Lucene search
K

18 matches found

Github Security Blog
Github Security Blog
added 2022/05/14 1:6 a.m.21 views

ChakraCore RCE Vulnerability

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...

7.6CVSS7.4AI score0.6546EPSS
Exploits3References8Affected Software1
OSV
OSV
added 2017/12/12 9:29 p.m.39 views

CVE-2017-11930

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due t...

7.5CVSS7.4AI score0.08643EPSS
Exploits0References3
Prion
Prion
added 2017/12/12 9:29 p.m.14 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique...

7.6CVSS7.4AI score0.68491EPSS
Exploits28References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2017/12/12 9:29 p.m.7 views

CVE-2017-11930

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due t...

7.6CVSS6AI score0.68491EPSS
Exploits25References4
Prion
Prion
added 2017/12/12 9:29 p.m.24 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.18 views

Memory corruption

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the sam...

7.6CVSS7.4AI score0.68491EPSS
Exploits28References4Affected Software2
Prion
Prion
added 2017/12/12 9:29 p.m.13 views

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet Explorer...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References3Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.22 views

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.27 views

Memory corruption

ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". Thi...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References3Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.22 views

Memory corruption

Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how Internet...

7.6CVSS7.5AI score0.68491EPSS
Exploits28References4Affected Software1
Prion
Prion
added 2017/12/12 9:29 p.m.18 views

Memory corruption

ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from...

7.6CVSS7.6AI score0.68491EPSS
Exploits28References4Affected Software1
Cvelist
Cvelist
added 2017/12/12 9:0 p.m.28 views

CVE-2017-11930

ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due t...

7.8AI score0.08643EPSS
Exploits0References3
CVE
CVE
added 2017/12/12 9:0 p.m.121 views

CVE-2017-11930

CVE-2017-11930 affects ChakraCore and related Windows components (Internet Explorer). The core issue is a memory-handling flaw in the scripting engine that can lead to arbitrary code execution in the context of the current user. Descriptions in connected advisories frame this as a “Scripting Engi...

7.6CVSS7.8AI score0.08643EPSS
Exploits0References3Affected Software2
Check Point Advisories
Check Point Advisories
added 2017/12/12 12:0 a.m.5 views

Microsoft Browser Scripting Engine Memory Corruption (CVE-2017-11930)

An integer overflow vulnerability exists in Microsoft Browsers. The vulnerability is due to an integer overflow when JavaScript handles huge number of integers in memory. Successful exploitation of this vulnerability can result in Remote Code Execution...

7.6CVSS7.8AI score0.08643EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.107 views

Windows 8.1 and Windows Server 2012 R2 December 2017 Security Updates

The remote Windows host is missing security update 4054522 or cumulative update 4054519. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft browsers. An attacke...

8.5CVSS7.9AI score0.64164EPSS
Exploits22References17
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.250 views

KB4053579: Windows 10 Version 1607 and Windows Server 2016 December 2017 Security Update

The remote Windows host is missing security update 4053579. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a wa...

9.8CVSS7.9AI score0.68491EPSS
Exploits38References26
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.77 views

Security Updates for Internet Explorer (December 2017)

The Internet Explorer installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. The vulnerability could corru...

7.6CVSS7.7AI score0.64164EPSS
Exploits16References17
Tenable Nessus
Tenable Nessus
added 2017/12/12 12:0 a.m.76 views

KB4053581: Windows 10 December 2017 Security Update

The remote Windows host is missing security update 4053581. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass exists when Device Guard incorrectly validates an untrusted file. An attacker who successfully exploited this vulnerability could make an unsigned file...

9.8CVSS7.9AI score0.64164EPSS
Exploits25References21
Rows per page
Query Builder