Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Edge
(Microsoft)| Repositories | https://github.com/Microsoft/ChakraCore |
| #Vulnerabilities | 747 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2015-01-23 | CVE-2015-0311 | Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and 14.x, 15.x, and 16.x through 16.0.0.287 on Windows and OS X and through 11.2.202.438 on Linux allows remote attackers to execute arbitrary code via unknown vectors, as exploited in the wild in January 2015. | Flash_player, Edge, Internet_explorer, Linux_enterprise_desktop, Linux_enterprise_workstation_extension | 9.8 | ||
| 2015-02-02 | CVE-2015-0313 | Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322. | Flash_player, Edge, Internet_explorer, Evergreen, Opensuse, Linux_enterprise_desktop, Linux_enterprise_workstation_extension | 9.8 | ||
| 2025-02-06 | CVE-2025-21253 | Microsoft Edge for IOS and Android Spoofing Vulnerability | Edge | 5.3 | ||
| 2016-09-14 | CVE-2016-3351 | Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." | Edge, Internet_explorer | 6.5 | ||
| 2016-11-10 | CVE-2016-7200 | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | Edge | 8.8 | ||
| 2016-11-10 | CVE-2016-7201 | The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243. | Edge | 8.8 | ||
| 2017-02-26 | CVE-2017-0037 | Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheets (CSS) token sequence and crafted JavaScript code that operates on a TH element. | Edge, Internet_explorer | 8.1 | ||
| 2020-11-03 | CVE-2020-16009 | Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Cefsharp, Debian_linux, Fedora, Chrome, Edge, Edge_chromium, Backports_sle, Leap | 8.8 | ||
| 2023-09-28 | CVE-2023-5217 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Ipad_os, Iphone_os, Debian_linux, Fedora, Chrome, Edge, Edge_chromium, Firefox, Thunderbird, Enterprise_linux, Libvpx | 8.8 | ||
| 2024-08-21 | CVE-2024-7971 | Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Chrome, Edge | 9.6 |