Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Edge
(Microsoft)| Repositories | https://github.com/Microsoft/ChakraCore |
| #Vulnerabilities | 744 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-01-25 | CVE-2022-23258 | Microsoft Edge for Android Spoofing Vulnerability | Edge | 4.3 | ||
| 2023-07-14 | CVE-2023-36883 | Microsoft Edge for iOS Spoofing Vulnerability | Edge | 4.3 | ||
| 2017-03-17 | CVE-2017-0141 | A remote code execution vulnerability exists in the way affected Microsoft scripting engines render when handling objects in memory in Microsoft browsers. These vulnerabilities could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who... | Edge | 7.5 | ||
| 2023-04-11 | CVE-2023-28284 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | Edge | 4.3 | ||
| 2019-04-09 | CVE-2019-0810 | A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. | Chakracore, Edge | 7.5 | ||
| 2016-06-16 | CVE-2016-3201 | Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allow remote attackers to obtain sensitive information from process memory via a crafted PDF document, aka "Windows PDF Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3215. | Edge, Windows_10, Windows_8\.1, Windows_server_2012 | 6.5 | ||
| 2017-06-15 | CVE-2017-8529 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, and Windows Server 2012 and R2 allow an attacker to detect specific files on the user's computer when affected Microsoft scripting engines do not properly handle objects in memory, aka "Microsoft Browser Information Disclosure Vulnerability". | Edge, Internet_explorer | 6.5 | ||
| 2021-02-09 | CVE-2021-21141 | Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. | Chrome, Edge | 6.5 | ||
| 2017-11-15 | CVE-2017-11827 | Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how Microsoft browsers handle objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability". | Edge, Internet_explorer | 7.5 | ||
| 2017-11-15 | CVE-2017-11844 | Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, version 1709 allows an attacker to obtain information to further compromise the user's system, due to how Microsoft Edge handles objects in memory, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11803 and CVE-2017-11833. | Edge | 4.3 |