Filtered by vendor Microsoft
Subscribe
Search
Total
6074 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-6155 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." | |||||
| CVE-2015-6154 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6150. | |||||
| CVE-2015-6150 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6154. | |||||
| CVE-2015-6149 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6147. | |||||
| CVE-2015-6148 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6156. | |||||
| CVE-2015-6147 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6149. | |||||
| CVE-2015-6146 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6145. | |||||
| CVE-2015-6145 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6146. | |||||
| CVE-2015-6144 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 8 through 11 and Microsoft Edge mishandle HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Browser XSS Filter Bypass Vulnerability." | |||||
| CVE-2015-6143 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142, CVE-2015-6153, CVE-2015-6158, CVE-2015-6159, and CVE-2015-6160. | |||||
| CVE-2015-6142 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6143, CVE-2015-6153, CVE-2015-6158, CVE-2015-6159, and CVE-2015-6160. | |||||
| CVE-2015-6141 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6134. | |||||
| CVE-2015-6140 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6158, CVE-2015-6159, and CVE-2015-6160. | |||||
| CVE-2015-6139 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 11 and Microsoft Edge mishandle content types, which allows remote attackers to execute arbitrary web script in a privileged context via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability." | |||||
| CVE-2015-6138 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 8 through 11 mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Internet Explorer XSS Filter Bypass Vulnerability." | |||||
| CVE-2015-6136 | 1 Microsoft | 3 Internet Explorer, Jscript, Vbscript | 2018-10-12 | 9.3 HIGH | N/A |
| The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." | |||||
| CVE-2015-6135 | 1 Microsoft | 3 Internet Explorer, Jscript, Vbscript | 2018-10-12 | 5.0 MEDIUM | N/A |
| The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." | |||||
| CVE-2015-6134 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6141. | |||||
| CVE-2015-6176 | 1 Microsoft | 1 Edge | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass Vulnerability." | |||||
| CVE-2015-6177 | 1 Microsoft | 3 Excel, Excel Viewer, Office Compatibility Pack | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2015-6039 | 1 Microsoft | 2 Sharepoint Foundation, Sharepoint Server | 2018-10-12 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content in an Office Marketplace instance, aka "Microsoft SharePoint Security Feature Bypass Vulnerability." | |||||
| CVE-2015-6130 | 1 Microsoft | 2 Windows 7, Windows Server 2008 | 2018-10-12 | 9.3 HIGH | N/A |
| Integer underflow in Uniscribe in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows remote attackers to execute arbitrary code via a crafted font, aka "Windows Integer Underflow Vulnerability." | |||||
| CVE-2015-6052 | 1 Microsoft | 3 Internet Explorer, Jscript, Vbscript | 2018-10-12 | 4.3 MEDIUM | N/A |
| The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 engines, as used in Internet Explorer 8 through 11 and other products, allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "VBScript and JScript ASLR Bypass." | |||||
| CVE-2015-6128 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2018-10-12 | 7.2 HIGH | N/A |
| Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandle library loading, which allows local users to gain privileges via a crafted application, aka "Windows Library Loading Remote Code Execution Vulnerability." | |||||
| CVE-2015-6040 | 1 Microsoft | 4 Excel, Excel For Mac, Excel Viewer and 1 more | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2015-6045 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the CElement object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted JavaScript that improperly interacts with use of the Cascading Style Sheets (CSS) empty-cells property for a TABLE element, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
| CVE-2015-6042 | 1 Microsoft | 2 Internet Explorer, Windows 10 | 2018-10-12 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the CWindow object implementation in Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
| CVE-2015-2536 | 1 Microsoft | 2 Lync Server, Skype For Business Server | 2018-10-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Elevation of Privilege Vulnerability." | |||||
| CVE-2015-6065 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6078. | |||||
| CVE-2015-6123 | 1 Microsoft | 1 Excel For Mac | 2018-10-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Microsoft Excel for Mac 2011 and Excel 2016 for Mac allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message that is mishandled by Outlook for Mac, aka "Microsoft Outlook for Mac Spoofing Vulnerability." | |||||
| CVE-2015-6122 | 1 Microsoft | 4 Excel, Excel For Mac, Excel Viewer and 1 more | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2015-6118 | 1 Microsoft | 1 Office | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Office 2007 SP3 and Office 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2015-6153 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6158, CVE-2015-6159, and CVE-2015-6160. | |||||
| CVE-2015-6046 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability." | |||||
| CVE-2015-6115 | 1 Microsoft | 1 .net Framework | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka ".NET ASLR Bypass." | |||||
| CVE-2015-6114 | 1 Microsoft | 1 Silverlight | 2018-10-12 | 4.3 MEDIUM | N/A |
| Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Silverlight Information Disclosure Vulnerability," a different vulnerability than CVE-2015-6165. | |||||
| CVE-2015-6047 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 6.8 MEDIUM | N/A |
| The broker EditWith feature in Microsoft Internet Explorer 8 through 11 allows remote attackers to bypass the AppContainer protection mechanism and gain privileges via a DelegateExecute launch of an arbitrary application, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Internet Explorer Elevation of Privilege Vulnerability." | |||||
| CVE-2015-2558 | 1 Microsoft | 6 Excel, Excel For Mac, Excel Viewer and 3 more | 2018-10-12 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, Excel Viewer, Office Compatibility Pack SP3, and Excel Services on SharePoint Server 2007 SP3, 2010 SP2, and 2013 SP1 allows remote attackers to execute arbitrary code via a long fileVersion element in an Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2015-6048 | 1 Microsoft | 2 Internet Explorer, Windows 10 | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6049. | |||||
| CVE-2015-6151 | 1 Microsoft | 2 Edge, Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 8 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6083. | |||||
| CVE-2015-6106 | 1 Microsoft | 7 Live Meeting, Lync, Office and 4 more | 2018-10-12 | 9.3 HIGH | N/A |
| The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Graphics Memory Corruption Vulnerability." | |||||
| CVE-2015-2557 | 1 Microsoft | 1 Visio | 2018-10-12 | 9.3 HIGH | N/A |
| Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote attackers to execute arbitrary code via crafted UML data in an Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2015-6049 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6048. | |||||
| CVE-2015-2556 | 1 Microsoft | 1 Sharepoint Server | 2018-10-12 | 4.3 MEDIUM | N/A |
| The InfoPath Forms Services component in Microsoft SharePoint Server 2007 SP3 and 2010 SP2 misparses DTDs, which allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, aka "Microsoft SharePoint Information Disclosure Vulnerability." | |||||
| CVE-2015-6050 | 1 Microsoft | 1 Internet Explorer | 2018-10-12 | 9.3 HIGH | N/A |
| Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability." | |||||
| CVE-2015-2555 | 1 Microsoft | 3 Excel, Excel For Mac, Sharepoint Server | 2018-10-12 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Excel for Mac 2011, Excel 2016 for Mac, and Excel Services on SharePoint Server 2010 SP2 and 2013 SP1 allows remote attackers to execute arbitrary code via a crafted calculatedColumnFormula object in an Office document, aka "Microsoft Office Memory Corruption Vulnerability." | |||||
| CVE-2015-6099 | 1 Microsoft | 1 .net Framework | 2018-10-12 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET Framework 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka ".NET Elevation of Privilege Vulnerability." | |||||
| CVE-2015-2548 | 1 Microsoft | 2 Windows 7, Windows Vista | 2018-10-12 | 9.3 HIGH | N/A |
| Use-after-free vulnerability in the Tablet Input Band in Windows Shell in Microsoft Windows Vista SP2 and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Microsoft Tablet Input Band Use After Free Vulnerability." | |||||
| CVE-2015-6098 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2018-10-12 | 7.2 HIGH | N/A |
| Buffer overflow in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows NDIS Elevation of Privilege Vulnerability." | |||||
| CVE-2015-6097 | 1 Microsoft | 3 Windows 7, Windows Server 2008, Windows Vista | 2018-10-12 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted Journal (.jnt) file, aka "Windows Journal Heap Overflow Vulnerability." | |||||