756 matches found
CVE-2020-16009
CVE-2020-16009 is a Google Chrome/Chromium V8 type-confusion vulnerability that could allow remote code execution via a crafted HTML page. Root cause: type confusion in V8 before 86.0.4240.183. Affected product family includes Google Chrome and other Chromium-based browsers; Debian security advis...
CVE-2021-26411
CVE-2021-26411 (Internet Explorer Memory Corruption) is a memory-corruption vulnerability in IE that was exploited in the wild as a zero‑day. Project Zero’s analysis attributes two primary bug patterns to IE exploitation: a use-after-free caused by a user-controlled callback between object operat...
CVE-2022-4135
CVE-2022-4135 affects Google Chrome/Chromium GPU code. It is a heap buffer overflow in the GPU path prior to Chrome 107.0.5304.121 that could allow a remote attacker (with renderer access) to escape the sandbox via a crafted HTML page. Chrome confirms exploitation in the wild; a stable-channel pa...
CVE-2020-0878
CVE-2020-0878 is a memory corruption vulnerability in the way Microsoft Edge/Internet Explorer access objects in memory, enabling remote code execution in the context of the current user. Public description confirms a network-exploitable scenario via malicious websites or compromised sites, with ...
CVE-2016-7200
CVE-2016-7200 refers to a memory-corruption/remote-code-execution vulnerability in the Chakra JavaScript engine used by Microsoft Edge. The Connected documents confirm this family of issues (ChakraCore/RCE vulnerabilities) and note it as a memory-corruption-based flaw triggered by a crafted site,...
CVE-2017-0037
CVE-2017-0037 affects Microsoft Internet Explorer 10/11 and Microsoft Edge via a type confusion in mshtml.dll (Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement), enabling remote code execution through crafted CSS/JS sequences. Connected sources note public exploitation acti...
CVE-2016-7201
Technical details about CVE-2016-7201 are not publicly provided in the supplied documents. Monitor official advisories for updates on affected components, versions, impact, and remediations.
CVE-2015-0313
Adobe Flash Player is affected by a use-after-free vulnerability (CVE-2015-0313) that enables remote code execution via crafted SWF handling. Affected products include Flash Player versions prior to 13.0.0.269 and 14.x–16.x prior to 16.0.0.305 on Windows/macOS, and prior to 11.2.202.442 on Linux....
CVE-2023-5217
CVE-2023-5217 is a heap buffer overflow in VP8 encoding in libvpx (affecting Google Chrome before 117.0.5938.132 and libvpx 1.13.1). A crafted HTML page could remotely trigger heap corruption. Multiple connected sources confirm the vulnerability in libvpx/WebP contexts; Apple’s advisory notes CVE...
CVE-2015-0311
CVE-2015-0311 affects Adobe Flash Player on Windows/macOS up to 16.0.0.287 and Linux 11.2.202.438, described as an unspecified vulnerability that allowed remote code execution via unknown vectors. Exploitation in the wild was reported in January 2015. Connected sources confirm this is a remote-co...
CVE-2016-3351
CVE-2016-3351 is a information-disclosure vulnerability affecting Microsoft Internet Explorer (IE) 9–11 and Microsoft Edge. The issue arises from improper handling of objects in memory by affected scripting engines, which could allow a remote attacker to detect or obtain sensitive files on the us...
CVE-2023-36883
CVE-2023-36883 concerns a spoofing vulnerability in Microsoft Edge for iOS. The initial description identifies the issue as a spoofing vulnerability affecting Edge on iOS, but does not provide details on root cause, affected versions beyond the platform, or concrete exploitation methods. CVSS met...
CVE-2021-21157
CVE-2021-21157 : Use-after-free in the Web Sockets component of Chromium/ Google Chrome on Linux prior to 88.0.4324.182. The underlying issue is a use-after-free that could allow a remote attacker to potentially execute arbitrary code via a crafted HTML page, with impact described as heap corrupt...
CVE-2022-44708
CVE-2022-44708 is a Microsoft Edge (Chromium-based) Elevation of Privilege vulnerability. The initial document lists Edge Chromium-based Elevation of Privilege (CVE-2022-44708) with a CVSS v3.1 base score of 8.3 (High), attack vector Network, attack complexity High, privileges required None, user...
CVE-2025-47967
CVE-2025-47967 affects Microsoft Edge (Chromium-based) for Android. The vulnerability arises from insufficient user interface warnings for dangerous operations, enabling an unauthorized attacker to perform a network spoofing attack. According to the CVE details, the impact is a partial integrity ...
CVE-2017-8524
CVE-2017-8524 is a memory corruption vulnerability in Microsoft’s JavaScript engine affecting multiple Windows versions (Windows 7 SP1, 8.1/RT 8.1, 8, 2012/2012 R2, 10 versions, and Server 2016). The root cause is memory handling in the scripting engine during rendering of objects, enabling remot...
CVE-2024-7971
CVE-2024-7971 is a Type Confusion in Google Chrome’s V8 engine that allows remote heap corruption via a crafted HTML page. Affected software is Google Chrome (and Chromium-based browsers) prior to version 128.0.6613.84. The root cause is a V8 type confusion issue, enabling exploitation when proce...
CVE-2017-0228
Connected documents describe a remote code execution vulnerability in the JavaScript engine/memory handling path used by Microsoft Edge and the ChakraCore engine (Scripting Engine Memory Corruption). The advisories identify exploitation via memory corruption in object handling, affecting Edge/Cha...
CVE-2021-30617
CVE-2021-30617 affects Chromium’s Blink engine with a policy bypass vulnerability. Connected sources label the issue as a Blink policy bypass in Chromium and reference Chromium 93.x updates as mitigations (e.g., Fedora advisories: chromium-93.0.4577.63-1.fc34/.fc35). The core detail consistently ...
CVE-2017-0238
CVE-2017-0238 is linked to memory-corruption in the JavaScript engine used by Microsoft Edge/ChakraCore. The connected advisories describe a remote code execution path when handling in-memory objects, affecting Edge/ChakraCore. Mitigation guidance in the docs points to applying Security Updates t...
CVE-2020-0713
Technical details for CVE-2020-0713 are not publicly available in the provided documents. Monitor for updates from official advisories; no affected products, vectors, or fixes are disclosed here.
CVE-2017-8529
CVE-2017-8529 is an information-disclosure flaw in Internet Explorer caused by improper handling of in-memory objects by Microsoft scripting engines. It affects IE on Windows 7 SP1, Windows 8.1/RT 8.1, Windows Server 2008 R2 SP1, 2012/2012 R2, and Windows 10/Server 2016 family as documented by th...
CVE-2020-0711
Technical details about CVE-2020-0711 are not publicly provided in the connected documents. The EUVD entries mention malware but do not specify affected product, root cause, impact, or remediation.
CVE-2017-8522
CVE-2017-8522 affects Microsoft Windows browsers (IE/Edge) and the scripting engine, where memory handling of objects can cause arbitrary code execution. The issue is described as a Scripting Engine Memory Corruption Vulnerability impacting Windows 8.1/RT 8.1, Server 2012/R2, 2016, and Windows 10...
CVE-2024-26246
CVE-2024-26246 affects Microsoft Edge (Chromium-based). The vulnerability is described as a Security Feature Bypass in Edge, with the affected component being Edge’s Chromium-based browser. The available data indicate a Low base severity (CVSS 3.1: 3.9), with confidentiality impact High and no in...
CVE-2020-0712
Technical details about CVE-2020-0712 are not publicly provided in the connected documents. The available sources describe unrelated EUVD entries (malicious code/malware notes). Monitor for updates from the listed references and authoritative security advisories.
CVE-2024-26167
CVE-2024-26167 corresponds to a Microsoft Edge for Android spoofing vulnerability. Affected product: Microsoft Edge for Android (Chromium-based). Vulnerable item: user interface (UI) spoofing vulnerability in Edge for Android. Root cause is described as spoofing in the Edge browser, enabling a re...
CVE-2020-0710
CVE-2020-0710 describes a remote code execution in the ChakraCore scripting engine related to how it handles objects in memory. The CVE entry cites a high impact (CVSS v3.1 base score 7.5) with network access required and user interaction needed. Affected component: ChakraCore memory object handl...
CVE-2024-38082
CVE-2024-38082 affects Microsoft Edge (Chromium-based). The provided data describes a spoofing vulnerability in Edge with a CVSS v3.1 base score of 4.7 (Medium). Details show an external network vector requiring user interaction (AV:N, UI:R) and a changed scope (S:C) with no confidentiality impac...
CVE-2021-30624
CVE-2021-30624 is reported as a Use after free in Autofill in Chromium. The connected documents consistently refer to Chromium Autofill as the vulnerable component and identify the root cause as a use-after-free condition in Autofill code paths. The published CVSS metrics in the initial descripti...
CVE-2018-8390
CVE-2018-8390 is a remote code execution vulnerability in the ChakraCore scripting engine's in-memory object handling, affecting Microsoft Edge and ChakraCore. The root cause is memory corruption in the scripting engine, enabling potential code execution with network access and user interaction r...
CVE-2020-0767
Technical details for CVE-2020-0767 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2018-8372
Microsoft Edge Chakra (ChakraCore) and Internet Explorer are affected by a remote code execution vulnerability in the scripting engine due to memory-object handling issues. The CVE-2018-8372 family (and related CVEs) describes a memory-corruption flaw that enables code execution via crafted objec...
CVE-2019-1426
Technical details for CVE-2019-1426 are not publicly provided in the connected documents. No specific affected product/version/root cause is reproduced here. Monitor for vendor advisories or additional disclosures to confirm impact and remediation.
CVE-2021-21140
CVE-2021-21140 affects Chromium/Google Chrome USB stack: uninitialized memory use in the USB implementation could allow a local attacker to cause out-of-bounds access. The vulnerability is associated with Chrome/Chromium builds before 88.0.4324.96. In affected advisories, remediation is to upgrad...
CVE-2016-7202
CVE-2016-7202 refers to a memory corruption vulnerability in the Chakra JavaScript scripting engine used by Microsoft Edge/IE (the “Scripting Engine Memory Corruption Vulnerability”). The connected advisories describe RCE/DoS opportunities via crafted web content, with ChakraCore as the adversari...
CVE-2018-8385
CVE-2018-8385 describes a remote code execution vulnerability in how the Microsoft scripting engine handles objects in memory, leading to memory corruption. Affected products listed in the description include Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, and Internet Expl...
CVE-2018-8355
CVE-2018-8355 is a remote code execution vulnerability in Microsoft’s scripting stack (ChakraCore, Internet Explorer 11, Edge) due to memory handling flaws in the scripting engine. Public details in connected sources point to an object/memory handling vulnerability exploited via type-confusion in...
CVE-2023-36029
CVE-2023-36029 applies to Microsoft Edge (Chromium-based) and is described as a spoofing vulnerability. The vulnerability is labeled with a Network attack vector, low to moderate impact (Integrity impact: Low; Confidentiality/Availability: None) and requires user interaction for exploitation, wit...
CVE-2017-0224
CVE-2017-0224 describes a remote code execution in Microsoft Edge via the scripting engine memory corruption when handling objects in memory. Connected advisories (GHSA entries) confirm a Chakra/Edge scripting engine memory corruption vulnerability with similar implications, reinforcing that the ...
CVE-2020-0970
CVE-2020-0970 describes a remote code execution vulnerability in the ChakraCore scripting engine, arising from how the engine handles in-memory objects. It is associated with ChakraCore used by Microsoft Edge/Internet Explorer, and is explicitly distinguished from CVE-2020-0968. The connected doc...
CVE-2024-38093
CVE-2024-38093 is corroborated by multiple connected sources as a Microsoft Edge (Chromium-based) spoofing vulnerability. The OpenVAS entry describes Edge as prone to multiple spoofing vulnerabilities and explicitly lists CVE-2024-38093 among them, but does not provide affected version ranges or ...
CVE-2018-8288
CVE-2018-8288 is a remote code execution vulnerability in ChakraCore, Internet Explorer 11, and Microsoft Edge caused by memory handling of objects in the scripting engine (memory corruption). The CVE notes high impact with network access and required user interaction. Public references in the co...
CVE-2019-0739
Technical details for CVE-2019-0739 are not available in the provided connected documents. The sources only offer a high-level description of an Edge scripting engine memory corruption without specifying affected components, versions, impact, or fixes.
CVE-2019-1428
Technical details for CVE-2019-1428 are not publicly provided in the connected documents. The available materials confirm Edge memory corruption in HTML-based scripting engine but do not specify affected versions, exploit vectors, or fixes. Monitor for vendor advisories.
CVE-2016-7242
Affected software: Chakra JavaScript engine (ChakraCore) used by Microsoft Edge. Vulnerability type/impact: memory corruption that can allow remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. Root cause/notes: described in the CVE as a memory-corruptio...
CVE-2016-7243
CVE-2016-7243 concerns the Chakra JavaScript engine in Microsoft Edge (ChakraCore) and allows remote attackers to execute arbitrary code or cause memory corruption via a crafted web site. Connected advisories confirm this as a ChakraCore RCE vulnerability distinct from other CVEs in the same fami...
CVE-2018-8291
The CVE-2018-8291 entry describes a remote code execution in the ChakraCore scripting engine affecting ChakraCore, Internet Explorer 11, and Microsoft Edge due to memory handling in scripting objects. Root cause: memory object handling in the scripting engine leading to RCE. Public references sho...
CVE-2016-7240
CVE-2016-7240 refers to a ChakraCore/Microsoft Edge memory corruption vulnerability in the Chakra JavaScript engine that can lead to remote code execution or memory corruption via a crafted web site. The connected advisories (GHSA entries) describe it as a ChakraCore RCE vulnerability and disting...
CVE-2019-1427
Technical details for CVE-2019-1427 are not publicly provided in the connected documents. We cannot specify affected products, root cause, impact, or fixes from these sources. Monitor official advisories and vendor disclosures for updates.