CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Edge : Security Vulnerabilities (Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-1220 732 Bypass 2019-09-11 2019-09-13
4.3
None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the correct Security Zone of requests for specific URLs, aka 'Microsoft Browser Security Feature Bypass Vulnerability'.
2 CVE-2019-1192 254 Bypass 2019-08-14 2019-08-20
4.3
None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'.
3 CVE-2019-1054 254 Bypass 2019-06-12 2019-06-13
5.1
None Remote High Not required Partial Partial Partial
A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW), aka 'Microsoft Edge Security Feature Bypass Vulnerability'.
4 CVE-2019-0762 254 Bypass 2019-04-08 2019-04-09
4.3
None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists when Microsoft browsers improperly handle requests of different origins, aka 'Microsoft Browsers Security Feature Bypass Vulnerability'.
5 CVE-2019-0612 254 Exec Code Bypass 2019-04-08 2019-04-09
2.6
None Remote High Not required None Partial None
A security feature bypass vulnerability exists when Click2Play protection in Microsoft Edge improperly handles flash objects. By itself, this bypass vulnerability does not allow arbitrary code execution, aka 'Microsoft Edge Security Feature Bypass Vulnerability'.
6 CVE-2018-8530 Bypass 2018-10-10 2019-10-02
4.3
None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8512.
7 CVE-2018-8512 20 Bypass 2018-10-10 2018-12-06
5.8
None Remote Medium Not required Partial Partial None
A security feature bypass vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8530.
8 CVE-2018-8358 Bypass 2018-08-15 2019-10-02
4.3
None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
9 CVE-2018-8276 Bypass 2018-07-10 2019-10-02
4.3
None Remote Medium Not required None Partial None
A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore.
10 CVE-2018-8235 200 Bypass +Info 2018-06-14 2018-08-02
4.3
None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
11 CVE-2018-8112 200 Bypass +Info 2018-05-09 2018-06-05
4.3
None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
12 CVE-2018-0771 Bypass 2018-02-14 2019-10-02
4.3
None Remote Medium Not required Partial None None
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows a security feature bypass, due to how Edge handles different-origin requests, aka "Microsoft Edge Security Feature Bypass".
13 CVE-2017-11874 Bypass 2017-11-14 2019-10-02
2.6
None Remote High Not required None Partial None
Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872.
14 CVE-2017-11872 Bypass 2017-11-14 2019-10-02
4.3
None Remote Medium Not required Partial None None
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11874.
15 CVE-2017-11863 20 Bypass 2017-11-14 2017-12-01
4.3
None Remote Medium Not required None Partial None
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to trick a user into loading a page containing malicious content, due to how the Edge Content Security Policy (CSP) validates documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11872 and CVE-2017-11874.
16 CVE-2017-8754 20 Bypass 2017-09-12 2019-10-02
4.0
None Remote High Not required Partial Partial None
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8723.
17 CVE-2017-8723 20 Bypass 2017-09-12 2019-10-02
4.3
None Remote Medium Not required None Partial None
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page containing malicious content, due to the way that the Edge Content Security Policy (CSP) validates certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8754.
18 CVE-2017-8650 346 Bypass 2017-08-08 2019-10-02
5.8
None Remote Medium Not required Partial Partial None
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to exploit a security feature bypass due to Microsoft Edge not properly enforcing same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability".
19 CVE-2017-8637 Bypass 2017-08-08 2019-10-02
2.6
None Remote High Not required None Partial None
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to bypass Arbitrary Code Guard (ACG) due to how Microsoft Edge accesses memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Scripting Engine Security Feature Bypass Vulnerability".
20 CVE-2017-8599 20 Bypass 2017-07-11 2019-10-02
4.3
None Remote Medium Not required None Partial None
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability".
21 CVE-2017-8592 200 Bypass +Info 2017-07-11 2017-07-19
4.3
None Remote Medium Not required Partial None None
Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows RT 8.1, and Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow a security feature bypass vulnerability when they improperly handle redirect requests, aka "Microsoft Browser Security Feature Bypass".
22 CVE-2017-8555 20 Bypass 2017-06-14 2017-06-21
4.3
None Remote Medium Not required None Partial None
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to trick a user into loading a page with malicious content when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8530.
23 CVE-2017-8530 346 Bypass 2017-06-14 2019-10-02
5.8
None Remote Medium Not required Partial Partial None
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge does not properly enforce same-origin policies, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8523 and CVE-2017-8555.
24 CVE-2017-8523 346 Bypass 2017-06-14 2019-10-02
4.3
None Remote Medium Not required None Partial None
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an attacker to trick a user into loading a page with malicious content when Microsoft Edge fails to correctly apply Same Origin Policy for HTML elements present in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-8530 and CVE-2017-8555.
25 CVE-2017-0203 Bypass 2017-04-12 2019-10-02
4.3
None Remote Medium Not required None Partial None
A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass Vulnerability."
26 CVE-2017-0140 Bypass 2017-03-16 2019-10-02
4.0
None Remote High Not required Partial Partial None
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135.
27 CVE-2017-0135 Bypass 2017-03-16 2019-10-02
4.0
None Remote High Not required Partial Partial None
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.
28 CVE-2017-0066 Bypass 2017-03-16 2019-10-02
4.0
None Remote High Not required Partial Partial None
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140.
29 CVE-2017-0002 Bypass 2017-01-10 2019-10-02
6.8
None Remote Medium Not required Partial Partial Partial
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."
30 CVE-2016-7281 254 Bypass 2016-12-20 2018-10-12
2.6
None Remote High Not required None Partial None
The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."
31 CVE-2016-7199 200 Bypass +Info 2016-11-10 2018-10-12
2.6
None Remote High Not required Partial None None
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
32 CVE-2016-3392 284 Bypass 2016-10-13 2018-10-12
2.6
None Remote High Not required None Partial None
The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Microsoft Browser Security Feature Bypass Vulnerability."
33 CVE-2016-3244 284 Bypass 2016-07-12 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass."
34 CVE-2016-3198 254 Bypass 2016-06-15 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass."
35 CVE-2016-0161 254 Bypass 2016-04-12 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158.
36 CVE-2016-0158 254 Bypass 2016-04-12 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0161.
37 CVE-2016-0080 200 Bypass +Info 2016-02-10 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR Bypass."
38 CVE-2015-6176 79 XSS Bypass 2015-12-09 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass Vulnerability."
39 CVE-2015-6088 200 Bypass +Info 2015-11-11 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass."
40 CVE-2015-6058 79 XSS Bypass 2015-10-13 2018-10-12
4.3
None Remote Medium Not required None Partial None
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass."
41 CVE-2015-2449 200 Bypass +Info 2015-08-14 2018-10-12
4.3
None Remote Medium Not required Partial None None
Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass."
Total number of vulnerabilities : 41   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.