Total
758 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-0125 | 1 Microsoft | 1 Edge | 2025-04-12 | 2.6 LOW | 3.1 LOW |
|
Microsoft Edge mishandles the Referer policy, which allows remote attackers to obtain sensitive browser-history and request information via a crafted HTTPS web site, aka "Microsoft Edge Information Disclosure Vulnerability."
|
|||||
| CVE-2015-6064 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6084 and CVE-2015-6085.
|
|||||
| CVE-2016-4109 | 2 Adobe, Microsoft | 3 Flash Player, Edge, Internet Explorer | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
|
|||||
| CVE-2016-7281 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 2.6 LOW | 5.3 MEDIUM |
|
The Web Workers implementation in Microsoft Internet Explorer 10 and 11 and Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Browser Security Feature Bypass Vulnerability."
|
|||||
| CVE-2016-3246 | 1 Microsoft | 1 Edge | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
|
|||||
| CVE-2015-6139 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 11 and Microsoft Edge mishandle content types, which allows remote attackers to execute arbitrary web script in a privileged context via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability."
|
|||||
| CVE-2016-3277 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 2.6 LOW | 5.3 MEDIUM |
|
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
|
|||||
| CVE-2015-6088 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 4.3 MEDIUM | N/A |
|
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass."
|
|||||
| CVE-2016-3295 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 5.1 MEDIUM | 7.5 HIGH |
|
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
|
|||||
| CVE-2016-3289 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
Microsoft Internet Explorer 11 and Edge allow remote attackers to execute arbitrary code via a crafted web page, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3322.
|
|||||
| CVE-2015-6151 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 8 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6083.
|
|||||
| CVE-2015-2485 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2491 and CVE-2015-2541.
|
|||||
| CVE-2016-7288 | 1 Microsoft | 1 Edge | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7296, and CVE-2016-7297.
|
|||||
| CVE-2016-3370 | 1 Microsoft | 5 Edge, Windows 10, Windows 8.1 and 2 more | 2025-04-12 | 4.3 MEDIUM | 6.5 MEDIUM |
|
The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information via a crafted web site, aka "PDF Library Information Disclosure Vulnerability," a different vulnerability than CVE-2016-3374.
|
|||||
| CVE-2016-4113 | 2 Adobe, Microsoft | 3 Flash Player, Edge, Internet Explorer | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
|
|||||
| CVE-2016-3202 | 1 Microsoft | 5 Chakra Javascript, Edge, Internet Explorer and 2 more | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript engines, as used in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
|
|||||
| CVE-2016-3392 | 1 Microsoft | 1 Edge | 2025-04-12 | 2.6 LOW | 5.3 MEDIUM |
|
The Edge Content Security Policy feature in Microsoft Edge does not properly validate documents, which allows remote attackers to bypass intended access restrictions via a crafted web site, aka "Microsoft Browser Security Feature Bypass Vulnerability."
|
|||||
| CVE-2015-6158 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6140, CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6159, and CVE-2015-6160.
|
|||||
| CVE-2016-3377 | 1 Microsoft | 1 Edge | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3350.
|
|||||
| CVE-2015-2494 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2486, CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2498, and CVE-2015-2499.
|
|||||
| CVE-2016-7196 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
|
|||||
| CVE-2016-7243 | 1 Microsoft | 1 Edge | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, and CVE-2016-7242.
|
|||||
| CVE-2016-0129 | 1 Microsoft | 1 Edge | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0116, CVE-2016-0123, CVE-2016-0124, and CVE-2016-0130.
|
|||||
| CVE-2016-7206 | 1 Microsoft | 1 Edge | 2025-04-12 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in Microsoft Edge allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability," a different vulnerability than CVE-2016-7280.
|
|||||
| CVE-2016-1100 | 2 Adobe, Microsoft | 3 Flash Player, Edge, Internet Explorer | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
|
|||||
| CVE-2015-6170 | 1 Microsoft | 1 Edge | 2025-04-12 | 6.8 MEDIUM | N/A |
|
Microsoft Edge allows remote attackers to gain privileges via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability."
|
|||||
| CVE-2016-7239 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 2.6 LOW | 3.1 LOW |
|
The RegEx class in the XSS filter in Microsoft Internet Explorer 9 through 11 and Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Browser Information Disclosure Vulnerability."
|
|||||
| CVE-2016-0102 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0103, CVE-2016-0106, CVE-2016-0108, CVE-2016-0109, and CVE-2016-0114.
|
|||||
| CVE-2015-2486 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2487, CVE-2015-2490, CVE-2015-2492, CVE-2015-2494, CVE-2015-2498, and CVE-2015-2499.
|
|||||
| CVE-2016-3388 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 2.6 LOW | 5.3 MEDIUM |
|
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387.
|
|||||
| CVE-2016-4116 | 2 Adobe, Microsoft | 3 Flash Player, Edge, Internet Explorer | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
|
|||||
| CVE-2016-7204 | 1 Microsoft | 1 Edge | 2025-04-12 | 2.6 LOW | 3.1 LOW |
|
Microsoft Edge allows remote attackers to access arbitrary "My Documents" files via a crafted web site, aka "Microsoft Edge Information Disclosure Vulnerability."
|
|||||
| CVE-2016-3274 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 2.6 LOW | 3.1 LOW |
|
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to conduct content-spoofing attacks via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability."
|
|||||
| CVE-2016-4111 | 2 Adobe, Microsoft | 3 Flash Player, Edge, Internet Explorer | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
|
|||||
| CVE-2016-3267 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 4.3 MEDIUM | 5.3 MEDIUM |
|
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to determine the existence of unspecified files via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
|
|||||
| CVE-2016-0111 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113.
|
|||||
| CVE-2016-3331 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 9.3 HIGH | 7.5 HIGH |
|
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability."
|
|||||
| CVE-2016-3260 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 9.3 HIGH | 8.8 HIGH |
|
The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability."
|
|||||
| CVE-2016-7296 | 1 Microsoft | 1 Edge | 2025-04-12 | 7.6 HIGH | 7.5 HIGH |
|
The scripting engines in Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7286, CVE-2016-7288, and CVE-2016-7297.
|
|||||
| CVE-2015-6140 | 1 Microsoft | 2 Edge, Internet Explorer | 2025-04-12 | 9.3 HIGH | N/A |
|
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6142, CVE-2015-6143, CVE-2015-6153, CVE-2015-6158, CVE-2015-6159, and CVE-2015-6160.
|
|||||