CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   

Microsoft » Edge : Security Vulnerabilities (Bypass)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-30617 Bypass 2021-09-03 2021-11-18
4.3
 None Remote Medium Not required None Partial None
Chromium: CVE-2021-30617 Policy bypass in Blink
2 CVE-2021-21141 74 Bypass 2021-02-09 2022-07-12
4.3
 None Remote Medium Not required None Partial None
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.
3 CVE-2018-8358 Bypass 2018-08-15 2019-10-03
4.3
 None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists when Microsoft Edge improperly handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
4 CVE-2018-8112 346 Bypass 2018-05-09 2020-08-24
4.3
 None Remote Medium Not required Partial None None
A security feature bypass vulnerability exists when Microsoft Edge improperly handles requests of different origins, aka "Microsoft Edge Security Feature Bypass Vulnerability." This affects Microsoft Edge.
5 CVE-2017-0203 Bypass 2017-04-12 2019-10-03
4.3
 None Remote Medium Not required None Partial None
A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass Vulnerability."
6 CVE-2017-0140 Bypass 2017-03-17 2019-10-03
4.0
 None Remote High Not required Partial Partial None
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135.
7 CVE-2017-0135 Bypass 2017-03-17 2019-10-03
4.0
 None Remote High Not required Partial Partial None
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.
8 CVE-2017-0066 Bypass 2017-03-17 2019-10-03
4.0
 None Remote High Not required Partial Partial None
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0135 and CVE-2017-0140.
9 CVE-2017-0002 Bypass 2017-01-10 2019-10-03
6.8
 None Remote Medium Not required Partial Partial Partial
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability."
10 CVE-2016-7281 254 Bypass 2016-12-20 2018-10-12
2.6
 None Remote High Not required None Partial None
The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."
11 CVE-2016-7199 200 Bypass +Info 2016-11-10 2018-10-12
2.6
 None Remote High Not required Partial None None
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the Same Origin Policy and obtain sensitive window-state information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
12 CVE-2016-3392 284 Bypass 2016-10-14 2018-10-12
2.6
 None Remote High Not required None Partial None
The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Microsoft Browser Security Feature Bypass Vulnerability."
13 CVE-2016-3244 284 Bypass 2016-07-13 2018-10-12
4.3
 None Remote Medium Not required Partial None None
Microsoft Edge allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge Security Feature Bypass."
14 CVE-2016-3198 254 Bypass 2016-06-16 2018-10-12
4.3
 None Remote Medium Not required None Partial None
Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass."
15 CVE-2016-0161 254 Bypass 2016-04-12 2018-10-12
4.3
 None Remote Medium Not required None Partial None
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158.
16 CVE-2016-0158 254 Bypass 2016-04-12 2018-10-12
4.3
 None Remote Medium Not required None Partial None
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0161.
17 CVE-2016-0080 200 Bypass +Info 2016-02-10 2018-10-12
4.3
 None Remote Medium Not required Partial None None
Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR Bypass."
18 CVE-2015-6176 79 XSS Bypass 2015-12-09 2018-10-12
4.3
 None Remote Medium Not required None Partial None
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass Vulnerability."
19 CVE-2015-6088 200 Bypass +Info 2015-11-11 2018-10-12
4.3
 None Remote Medium Not required Partial None None
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass."
20 CVE-2015-6058 79 XSS Bypass 2015-10-14 2018-10-12
4.3
 None Remote Medium Not required None Partial None
Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass."
21 CVE-2015-2449 200 Bypass +Info 2015-08-14 2018-10-12
4.3
 None Remote Medium Not required Partial None None
Microsoft Internet Explorer 7 through 11 and Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "ASLR Bypass."
Total number of vulnerabilities : 21   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.