Edge
by Microsoft
Source repositories
CVEs (738)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-8754 | Med | 0.28 | 4.2 | 0.03 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents,… | ||
| CVE-2017-8739 | Med | 0.28 | 4.3 | 0.06 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". | ||
| CVE-2017-8735 | Med | 0.28 | 4.3 | 0.04 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability".… | ||
| CVE-2017-8724 | Med | 0.28 | 4.3 | 0.04 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from… | ||
| CVE-2017-8723 | Med | 0.28 | 4.3 | 0.04 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents,… | ||
| CVE-2017-8643 | Med | 0.28 | 4.3 | 0.06 | Sep 13, 2017 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure… | ||
| CVE-2017-8662 | Med | 0.28 | 4.3 | 0.06 | Aug 8, 2017 | Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disclose information due to how strings are validated in specific scenarios, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8652. | ||
| CVE-2017-8523 | Med | 0.28 | 4.3 | 0.01 | Jun 15, 2017 | Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser… | ||
| CVE-2017-8504 | Med | 0.28 | 4.3 | 0.05 | Jun 15, 2017 | Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID… | ||
| CVE-2017-8498 | Med | 0.28 | 4.3 | 0.05 | Jun 15, 2017 | Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This… | ||
| CVE-2017-0231 | Med | 0.28 | 4.3 | 0.04 | May 12, 2017 | A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability." | ||
| CVE-2017-0203 | Med | 0.28 | 4.3 | 0.04 | Apr 12, 2017 | A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass… | ||
| CVE-2017-0135 | Med | 0.28 | 4.2 | 0.08 | Mar 17, 2017 | Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140. | ||
| CVE-2016-3325 | Low | 0.27 | 3.1 | 0.54 | Sep 14, 2016 | Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | ||
| CVE-2021-26411 | 0.25 | — | 0.81 | KEV | Mar 11, 2021 | Internet Explorer Memory Corruption Vulnerability | ||
| CVE-2017-0208 | Med | 0.22 | 4.3 | 0.15 | Apr 12, 2017 | An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a.… | ||
| CVE-2018-8452 | Med | 0.21 | 4.3 | 0.06 | Sep 13, 2018 | An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge. | ||
| CVE-2018-8366 | Low | 0.21 | 3.1 | 0.05 | Sep 13, 2018 | An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. | ||
| CVE-2018-8315 | Med | 0.21 | 4.2 | 0.03 | Sep 13, 2018 | An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10. | ||
| CVE-2018-8370 | Low | 0.21 | 3.1 | 0.05 | Aug 15, 2018 | A information disclosure vulnerability exists when WebAudio Library improperly handles audio requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge. |
- risk 0.28cvss 4.2epss 0.03
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents,…
- risk 0.28cvss 4.3epss 0.06
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability".
- risk 0.28cvss 4.3epss 0.04
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability".…
- risk 0.28cvss 4.3epss 0.04
Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker to trick a user by redirecting the user to a specially crafted website, due to the way that Microsoft Edge parses HTTP content, aka "Microsoft Edge Spoofing Vulnerability". This CVE ID is unique from…
- risk 0.28cvss 4.3epss 0.04
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents,…
- risk 0.28cvss 4.3epss 0.06
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to leave a malicious website open during user clipboard activities, due to the way that Microsoft Edge handles clipboard events, aka "Microsoft Edge Information Disclosure…
- risk 0.28cvss 4.3epss 0.06
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to disclose information due to how strings are validated in specific scenarios, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-8644 and CVE-2017-8652.
- risk 0.28cvss 4.3epss 0.01
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser…
- risk 0.28cvss 4.3epss 0.05
Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read the URL of a cross-origin request when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability". This CVE ID…
- risk 0.28cvss 4.3epss 0.05
Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 allows an attacker to read data not intended to be disclosed when Edge allows JavaScript XML DOM objects to detect installed browser extensions, aka "Microsoft Edge Information Disclosure Vulnerability". This…
- risk 0.28cvss 4.3epss 0.04
A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability."
- risk 0.28cvss 4.3epss 0.04
A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass…
- risk 0.28cvss 4.2epss 0.08
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.
- risk 0.27cvss 3.1epss 0.54
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
- risk 0.25cvss —epss 0.81
Internet Explorer Memory Corruption Vulnerability
- risk 0.22cvss 4.3epss 0.15
An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a.…
- risk 0.21cvss 4.3epss 0.06
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers, aka "Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge.
- risk 0.21cvss 3.1epss 0.05
An information disclosure vulnerability exists when the Microsoft Edge Fetch API incorrectly handles a filtered response type, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.
- risk 0.21cvss 4.2epss 0.03
An information disclosure vulnerability exists when the browser scripting engine improperly handle object types, aka "Microsoft Scripting Engine Information Disclosure Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft Edge, Internet Explorer 10.
- risk 0.21cvss 3.1epss 0.05
A information disclosure vulnerability exists when WebAudio Library improperly handles audio requests, aka "Microsoft Edge Information Disclosure Vulnerability." This affects Microsoft Edge.
Page 23 of 37