CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Microsoft » Edge » * * * * : Security Vulnerabilities

Cpe Name:cpe:2.3:a:microsoft:edge:*:*:*:*:*:*:*:*
CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-38669 2021-09-15 2021-09-28
7.5
 None Remote Low Not required Partial Partial Partial
Microsoft Edge (Chromium-based) Tampering Vulnerability
2 CVE-2021-36930 269 2021-09-02 2021-09-10
6.8
 None Remote Medium Not required Partial Partial Partial
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-26436.
3 CVE-2021-30624 416 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30624 Use after free in Autofill
4 CVE-2021-30623 416 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30623 Use after free in Bookmarks
5 CVE-2021-30622 416 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30622 Use after free in WebApp Installs
6 CVE-2021-30621 290 2021-09-03 2021-11-18
4.3
 None Remote Medium Not required None Partial None
Chromium: CVE-2021-30621 UI Spoofing in Autofill
7 CVE-2021-30620 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink
8 CVE-2021-30619 290 2021-09-03 2021-11-18
4.3
 None Remote Medium Not required None Partial None
Chromium: CVE-2021-30619 UI Spoofing in Autofill
9 CVE-2021-30618 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools
10 CVE-2021-30617 Bypass 2021-09-03 2021-11-18
4.3
 None Remote Medium Not required None Partial None
Chromium: CVE-2021-30617 Policy bypass in Blink
11 CVE-2021-30616 416 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30616 Use after free in Media
12 CVE-2021-30615 668 2021-09-03 2021-11-18
4.3
 None Remote Medium Not required Partial None None
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation
13 CVE-2021-30614 787 Overflow 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip
14 CVE-2021-30613 416 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30613 Use after free in Base internals
15 CVE-2021-30612 416 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30612 Use after free in WebRTC
16 CVE-2021-30611 416 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30611 Use after free in WebRTC
17 CVE-2021-30610 416 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30610 Use after free in Extensions API
18 CVE-2021-30609 416 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30609 Use after free in Sign-In
19 CVE-2021-30608 416 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30608 Use after free in Web Share
20 CVE-2021-30607 416 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30607 Use after free in Permissions
21 CVE-2021-30606 416 2021-09-03 2021-11-18
6.8
 None Remote Medium Not required Partial Partial Partial
Chromium: CVE-2021-30606 Use after free in Blink
22 CVE-2021-26436 2021-09-02 2022-05-03
6.8
 None Remote Medium Not required Partial Partial Partial
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-36930.
23 CVE-2021-21157 416 2021-02-22 2021-12-10
6.8
 None Remote Medium Not required Partial Partial Partial
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
24 CVE-2021-21141 287 Bypass 2021-02-09 2021-02-25
4.3
 None Remote Medium Not required None Partial None
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page.
25 CVE-2021-21140 119 Overflow 2021-02-09 2021-02-25
4.6
 None Local Low Not required Partial Partial Partial
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device.
26 CVE-2020-16009 787 2020-11-03 2021-07-21
6.8
 None Remote Medium Not required Partial Partial Partial
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
27 CVE-2017-0266 119 Exec Code Overflow 2017-05-12 2017-05-23
7.6
 None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Remote Code Execution Vulnerability."
28 CVE-2017-0241 2017-05-12 2019-10-03
5.4
 None Remote High Not required None Complete None
An elevation of privilege vulnerability exists when Microsoft Edge renders a domain-less page in the URL, which could allow Microsoft Edge to perform actions in the context of the Intranet Zone and access functionality that is not typically available to the browser when browsing in the context of the Internet Zone, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0233.
29 CVE-2017-0240 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-07-08
7.6
 None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0221 and CVE-2017-0227.
30 CVE-2017-0238 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-05-23
7.6
 None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript scripting engines handle objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0236.
31 CVE-2017-0236 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-07-08
7.6
 None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, and CVE-2017-0238.
32 CVE-2017-0235 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-05-23
7.6
 None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0236, and CVE-2017-0238.
33 CVE-2017-0234 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-07-08
7.6
 None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Edge in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.
34 CVE-2017-0233 2017-05-12 2019-10-03
5.1
 None Remote High Not required Partial Partial Partial
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This CVE ID is unique from CVE-2017-0241.
35 CVE-2017-0231 20 2017-05-12 2017-07-08
4.3
 None Remote Medium Not required None Partial None
A spoofing vulnerability exists when Microsoft browsers render SmartScreen Filter, aka "Microsoft Browser Spoofing Vulnerability."
36 CVE-2017-0230 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-05-23
7.6
 None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0229, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.
37 CVE-2017-0229 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-05-23
7.6
 None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Edge in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0228, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.
38 CVE-2017-0228 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-07-08
7.6
 None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft browsers in the way JavaScript engines render when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0224, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.
39 CVE-2017-0227 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-07-08
7.6
 None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in Microsoft Edge in the way affected Microsoft scripting engines render when handling objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0221 and CVE-2017-0240.
40 CVE-2017-0224 119 Exec Code Overflow Mem. Corr. 2017-05-12 2017-05-23
7.6
 None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists in the way JavaScript engines render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0228, CVE-2017-0229, CVE-2017-0230, CVE-2017-0234, CVE-2017-0235, CVE-2017-0236, and CVE-2017-0238.
41 CVE-2017-0221 119 Overflow Mem. Corr. 2017-05-12 2017-05-23
7.6
 None Remote High Not required Complete Complete Complete
A vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0227 and CVE-2017-0240.
42 CVE-2017-0208 200 +Info 2017-04-12 2017-07-11
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability exists in Microsoft Edge when the Chakra scripting engine does not properly handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user's system, a.k.a. "Scripting Engine Information Disclosure Vulnerability."
43 CVE-2017-0205 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-11
7.6
 None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability."
44 CVE-2017-0203 Bypass 2017-04-12 2019-10-03
4.3
 None Remote Medium Not required None Partial None
A vulnerability exists in Microsoft Edge when the Edge Content Security Policy (CSP) fails to properly validate certain specially crafted documents. An attacker could trick a user into loading a web page with malicious content, aka "Microsoft Edge Security Feature Bypass Vulnerability."
45 CVE-2017-0200 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-11
7.6
 None Remote High Not required Complete Complete Complete
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. The vulnerability could corrupt memory in such a way that enables an attacker to execute arbitrary code in the context of the current user, aka "Microsoft Edge Memory Corruption Vulnerability."
46 CVE-2017-0196 200 +Info 2017-07-17 2017-07-21
4.3
 None Remote Medium Not required Partial None None
An information disclosure vulnerability in Microsoft scripting engine allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
47 CVE-2017-0152 119 Exec Code Overflow Mem. Corr. 2017-07-17 2017-07-21
9.3
 None Remote Medium Not required Complete Complete Complete
A remote code execution vulnerability exists in the way affected Microsoft scripting engine render when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user, aka "Scripting Engine Memory Corruption Vulnerability."
48 CVE-2017-0140 Bypass 2017-03-17 2019-10-03
4.0
 None Remote High Not required Partial Partial None
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0135.
49 CVE-2017-0135 Bypass 2017-03-17 2019-10-03
4.0
 None Remote High Not required Partial Partial None
Microsoft Edge allows remote attackers to bypass the Same Origin Policy for HTML elements in other browser windows, aka "Microsoft Edge Security Feature Bypass Vulnerability." This vulnerability is different from those described in CVE-2017-0066 and CVE-2017-0140.
50 CVE-2017-0093 119 Exec Code Overflow Mem. Corr. 2017-04-12 2017-07-11
7.6
 None Remote High Not required Complete Complete Complete
A remote code execution vulnerability in Microsoft Edge exists in the way that the Scripting Engine renders when handling objects in memory in Microsoft browsers. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, aka "Scripting Engine Memory Corruption Vulnerability." This CVE ID is unique from CVE-2017-0201.
Total number of vulnerabilities : 109   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.