CVSS: 8.8EPSS: 19%CPEs: 1EXPL: 0CVE-2017-0002
https://notcve.org/view.php?id=CVE-2017-0002
Microsoft Edge allows remote attackers to bypass the Same Origin Policy via vectors involving the about:blank URL and data: URLs, aka "Microsoft Edge Elevation of Privilege Vulnerability." Microsoft Edge podría permitir a atacantes eludir la Same Origin Policy a través de vectores que implican la URL about:blank y las URLs data:, vulnerabilidad también conocida como "Microsoft Edge Elevation of Privilege Vulnerability." • http://www.securityfocus.com/bid/95284 http://www.securitytracker.com/id/1037573 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2017/ms17-001 •
CVSS: 7.6EPSS: 9%CPEs: 1EXPL: 0CVE-2016-7296
https://notcve.org/view.php?id=CVE-2016-7296
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7297. Los motores de secuencias de comandos en Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-7286, CVE-2016-7288 y CVE-2016-7297. • http://www.securityfocus.com/bid/94738 http://www.securitytracker.com/id/1037444 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2016-7281
https://notcve.org/view.php?id=CVE-2016-7281
The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability." La implementación Web Workers en Microsoft Internet Explorer 10 y 11 y Microsoft Edge permite a atacantes remotos eludir la Same Origin Policy a través de vectores no especificados, vulnerabilidad también conocida como "Microsoft Browser Security Feature Bypass Vulnerability." • http://www.securityfocus.com/bid/94723 http://www.securitytracker.com/id/1037444 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145 • CWE-254: 7PK - Security Features •
CVSS: 7.6EPSS: 85%CPEs: 1EXPL: 1CVE-2016-7286 – Microsoft Edge - SIMD.toLocaleString Uninitialized Memory (MS16-145)
https://notcve.org/view.php?id=CVE-2016-7286
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7288, CVE-2016-7296, and CVE-2016-7297. Los motores de secuencias de comandos en Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-7288, CVE-2016-7296 y CVE-2016-7297. Microsoft Edge suffers from an uninitialized memory vulnerability in SIMD.toLocaleString. • https://www.exploit-db.com/exploits/40947 http://packetstormsecurity.com/files/140250/Microsoft-Edge-SIMD.toLocaleString-Uninitialized-Memory.html http://www.securityfocus.com/bid/94748 http://www.securitytracker.com/id/1037444 https://bugs.chromium.org/p/project-zero/issues/detail?id=961 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 67%CPEs: 2EXPL: 1CVE-2016-7287 – Microsoft Edge - Internationalization Initialization Type Confusion (MS16-144)
https://notcve.org/view.php?id=CVE-2016-7287
The scripting engines in Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Los motores de secuencias de comandos en Microsoft Internet Explorer 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability". Microsoft Edge suffers from a type confusion vulnerability in internationalization initialization. • https://www.exploit-db.com/exploits/40948 http://packetstormsecurity.com/files/140251/Microsoft-Edge-Internationalization-Type-Confusion.html http://www.securityfocus.com/bid/94722 http://www.securitytracker.com/id/1037444 https://bugs.chromium.org/p/project-zero/issues/detail?id=972 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •