Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Edge
(Microsoft)| Repositories | https://github.com/Microsoft/ChakraCore |
| #Vulnerabilities | 734 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2020-05-21 | CVE-2020-1056 | An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. | Edge | 8.1 | ||
| 2020-05-21 | CVE-2020-1065 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | Chakracore, Edge | 7.5 | ||
| 2020-05-21 | CVE-2020-1096 | A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Remote Code Execution Vulnerability'. | Edge | 7.5 | ||
| 2020-05-21 | CVE-2020-1195 | An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'. | Edge | 5.9 | ||
| 2020-06-09 | CVE-2020-1073 | A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | Chakracore, Edge | 8.1 | ||
| 2020-06-09 | CVE-2020-1219 | A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | Chakracore, Edge, Internet_explorer | 7.5 | ||
| 2020-06-09 | CVE-2020-1242 | An information disclosure vulnerability exists in the way that Microsoft Edge handles cross-origin requests, aka 'Microsoft Edge Information Disclosure Vulnerability'. | Edge | 5.3 | ||
| 2020-07-14 | CVE-2020-1433 | An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Information Disclosure Vulnerability'. | Edge | 6.5 | ||
| 2020-07-14 | CVE-2020-1462 | An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability'. | Edge | 4.3 | ||
| 2021-02-09 | CVE-2021-21140 | Uninitialized use in USB in Google Chrome prior to 88.0.4324.96 allowed a local attacker to potentially perform out of bounds memory access via via a USB device. | Chrome, Edge | 6.8 |