255 matches found
CVE-2017-8608
CVE-2017-8608 is described as a remote code execution vulnerability in the Microsoft browser JavaScript engine, caused by memory corruption when handling objects in memory. Affected products include Microsoft browsers on Windows platforms (Internet Explorer/Edge components inside Windows 7/8/10 f...
CVE-2017-8671
CVE-2017-8671 describes a remote code execution vulnerability in Microsoft Edge’s scripting engine (Chakra) for Windows 10 1511/1607/1703 and Windows Server 2016. The root cause is memory corruption when handling objects in memory during JavaScript rendering, allowing an attacker to execute arbit...
CVE-2017-8738
CVE-2017-8738 : A remote code execution vulnerability in Microsoft Edge’s scripting engine on Windows 10 (Gold, 1511, 1607) and Windows Server 2016. Root cause: memory objects are mishandled by the Edge scripting engine, allowing memory corruption and code execution in the current user context. A...
CVE-2017-0233
CVE-2017-0233 is an elevation of privilege vulnerability in Microsoft Edge that could allow escaping the AppContainer sandbox. The entry notes it is distinct from CVE-2017-0241 and lists a CVSS v3 base score of 8.3 (HIGH) with NETWORK attack vector, HIGH attack complexity, and user interaction re...
CVE-2017-11804
CVE-2017-11804 affects ChakraCore and Microsoft Edge on Windows 10 (Gold/1511/1607/1703) and Windows Server 2016. The root cause is how the scripting engine manages in-memory objects, enabling an attacker to execute arbitrary code in the context of the current user. The linked advisories confirm ...
CVE-2017-8740
CVE-2017-8740 affects Microsoft Edge on Windows 10 (1703) and is due to memory handling issues in the Edge scripting engine, enabling arbitrary code execution in the current user. A CIRCL/CVE-2017-8740 sighting confirms exploitation with exploits on Exploit DB (e.g., exploits/42764). No patch/ver...
CVE-2018-0994
CVE-2018-0994 is a remote code execution issue described as a memory‑corruption flaw in the Chakra scripting engine used by Microsoft Edge and ChakraCore. The connected sources frame the vulnerability as affecting Edge/ChakraCore and cite a memory handling/primitives weakness in Chakra’s object m...
CVE-2021-38641
CVE-2021-38641 affects Microsoft Edge for Android. The issue is described as a Spoofing Vulnerability in Edge for Android. Publicly documented details in connected sources indicate that fixes have been released for Microsoft Edge (including Edge for Android) and that users should install updates ...
CVE-2017-0017
CVE-2017-0017 affects Microsoft Edge where the RegEx class in the XSS filter can be exploited to conduct cross-site scripting and obtain sensitive information via unspecified vectors. The description notes this is distinct from other CVEs in the same year. The connected documents do not provide c...
CVE-2017-11798
CVE-2017-11798 affects Microsoft Edge on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016. The vulnerability stems from how the scripting engine handles objects in memory, enabling an attacker to execute arbitrary code in the context of the current user. The CVSS metrics from the initi...
CVE-2017-11805
CVE-2017-11805 affects ChakraCore and Microsoft Edge on Windows 10 1703. Root cause: memory handling by the Chakra scripting engine leading to memory corruption. Impact: attacker can execute arbitrary code in the current user context. Public exploits exist (e.g., Exploit-DB IDs 43367/43368) per l...
CVE-2017-8602
CVE-2017-8602 affects Microsoft browsers on Windows (multiple editions listed in the CVE entry) and is a spoofing vulnerability in how HTTP content is parsed. The connected documents (Nessus/OpenVAS plugins) confirm the issue is tied to the browser parsing logic (HTTP content) and impact is spoof...
CVE-2017-8655
CVE-2017-8655 is a Microsoft Edge memory corruption vulnerability in Windows 10/Server 2016 where the JS engine misrenders objects in memory, enabling remote code execution in the caller’s context. The description and connected Nessus advisories confirm impact on Edge’s scripting engine across mu...
CVE-2017-8728
CVE-2017-8728 is a Windows PDF Library remote code execution vulnerability affecting Windows 8.1/RT 8.1, Windows Server 2012/2012 R2, Windows 10 (1511–1703) and Windows Server 2016. The issue stems from the Windows PDF Library handling objects in memory, enabling arbitrary code execution in the c...
CVE-2017-0221
Microsoft Edge Memory Corruption Vulnerability (CVE-2017-0221) affects the Edge scripting engines when rendering in-memory objects. The root cause is improper handling/access to objects in memory, enabling remote code execution in the user’s context. Public references state this CVE is distinct f...
CVE-2017-11872
CVE-2017-11872 affects Microsoft Edge on Windows 10 (1607, 1703) and Windows Server 2016. The issue arises from how Edge handles redirect requests, allowing an attacker to force the browser to send data to a destination of the attacker’s choice. Connected sources corroborate related Edge security...
CVE-2017-8596
CVE-2017-8596 affects Microsoft Edge on Windows 10 1607/1703 and Windows Server 2016. The issue is a remote memory corruption in the Chakra JavaScript engine when rendering objects in memory, enabling code execution in the context of the current user. CVSS data from NVD indicates high risk (AV:N/...
CVE-2017-8644
CVE-2017-8644 concerns an information disclosure vulnerability in Microsoft Edge on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016, arising from how Edge handles objects in memory. The connected sources confirm the affected component is Edge and describe memory-object handling as the...
CVE-2017-8739
CVE-2017-8739 is a patchable information-disclosure vulnerability affecting Microsoft Edge in Windows 10 (1703). The root cause is improper handling of objects in memory by the Edge scripting engine, allowing an attacker to obtain information that could aid further compromise. Public advisories (...
CVE-2016-3322
CVE-2016-3322 affects Internet Explorer 11 and Edge, described as a memory corruption vulnerability that can allow remote code execution when a user visits a crafted webpage. Connected sources corroborate a memory corruption flaw in Microsoft Edge/IE causing remote code execution, with CNVD-2016-...
CVE-2017-8604
CVE-2017-8604 is a Microsoft Edge scripting engine remote memory corruption vulnerability affecting Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016. The issue arises when the JavaScript engine fails to render or handles memory objects, enabling an attacker to execute arbitrary code...
CVE-2017-8649
Technical details for CVE-2017-8649 are not publicly available in the provided documents. Monitor for updates from official advisories.
CVE-2018-0771
The CVE-2018-0771 entry refers to a security feature bypass in Microsoft Edge on Windows 10 (versions 1607 and 1703) and Windows Server 2016, caused by Edge handling of different-origin requests. Connected sources show related Microsoft KB updates (KB4088776 for OS Build 16299.309) delivering sec...
CVE-2018-0933
CVE-2018-0933 concerns ChakraCore on Windows 10 (Gold, 1511, 1607, 1703, 1709) and Windows Server 2016. The issue is a remote code execution due to how the Chakra scripting engine handles objects in memory (memory corruption). Public disclosures (GHSA advisories) describe ChakraCore RCE affecting...
CVE-2016-3296
CVE-2016-3296 affects the Chakra JavaScript engine used by Microsoft Edge. The vulnerability is a remote code execution flaw caused by memory corruption in the scripting engine when handling in-memory objects, exploitable via a crafted web site. Impact includes arbitrary code execution under the ...
CVE-2017-0034
Summary: CVE-2017-0034 is a remote code execution vulnerability in Microsoft Edge stemming from improper handling of objects in memory, enabling an attacker to run code in the context of the current user (potentially with administrative rights). The issue is tied to Edge (and EdgeHTML-based compo...
CVE-2017-0203
CVE-2017-0203 involves a vulnerability in Microsoft Edge where the Edge Content Security Policy (CSP) fails to validate certain crafted documents, allowing an attacker to entice a user to load a page with malicious content. Affected product: Microsoft Edge; root cause: CSP validation weakness in ...
CVE-2017-11794
CVE-2017-11794 spans Microsoft Edge information-disclosure vulnerabilities in Windows 10 (1703/1709) and related Edge versions. Connected sources confirm the root cause: Edge mishandles objects in memory, enabling an attacker to obtain information that could aid further system compromise. CNVD-20...
CVE-2017-11844
Microsoft Edge in Windows 10 versions 1703, 1709 and Windows Server 1709 has an information-disclosure vulnerability caused by how Edge handles objects in memory. The CVE entry (CVE-2017-11844) specifies that an attacker can obtain information to further compromise the user’s system. The connecte...
CVE-2017-8555
CVE-2017-8555 describes a vulnerability in Microsoft Edge on Windows 10 (1703) where the Content Security Policy (CSP) fails to properly validate certain crafted documents, enabling an attacker to trick a user into loading a page with malicious content. The issue is tied to Edge’s handling of CSP...
CVE-2017-8652
CVE-2017-8652 is an information-disclosure/use-after-free vulnerability in Microsoft Edge on Windows 10 Gold/1511/1607/1703 and Windows Server 2016. The connected sources describe it as Edge memory-objects handling in which an attacker could disclose information. The Nessus/plugin notes this CVE ...
CVE-2018-0939
CVE-2018-0939 corresponds to a ChakraCore/Microsoft Edge information-disclosure vulnerability affecting Windows 10 (v1703/v1709). The issue arises from how the scripting engine handles objects in memory, enabling potential information disclosure. The connected advisories (GHSA-XGCC-R2F3-RQ6P) and...
CVE-2016-3327
Technical details for CVE-2016-3327 are not publicly available in the provided connected documents. They list the CVE among IE/Edge updates but do not specify affected products, root cause, impact, or fixes. Monitor for updates.
CVE-2017-8642
CVE-2017-8642 is an elevation-of-privilege issue in Microsoft Edge on Windows 10 (1703) caused by improper JavaScript validation, enabling privilege escalation. The CNVD entry confirms the flaw and impact but does not provide a patch/version to fix. Other connected records reference the same Edge...
CVE-2018-0893
CVE-2018-0893 corresponds to a Microsoft Edge type-confusion vulnerability. The connected disclosure notes this CVE as a Microsoft Edge Type Confusion Vulnerability with test cases, analysis, and proof-of-concept exploits. The primary impact stated across sources is remote code execution via the ...
CVE-2018-0937
CVE-2018-0937 concerns ChakraCore and Windows 10 (notably 1703 and 1709) enabling remote code execution via how the Chakra scripting engine manages objects in memory, i.e., a memory-corruption vulnerability in Chakra. The connected advisories reiterate an RCE issue affecting ChakraCore across Win...
CVE-2016-3274
CVE-2016-3274 affects Microsoft Internet Explorer 9–11 and Microsoft Edge and describes a content-spoofing vulnerability where crafted URLs can mislead users. The root cause is how browsers parse HTTP content, allowing a remote attacker to redirect users to a spoofed site via a specially crafted ...
CVE-2016-7206
CVE-2016-7206 : The provided connected documents indicate a cross-site scripting (XSS) vulnerability in Microsoft Edge described as allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors (information disclosure/partial integrity impact). The core affected product...
CVE-2017-8610
Technical details specific to CVE-2017-8610 (affected component/versions, root cause, impact, or remediation) are not provided in the connected documents. Monitor for updates from official advisories and vendors for precise information.
CVE-2017-8657
CVE-2017-8657 affects Microsoft Edge on Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016. The issue is a memory corruption in the browser’s JavaScript engine when rendering objects in memory, allowing remote code execution under the current user. Exploitation is possible via special...
CVE-2017-8662
CVE-2017-8662 is an information-disclosure vulnerability affecting Microsoft Edge in Windows 10 (1703). The flaw stems from how Edge validates strings in specific scenarios, enabling an attacker to disclose information. Public references confirm the relation to Edge information-disclosure issues ...
CVE-2017-8672
CVE-2017-8672 details: Microsoft Edge on Windows 10 (various builds) is affected by a memory corruption vulnerability in the scripting engine when rendering objects in memory, enabling remote code execution in the context of the current user. The linked Nessus/NVD sources classify it as a high-se...
CVE-2018-8465
Technical details about CVE-2018-8465 are not publicly provided in the supplied documents. No affected product versions, root cause specifics, mitigations, or exploit indicators are present here. Monitor for updates from official advisories.
CVE-2017-0205
CVE-2017-0205 – Microsoft Edge Memory Corruption : A remote code execution vulnerability exists when Edge improperly accesses objects in memory, allowing an attacker to execute arbitrary code in the context of the current user (potentially with admin rights). Exploitation could occur if a user vi...
CVE-2017-8638
Technical details for CVE-2017-8638 are not provided in the connected documents. The supplied materials describe the issue at a high level but do not specify affected products/versions, root cause, or remediation. Monitor for updates.
CVE-2017-8639
CVE-2017-8639 refers to a memory corruption flaw in Microsoft Edge’s scripting engine when rendering objects in memory on Windows 10 (1607/1703) and Windows Server 2016. The issue could allow an attacker to execute arbitrary code in the context of the current user, typically via a web Page that t...
CVE-2018-0993
The connected advisories corroborate CVE-2018-0993 as a remote code execution vulnerability in the Chakra scripting engine used by Microsoft Edge and ChakraCore. The issue arises from the engine’s handling of objects in memory, described as a memory corruption/RCE scenario. Affected products are ...
CVE-2016-3289
CVE-2016-3289 affects Microsoft Internet Explorer 11 and Microsoft Edge. The issue is a memory corruption vulnerability in the browser when handling memory objects, which an attacker can exploit via a crafted webpage to achieve remote code execution or a denial of service. Connected CNVD entries ...
CVE-2017-8603
CVE-2017-8603: A use-after-free in Microsoft Edge’s AsmJsInterpreter during HTML/script processing allows remote code execution in the current user context. Credited source (CPAI-2017-0656) notes Edge memory handling object processing as the root cause. Attack requires a user to open a crafted pa...
CVE-2016-0102
CVE-2016-0108 affects Microsoft Internet Explorer 11 (and related memory corruption class) with exploitation via a crafted web site leading to remote code execution or DoS. Connected data shows a real exploit entry (Exploit-DB: 39562) and sightings, confirming exploitation activity, while CNVD/NV...