41 matches found
Out-of-bounds write in Microsoft.ChakraCore
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1196...
Out-of-bounds write in Microsoft.ChakraCore
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1196...
Remote Code Execution (RCE)
microsoft.chakracore is vulnerable to remote code execution RCE. The vulnerability exists due to a JIT type confusion...
Remote Code Execution
Microsoft.ChakraCore is vulnerable to remote code execution. This is due to the failure to properly set AddImplicitCallFlags, corrupting memory in such a way that an attacker could execute arbitrary code in the context of the current user...
GHSA-6JF5-RMHV-38CW High severity vulnerability that affects Microsoft.ChakraCore
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773,...
Remote Code Execution
Microsoft.ChakraCore is vulnerable to remote code execution RCE attacks. The vulnerability exists due to a possible bypass to kill built-in properties in ProcessFieldKills, allowing to trigger remote code execution attacks...
Remote Code Execution (RCE)
Microsoft.ChakraCore is vulnerable to remote code execution. This is due to a type confusion via NewScObjectNoCtor or InitProto which would allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2019-0567, CVE-2019-0568...
Remote Code Execution (RCE)
Microsoft.ChakraCore is vulnerable to remote code execution. This is due to an out-of-bounds in Edge WIP which would allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618, CVE-2018-8624...
Remote Code Execution (RCE)
Microsoft.ChakraCore is vulnerable to remote code execution. This is due to a buffer overflow in the JIT scripting engine which would allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2018-8583, CVE-2018-8617, CVE-2018-8618,...
Remote Code Execution (RCE)
Microsoft.ChakraCore is vulnerable to remote code execution. This is due to an out-of-bounds in the ChakraCore JIT which would allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from CVE-2018-8617, CVE-2018-8618, CVE-2018-8624,...
Remote Code Execution (RCE)
Microsoft.Chakracore is vulnerable to a remote code execution RCE attack. The library does not handle objects in the Scanner::LineLength function in lib/Parser/Scan.cpp, allowing a malicious user to inject and execute arbitrary code...
Remote Code Execution (RCE)
Microsoft.Chakracore is vulnerable to a remote code execution RCE attack. The library does not properly handle objects in memory in the GlobOpt::CheckJsArrayKills function in lib/Backend/GlobOpt.cpp, allowing a malicious user to inject and execute arbitrary code...
Remote Code Execution (RCE)
Microsoft.ChakraCore is vulnerable to a remote code execution RCE attack. The library does not properly handle objects in the memory, causing a memory corruption exception that can allow a malicious user to inject and execute arbitrary code...
Remote Code Execution (RCE)
Microsoft.ChakraCore is vulnerable to remote code execution RCE attacks. The vulnerability exists due to a possible bypass in the BailOutOnInvalidatedArrayHeadSegment check, causing RCE attacks...
Remote Code Execution (RCE)
microsoft.chakracore is vulnerable to remote code execution. This is due to an invalid stack read which leads to type confusion. This vulnerability affects Internet Explorer 11, Microsoft Edge and Internet Explorer 10. This CVE ID is different from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456,...
Remote Code Execution (RCE)
microsoft.chakracore is vulnerable to remote code execution. ProxyEntryPointInfo causes out-of-bound writes or arbitrary code being executed. This CVE ID is different from CVE-2018-8353, CVE-2018-8355, CVE-2018-8371, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390...
Remote Code Execution (RCE)
Microsoft.ChakraCore is vulnerable to remote code execution RCE attacks. The library does not handle the marshalling of prototypeObject properly, leading to a type confusion error that can cause the application to crash or arbitrary code to be executed...
Remote Code Execution (RCE)
Microsoft.ChakraCore is vulnerable to remote code execution. This is due to a type confusion with PathTypeHandlerBase::SetAttributesHelper which leads to memory corruption. This CVE ID is different from CVE-2018-8266, CVE-2018-8380, CVE-2018-8381...
Remote Code Execution (RCE)
microsoft.chakracore is vulnerable to remote code execution RCE attacks. The application contains a use-after-free bug in JavascriptArray.cpp, allowing arbitrary code to be executed. This CVE is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-8301...
Remote Code Execution (RCE)
microsoft.chakracore is vulnerable to remote code execution RCE attacks. The library contains a parameter scope parsing bug, causing arbitrary code to be executed. This CVE is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301...