Lucene search
+L

255 matches found

CVE
CVE
added 2017/07/11 9:0 p.m.85 views

CVE-2017-8608

CVE-2017-8608 is described as a remote code execution vulnerability in the Microsoft browser JavaScript engine, caused by memory corruption when handling objects in memory. Affected products include Microsoft browsers on Windows platforms (Internet Explorer/Edge components inside Windows 7/8/10 f...

7.6CVSS7.5AI score0.09391EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.85 views

CVE-2017-8671

CVE-2017-8671 describes a remote code execution vulnerability in Microsoft Edge’s scripting engine (Chakra) for Windows 10 1511/1607/1703 and Windows Server 2016. The root cause is memory corruption when handling objects in memory during JavaScript rendering, allowing an attacker to execute arbit...

7.6CVSS7.8AI score0.69277EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.85 views

CVE-2017-8738

CVE-2017-8738 : A remote code execution vulnerability in Microsoft Edge’s scripting engine on Windows 10 (Gold, 1511, 1607) and Windows Server 2016. Root cause: memory objects are mishandled by the Edge scripting engine, allowing memory corruption and code execution in the current user context. A...

7.6CVSS7AI score0.08716EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.84 views

CVE-2017-0233

CVE-2017-0233 is an elevation of privilege vulnerability in Microsoft Edge that could allow escaping the AppContainer sandbox. The entry notes it is distinct from CVE-2017-0241 and lists a CVSS v3 base score of 8.3 (HIGH) with NETWORK attack vector, HIGH attack complexity, and user interaction re...

8.3CVSS6.2AI score0.0308EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.84 views

CVE-2017-11804

CVE-2017-11804 affects ChakraCore and Microsoft Edge on Windows 10 (Gold/1511/1607/1703) and Windows Server 2016. The root cause is how the scripting engine manages in-memory objects, enabling an attacker to execute arbitrary code in the context of the current user. The linked advisories confirm ...

7.6CVSS7.8AI score0.08761EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.84 views

CVE-2017-8740

CVE-2017-8740 affects Microsoft Edge on Windows 10 (1703) and is due to memory handling issues in the Edge scripting engine, enabling arbitrary code execution in the current user. A CIRCL/CVE-2017-8740 sighting confirms exploitation with exploits on Exploit DB (e.g., exploits/42764). No patch/ver...

7.6CVSS7.5AI score0.72171EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.84 views

CVE-2018-0994

CVE-2018-0994 is a remote code execution issue described as a memory‑corruption flaw in the Chakra scripting engine used by Microsoft Edge and ChakraCore. The connected sources frame the vulnerability as affecting Edge/ChakraCore and cite a memory handling/primitives weakness in Chakra’s object m...

7.6CVSS6.4AI score0.15139EPSS
CVE
CVE
added 2021/09/02 10:25 p.m.84 views

CVE-2021-38641

CVE-2021-38641 affects Microsoft Edge for Android. The issue is described as a Spoofing Vulnerability in Edge for Android. Publicly documented details in connected sources indicate that fixes have been released for Microsoft Edge (including Edge for Android) and that users should install updates ...

6.1CVSS6.3AI score0.01055EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.83 views

CVE-2017-0017

CVE-2017-0017 affects Microsoft Edge where the RegEx class in the XSS filter can be exploited to conduct cross-site scripting and obtain sensitive information via unspecified vectors. The description notes this is distinct from other CVEs in the same year. The connected documents do not provide c...

6.1CVSS4.4AI score0.41952EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.83 views

CVE-2017-11798

CVE-2017-11798 affects Microsoft Edge on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016. The vulnerability stems from how the scripting engine handles objects in memory, enabling an attacker to execute arbitrary code in the context of the current user. The CVSS metrics from the initi...

7.6CVSS7.8AI score0.08761EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.83 views

CVE-2017-11805

CVE-2017-11805 affects ChakraCore and Microsoft Edge on Windows 10 1703. Root cause: memory handling by the Chakra scripting engine leading to memory corruption. Impact: attacker can execute arbitrary code in the current user context. Public exploits exist (e.g., Exploit-DB IDs 43367/43368) per l...

7.6CVSS7.8AI score0.08761EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.83 views

CVE-2017-8602

CVE-2017-8602 affects Microsoft browsers on Windows (multiple editions listed in the CVE entry) and is a spoofing vulnerability in how HTTP content is parsed. The connected documents (Nessus/OpenVAS plugins) confirm the issue is tied to the browser parsing logic (HTTP content) and impact is spoof...

6.5CVSS6.3AI score0.05331EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.83 views

CVE-2017-8655

CVE-2017-8655 is a Microsoft Edge memory corruption vulnerability in Windows 10/Server 2016 where the JS engine misrenders objects in memory, enabling remote code execution in the caller’s context. The description and connected Nessus advisories confirm impact on Edge’s scripting engine across mu...

7.6CVSS7.8AI score0.0889EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.83 views

CVE-2017-8728

CVE-2017-8728 is a Windows PDF Library remote code execution vulnerability affecting Windows 8.1/RT 8.1, Windows Server 2012/2012 R2, Windows 10 (1511–1703) and Windows Server 2016. The issue stems from the Windows PDF Library handling objects in memory, enabling arbitrary code execution in the c...

7.6CVSS7.3AI score0.21531EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.82 views

CVE-2017-0221

Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0221) affects the Edge scripting engines when rendering in-memory objects. The root cause is improper handling/access to objects in memory, enabling remote code execution in the user’s context. Public references state this CVE is distinct f...

7.6CVSS7.3AI score0.04775EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.82 views

CVE-2017-11872

CVE-2017-11872 affects Microsoft Edge on Windows 10 (1607, 1703) and Windows Server 2016. The issue arises from how Edge handles redirect requests, allowing an attacker to force the browser to send data to a destination of the attacker’s choice. Connected sources corroborate related Edge security...

6.5CVSS4.7AI score0.07245EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.82 views

CVE-2017-8596

CVE-2017-8596 affects Microsoft Edge on Windows 10 1607/1703 and Windows Server 2016. The issue is a remote memory corruption in the Chakra JavaScript engine when rendering objects in memory, enabling code execution in the context of the current user. CVSS data from NVD indicates high risk (AV:N/...

7.6CVSS7.5AI score0.06225EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.82 views

CVE-2017-8644

CVE-2017-8644 concerns an information disclosure vulnerability in Microsoft Edge on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016, arising from how Edge handles objects in memory. The connected sources confirm the affected component is Edge and describe memory-object handling as the...

4.3CVSS5.6AI score0.15118EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.82 views

CVE-2017-8739

CVE-2017-8739 is a patchable information-disclosure vulnerability affecting Microsoft Edge in Windows 10 (1703). The root cause is improper handling of objects in memory by the Edge scripting engine, allowing an attacker to obtain information that could aid further compromise. Public advisories (...

4.3CVSS5.5AI score0.05877EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.81 views

CVE-2016-3322

CVE-2016-3322 affects Internet Explorer 11 and Edge, described as a memory corruption vulnerability that can allow remote code execution when a user visits a crafted webpage. Connected sources corroborate a memory corruption flaw in Microsoft Edge/IE causing remote code execution, with CNVD-2016-...

7.6CVSS7.2AI score0.14006EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.81 views

CVE-2017-8604

CVE-2017-8604 is a Microsoft Edge scripting engine remote memory corruption vulnerability affecting Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016. The issue arises when the JavaScript engine fails to render or handles memory objects, enabling an attacker to execute arbitrary code...

7.6CVSS7.5AI score0.08891EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.81 views

CVE-2017-8649

Technical details for CVE-2017-8649 are not publicly available in the provided documents. Monitor for updates from official advisories.

7.6CVSS7.2AI score0.08597EPSS
CVE
CVE
added 2018/02/15 2:0 a.m.81 views

CVE-2018-0771

The CVE-2018-0771 entry refers to a security feature bypass in Microsoft Edge on Windows 10 (versions 1607 and 1703) and Windows Server 2016, caused by Edge handling of different-origin requests. Connected sources show related Microsoft KB updates (KB4088776 for OS Build 16299.309) delivering sec...

4.3CVSS5.3AI score0.05887EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.81 views

CVE-2018-0933

CVE-2018-0933 concerns ChakraCore on Windows 10 (Gold, 1511, 1607, 1703, 1709) and Windows Server 2016. The issue is a remote code execution due to how the Chakra scripting engine handles objects in memory (memory corruption). Public disclosures (GHSA advisories) describe ChakraCore RCE affecting...

7.6CVSS7.3AI score0.66554EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.80 views

CVE-2016-3296

CVE-2016-3296 affects the Chakra JavaScript engine used by Microsoft Edge. The vulnerability is a remote code execution flaw caused by memory corruption in the scripting engine when handling in-memory objects, exploitable via a crafted web site. Impact includes arbitrary code execution under the ...

7.6CVSS7.2AI score0.14871EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.80 views

CVE-2017-0034

Summary: CVE-2017-0034 is a remote code execution vulnerability in Microsoft Edge stemming from improper handling of objects in memory, enabling an attacker to run code in the context of the current user (potentially with administrative rights). The issue is tied to Edge (and EdgeHTML-based compo...

7.6CVSS7.8AI score0.12733EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.80 views

CVE-2017-0203

CVE-2017-0203 involves a vulnerability in Microsoft Edge where the Edge Content Security Policy (CSP) fails to validate certain crafted documents, allowing an attacker to entice a user to load a page with malicious content. Affected product: Microsoft Edge; root cause: CSP validation weakness in ...

4.3CVSS5.4AI score0.03922EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.80 views

CVE-2017-11794

CVE-2017-11794 spans Microsoft Edge information-disclosure vulnerabilities in Windows 10 (1703/1709) and related Edge versions. Connected sources confirm the root cause: Edge mishandles objects in memory, enabling an attacker to obtain information that could aid further system compromise. CNVD-20...

4.3CVSS4AI score0.05325EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.80 views

CVE-2017-11844

Microsoft Edge in Windows 10 versions 1703, 1709 and Windows Server 1709 has an information-disclosure vulnerability caused by how Edge handles objects in memory. The CVE entry (CVE-2017-11844) specifies that an attacker can obtain information to further compromise the user’s system. The connecte...

4.3CVSS4AI score0.0593EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.80 views

CVE-2017-8555

CVE-2017-8555 describes a vulnerability in Microsoft Edge on Windows 10 (1703) where the Content Security Policy (CSP) fails to properly validate certain crafted documents, enabling an attacker to trick a user into loading a page with malicious content. The issue is tied to Edge’s handling of CSP...

4.3CVSS4.7AI score0.12535EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.80 views

CVE-2017-8652

CVE-2017-8652 is an information-disclosure/use-after-free vulnerability in Microsoft Edge on Windows 10 Gold/1511/1607/1703 and Windows Server 2016. The connected sources describe it as Edge memory-objects handling in which an attacker could disclose information. The Nessus/plugin notes this CVE ...

6.5CVSS5.6AI score0.22937EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.80 views

CVE-2018-0939

CVE-2018-0939 corresponds to a ChakraCore/Microsoft Edge information-disclosure vulnerability affecting Windows 10 (v1703/v1709). The issue arises from how the scripting engine handles objects in memory, enabling potential information disclosure. The connected advisories (GHSA-XGCC-R2F3-RQ6P) and...

4.3CVSS5.1AI score0.05719EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.79 views

CVE-2016-3327

Technical details for CVE-2016-3327 are not publicly available in the provided connected documents. They list the CVE among IE/Edge updates but do not specify affected products, root cause, impact, or fixes. Monitor for updates.

5.3CVSS5.1AI score0.14189EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.79 views

CVE-2017-8642

CVE-2017-8642 is an elevation-of-privilege issue in Microsoft Edge on Windows 10 (1703) caused by improper JavaScript validation, enabling privilege escalation. The CNVD entry confirms the flaw and impact but does not provide a patch/version to fix. Other connected records reference the same Edge...

6.1CVSS7AI score0.02956EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.79 views

CVE-2018-0893

CVE-2018-0893 corresponds to a Microsoft Edge type-confusion vulnerability. The connected disclosure notes this CVE as a Microsoft Edge Type Confusion Vulnerability with test cases, analysis, and proof-of-concept exploits. The primary impact stated across sources is remote code execution via the ...

7.6CVSS6.2AI score0.2681EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.79 views

CVE-2018-0937

CVE-2018-0937 concerns ChakraCore and Windows 10 (notably 1703 and 1709) enabling remote code execution via how the Chakra scripting engine manages objects in memory, i.e., a memory-corruption vulnerability in Chakra. The connected advisories reiterate an RCE issue affecting ChakraCore across Win...

7.6CVSS7.2AI score0.15556EPSS
CVE
CVE
added 2016/07/13 1:0 a.m.78 views

CVE-2016-3274

CVE-2016-3274 affects Microsoft Internet Explorer 9–11 and Microsoft Edge and describes a content-spoofing vulnerability where crafted URLs can mislead users. The root cause is how browsers parse HTTP content, allowing a remote attacker to redirect users to a spoofed site via a specially crafted ...

3.1CVSS5.4AI score0.08297EPSS
CVE
CVE
added 2016/12/20 5:54 a.m.78 views

CVE-2016-7206

CVE-2016-7206 : The provided connected documents indicate a cross-site scripting (XSS) vulnerability in Microsoft Edge described as allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors (information disclosure/partial integrity impact). The core affected product...

6.1CVSS5.8AI score0.11612EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.78 views

CVE-2017-8610

Technical details specific to CVE-2017-8610 (affected component/versions, root cause, impact, or remediation) are not provided in the connected documents. Monitor for updates from official advisories and vendors for precise information.

7.6CVSS7.5AI score0.08891EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.78 views

CVE-2017-8657

CVE-2017-8657 affects Microsoft Edge on Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016. The issue is a memory corruption in the browser’s JavaScript engine when rendering objects in memory, allowing remote code execution under the current user. Exploitation is possible via special...

7.6CVSS7.8AI score0.54558EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.78 views

CVE-2017-8662

CVE-2017-8662 is an information-disclosure vulnerability affecting Microsoft Edge in Windows 10 (1703). The flaw stems from how Edge validates strings in specific scenarios, enabling an attacker to disclose information. Public references confirm the relation to Edge information-disclosure issues ...

4.3CVSS4.8AI score0.05501EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.78 views

CVE-2017-8672

CVE-2017-8672 details: Microsoft Edge on Windows 10 (various builds) is affected by a memory corruption vulnerability in the scripting engine when rendering objects in memory, enabling remote code execution in the context of the current user. The linked Nessus/NVD sources classify it as a high-se...

7.6CVSS7.8AI score0.0889EPSS
CVE
CVE
added 2018/09/13 12:0 a.m.78 views

CVE-2018-8465

Technical details about CVE-2018-8465 are not publicly provided in the supplied documents. No affected product versions, root cause specifics, mitigations, or exploit indicators are present here. Monitor for updates from official advisories.

7.6CVSS7.4AI score0.14633EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.77 views

CVE-2017-0205

CVE-2017-0205 – Microsoft Edge Memory Corruption : A remote code execution vulnerability exists when Edge improperly accesses objects in memory, allowing an attacker to execute arbitrary code in the context of the current user (potentially with admin rights). Exploitation could occur if a user vi...

7.6CVSS7.8AI score0.23593EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.77 views

CVE-2017-8638

Technical details for CVE-2017-8638 are not provided in the connected documents. The supplied materials describe the issue at a high level but do not specify affected products/versions, root cause, or remediation. Monitor for updates.

7.6CVSS7.8AI score0.08641EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.77 views

CVE-2017-8639

CVE-2017-8639 refers to a memory corruption flaw in Microsoft Edge’s scripting engine when rendering objects in memory on Windows 10 (1607/1703) and Windows Server 2016. The issue could allow an attacker to execute arbitrary code in the context of the current user, typically via a web Page that t...

7.6CVSS7.8AI score0.08641EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.77 views

CVE-2018-0993

The connected advisories corroborate CVE-2018-0993 as a remote code execution vulnerability in the Chakra scripting engine used by Microsoft Edge and ChakraCore. The issue arises from the engine’s handling of objects in memory, described as a memory corruption/RCE scenario. Affected products are ...

7.6CVSS6.4AI score0.15139EPSS
CVE
CVE
added 2016/08/09 9:0 p.m.76 views

CVE-2016-3289

CVE-2016-3289 affects Microsoft Internet Explorer 11 and Microsoft Edge. The issue is a memory corruption vulnerability in the browser when handling memory objects, which an attacker can exploit via a crafted webpage to achieve remote code execution or a denial of service. Connected CNVD entries ...

7.6CVSS7.2AI score0.17704EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.76 views

CVE-2017-8603

CVE-2017-8603: A use-after-free in Microsoft Edge’s AsmJsInterpreter during HTML/script processing allows remote code execution in the current user context. Credited source (CPAI-2017-0656) notes Edge memory handling object processing as the root cause. Attack requires a user to open a crafted pa...

7.6CVSS7.5AI score0.08891EPSS
CVE
CVE
added 2016/03/09 11:0 a.m.75 views

CVE-2016-0102

CVE-2016-0108 affects Microsoft Internet Explorer 11 (and related memory corruption class) with exploitation via a crafted web site leading to remote code execution or DoS. Connected data shows a real exploit entry (Exploit-DB: 39562) and sightings, confirming exploitation activity, while CNVD/NV...

7.6CVSS7.6AI score0.16771EPSS
Total number of security vulnerabilities255