Edge
Monthly
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network. [CVSS 5.5 MEDIUM]
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft Edge for IOS and Android Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity.
Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Tampering Vulnerability. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Microsoft Edge (Chrome based) Spoofing on IE Mode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
This affects the package edge.js before 5.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Microsoft Edge (Chromium-based) Tampering Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
Chromium: CVE-2021-30624 Use after free in Autofill. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30623 Use after free in Bookmarks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30622 Use after free in WebApp Installs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30621 UI Spoofing in Autofill. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30619 UI Spoofing in Autofill. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30617 Policy bypass in Blink. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30616 Use after free in Media. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Chromium: CVE-2021-30613 Use after free in Base internals. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30612 Use after free in WebRTC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30611 Use after free in WebRTC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30610 Use after free in Extensions API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30609 Use after free in Sign-In. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30608 Use after free in Web Share. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30607 Use after free in Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30606 Use after free in Blink. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
Microsoft Edge for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft Edge for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
Microsoft Edge (HTML-based) Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Microsoft Browser Memory Corruption Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Scripting Engine Memory Corruption Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
<p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.
A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an authorized attacker to perform spoofing over a network. [CVSS 5.5 MEDIUM]
Insufficient ui warning of dangerous operations in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The ui performs the wrong action in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
User interface (ui) misrepresentation of critical information in Microsoft Edge for iOS allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft Edge for IOS and Android Spoofing Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.
Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.
Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated low severity (CVSS 3.9), this vulnerability is low attack complexity.
Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
This external control vulnerability, if exploited, could allow a local OS-authenticated user with standard privileges to delete files with System privilege on the machine where these products are. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.
This privilege escalation vulnerability, if exploited, cloud allow a local OS-authenticated user with standard privileges to escalate to System privilege on the machine where these products are. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
Microsoft Edge (Chromium-based) Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Tampering Vulnerability. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.3), this vulnerability is remotely exploitable, no authentication required.
Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML. Rated critical severity (CVSS 9.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Microsoft Edge (Chrome based) Spoofing on IE Mode. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
This affects the package edge.js before 5.3.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.
Microsoft Edge (Chromium-based) Tampering Vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity.
Chromium: CVE-2021-30624 Use after free in Autofill. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30623 Use after free in Bookmarks. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30622 Use after free in WebApp Installs. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30621 UI Spoofing in Autofill. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30620 Insufficient policy enforcement in Blink. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30619 UI Spoofing in Autofill. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30618 Inappropriate implementation in DevTools. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30617 Policy bypass in Blink. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30616 Use after free in Media. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30615 Cross-origin data leak in Navigation. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30614 Heap buffer overflow in TabStrip. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Chromium: CVE-2021-30613 Use after free in Base internals. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30612 Use after free in WebRTC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30611 Use after free in WebRTC. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30610 Use after free in Extensions API. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30609 Use after free in Sign-In. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30608 Use after free in Web Share. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30607 Use after free in Permissions. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chromium: CVE-2021-30606 Use after free in Blink. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge for iOS Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.
Microsoft Edge for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Microsoft Edge for Android Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.
Use after free in Web Sockets in Google Chrome on Linux prior to 88.0.4324.182 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to bypass file extension policy via a crafted HTML page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.
Microsoft Edge (HTML-based) Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Microsoft Edge for Android Spoofing Vulnerability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Microsoft Browser Memory Corruption Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Scripting Engine Memory Corruption Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Chakra Scripting Engine Memory Corruption Vulnerability. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
<p>A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
<p>A remote code execution vulnerability exists in the way that the IEToEdge Browser Helper Object (BHO) plugin on Internet Explorer handles objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
<p>A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. Rated medium severity (CVSS 4.2), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Information Disclosure Vulnerability'. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required.
A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.
A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Remote Code Execution Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Open Redirect vulnerability could allow attackers to redirect users to malicious websites via URL manipulation.
An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.