7 matches found
jpb.lv Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1108576 Security Researcher metamorfosec Helped patch 1990 vulnerabilities Received 9 Coordinated Disclosure badges Received 32 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting jpb.lv website and it...
Microsoft Edge Chakra ParseCatch Type Confusion (CVE-2017-11764)
A type confusion vulnerability exists in Microsoft Edge Chakra JavaScript Engine. The vulnerability is due to a lack of validation in the ParseCatch method which results in the generation on a malformed Abstract Syntax Tree AST. A remote attacker could exploit this vulnerability by enticing the...
Microsoft Edge Chakra Parser::ParseCatch Failed eval Handle
Microsoft Edge: Chakra: Parser::ParseCatch doesn't handle "eval" CVE-2017-11764 In Javascript, the code executed by a direct call to eval shares the caller block's scopes. Chakra handles this from the parser. And there's a bug when it parses "eval" in a catch statement's param. ParseNodePtr...
Memory corruption
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of th...
Memory corruption
Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption...
Memory corruption
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to the way that the Microsoft Edge scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...
CVE-2017-11764
CVE-2017-11764 : A type confusion vulnerability in Microsoft Edge’s Chakra JavaScript engine (ParseCatch path) allows memory corruption. Reported as an Edge scripting engine issue that can be exploited by presenting a specially crafted web page, potentially enabling remote code execution in the u...