Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Edge
(Microsoft)| Repositories | https://github.com/Microsoft/ChakraCore |
| #Vulnerabilities | 745 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-01-23 | CVE-2015-0311 | Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. | Flash_player, Edge, Internet_explorer, Linux_enterprise_desktop, Linux_enterprise_workstation_extension | 9.8 | ||
| 2015-02-02 | CVE-2015-0313 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. | Flash_player, Edge, Internet_explorer, Evergreen, Opensuse, Linux_enterprise_desktop, Linux_enterprise_workstation_extension | 9.8 | ||
| 2023-09-28 | CVE-2023-5217 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Ipad_os, Iphone_os, Debian_linux, Fedora, Chrome, Edge, Edge_chromium, Firefox, Thunderbird, Enterprise_linux, Libvpx | 8.8 | ||
| 2024-02-23 | CVE-2024-26188 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Edge | N/A | ||
| 2024-03-07 | CVE-2024-26167 | Microsoft Edge for Android Spoofing Vulnerability | Edge | N/A | ||
| 2020-05-21 | CVE-2020-1037 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | Chakracore, Edge | 7.5 | ||
| 2020-05-21 | CVE-2020-1056 | An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | Edge | 8.1 | ||
| 2020-05-21 | CVE-2020-1059 | A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'. | Edge | 4.3 | ||
| 2020-05-21 | CVE-2020-1065 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | Chakracore, Edge | 7.5 | ||
| 2020-05-21 | CVE-2020-1096 | A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Remote Code Execution Vulnerability'. | Edge | 7.5 |