255 matches found
CVE-2017-11839
CVE-2017-11839 is a Microsoft Edge scripting engine memory corruption vulnerability affecting Windows 10 (Gold/1511/1607/1703/1709) and Windows Server 2016/1709. The root cause is memory handling of objects in the scripting engine, leading to remote code execution when a user visits a crafted pag...
CVE-2018-0979
CVE-2018-0979 describes a remote code execution vulnerability in the Chakra scripting engine through memory handling of objects in Microsoft Edge and ChakraCore. The connected advisories (GHSA) reiterate a ChakraCore RCE vulnerability affecting Edge/ChakraCore, aligned with the same memory-corrup...
CVE-2021-36930
Technical details about CVE-2021-36930 (affected software, root cause, impact, and fixes) are not publicly provided in the connected documents. Monitor for updates from authoritative advisories; this corpus references the CVE but does not specify specifics.
CVE-2021-38669
CVE-2021-38669 concerns Microsoft Edge (Chromium-based) Tampering Vulnerability. Connected docs indicate Edge
CVE-2016-3203
CVE-2016-3203 is a Windows PDF Remote Code Execution vulnerability affecting Windows 8.1, Windows Server 2012 R2/2012, Windows 10 (Gold and 1511) and Microsoft Edge. Connected advisories describe an out-of-bounds memory access in the Windows PDF Library/Edge PDF reader caused by improper buffer v...
CVE-2017-0240
CVE-2017-0240 is a remote code execution issue in Microsoft Edge arising from how the Microsoft scripting engine renders objects in memory. The vulnerability affects the Edge scripting engine component and could allow code execution in the context of the current user. Microsoft released security ...
CVE-2017-11838
CVE-2017-11838 affects ChakraCore and Microsoft Edge in Windows environments (various versions listed in the initial entry). The vulnerability arises from how the scripting engine handles objects in memory, leading to memory corruption that could allow an attacker to execute code with the same us...
CVE-2017-0093
CVE-2017-0093 is a Microsoft Edge vulnerability described as a memory-corruption/type-confusion issue in the Edge Scripting Engine when handling objects in memory, specifically related to asm.js handling. The root cause is a type-confusion in the scripting engine caused by improper parsing of eva...
CVE-2017-11821
Summary: CVE-2017-11821 is part of ChakraCore/Edge-related memory corruption vulnerabilities. The connected advisories describe a vulnerability in the ChakraCore scripting engine where how in-memory objects are handled can allow an attacker to execute arbitrary code in the context of the current ...
CVE-2017-8756
CVE-2017-8756 is documented as a Microsoft Edge memory-corruption vulnerability in Windows 10 (variants 1511, 1607, 1703) and Windows Server 2016, caused by how Edge accesses objects in memory, enabling arbitrary code execution in the current user context. The connected Nessus plugin entry 104385...
CVE-2018-0930
CVE-2018-0930: ChakraCore and Microsoft Edge on Windows 10 are affected by a memory-handling flaw in the Chakra scripting engine that can enable remote code execution. Affected products include ChakraCore and Edge on Windows 10 releases such as 1709 (and 1703 per related advisories). The descript...
CVE-2016-0109
CVE-2016-0109 affects Microsoft Internet Explorer 11 and Microsoft Edge. The weakness is memory corruption that can be triggered by a crafted web site, allowing remote code execution or a denial of service. Affected products are IE11 and Edge, with root cause described as improper handling of mem...
CVE-2017-0200
CVE-2017-0200 is a remote code execution vulnerability in Microsoft Edge caused by improper handling of memory objects, enabling an attacker to execute arbitrary code in the context of the current user. Public exploits exist. The CVE is referenced in multiple security entries (MSRC advisory for C...
CVE-2017-11802
CVE-2017-11802 affects ChakraCore and Microsoft Edge on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016. The vulnerability stems from how the Chakra scripting engine handles memory objects, enabling an attacker to execute arbitrary code in the context of the current user. Exploitation...
CVE-2017-11806
CVE-2017-11806 affects ChakraCore and Microsoft Edge in Windows 10 version 1703, where the scripting engine’s in-memory object handling can lead to memory corruption and arbitrary code execution in the current user context. The vulnerability is described as a memory corruption flaw in ChakraCore’...
CVE-2017-8605
CVE-2017-8605 is described across connected sources as a memory-corruption vulnerability in Microsoft Edge’s scripting engine that can lead to arbitrary code execution in the context of the current user when handling objects in memory. Public references link this family of issues to Edge on Windo...
CVE-2017-8641
CVE-2017-8641 affects Microsoft Edge/Internet Explorer scripting engines in Windows (memory corruption when rendering objects in memory), enabling remote code execution in the context of the current user. Affected platforms include Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1/RT 8.1, Wi...
CVE-2017-8646
CVE-2017-8646 concerns a remote code execution vulnerability in Microsoft Edge’s scripting engine memory handling. Affected product/variant: Microsoft Edge on Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016, where the JavaScript engine could corrupt memory while rendering objects i...
CVE-2017-8729
CVE-2017-8729 affects Microsoft Edge on Windows 10 version 1703. It is caused by the scripting engine’s handling of in-memory objects, leading to memory corruption and the ability for an attacker to execute arbitrary code in the current user context. The provided documents confirm the vulnerabili...
CVE-2017-8736
CVE-2017-8736 is an information-disclosure vulnerability affecting Internet Explorer in Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1/RT 8.1, Windows Server 2012 R2, and Internet Explorer/Edge in Windows 10 (Gold and various builds). The root cause, as described in connected Nessus data,...
CVE-2018-0990
Mode C: CVE-2018-0990 is a ChakraCore/Edge remote code execution vulnerability described as memory corruption in the Chakra scripting engine when handling objects in memory. Affected products include Microsoft Edge and ChakraCore. The root cause is in the engine’s memory handling, enabling arbitr...
CVE-2016-7199
CVE-2016-7199 affects Microsoft Internet Explorer (IE) versions 9–11 and Microsoft Edge, where a crafted web site can bypass the Same Origin Policy to disclose sensitive window-state information (information-disclosure vulnerability). Root cause is tied to how IE/Edge handle window/state data acr...
CVE-2017-0033
CVE-2017-0033 affects Microsoft Internet Explorer 11 and Microsoft Edge, enabling remote attackers to spoof web content via a crafted web site (the vulnerability is distinct from CVE-2017-0012 and CVE-2017-0069). Based on the connected documents, the exploit surface is network-propagated and leve...
CVE-2017-11799
CVE-2017-11799 relates to a memory-handling vulnerability in the ChakraCore scripting engine (used by ChakraCore and Microsoft Edge) on Windows 10 and Windows Server 2016/Edge. The description states that an attacker can execute arbitrary code in the context of the current user due to memory hand...
CVE-2017-11807
Technical details for CVE-2017-11807 are not publicly provided in the supplied documents. The connected advisories cover ChakraCore RCE/memory corruption generically but do not specify affected product versions, root cause, or fixes for this CVE. Monitor for updates.
CVE-2017-11808
CVE-2017-11808 affects ChakraCore (and Microsoft Edge) on Windows 10 versions (Gold/1511/1607/1703) and Windows Server 2016. The root cause is memory handling in the ChakraCore scripting engine, described as a memory corruption/information disclosure vulnerability that could allow an attacker to ...
CVE-2017-11812
CVE-2017-11812 is a ChakraCore/Edge memory-corruption vulnerability on Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016. The root cause is in how the Chakra scripting engine handles in-memory objects, enabling an attacker to execute arbitrary code in the context of the current user....
CVE-2017-8647
Technical details for CVE-2017-8647 are not publicly available in the provided connected documents. Monitor for updates from vendors/security advisories; no product/version/impact is specified in the supplied materials.
CVE-2017-8755
CVE-2017-8755 is a memory corruption vulnerability in the Microsoft Edge scripting engine on Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016. An attacker could execute arbitrary code in the context of the current user by abusing how Edge handles objects in memory. The NVD metrics l...
CVE-2017-0241
Mode C: CVE-2017-0241 affects Microsoft Edge. The vulnerability is an elevation of privilege when Edge renders a domain-less URL, allowing actions in the Intranet Zone. Affected component: Edge rendering/domain handling; root cause details are not fully enumerated in the provided docs beyond the ...
CVE-2017-8737
CVE-2017-8737 covers a remote-code-execution flaw in the Windows PDF Library affecting Windows 8.1/RT 8.1, Windows Server 2012/R2, Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016. The issue arises from how the Windows PDF Library handles in-memory objects, allowing an attacker to exec...
CVE-2016-0111
CVE-2016-0111 affects Microsoft Internet Explorer 9–11 and Microsoft Edge. It is a memory corruption/remote code execution vulnerability triggered by visiting a crafted site, caused by improper memory handling in the browser. Exploitation existed (e.g., Exploit-DB) and patches were released (MS16...
CVE-2017-0065
CVE-2017-0065 concerns Microsoft Edge memory disclosure via a crafted web site, described as a remote information-collection vulnerability. Exploitation would allow an attacker to obtain sensitive information from the Edge process memory. The NVD entry lists a CVSSv3 base score of 4.3 (MEDIUM) wi...
CVE-2017-0208
CVE-2017-0208 describes an information disclosure in Microsoft Edge (Chakra scripting engine) caused by improper handling of in-memory objects. The vulnerability could allow an attacker to obtain information to further compromise the system. Documents confirm the issue is tied to the Scripting En...
CVE-2017-11764
CVE-2017-11764 : A type confusion vulnerability in Microsoft Edge’s Chakra JavaScript engine (ParseCatch path) allows memory corruption. Reported as an Edge scripting engine issue that can be exploited by presenting a specially crafted web page, potentially enabling remote code execution in the u...
CVE-2017-11863
Microsoft Edge in Windows 10 (Gold/1511/1607/1703/1709) and Windows Server 2016/1709 is affected by a vulnerability where Edge CSP validation can be bypassed, allowing an attacker to trick a user into loading a page with malicious content. Root cause: improper validation of CSP in Edge when loadi...
CVE-2017-8521
CVE-2017-8521 affects Microsoft Edge on Windows 10 version 1703, where the Edge JavaScript scripting engine can incorrectly handle in-memory objects, enabling remote code execution in the context of the current user when memory is corrupted. Connected sources corroborate a memory-corruption vecto...
CVE-2016-7227
CVE-2016-7227 affects Microsoft Internet Explorer 9–11 and Microsoft Edge, enabling remote attackers to determine the existence of local files via unspecified vectors (Information Disclosure). The issue is documented by NVD with CVSS low impact and network attack vector but no explicit exploit de...
CVE-2017-8653
CVE-2017-8653 is a memory-corruption vulnerability in Microsoft browsers on Windows platforms (several Windows versions listed in the initial entry) that allows remote code execution when the browser improperly accesses objects in memory. The issue is categorized under a browser memory corruption...
CVE-2017-8670
CVE-2017-8670 describes a remote code execution vulnerability in Microsoft Edge on Windows 10 and Windows Server 2016 where the scripting engine memory corruption occurs when handling in-memory objects during rendering. The root cause is a memory corruption flaw in the browser’s JavaScript engine...
CVE-2017-8731
Microsoft Edge Memory Corruption vulnerability (CVE-2017-8731) affects Microsoft Edge on Windows 10 1607 and Windows Server 2016. The issue arises from how Edge accesses objects in memory, allowing an attacker to execute arbitrary code in the context of the current user when a victim opens a spec...
CVE-2017-8751
CVE-2017-8751 affects Microsoft Edge in Windows 10 (1703). Root cause: Edge’s handling of objects in memory leading to memory corruption. Impact: attacker can execute arbitrary code in the context of the current user. Exploitation note: exploits exist (e.g., exploit-db entry) per linked reference...
CVE-2018-0927
CVE-2018-0927 relates to an information disclosure in Microsoft browsers (Internet Explorer and Edge) due to how objects are handled in memory. The connected Microsoft KBs (March 2018 updates) describe IE security updates that address multiple memory- and rendering-related issues, including fixes...
CVE-2018-0931
CVE-2018-0931 concerns the ChakraCore memory handling in the Chakra scripting engine, leading to remote code execution on Windows 10 variants (Gold, 1511, 1607, 1703, 1709) and Windows Server 2016. The connected GitHub advisories (GHSA-6C2V-XC8F-FVF7, GHSA-6V8R-83V3-RMRF, GHSA-PHCC-FRH9-Q545, GHS...
CVE-2018-0936
CVE-2018-0936 relates to a ChakraCore memory corruption vulnerability that enables remote code execution on Windows 10 (notably 1709) due to how the Chakra scripting engine handles in-memory objects. The connected advisories confirm ChakraCore RCE across Windows 10 versions (including 1703/1709) ...
CVE-2018-1019
CVE-2018-1019 describes a remote code execution vulnerability in the Chakra scripting engine’s handling of objects in memory, affecting Microsoft Edge and ChakraCore. The connected GitHub advisories reiterate a “ChakraCore RCE Vulnerability” with the same memory-corruption vector but do not provi...
CVE-2016-3273
CVE-2016-3273 is a browser information disclosure vulnerability in the XSS Filter of Microsoft Internet Explorer 9–11 and Microsoft Edge. The root cause is improper restriction of JavaScript by the XSS Filter, allowing remote attackers to obtain sensitive information via a crafted website. The is...
CVE-2016-7196
CVE-2016-7196 affects Microsoft Internet Explorer 10/11 and Microsoft Edge. The vulnerability enables remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Severity is HIGH (CVSS v3: 7.5) with network access, user interaction required....
CVE-2017-0227
CVE-2017-0227 describes a remote code execution in Microsoft Edge caused by how the scripting engines render in-memory objects, a memory corruption issue. The linked connected documents identify the vulnerability as part of a trio (CVE-2017-0221, CVE-2017-0227, CVE-2017-0240) with exploitation ti...
CVE-2017-8523
Technical details (affected products, vulnerable components, impact, or fixes) for CVE-2017-8523 are not provided in the connected documents. Monitor for updates from official advisories.