National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:microsoft:internet_explorer:11:developer-preview
There are 228 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2017-0040

The scripting engine in Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." This vulnerability is different from that described in CVE-2017-0130.

Published: March 16, 2017; 08:59:01 PM -04:00
V3.0: 7.5 HIGH
    V2: 7.6 HIGH
CVE-2017-0033

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0012 and CVE-2017-0069.

Published: March 16, 2017; 08:59:01 PM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-0018

Microsoft Internet Explorer 10 and 11 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0037 and CVE-2017-0149.

Published: March 16, 2017; 08:59:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 7.6 HIGH
CVE-2017-0012

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to spoof web content via a crafted web site, aka "Microsoft Browser Spoofing Vulnerability." This vulnerability is different from those described in CVE-2017-0033 and CVE-2017-0069.

Published: March 16, 2017; 08:59:00 PM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-0009

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." This vulnerability is different from those described in CVE-2017-0011, CVE-2017-0017, CVE-2017-0065, and CVE-2017-0068.

Published: March 16, 2017; 08:59:00 PM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-0008

Microsoft Internet Explorer 9 through 11 allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009 and CVE-2017-0059.

Published: March 16, 2017; 08:59:00 PM -04:00
V3.0: 4.3 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-0037

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element.

Published: February 26, 2017; 06:59:00 PM -05:00
V3.0: 8.1 HIGH
    V2: 7.6 HIGH
CVE-2016-7287

The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."

Published: December 20, 2016; 01:59:01 AM -05:00
V3.0: 7.5 HIGH
    V2: 7.6 HIGH
CVE-2016-7241

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

Published: November 10, 2016; 01:59:54 AM -05:00
V3.0: 7.5 HIGH
    V2: 7.6 HIGH
CVE-2016-7239

The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."

Published: November 10, 2016; 01:59:52 AM -05:00
V3.0: 3.1 LOW
    V2: 2.6 LOW
CVE-2016-7227

The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of local files via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."

Published: November 10, 2016; 01:59:40 AM -05:00
V3.0: 3.1 LOW
    V2: 2.6 LOW
CVE-2016-7199

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."

Published: November 10, 2016; 01:59:14 AM -05:00
V3.0: 3.1 LOW
    V2: 2.6 LOW
CVE-2016-7198

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7195.

Published: November 10, 2016; 01:59:13 AM -05:00
V3.0: 7.5 HIGH
    V2: 7.6 HIGH
CVE-2016-7196

Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."

Published: November 10, 2016; 01:59:12 AM -05:00
V3.0: 7.5 HIGH
    V2: 7.6 HIGH
CVE-2016-7195

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7198.

Published: November 10, 2016; 01:59:11 AM -05:00
V3.0: 7.5 HIGH
    V2: 7.6 HIGH
CVE-2016-3388

Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387.

Published: October 13, 2016; 10:59:24 PM -04:00
V3.0: 5.3 MEDIUM
    V2: 2.6 LOW
CVE-2015-8960

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impersonation (KCI)" issue.

Published: September 20, 2016; 10:59:00 PM -04:00
V3.0: 8.1 HIGH
    V2: 6.8 MEDIUM
CVE-2016-3329

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability."

Published: August 09, 2016; 05:59:33 PM -04:00
V3.0: 5.3 MEDIUM
    V2: 2.6 LOW
CVE-2016-3327

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3326.

Published: August 09, 2016; 05:59:32 PM -04:00
V3.0: 5.3 MEDIUM
    V2: 2.6 LOW
CVE-2016-3326

Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3327.

Published: August 09, 2016; 05:59:30 PM -04:00
V3.0: 5.3 MEDIUM
    V2: 2.6 LOW