CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29991 – Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-29991
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability Vulnerabilidad de omisión de característica de seguridad de Microsoft Edge (basada en Chromium) This vulnerability allows remote attackers to bypass the Mark-Of-The-Web security feature to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of .MHT files. The issue results from the lack of a security check on .MHT files located in shared folders. An attacker can leverage this vulnerability to execute code in the context of the current user. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29991 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29987 – Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29987
Microsoft Edge (Chromium-based) Information Disclosure Vulnerability Vulnerabilidad de divulgación de información de Microsoft Edge (basado en Chromium) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29987 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29986 – Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2024-29986
Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability Vulnerabilidad de divulgación de información en Microsoft Edge para Android (basado en Chromium) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29986 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor •
CVSS: 4.1EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29049 – Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-29049
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability Vulnerabilidad de suplantación de identidad de Webview2 en Microsoft Edge (basado en Chromium) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29049 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2024-29981 – Microsoft Edge (Chromium-based) Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2024-29981
Microsoft Edge (Chromium-based) Spoofing Vulnerability Vulnerabilidad de suplantación de identidad en Microsoft Edge (basado en Chromium) • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29981 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •