Lucene search
K

27 matches found

Github Security Blog
Github Security Blog
added 2022/05/14 1:6 a.m.21 views

ChakraCore RCE Vulnerability

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...

7.6CVSS7.4AI score0.6546EPSS
Exploits3References8Affected Software1
OSV
OSV
added 2022/05/14 1:6 a.m.24 views

GHSA-8R5C-8V97-G7VH ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". The...

7.5CVSS7.7AI score0.62646EPSS
Exploits4References8
OSV
OSV
added 2022/05/14 1:6 a.m.17 views

GHSA-C6R3-GHJW-HGRJ ChakraCore vulnerable to remote code execution

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability"...

7.5CVSS7.9AI score0.68491EPSS
Exploits3References8
Veracode
Veracode
added 2018/07/05 3:47 a.m.23 views

Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. This happens because it performs an invalid stack restore in Parse.h when destructuring is used. This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901,...

7.5CVSS7.9AI score0.68491EPSS
Exploits28References5Affected Software2
Veracode
Veracode
added 2018/07/05 2:26 a.m.28 views

Privilege Escalation

microsoft.chakracore is vulnerable to privilege escalation. This happens because the application does not properly initialize the array during regex construction in RegexCompileTime.cpp, leading to memory corruption which can allow an attacker to gain user rights and other possible attacks such a...

7.5CVSS8.1AI score0.68491EPSS
Exploits28References6Affected Software2
Veracode
Veracode
added 2018/07/04 7:53 a.m.41 views

Remote Code Execution (RCE) Via Memory Corruption

microsoft.chakracore is vulnerable to remote code execution via memory corruption vulnerability. This happens when an attacker inputs a large numeric or spread array literal to ByteCodeGenerator, leading to an out-of-bounds write. This CVE ID is different from CVE-2017-11886, CVE-2017-11889,...

7.5CVSS8AI score0.68491EPSS
Exploits25References4Affected Software2
Prion
Prion
added 2017/12/12 9:29 p.m.14 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique...

7.6CVSS7.4AI score0.68491EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.22 views

Memory corruption

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due t...

7.6CVSS7.5AI score0.68491EPSS
Exploits25References3Affected Software2
Prion
Prion
added 2017/12/12 9:29 p.m.22 views

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.13 views

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References3Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.27 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Thi...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References3Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.22 views

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.18 views

Memory corruption

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...

7.6CVSS7.6AI score0.68491EPSS
Exploits28References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/12/12 9:29 p.m.7 views

CVE-2017-11886

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handle...

7.6CVSS6.1AI score0.68491EPSS
Exploits28References4
Prion
Prion
added 2017/12/12 9:29 p.m.18 views

Memory corruption

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the sam...

7.6CVSS7.4AI score0.68491EPSS
Exploits28References4Affected Software2
Prion
Prion
added 2017/12/12 9:29 p.m.18 views

Memory corruption

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user...

7.6CVSS7.4AI score0.68491EPSS
Exploits28References4Affected Software2
Prion
Prion
added 2017/12/12 9:29 p.m.15 views

Memory corruption

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handle...

7.6CVSS7.7AI score0.68491EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.23 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References3Affected Software1
CVE
CVE
added 2017/12/12 9:0 p.m.128 views

CVE-2017-11886

Technical details for CVE-2017-11886 are not present in the provided documents; no affected products, impact, or remediation are specified here. Monitor for updates.

7.6CVSS8AI score0.08643EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/12/12 9:0 p.m.32 views

CVE-2017-11886

Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user, due to how Internet Explorer handle...

8AI score0.08643EPSS
Exploits0References3
Rows per page
Query Builder