CVE-2021-35240 – Stored XSS via Help Server settings

https://notcve.org/view.php?id=CVE-2021-35240

31 Aug 2021 — A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'. Un investigador de seguridad almacenó un ataque de tipo XSS por medio de una configuración del Servidor de Ayuda. Esto afecta a clientes usando Internet Explorer, porque no soportan "rel=noopener" • https://documentation.solarwinds.com/en/success_center/orionplatform/content/core-secure-configuration.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2021-26419 – Scripting Engine Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2021-26419

11 May 2021 — Scripting Engine Memory Corruption Vulnerability Una vulnerabilidad de Corrupción de la Memoria del Motor de Scripting There is a vulnerability in jscript9 that could be potentially used by an attacker to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied. • https://packetstorm.news/files/id/162570 • CWE-787: Out-of-bounds Write •

CVE-2021-27085 – Microsoft Internet Explorer Remote Code Execution Vulnerability

https://notcve.org/view.php?id=CVE-2021-27085

11 Mar 2021 — Internet Explorer Remote Code Execution Vulnerability Una Vulnerabilidad de Ejecución de Código Remota de Internet Explorer Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-27085 •

CVE-2021-26411 – Microsoft Internet Explorer Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2021-26411

11 Mar 2021 — Internet Explorer Memory Corruption Vulnerability Una Vulnerabilidad de Corrupción de la Memoria de Internet Explorer Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption. • https://github.com/CrackerCat/CVE-2021-26411 • CWE-416: Use After Free •

CVE-2020-17058 – Microsoft Browser Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2020-17058

11 Nov 2020 — Microsoft Browser Memory Corruption Vulnerability Vulnerabilidad de corrupción en la memoria del navegador de Microsoft • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17058 • CWE-787: Out-of-bounds Write •

CVE-2020-17052 – Scripting Engine Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2020-17052

11 Nov 2020 — Scripting Engine Memory Corruption Vulnerability Vulnerabilidad de Corrupción de Memoria del Motor de Scripting • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17052 • CWE-787: Out-of-bounds Write •

CVE-2020-17053 – Internet Explorer Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2020-17053

11 Nov 2020 — Internet Explorer Memory Corruption Vulnerability Vulnerabilidad de corrupción de la memoria de Internet Explorer This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of arrays in JavaScript. The issue results from the lack of proper validation of user-supplied... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17053 • CWE-787: Out-of-bounds Write •

CVE-2020-1506 – Windows Start-Up Application Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2020-1506

11 Sep 2020 —

An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

There are multiple ways an attacker could exploit the vulnerability:

• In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1506 •

CVE-2020-1012 – WinINet API Elevation of Privilege Vulnerability

https://notcve.org/view.php?id=CVE-2020-1012

11 Sep 2020 —

An elevation of privilege vulnerability exists in the way that the Wininit.dll handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

There are multiple ways an attacker could exploit the vulnerability:

• In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit this vulnerability and then convince a user to view the website. An attacker would have no way to... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1012 •

CVE-2020-0878 – Microsoft Edge and Internet Explorer Memory Corruption Vulnerability

https://notcve.org/view.php?id=CVE-2020-0878

11 Sep 2020 —

A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. The vulnerability could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, the attacker could take control of an affected system. An attacker could then install pr... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0878 • CWE-787: Out-of-bounds Write •