Vulnerabilities > Microsoft > Edge > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-06-16 | CVE-2016-3198 | 7PK - Security Features vulnerability in Microsoft Edge Microsoft Edge allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted document, aka "Microsoft Edge Security Feature Bypass." | 4.3 |
| 2016-04-12 | CVE-2016-0161 | 7PK - Security Features vulnerability in Microsoft Edge Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0158. | 4.3 |
| 2016-04-12 | CVE-2016-0158 | 7PK - Security Features vulnerability in Microsoft Edge Microsoft Edge allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Microsoft Edge Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0161. | 4.3 |
| 2016-02-10 | CVE-2016-0080 | Information Exposure vulnerability in Microsoft Edge Microsoft Edge mishandles exceptions during window-message dispatch operations, which allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Edge ASLR Bypass." | 4.3 |
| 2016-02-10 | CVE-2016-0077 | Data Processing Errors vulnerability in Microsoft Edge and Internet Explorer Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse HTTP responses, which allows remote attackers to spoof web sites via a crafted URL, aka "Microsoft Browser Spoofing Vulnerability." | 4.3 |
| 2015-12-09 | CVE-2015-6176 | Cross-site Scripting vulnerability in Microsoft Edge Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass Vulnerability." | 4.3 |
| 2015-12-09 | CVE-2015-6170 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Edge Microsoft Edge allows remote attackers to gain privileges via a crafted web site, aka "Microsoft Browser Elevation of Privilege Vulnerability." | 6.8 |
| 2015-12-09 | CVE-2015-6169 | Improper Input Validation vulnerability in Microsoft Edge Microsoft Edge misparses HTTP responses, which allows remote attackers to redirect users to arbitrary web sites via unspecified vectors, aka "Microsoft Edge Spoofing Vulnerability." | 4.3 |
| 2015-11-11 | CVE-2015-6088 | Information Exposure vulnerability in Microsoft Edge and Internet Explorer Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Microsoft Browser ASLR Bypass." | 4.3 |
| 2015-10-14 | CVE-2015-6058 | Cross-site Scripting vulnerability in Microsoft Edge Microsoft Edge mishandles HTML attributes in HTTP responses, which allows remote attackers to bypass a cross-site scripting (XSS) protection mechanism via unspecified vectors, aka "Microsoft Edge XSS Filter Bypass." | 4.3 |