CVSS: 5.3EPSS: 34%CPEs: 4EXPL: 0CVE-2016-3267
https://notcve.org/view.php?id=CVE-2016-3267
14 Oct 2016 — Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos determinar la existencia de archivos no especificados a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/93376 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 78%CPEs: 1EXPL: 3CVE-2016-7190 – Microsoft Edge - 'Array.map' Heap Overflow (MS16-119)
https://notcve.org/view.php?id=CVE-2016-7190
14 Oct 2016 — The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7194. El motor Chakra JavaScript en Microsoft Edge permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vuln... • https://packetstorm.news/files/id/139285 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 44%CPEs: 3EXPL: 2CVE-2016-3388 – Microsoft Windows Edge/Internet Explorer - Isolated Private Namespace Insecure DACL Privilege Escalation (MS16-118)
https://notcve.org/view.php?id=CVE-2016-3388
14 Oct 2016 — Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387. Microsoft Internet Explorer 10 y 11 y Microsoft Edge no restringe adecuadamente el acceso a espacios de nombres privados, lo que permite a atacantes remotos obtener privilegios a través de vectores no especificados, vu... • https://packetstorm.news/files/id/139231 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 78%CPEs: 1EXPL: 2CVE-2016-7189 – Microsoft Edge - 'Array.join' Infomation Leak (MS16-119)
https://notcve.org/view.php?id=CVE-2016-7189
14 Oct 2016 — The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Remote Code Execution Vulnerability." El motor Chakra JavaScript en Microsoft Edge permite a atacantes remotos ejecutar un código arbitrario a través de un sitio web manipulado, vulnerabilidad también conocida como "Scripting Engine Remote Code Execution Vulnerability". Microsoft Edge suffers from an Array.join information leakage vulnerability. • https://packetstorm.news/files/id/139283 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 77%CPEs: 1EXPL: 2CVE-2016-7194 – Microsoft Edge - 'Function.apply' Information Leak (MS16-119)
https://notcve.org/view.php?id=CVE-2016-7194
14 Oct 2016 — The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7190. El motor Chakra JavaScript en Microsoft Edge permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vuln... • https://packetstorm.news/files/id/139284 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 23%CPEs: 4EXPL: 0CVE-2016-3382 – Microsoft Edge JavaScript eval Function Type Confusion Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3382
11 Oct 2016 — The scripting engines in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, as demonstrated by the Chakra JavaScript engine, aka "Scripting Engine Memory Corruption Vulnerability." Los motores de secuencia de comandos en Microsoft Internet Explorer 9 hasta la versión 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio... • http://www.securityfocus.com/bid/93386 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 77%CPEs: 1EXPL: 2CVE-2016-3386 – Microsoft Windows JavaScript Spread Operator Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3386
11 Oct 2016 — The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3389, CVE-2016-7190, and CVE-2016-7194. El motor Chakra JavaScript en Microsoft Edge permite a atacantes remotos ejecutar un código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vuln... • https://packetstorm.news/files/id/139282 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 0%CPEs: 20EXPL: 2CVE-2015-8960
https://notcve.org/view.php?id=CVE-2015-8960
21 Sep 2016 — The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh values for ClientCertificateType but does not directly document the ability to compute the master secret in certain situations with a client secret key and server public key but not a server secret key, which makes it easier for man-in-the-middle attackers to spoof TLS servers by leveraging knowledge of the secret key for an arbitrary installed client X.509 certificate, aka the "Key Compromise Impe... • http://twitter.com/matthew_d_green/statuses/630908726950674433 • CWE-295: Improper Certificate Validation •
CVSS: 6.5EPSS: 34%CPEs: 8EXPL: 0CVE-2016-3374
https://notcve.org/view.php?id=CVE-2016-3374
14 Sep 2016 — The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3370. La librería PDF en Microsoft Edge, Windows 8.1, Windows Server 2012 Gold y R2, Windows RT 8.1 y Windows 10 Gold, 1511 y 1607 permite a atacantes remotos obtener información sensible a través de un ... • http://blog.malerisch.net/2016/09/microsoft--out-of-bounds-read-pdf-library-cve-2016-3374.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 16%CPEs: 1EXPL: 0CVE-2016-3350
https://notcve.org/view.php?id=CVE-2016-3350
14 Sep 2016 — The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3377. El motor Chakra JavaScript en Microsoft Edge permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Scr... • http://www.securityfocus.com/bid/92793 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •