
4.5
EPSS Score
0.05%
Published
2023-08-08
Updated
2023-08-10
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Max CVSS
4.3
EPSS Score
0.09%
Published
2023-12-07
Updated
2024-02-03
Microsoft Edge for Android Spoofing Vulnerability
Max CVSS
4.3
EPSS Score
0.06%
Published
2023-07-21
Updated
2023-08-01
Microsoft Edge for iOS Spoofing Vulnerability
Max CVSS
4.3
EPSS Score
0.06%
Published
2023-07-14
Updated
2023-07-26
Azure Apache Ambari Spoofing Vulnerability
Max CVSS
4.5
EPSS Score
0.05%
Published
2023-08-08
Updated
2023-08-11
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
Max CVSS
4.8
EPSS Score
0.07%
Published
2023-12-07
Updated
2024-02-03
835 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!