Lucene search
+L

255 matches found

CVE
CVE
added 2017/11/15 3:0 a.m.94 views

CVE-2017-11839

CVE-2017-11839 is a Microsoft Edge scripting engine memory corruption vulnerability affecting Windows 10 (Gold/1511/1607/1703/1709) and Windows Server 2016/1709. The root cause is memory handling of objects in the scripting engine, leading to remote code execution when a user visits a crafted pag...

7.6CVSS7.4AI score0.62359EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.94 views

CVE-2018-0979

CVE-2018-0979 describes a remote code execution vulnerability in the Chakra scripting engine through memory handling of objects in Microsoft Edge and ChakraCore. The connected advisories (GHSA) reiterate a ChakraCore RCE vulnerability affecting Edge/ChakraCore, aligned with the same memory-corrup...

7.6CVSS6.4AI score0.15139EPSS
CVE
CVE
added 2021/09/02 10:25 p.m.94 views

CVE-2021-36930

Technical details about CVE-2021-36930 (affected software, root cause, impact, and fixes) are not publicly provided in the connected documents. Monitor for updates from authoritative advisories; this corpus references the CVE but does not specify specifics.

8.1CVSS6.2AI score0.00889EPSS
CVE
CVE
added 2021/09/15 11:24 a.m.94 views

CVE-2021-38669

CVE-2021-38669 concerns Microsoft Edge (Chromium-based) Tampering Vulnerability. Connected docs indicate Edge

8.8CVSS6.5AI score0.02633EPSS
CVE
CVE
added 2016/06/16 1:0 a.m.93 views

CVE-2016-3203

CVE-2016-3203 is a Windows PDF Remote Code Execution vulnerability affecting Windows 8.1, Windows Server 2012 R2/2012, Windows 10 (Gold and 1511) and Microsoft Edge. Connected advisories describe an out-of-bounds memory access in the Windows PDF Library/Edge PDF reader caused by improper buffer v...

9.3CVSS7.9AI score0.33337EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.93 views

CVE-2017-0240

CVE-2017-0240 is a remote code execution issue in Microsoft Edge arising from how the Microsoft scripting engine renders objects in memory. The vulnerability affects the Edge scripting engine component and could allow code execution in the context of the current user. Microsoft released security ...

7.6CVSS7.5AI score0.14728EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.93 views

CVE-2017-11838

CVE-2017-11838 affects ChakraCore and Microsoft Edge in Windows environments (various versions listed in the initial entry). The vulnerability arises from how the scripting engine handles objects in memory, leading to memory corruption that could allow an attacker to execute code with the same us...

7.6CVSS7.5AI score0.08546EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.92 views

CVE-2017-0093

CVE-2017-0093 is a Microsoft Edge vulnerability described as a memory-corruption/type-confusion issue in the Edge Scripting Engine when handling objects in memory, specifically related to asm.js handling. The root cause is a type-confusion in the scripting engine caused by improper parsing of eva...

7.6CVSS7.5AI score0.13691EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.92 views

CVE-2017-11821

Summary: CVE-2017-11821 is part of ChakraCore/Edge-related memory corruption vulnerabilities. The connected advisories describe a vulnerability in the ChakraCore scripting engine where how in-memory objects are handled can allow an attacker to execute arbitrary code in the context of the current ...

7.6CVSS7.8AI score0.08761EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.92 views

CVE-2017-8756

CVE-2017-8756 is documented as a Microsoft Edge memory-corruption vulnerability in Windows 10 (variants 1511, 1607, 1703) and Windows Server 2016, caused by how Edge accesses objects in memory, enabling arbitrary code execution in the current user context. The connected Nessus plugin entry 104385...

7.6CVSS7.2AI score0.08716EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.92 views

CVE-2018-0930

CVE-2018-0930: ChakraCore and Microsoft Edge on Windows 10 are affected by a memory-handling flaw in the Chakra scripting engine that can enable remote code execution. Affected products include ChakraCore and Edge on Windows 10 releases such as 1709 (and 1703 per related advisories). The descript...

7.6CVSS7.2AI score0.11817EPSS
CVE
CVE
added 2016/03/09 11:0 a.m.91 views

CVE-2016-0109

CVE-2016-0109 affects Microsoft Internet Explorer 11 and Microsoft Edge. The weakness is memory corruption that can be triggered by a crafted web site, allowing remote code execution or a denial of service. Affected products are IE11 and Edge, with root cause described as improper handling of mem...

7.6CVSS7.6AI score0.16763EPSS
CVE
CVE
added 2017/04/12 2:0 p.m.91 views

CVE-2017-0200

CVE-2017-0200 is a remote code execution vulnerability in Microsoft Edge caused by improper handling of memory objects, enabling an attacker to execute arbitrary code in the context of the current user. Public exploits exist. The CVE is referenced in multiple security entries (MSRC advisory for C...

7.6CVSS7.7AI score0.13774EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.91 views

CVE-2017-11802

CVE-2017-11802 affects ChakraCore and Microsoft Edge on Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016. The vulnerability stems from how the Chakra scripting engine handles memory objects, enabling an attacker to execute arbitrary code in the context of the current user. Exploitation...

7.6CVSS7.8AI score0.69163EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.91 views

CVE-2017-11806

CVE-2017-11806 affects ChakraCore and Microsoft Edge in Windows 10 version 1703, where the scripting engine’s in-memory object handling can lead to memory corruption and arbitrary code execution in the current user context. The vulnerability is described as a memory corruption flaw in ChakraCore’...

7.6CVSS7.8AI score0.08761EPSS
CVE
CVE
added 2017/07/11 9:0 p.m.91 views

CVE-2017-8605

CVE-2017-8605 is described across connected sources as a memory-corruption vulnerability in Microsoft Edge’s scripting engine that can lead to arbitrary code execution in the context of the current user when handling objects in memory. Public references link this family of issues to Edge on Windo...

7.6CVSS7.5AI score0.08967EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.91 views

CVE-2017-8641

CVE-2017-8641 affects Microsoft Edge/Internet Explorer scripting engines in Windows (memory corruption when rendering objects in memory), enabling remote code execution in the context of the current user. Affected platforms include Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1/RT 8.1, Wi...

7.6CVSS7.9AI score0.71609EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.91 views

CVE-2017-8646

CVE-2017-8646 concerns a remote code execution vulnerability in Microsoft Edge’s scripting engine memory handling. Affected product/variant: Microsoft Edge on Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016, where the JavaScript engine could corrupt memory while rendering objects i...

7.6CVSS7.8AI score0.69277EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.91 views

CVE-2017-8729

CVE-2017-8729 affects Microsoft Edge on Windows 10 version 1703. It is caused by the scripting engine’s handling of in-memory objects, leading to memory corruption and the ability for an attacker to execute arbitrary code in the current user context. The provided documents confirm the vulnerabili...

7.6CVSS7.5AI score0.72171EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.90 views

CVE-2017-8736

CVE-2017-8736 is an information-disclosure vulnerability affecting Internet Explorer in Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1/RT 8.1, Windows Server 2012 R2, and Internet Explorer/Edge in Windows 10 (Gold and various builds). The root cause, as described in connected Nessus data,...

4.3CVSS4.8AI score0.08439EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.90 views

CVE-2018-0990

Mode C: CVE-2018-0990 is a ChakraCore/Edge remote code execution vulnerability described as memory corruption in the Chakra scripting engine when handling objects in memory. Affected products include Microsoft Edge and ChakraCore. The root cause is in the engine’s memory handling, enabling arbitr...

7.6CVSS6.4AI score0.15139EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.89 views

CVE-2016-7199

CVE-2016-7199 affects Microsoft Internet Explorer (IE) versions 9–11 and Microsoft Edge, where a crafted web site can bypass the Same Origin Policy to disclose sensitive window-state information (information-disclosure vulnerability). Root cause is tied to how IE/Edge handle window/state data acr...

3.1CVSS4.8AI score0.13089EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.89 views

CVE-2017-0033

CVE-2017-0033 affects Microsoft Internet Explorer 11 and Microsoft Edge, enabling remote attackers to spoof web content via a crafted web site (the vulnerability is distinct from CVE-2017-0012 and CVE-2017-0069). Based on the connected documents, the exploit surface is network-propagated and leve...

4.3CVSS4.3AI score0.08093EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.89 views

CVE-2017-11799

CVE-2017-11799 relates to a memory-handling vulnerability in the ChakraCore scripting engine (used by ChakraCore and Microsoft Edge) on Windows 10 and Windows Server 2016/Edge. The description states that an attacker can execute arbitrary code in the context of the current user due to memory hand...

7.6CVSS7.8AI score0.63675EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.89 views

CVE-2017-11807

Technical details for CVE-2017-11807 are not publicly provided in the supplied documents. The connected advisories cover ChakraCore RCE/memory corruption generically but do not specify affected product versions, root cause, or fixes for this CVE. Monitor for updates.

7.6CVSS7.8AI score0.08761EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.89 views

CVE-2017-11808

CVE-2017-11808 affects ChakraCore (and Microsoft Edge) on Windows 10 versions (Gold/1511/1607/1703) and Windows Server 2016. The root cause is memory handling in the ChakraCore scripting engine, described as a memory corruption/information disclosure vulnerability that could allow an attacker to ...

7.6CVSS7.8AI score0.08761EPSS
CVE
CVE
added 2017/10/13 1:0 p.m.89 views

CVE-2017-11812

CVE-2017-11812 is a ChakraCore/Edge memory-corruption vulnerability on Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016. The root cause is in how the Chakra scripting engine handles in-memory objects, enabling an attacker to execute arbitrary code in the context of the current user....

9.3CVSS7.8AI score0.4726EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.89 views

CVE-2017-8647

Technical details for CVE-2017-8647 are not publicly available in the provided connected documents. Monitor for updates from vendors/security advisories; no product/version/impact is specified in the supplied materials.

7.6CVSS7.8AI score0.08641EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.89 views

CVE-2017-8755

CVE-2017-8755 is a memory corruption vulnerability in the Microsoft Edge scripting engine on Windows 10 (versions 1511, 1607, 1703) and Windows Server 2016. An attacker could execute arbitrary code in the context of the current user by abusing how Edge handles objects in memory. The NVD metrics l...

7.6CVSS7AI score0.71272EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.88 views

CVE-2017-0241

Mode C: CVE-2017-0241 affects Microsoft Edge. The vulnerability is an elevation of privilege when Edge renders a domain-less URL, allowing actions in the Intranet Zone. Affected component: Edge rendering/domain handling; root cause details are not fully enumerated in the provided docs beyond the ...

5.4CVSS6.2AI score0.02869EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.88 views

CVE-2017-8737

CVE-2017-8737 covers a remote-code-execution flaw in the Windows PDF Library affecting Windows 8.1/RT 8.1, Windows Server 2012/R2, Windows 10 (Gold, 1511, 1607, 1703) and Windows Server 2016. The issue arises from how the Windows PDF Library handles in-memory objects, allowing an attacker to exec...

7.6CVSS7.3AI score0.21531EPSS
CVE
CVE
added 2016/03/09 11:0 a.m.87 views

CVE-2016-0111

CVE-2016-0111 affects Microsoft Internet Explorer 9–11 and Microsoft Edge. It is a memory corruption/remote code execution vulnerability triggered by visiting a crafted site, caused by improper memory handling in the browser. Exploitation existed (e.g., Exploit-DB) and patches were released (MS16...

7.6CVSS7.6AI score0.43643EPSS
CVE
CVE
added 2017/03/17 12:0 a.m.87 views

CVE-2017-0065

CVE-2017-0065 concerns Microsoft Edge memory disclosure via a crafted web site, described as a remote information-collection vulnerability. Exploitation would allow an attacker to obtain sensitive information from the Edge process memory. The NVD entry lists a CVSSv3 base score of 4.3 (MEDIUM) wi...

4.3CVSS4.1AI score0.27406EPSS
Web
CVE
CVE
added 2017/04/12 2:0 p.m.87 views

CVE-2017-0208

CVE-2017-0208 describes an information disclosure in Microsoft Edge (Chakra scripting engine) caused by improper handling of in-memory objects. The vulnerability could allow an attacker to obtain information to further compromise the system. Documents confirm the issue is tied to the Scripting En...

4.3CVSS4.9AI score0.15281EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.87 views

CVE-2017-11764

CVE-2017-11764 : A type confusion vulnerability in Microsoft Edge’s Chakra JavaScript engine (ParseCatch path) allows memory corruption. Reported as an Edge scripting engine issue that can be exploited by presenting a specially crafted web page, potentially enabling remote code execution in the u...

7.6CVSS7AI score0.64437EPSS
CVE
CVE
added 2017/11/15 3:0 a.m.87 views

CVE-2017-11863

Microsoft Edge in Windows 10 (Gold/1511/1607/1703/1709) and Windows Server 2016/1709 is affected by a vulnerability where Edge CSP validation can be bypassed, allowing an attacker to trick a user into loading a page with malicious content. Root cause: improper validation of CSP in Edge when loadi...

6.1CVSS4.9AI score0.03493EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.87 views

CVE-2017-8521

CVE-2017-8521 affects Microsoft Edge on Windows 10 version 1703, where the Edge JavaScript scripting engine can incorrectly handle in-memory objects, enabling remote code execution in the context of the current user when memory is corrupted. Connected sources corroborate a memory-corruption vecto...

7.6CVSS6.8AI score0.06232EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.86 views

CVE-2016-7227

CVE-2016-7227 affects Microsoft Internet Explorer 9–11 and Microsoft Edge, enabling remote attackers to determine the existence of local files via unspecified vectors (Information Disclosure). The issue is documented by NVD with CVSS low impact and network attack vector but no explicit exploit de...

3.1CVSS4.8AI score0.11616EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.86 views

CVE-2017-8653

CVE-2017-8653 is a memory-corruption vulnerability in Microsoft browsers on Windows platforms (several Windows versions listed in the initial entry) that allows remote code execution when the browser improperly accesses objects in memory. The issue is categorized under a browser memory corruption...

7.6CVSS8.1AI score0.09181EPSS
CVE
CVE
added 2017/08/08 9:0 p.m.86 views

CVE-2017-8670

CVE-2017-8670 describes a remote code execution vulnerability in Microsoft Edge on Windows 10 and Windows Server 2016 where the scripting engine memory corruption occurs when handling in-memory objects during rendering. The root cause is a memory corruption flaw in the browser’s JavaScript engine...

7.6CVSS7.8AI score0.68729EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.86 views

CVE-2017-8731

Microsoft Edge Memory Corruption vulnerability (CVE-2017-8731) affects Microsoft Edge on Windows 10 1607 and Windows Server 2016. The issue arises from how Edge accesses objects in memory, allowing an attacker to execute arbitrary code in the context of the current user when a victim opens a spec...

7.6CVSS7.1AI score0.51553EPSS
CVE
CVE
added 2017/09/13 1:0 a.m.86 views

CVE-2017-8751

CVE-2017-8751 affects Microsoft Edge in Windows 10 (1703). Root cause: Edge’s handling of objects in memory leading to memory corruption. Impact: attacker can execute arbitrary code in the context of the current user. Exploitation note: exploits exist (e.g., exploit-db entry) per linked reference...

7.6CVSS7.7AI score0.50373EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.86 views

CVE-2018-0927

CVE-2018-0927 relates to an information disclosure in Microsoft browsers (Internet Explorer and Edge) due to how objects are handled in memory. The connected Microsoft KBs (March 2018 updates) describe IE security updates that address multiple memory- and rendering-related issues, including fixes...

4.3CVSS5.1AI score0.0546EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.86 views

CVE-2018-0931

CVE-2018-0931 concerns the ChakraCore memory handling in the Chakra scripting engine, leading to remote code execution on Windows 10 variants (Gold, 1511, 1607, 1703, 1709) and Windows Server 2016. The connected GitHub advisories (GHSA-6C2V-XC8F-FVF7, GHSA-6V8R-83V3-RMRF, GHSA-PHCC-FRH9-Q545, GHS...

7.6CVSS7.3AI score0.11719EPSS
CVE
CVE
added 2018/03/14 5:0 p.m.86 views

CVE-2018-0936

CVE-2018-0936 relates to a ChakraCore memory corruption vulnerability that enables remote code execution on Windows 10 (notably 1709) due to how the Chakra scripting engine handles in-memory objects. The connected advisories confirm ChakraCore RCE across Windows 10 versions (including 1703/1709) ...

7.6CVSS7.2AI score0.15556EPSS
CVE
CVE
added 2018/04/12 1:0 a.m.86 views

CVE-2018-1019

CVE-2018-1019 describes a remote code execution vulnerability in the Chakra scripting engine’s handling of objects in memory, affecting Microsoft Edge and ChakraCore. The connected GitHub advisories reiterate a “ChakraCore RCE Vulnerability” with the same memory-corruption vector but do not provi...

7.6CVSS6.4AI score0.15139EPSS
CVE
CVE
added 2016/07/13 1:0 a.m.85 views

CVE-2016-3273

CVE-2016-3273 is a browser information disclosure vulnerability in the XSS Filter of Microsoft Internet Explorer 9–11 and Microsoft Edge. The root cause is improper restriction of JavaScript by the XSS Filter, allowing remote attackers to obtain sensitive information via a crafted website. The is...

5.3CVSS5.6AI score0.14189EPSS
CVE
CVE
added 2016/11/10 6:16 a.m.85 views

CVE-2016-7196

CVE-2016-7196 affects Microsoft Internet Explorer 10/11 and Microsoft Edge. The vulnerability enables remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. Severity is HIGH (CVSS v3: 7.5) with network access, user interaction required....

7.6CVSS7.6AI score0.14329EPSS
CVE
CVE
added 2017/05/12 2:0 p.m.85 views

CVE-2017-0227

CVE-2017-0227 describes a remote code execution in Microsoft Edge caused by how the scripting engines render in-memory objects, a memory corruption issue. The linked connected documents identify the vulnerability as part of a trio (CVE-2017-0221, CVE-2017-0227, CVE-2017-0240) with exploitation ti...

7.6CVSS7.5AI score0.13788EPSS
CVE
CVE
added 2017/06/15 1:0 a.m.85 views

CVE-2017-8523

Technical details (affected products, vulnerable components, impact, or fixes) for CVE-2017-8523 are not provided in the connected documents. Monitor for updates from official advisories.

4.3CVSS4.6AI score0.01368EPSS
Total number of security vulnerabilities255