CVSS: 7.6EPSS: 85%CPEs: 1EXPL: 1CVE-2016-7288 – Microsoft Edge - TypedArray.sort Use-After-Free (MS16-145)
https://notcve.org/view.php?id=CVE-2016-7288
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297. Los motores de secuencias de comandos en Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-7286, CVE-2016-7296 y CVE-2016-7297. Microsoft Edge suffers from a use-after-free in TypedArray.sort. • https://www.exploit-db.com/exploits/41357 http://packetstormsecurity.com/files/140994/Microsoft-Edge-TypedArray.sort-Use-After-Free.html http://www.securityfocus.com/bid/94749 http://www.securitytracker.com/id/1037444 https://bugs.chromium.org/p/project-zero/issues/detail?id=983 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 9%CPEs: 1EXPL: 0CVE-2016-7181
https://notcve.org/view.php?id=CVE-2016-7181
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability." Microsoft Edge permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Edge Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/94735 http://www.securitytracker.com/id/1037444 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 18%CPEs: 4EXPL: 0CVE-2016-7279
https://notcve.org/view.php?id=CVE-2016-7279
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/94719 http://www.securitytracker.com/id/1037444 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-144 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 16%CPEs: 1EXPL: 0CVE-2016-7206
https://notcve.org/view.php?id=CVE-2016-7206
Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280. Vulnerabilidad de XSS en Microsoft Edge permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados, vulnerabilidad también conocida como "Microsoft Edge Information Disclosure Vulnerability", una vulnerabilidad diferente a CVE-2016-7280. • http://www.securityfocus.com/bid/94737 http://www.securitytracker.com/id/1037444 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 16%CPEs: 1EXPL: 0CVE-2016-7280
https://notcve.org/view.php?id=CVE-2016-7280
Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7206. Vulnerabilidad de XSS en Microsoft Edge permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarias a través de vectores no especificados, vulnerabilidad también conocida como "Microsoft Edge Information Disclosure Vulnerability", una vulnerabilidad diferente a CVE-2016-7206. • http://www.securityfocus.com/bid/94750 http://www.securitytracker.com/id/1037444 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-145 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •