Microsoft Edge vulnerabilities
411 known vulnerabilities affecting microsoft/microsoft_edge.
Total CVEs
411
CISA KEV
2
actively exploited
Public exploits
26
Exploited in wild
4
Severity breakdown
CRITICAL7HIGH244MEDIUM152LOW8
Vulnerabilities
Page 12 of 21
CVE-2019-1002MEDIUMCVSS 4.2≥ 1.0..0, < publication2019-06-12
CVE-2019-1002 [MEDIUM] CWE-787 CVE-2019-1002: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the
cvelistv5nvd
CVE-2019-0989MEDIUMCVSS 4.2≥ 1.0..0, < publication2019-06-12
CVE-2019-0989 [MEDIUM] CWE-787 CVE-2019-0989: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the
cvelistv5nvd
CVE-2019-1023MEDIUMCVSS 6.5≥ 1.0..0, < publication2019-06-12
CVE-2019-1023 [MEDIUM] CWE-200 CVE-2019-1023: An information disclosure vulnerability exists when the scripting engine does not properly handle ob
An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge. An attacker who successfully exploited the vulnerability could obtain information to further compromise the user’s system.
In a web-based attack scenario, an attacker could host a website in an attempt to exploit the v
cvelistv5nvd
CVE-2019-1051MEDIUMCVSS 4.2≥ 1.0..0, < publication2019-06-12
CVE-2019-1051 [MEDIUM] CWE-787 CVE-2019-1051: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the
cvelistv5nvd
CVE-2019-1024MEDIUMCVSS 4.2≥ 1.0..0, < publication2019-06-12
CVE-2019-1024 [MEDIUM] CWE-787 CVE-2019-1024: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the
cvelistv5nvd
CVE-2019-0991MEDIUMCVSS 4.2≥ 1.0..0, < publication2019-06-12
CVE-2019-0991 [MEDIUM] CWE-787 CVE-2019-0991: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the
cvelistv5nvd
CVE-2019-1054MEDIUMCVSS 5.0≥ 1.0..0, < publication2019-06-12
CVE-2019-1054 [MEDIUM] CVE-2019-1054: A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tag
A security feature bypass vulnerability exists in Edge that allows for bypassing Mark of the Web Tagging (MOTW). Failing to set the MOTW means that a large number of Microsoft security technologies are bypassed.
In a web-based attack scenario, an attacker could host a malicious website that is designed to exploit the security feature bypass. Alternatively, in
cvelistv5nvd
CVE-2019-0993MEDIUMCVSS 4.2≥ 1.0..0, < publication2019-06-12
CVE-2019-0993 [MEDIUM] CWE-787 CVE-2019-0993: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the
cvelistv5nvd
CVE-2019-0992MEDIUMCVSS 4.2≥ 1.0..0, < publication2019-06-12
CVE-2019-0992 [MEDIUM] CWE-787 CVE-2019-0992: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the
cvelistv5nvd
CVE-2019-1052MEDIUMCVSS 4.2≥ 1.0..0, < publication2019-06-12
CVE-2019-1052 [MEDIUM] CWE-787 CVE-2019-1052: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the
cvelistv5nvd
CVE-2019-0990MEDIUMCVSS 6.5≥ 1.0..0, < publication2019-06-12
CVE-2019-0990 [MEDIUM] CWE-200 CVE-2019-0990: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the
cvelistv5nvd
CVE-2019-1081MEDIUMCVSS 4.2≥ 1.0..0, < publication2019-06-12
CVE-2019-1081 [MEDIUM] CWE-200 CVE-2019-1081: An information disclosure vulnerability exists when affected Microsoft browsers improperly handle ob
An information disclosure vulnerability exists when affected Microsoft browsers improperly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.
To exploit the vulnerability, in a web-based attack scenario, an attacker could host a website that is used to a
cvelistv5nvd
CVE-2019-0938CRITICALCVSS 9.0vWindows 10 for 32-bit SystemsvWindows 10 for x64-based Systems+15 more2019-05-16
CVE-2019-0938 [CRITICAL] CVE-2019-0938: An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to esc
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka 'Microsoft Edge Elevation of Privilege Vulnerability'.
cvelistv5nvd
CVE-2019-0926HIGHCVSS 7.5vWindows 10 Version 1809 for 32-bit SystemsvWindows 10 Version 1809 for x64-based Systems+2 more2019-05-16
CVE-2019-0926 [HIGH] CWE-787 CVE-2019-0926: A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memo
A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'.
cvelistv5nvd
CVE-2019-0924HIGHCVSS 7.5vWindows 10 for 32-bit SystemsvWindows 10 for x64-based Systems+15 more2019-05-16
CVE-2019-0924 [HIGH] CVE-2019-0924: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scri
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917,
cvelistv5
CVE-2019-0912HIGHCVSS 7.5vWindows 10 Version 1709 for 32-bit SystemsvWindows 10 Version 1709 for x64-based Systems+8 more2019-05-16
CVE-2019-0912 [HIGH] CWE-787 CVE-2019-0912: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles obj
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-09
cvelistv5nvd
CVE-2019-0914HIGHCVSS 7.5vWindows 10 for 32-bit SystemsvWindows 10 for x64-based Systems+15 more2019-05-16
CVE-2019-0914 [HIGH] CVE-2019-0914: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scri
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922,
cvelistv5
CVE-2019-0922HIGHCVSS 7.5vWindows 10 for 32-bit SystemsvWindows 10 for x64-based Systems+15 more2019-05-16
CVE-2019-0922 [HIGH] CVE-2019-0922: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scri
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917,
cvelistv5
CVE-2019-0940HIGHCVSS 7.5vWindows 10 for 32-bit SystemsvWindows 10 for x64-based Systems+15 more2019-05-16
CVE-2019-0940 [HIGH] CWE-787 CVE-2019-0940: A remote code execution vulnerability exists in the way that Microsoft browsers access objects in me
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'.
cvelistv5nvd
CVE-2019-0937HIGHCVSS 7.5vWindows 10 Version 1709 for 32-bit SystemsvWindows 10 Version 1709 for x64-based Systems+8 more2019-05-16
CVE-2019-0937 [HIGH] CVE-2019-0937: A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scri
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917,
cvelistv5