CVSS: 7.5EPSS: 67%CPEs: 2EXPL: 2CVE-2016-3247 – Microsoft Edge CSS white-space Property Out-Of-Bounds Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2016-3247
14 Sep 2016 — Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability." Microsoft Internet Explorer 11 y Microsoft Edge permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Memory Corruption Vulner... • https://packetstorm.news/files/id/139806 •
CVSS: 7.6EPSS: 23%CPEs: 1EXPL: 0CVE-2016-3294 – Microsoft Edge TextNode Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2016-3294
14 Sep 2016 — Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3330. Microsoft Edge permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Memory Corruption Vulnerability", una vulnerabili... • http://www.securityfocus.com/bid/92789 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 16%CPEs: 7EXPL: 0CVE-2016-3330
https://notcve.org/view.php?id=CVE-2016-3330
14 Sep 2016 — Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3294. Microsoft Edge permite a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Edge Memory Corruption Vulnerability", una vulnerabilidad... • http://www.securityfocus.com/bid/92807 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.6EPSS: 5%CPEs: 2EXPL: 0CVE-2016-3291
https://notcve.org/view.php?id=CVE-2016-3291
14 Sep 2016 — Microsoft Internet Explorer 11 and Microsoft Edge mishandle cross-origin requests, which allows remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability." Microsoft Internet Explorer 11 y Microsoft Edge no maneja adecuadamente peticiones de origen cruzado, lo que permite a atacantes remotos obtener información sensible a través de un sitio web manipulado, vulnerabilidad también conocida como "Microsoft Browser Information Disclosure... • http://www.securityfocus.com/bid/92834 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 3%CPEs: 6EXPL: 0CVE-2016-7152
https://notcve.org/view.php?id=CVE-2016-7152
06 Sep 2016 — The HTTPS protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. El protocolo HTTPS no considera el rol de la ventana de congestión TCP cuando da información sobre longitud del contenido, lo que facilita a atacantes remotos obtener datos en texto plano aprovechando una configuración ... • http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 3%CPEs: 6EXPL: 0CVE-2016-7153
https://notcve.org/view.php?id=CVE-2016-7153
06 Sep 2016 — The HTTP/2 protocol does not consider the role of the TCP congestion window in providing information about content length, which makes it easier for remote attackers to obtain cleartext data by leveraging a web-browser configuration in which third-party cookies are sent, aka a "HEIST" attack. El protocolo HTTP/2 no considera el rol de la ventana de congestión TCP cuando da información sobre longitud del contenido, lo que facilita a atacantes remotos obtener datos en texto plano aprovechando una configuració... • http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 31%CPEs: 4EXPL: 0CVE-2016-3293
https://notcve.org/view.php?id=CVE-2016-3293
09 Aug 2016 — Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Edge permiten a atacantes remotos ejecutar código arbitrario a través de una página web manipulada, también conocida como "Microsoft Browser Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/92305 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 23%CPEs: 1EXPL: 0CVE-2016-3296
https://notcve.org/view.php?id=CVE-2016-3296
09 Aug 2016 — The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." El motor Chakra JavaScript en Microsoft Edge permite a atacantes remotos ejecutar código arbitrario a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability." • http://www.securityfocus.com/bid/92283 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.3EPSS: 32%CPEs: 4EXPL: 0CVE-2016-3329
https://notcve.org/view.php?id=CVE-2016-3329
09 Aug 2016 — Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to determine the existence of files via a crafted webpage, aka "Internet Explorer Information Disclosure Vulnerability." Microsoft Internet Explorer 9 hasta la versión 11 y Edge permiten a atacantes remotos determinar la existencia de archivos a través de una página web manipulada, también conocida como "Internet Explorer Information Disclosure Vulnerability". • http://www.securityfocus.com/bid/92286 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 32%CPEs: 4EXPL: 0CVE-2016-3327
https://notcve.org/view.php?id=CVE-2016-3327
09 Aug 2016 — Microsoft Internet Explorer 9 through 11 and Edge allow remote attackers to obtain sensitive information via a crafted web page, aka "Microsoft Browser Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3326. Microsoft Internet Explorer 9 hasta la versión 11 y Edge permiten a atacantes remotos obtener información sensible a través de una página web manipulada, también conocida como "Microsoft Browser Information Disclosure Vulnerability", una vulnerabilidad diferente a CVE-2016-3... • http://www.securityfocus.com/bid/92284 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •