Page 55 of 1742 results (0.008 seconds)

CVSS: 3.1EPSS: 2%CPEs: 4EXPL: 0

CVE-2016-7239

https://notcve.org/view.php?id=CVE-2016-7239

The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability." La clase RegEx en el filtro XSS en Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permite a atacantes remotos llevar a cabo ataques XSS y obtener información sensible a través de vectores no especificados, vulnerabilidad también conocida como "Microsoft Browser Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/94059 http://www.securitytracker.com/id/1037245 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-142 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.6EPSS: 76%CPEs: 2EXPL: 2

CVE-2016-7241 – Microsoft Edge - JSON.parse Info Leak

https://notcve.org/view.php?id=CVE-2016-7241

Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Microsoft Internet Explorer 11 y Microsoft Edge permiten a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Memory Corruption Vulnerability". Microsoft Edge has an information leak in JSON.parse. If this function is called with a reviver, and the reviver modifies the output object to contain a native array, the Walk function assumes that this array is a Var array, and writes pointers to it. These pointers can then be read out of the array by script. • https://www.exploit-db.com/exploits/40875 http://packetstormsecurity.com/files/139991/Microsoft-Edge-JSON.parse-Information-Leak.html http://www.securityfocus.com/bid/94055 http://www.securitytracker.com/id/1037245 https://bugs.chromium.org/p/project-zero/issues/detail?id=952 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-142 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.6EPSS: 34%CPEs: 4EXPL: 0

CVE-2016-7195

https://notcve.org/view.php?id=CVE-2016-7195

Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7198. Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-7198. • http://www.securityfocus.com/bid/94052 http://www.securitytracker.com/id/1037245 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-142 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.6EPSS: 34%CPEs: 3EXPL: 0

CVE-2016-7196

https://notcve.org/view.php?id=CVE-2016-7196

Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Microsoft Internet Explorer 10 y 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/94051 http://www.securitytracker.com/id/1037245 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-129 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-142 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.5EPSS: 59%CPEs: 19EXPL: 0

CVE-2016-3298 – Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability

https://notcve.org/view.php?id=CVE-2016-3298

Microsoft Internet Explorer 9 through 11 and the Internet Messaging API in Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow remote attackers to determine the existence of arbitrary files via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y el Internet Messaging API en Windows Vista SP2, Windows Server 2008 SP2 y R2 SP1 y Windows 7 SP1 permiten a atacantes remotos determinar la existencia de archivos arbitrarios a través de un sitio web manipulado, vulnerabilidad también conocida como "Internet Explorer Information Disclosure Vulnerability". An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk. • http://www.securityfocus.com/bid/93392 http://www.securitytracker.com/id/1036992 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-118 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-126 •