109 matches found
Out-of-Bounds
Overview Microsoft.ChakraCore is a core part of the Chakra Javascript engine that powers Microsoft Edge Affected versions of this package are vulnerable to Out-of-Bounds which can lead to remote code execution. This issue derives from the way JavaScript engines render when handling objects in...
Microsoft ChakraCore has an unspecified vulnerability
Microsoft ChakraCore is the core part of an open source Chakra JavaScript scripting engine used in the Edge browser by Microsoft USA and can also be used as a standalone JavaScript engine. The vulnerability stems from an assertion pFuncBody-GetYieldRegister == oldYieldRegister failure in...
Binary Vulnerability in Microsoft ChakraCore
Microsoft ChakraCore is a core part of the Chakra JavaScript engine for Microsoft's open source Microsoft Edge browser. A binary vulnerability exists in Microsoft ChakraCore, which can be exploited by attackers to cause a denial of service...
Null Pointer Reference Vulnerability in Microsoft ChakraCore
Microsoft ChakraCore is an open source ChakraJavaScript scripting engine used by Microsoft in the Edge browser, or as a stand-alone JavaScript engine. A null pointer reference vulnerability exists in Microsoft ChakraCore. An attacker could exploit this vulnerability to cause a software crash...
Remote Code Execution (RCE)
Microsoft Chakracore is vulnerable to remote code execution RCE. The vulnerability is possible due to lack of proper handling of raw objects and JS Maps to cache arbitrary data for a given locale...
Remote Code Execution (RCE)
Microsoft Chakracore is vulnerable to remote code execution RCE. The vulnerability exists because it does not properly handle the memory upon an instruction entry to the try region and upon a Leave in the function ProcessEHRegionBoundary of LinearScan.cpp...
Microsoft ChakraCore and Edge Remote Code Execution Vulnerability (CNVD-2020-20365)
Microsoft ChakraCore and Microsoft Edge are both products of Microsoft Corporation.ChakraCore is the core of an open-source Chakra JavaScript scripting engine used in the Edge browser, and is also available as a standalone JavaScript engine. Microsoft Edge is a web browser that comes with Windows...
Remote Code Execution (RCE)
microsoft.chakracore is vulnerable to remote code execution RCE. The vulnerability exists due to the way that the Chakra scripting engine handles objects in memory in Microsoft Edge...
Remote Code Execution (RCE)
microsoft.chakracore is vulnerable to remote code execution RCE. The vulnerability exists due to a chakra type confusion...
Remote Code Execution (RCE)
microsoft chakracore is vulnerable to remote code execution. The vulnerability exists through a JIT type confusion attack in lib/Backend/GlobOptIntBounds.cpp...
Remote Code Execution (RCE)
Microsoft ChakraCore is vulnerable to remote code execution. This could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, potentially taking over the system with full user rights...
Privilege Escalation
microsoft chakracore is vulnerable to privilege escalation. Improper handling of constructorCaches allows an attacker to exploit the vulnerability to gain elevated privileges...
Remote Code Execution
Microsoft.ChakraCore is vulnerable to remote code execution. This is due to a flaw in the way they handles a native array, corrupting memory in such a way that an attacker could execute arbitrary code in the context of the current user...
Information Disclosure
Microsoft Chakracore is vulnerable to information disclosure. Lack of bounds checking allows an attacker to corrupt memory and obtain confidential information about the user's application...
Remote Code Execution (RCE)
Microsoft ChakraCore is vulnerable to remote code execution. This could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, potentially taking over the system with full user rights...
Remote Code Execution (RCE)
Microsoft ChakraCore is vulnerable to remote code execution. This could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, potentially taking over the system with full user rights...
Remote Code Execution (RCE)
Microsoft ChakraCore is vulnerable to remote code execution. This is due a type confusion bug in GlobOpt.cpp when the function ValueNumberDst returns. This could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user, potentially taking over...
Microsoft Internet Explorer and Edge Scripting Engine Remote Memory Corruption Vulnerability
Description Microsoft Internet Explorer and Edge are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed attacks will cause denial of service conditions. Technologies Affected Microsof...
Remote Code Execution (RCE)
microsoft.chakracore is vulnerable to remote code execution. This is due to an error in handling objects in memory when the JavaScript engines fails to render, which would allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from...
Remote Code Execution (RCE)
microsoft.chakracore is vulnerable to remote code execution. This is due to a buffer overflow in TypeHandler caused by an invalid index reuse, which would allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2017-8517 and...