255 matches found
CVE-2016-7194
CVE-2016-7194 concerns the Chakra JavaScript engine used by Microsoft Edge. The connected advisories indicate a remote code execution / memory corruption vulnerability in ChakraCore, exploitable via a crafted web site, and note that this family includes CVE-2016-3386, CVE-2016-3389, and CVE-2016-...
CVE-2016-7195
CVE-2016-7195 affects Microsoft Internet Explorer 9–11 and Microsoft Edge, exposing memory corruption via a crafted webpage that can lead to remote code execution or memory DO S. This entry is closely tied to CVE-2016-7198 (a different vulnerability with the same attack surface) and is corroborat...
CVE-2017-0068
Technical details (affected product/component/versions/root cause/impact) for CVE-2017-0068 are not publicly provided in the supplied documents. Monitor for updates in connected sources to capture concrete details.
CVE-2017-0235
CVE-2017-0235 corresponds to a remote code execution vulnerability in Microsoft Edge tied to Chakra's memory handling when rendering objects. The connected advisories describe a memory corruption issue in the Chakra JavaScript engine that could be triggered to execute arbitrary code, affecting Ed...
CVE-2017-11840
CVE-2017-11840 αφορά ChakraCore/Microsoft Edge en Windows 10 (Gold/1511/1607/1703/1709) y Windows Server 2016/Server 1709. El fallo proviene de cómo el motor de scripting maneja objetos en la memoria, generando una corrupción de memoria que posibilita que un atacante obtenga los mismos privilegio...
CVE-2017-8518
CVE-2017-8518 — Microsoft Edge Memory Corruption Vulnerability . A remote code execution flaw exists when Edge improperly accesses objects in memory in the scripting engine, allowing arbitrary code execution in the context of the current user. Root cause: memory handling error in the scripting en...
CVE-2025-25001
CVE-2025-25001 affects Microsoft Edge (Chromium-based); the issue is an improper neutralization of input during web page generation (XSS) that enables spoofing over a network. Affected product: Microsoft Edge (Chromium-based), including Edge for iOS. Root cause: input handling during page generat...
CVE-2017-8645
CVE-2017-8645 is a remote-code-execution memory-corruption vulnerability in Microsoft Edge’s scripting engine (JavaScript/Chakra). Affected: Windows 10 versions 1511–1703 and Windows Server 2016, via Edge rendering objects in memory. Root cause: memory corruption during rendering of objects in th...
CVE-2016-3326
CVE-2016-3326 is an information-disclosure vulnerability affecting Microsoft Internet Explorer (IE9–IE11) and Edge, arising from how the browser handles objects in memory when processing crafted web content. The issue could allow remote attackers to obtain sensitive data via a malicious page. Aff...
CVE-2017-0230
CVE-2017-0230 describes a remote code execution vulnerability in Microsoft Edge related to the Scripting Engine Memory Corruption Vulnerability. Connected sources map the issue to the ChakraCore/Edge JavaScript engine, where memory handling when rendering objects can lead to arbitrary code execut...
CVE-2017-11836
Technical details for CVE-2017-11836 are not publicly available in the provided documents. Monitor for updates from ChakraCore/Microsoft advisories and related CVEs for disclosure status and fixes.
CVE-2021-26436
Technical details about CVE-2021-26436 (affected component, root cause, exploitability, impact, and fixed version) are not provided in the connected documents. Monitor official advisories (e.g., Microsoft/MSRC) for updates and patches.
CVE-2024-38156
CVE-2024-38156 affects Microsoft Edge (Chromium-based). The connected sources describe a UI spoofing (SUI) vulnerability in Edge where the web page structure protection is insufficient, enabling a deceptive user interface. Root cause: inadequate protection of page structure allows spoofing of UI ...
CVE-2017-0023
CVE-2017-0023 is a remote code execution vulnerability in the Microsoft Edge PDF Library, affecting Windows 8.1, Windows Server 2012/2012 R2, Windows RT 8.1, and Windows 10 (variants such as 1511/1607). Public reports describe memory corruption in the PDF rendering library leading to arbitrary co...
CVE-2017-11858
CVE-2017-11858 is related to ChakraCore/Edge memory corruption via the scripting engine, enabling a user-rights gain by manipulating in-memory objects. Affected components include ChakraCore and Microsoft Edge on Windows 10 versions 1703/1709 and Windows Server equivalents, tied to how memory obj...
CVE-2025-29796
CVE-2025-29796 affects Microsoft Edge for iOS . The vulnerability is described as a UI misrepresentation that could allow an unauthorized attacker to perform spoofing over a network. According to the initial description, the CVSSv3.1 base score is 4.7 (Medium), with attack vector NETWORK , attack...
CVE-2017-11841
CVE-2017-11841 : ChakraCore and Microsoft Edge on Windows 10 (versions 1703/1709, earlier 1511–1709, and Windows Server 2016/1709) are affected by a memory-corruption vulnerability in the scripting engine that can allow an attacker to acquire the current user’s privileges. Connected advisories co...
CVE-2016-3319
CVE-2016-3319 affects the Windows PDF Library in Windows 8.1, Windows Server 2012 R2/2012, Windows 10 (various builds), and Edge. The vulnerability stems from how the PDF library handles memory objects in PDFs, allowing remote code execution when a crafted PDF is opened or viewed. Connected sourc...
CVE-2017-0135
CVE-2017-0135 describes a security feature bypass in Microsoft Edge enabling a SOP bypass for HTML elements across browser windows. The core official description notes it is distinct from CVE-2017-0066/0140. A connected article discusses bypassing Edge’s XSS filter/CSP handling, but the provided ...
CVE-2018-0995
CVE-2018-0995 is a ChakraCore/Edge remote code execution vulnerability described as Memory Corruption in the Chakra scripting engine’s handling of in-memory objects. The connected GitHub advisories reiterate: a remote code execution flaw affecting Microsoft Edge and ChakraCore, with CVE-2018-0995...
CVE-2016-7241
CVE-2016-7241 concerns memory corruption in Microsoft Internet Explorer 11 and Microsoft Edge triggered by visiting a crafted website, leading to remote code execution or memory corruption-induced denial of service. The issue is attributed to memory corruption in the browser’s handling of certain...
CVE-2017-11800
Technical details about CVE-2017-11800 are not publicly available in the provided connected documents. Monitor vendor advisories for updates; current sources discuss related ChakraCore/Edge memory‑corruption issues but do not specify this CVE.
CVE-2018-0874
CVE-2018-0874 concerns ChakraCore and Microsoft Edge on Windows 10 (Gold, 1511, 1607, 1703, 1709) and Windows Server 2016. The issue is described as remote code execution arising from how the Chakra scripting engine handles objects in memory (Chakra Scripting Engine Memory Corruption). The connec...
CVE-2017-11811
CVE-2017-11811 affects ChakraCore and Microsoft Edge on Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016. The vulnerability stems from how the Chakra scripting engine handles in-memory objects, enabling an attacker to execute arbitrary code in the context of the current user. The is...
CVE-2021-26439
Summary: CVE-2021-26439 is a Microsoft Edge for Android information disclosure vulnerability. The primary sources consistently describe an information disclosure risk in Edge for Android, but do not provide concrete exploit details in the supplied documents. Affected product (from provided data):...
CVE-2016-7198
CVE-2016-7198 affects Microsoft Internet Explorer 9–11 and Microsoft Edge. It enables remote attackers to execute arbitrary code or cause memory corruption via a crafted web site (different from CVE-2016-7195). The entry aligns with browser memory corruption vulnerabilities; remediation is via Mi...
CVE-2017-8656
CVE-2017-8656 is a remote code execution vulnerability in Microsoft Edge (JavaScript engine in Chakra) on Windows 10 1607/1703 and Windows Server 2016. It arises from memory corruption in the browser’s scripting engine when handling objects in memory, specifically linked to improper initializatio...
CVE-2017-0011
Technical details for CVE-2017-0011 are not provided in the supplied documents; no affected product/version or remediation specifics are specified. Monitor for updates.
CVE-2017-11766
CVE-2017-11766: Microsoft Edge on Windows 10 (Gold/1511/1607/1703) and Windows Server 2016 has a memory handling flaw in Edge that can be exploited to execute arbitrary code in the context of the current user. The underlying root cause is Edge accessing/handling objects in memory in a way that ca...
CVE-2017-8748
CVE-2017-8748 is a remote code execution vulnerability in Internet Explorer (and IE components in Edge) caused by how the browser’s JavaScript engines render in-memory objects. The issue affects multiple Windows versions listed in the CVE and is described in the September 2017 IE security updates...
CVE-2017-0066
CVE-2017-0066 affects Microsoft Edge and is described as a Security Feature Bypass that allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows. The available documents confirm the vulnerability type (Same Origin Policy bypass) and impact category (part...
CVE-2017-0069
Technical details about CVE-2017-0069 are not publicly available in the provided documents. Monitor updates from official advisories to obtain affected products, impact, and remediation.
CVE-2017-11792
CVE-2017-11792 describes a memory-handling vulnerability in the ChakraCore scripting engine (used by Microsoft Edge) on Windows 10 version 1703 that allows an attacker to execute arbitrary code in the context of the current user. The connected advisories reference ChakraCore RCE/Memory Corruption...
CVE-2017-11833
CVE-2017-11833 affects Microsoft Edge in Windows 10 versions (Gold, 1511, 1607, 1703, 1709) and Windows Server 2016/1709. The vulnerability arises from Edge’s handling of cross-origin requests, enabling an attacker to determine the origin of all webpages loaded in the affected browser, i.e., an i...
CVE-2017-8606
CVE-2017-8606 is described as a remote code execution vulnerability in Microsoft browsers (JavaScript engine) where memory objects mishandled during rendering could allow code execution in the context of the current user. The initial CVE entry lists multiple Windows versions affected. Connected d...
CVE-2017-8607
CVE-2017-8607 is a remote code execution memory‑corruption vulnerability in Microsoft browsers (JavaScript engine) on Windows. Root cause: memory corruption when rendering objects in memory; affected components include the browser JS engine. Impact: arbitrary code execution in the current user co...
CVE-2017-8619
CVE-2017-8619 refers to a remote code execution vulnerability in the Microsoft Edge scripting engines on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016. The issue arises in how the Scripting Engines render objects in memory, i.e., a memory corruption vulnerability in Edge’s scripting...
CVE-2018-0873
CVE-2018-0873 maps to a ChakraCore/Chakra Scripting Engine Memory Corruption vulnerability that allows remote code execution in ChakraCore and Microsoft Edge on affected Windows versions (Windows 10 1511–1709 and Windows Server 2016). The root cause is how the Chakra engine handles in‑memory obje...
CVE-2018-0934
Summary of the provided sources: A ChakraCore memory corruption issue in the Chakra scripting engine leads to remote code execution on Windows platforms. The connected advisories identify ChakraCore and various Windows builds (notably Windows 10 versions Gold, 1511, 1607, 1703, 1709, and Windows ...
CVE-2018-0980
CVE-2018-0980 describes a remote code execution vulnerability in the Chakra scripting engine’s memory handling, affecting Microsoft Edge and ChakraCore . The root cause is memory corruption when objects are processed in memory, enabling an attacker to execute arbitrary code remotely. The CVSS bas...
CVE-2021-38642
Technical details about CVE-2021-38642 (affected versions, root cause, exploitability) are not publicly disclosed in the provided documents. Monitor for updates from Microsoft advisories and CVE records.
CVE-2017-0012
Technical details about CVE-2017-0012 are not publicly provided in the supplied documents. No affected versions, root cause, or remediation are specified here. Monitor for updates from official sources to obtain concrete technical information.
CVE-2017-11866
CVE-2017-11866 concerns ChakraCore/Edge on Windows 10 (various editions) where the scripting engine’s memory handling in objects can be abused to execute code with the caller’s privileges. The root cause is memory corruption within the scripting engine, enabling privilege escalation. Connected ad...
CVE-2017-8592
CVE-2017-8592 is a browser security feature bypass in Microsoft browsers (Internet Explorer/Edge) caused by improper handling of redirect requests. This leads to bypassing CORS redirect restrictions and following redirects that should be ignored, potentially exposing data to an attacker. In the c...
CVE-2016-7239
The CVE-2016-7239 entry describes a vulnerability in the RegEx-based XSS filter in Internet Explorer 9–11 and Microsoft Edge that enables remote attackers to conduct XSS and potentially access sensitive information via unspecified vectors. Connected materials (e.g., Seebug PoC) reference a local-...
CVE-2017-0266
CVE-2017-0266 maps to a Microsoft Edge remote code execution vulnerability. The issue arises from the scripting engine’s handling of in‑memory objects, enabling an attacker to execute arbitrary code in the context of the current user if a user visits a crafted page. The vulnerability affects Micr...
CVE-2017-11839
CVE-2017-11839 is a Microsoft Edge scripting engine memory corruption vulnerability affecting Windows 10 (Gold/1511/1607/1703/1709) and Windows Server 2016/1709. The root cause is memory handling of objects in the scripting engine, leading to remote code execution when a user visits a crafted pag...
CVE-2021-36930
Technical details about CVE-2021-36930 (affected software, root cause, impact, and fixes) are not publicly provided in the connected documents. Monitor for updates from authoritative advisories; this corpus references the CVE but does not specify specifics.
CVE-2017-0140
Technical details for CVE-2017-0140 are not publicly provided in the supplied documents; no affected products, root cause, or remediation are specified here. Monitor for updates.
CVE-2017-11809
CVE-2017-11809 affects ChakraCore and Microsoft Edge on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016. The issue is a memory-handling vulnerability in the scripting engine that can allow arbitrary code execution in the context of the current user. There are public exploit references...