481 matches found
CVE-2021-26411
CVE-2021-26411 (Internet Explorer Memory Corruption) is a memory-corruption vulnerability in IE that was exploited in the wild as a zero‑day. Project Zero’s analysis attributes two primary bug patterns to IE exploitation: a use-after-free caused by a user-controlled callback between object operat...
CVE-2020-0878
CVE-2020-0878 is a memory corruption vulnerability in the way Microsoft Edge/Internet Explorer access objects in memory, enabling remote code execution in the context of the current user. Public description confirms a network-exploitable scenario via malicious websites or compromised sites, with ...
CVE-2016-7200
CVE-2016-7200 refers to a memory-corruption/remote-code-execution vulnerability in the Chakra JavaScript engine used by Microsoft Edge. The Connected documents confirm this family of issues (ChakraCore/RCE vulnerabilities) and note it as a memory-corruption-based flaw triggered by a crafted site,...
CVE-2016-7201
Technical details about CVE-2016-7201 are not publicly provided in the supplied documents. Monitor official advisories for updates on affected components, versions, impact, and remediations.
CVE-2015-0313
Adobe Flash Player is affected by a use-after-free vulnerability (CVE-2015-0313) that enables remote code execution via crafted SWF handling. Affected products include Flash Player versions prior to 13.0.0.269 and 14.x–16.x prior to 16.0.0.305 on Windows/macOS, and prior to 11.2.202.442 on Linux....
CVE-2015-0311
CVE-2015-0311 affects Adobe Flash Player on Windows/macOS up to 16.0.0.287 and Linux 11.2.202.438, described as an unspecified vulnerability that allowed remote code execution via unknown vectors. Exploitation in the wild was reported in January 2015. Connected sources confirm this is a remote-co...
CVE-2016-3351
CVE-2016-3351 is a information-disclosure vulnerability affecting Microsoft Internet Explorer (IE) 9–11 and Microsoft Edge. The issue arises from improper handling of objects in memory by affected scripting engines, which could allow a remote attacker to detect or obtain sensitive files on the us...
CVE-2017-8524
CVE-2017-8524 is a memory corruption vulnerability in Microsoft’s JavaScript engine affecting multiple Windows versions (Windows 7 SP1, 8.1/RT 8.1, 8, 2012/2012 R2, 10 versions, and Server 2016). The root cause is memory handling in the scripting engine during rendering of objects, enabling remot...
CVE-2020-0713
Technical details for CVE-2020-0713 are not publicly available in the provided documents. Monitor for updates from official advisories; no affected products, vectors, or fixes are disclosed here.
CVE-2017-8529
CVE-2017-8529 is an information-disclosure flaw in Internet Explorer caused by improper handling of in-memory objects by Microsoft scripting engines. It affects IE on Windows 7 SP1, Windows 8.1/RT 8.1, Windows Server 2008 R2 SP1, 2012/2012 R2, and Windows 10/Server 2016 family as documented by th...
CVE-2020-0711
Technical details about CVE-2020-0711 are not publicly provided in the connected documents. The EUVD entries mention malware but do not specify affected product, root cause, impact, or remediation.
CVE-2017-8522
CVE-2017-8522 affects Microsoft Windows browsers (IE/Edge) and the scripting engine, where memory handling of objects can cause arbitrary code execution. The issue is described as a Scripting Engine Memory Corruption Vulnerability impacting Windows 8.1/RT 8.1, Server 2012/R2, 2016, and Windows 10...
CVE-2020-0712
Technical details about CVE-2020-0712 are not publicly provided in the connected documents. The available sources describe unrelated EUVD entries (malicious code/malware notes). Monitor for updates from the listed references and authoritative security advisories.
CVE-2020-0710
CVE-2020-0710 describes a remote code execution in the ChakraCore scripting engine related to how it handles objects in memory. The CVE entry cites a high impact (CVSS v3.1 base score 7.5) with network access required and user interaction needed. Affected component: ChakraCore memory object handl...
CVE-2018-8390
CVE-2018-8390 is a remote code execution vulnerability in the ChakraCore scripting engine's in-memory object handling, affecting Microsoft Edge and ChakraCore. The root cause is memory corruption in the scripting engine, enabling potential code execution with network access and user interaction r...
CVE-2019-1426
Technical details for CVE-2019-1426 are not publicly provided in the connected documents. No specific affected product/version/root cause is reproduced here. Monitor for vendor advisories or additional disclosures to confirm impact and remediation.
CVE-2018-8372
Microsoft Edge Chakra (ChakraCore) and Internet Explorer are affected by a remote code execution vulnerability in the scripting engine due to memory-object handling issues. The CVE-2018-8372 family (and related CVEs) describes a memory-corruption flaw that enables code execution via crafted objec...
CVE-2020-0767
Technical details for CVE-2020-0767 are not publicly available in the provided connected documents. Monitor for updates.
CVE-2018-8385
CVE-2018-8385 describes a remote code execution vulnerability in how the Microsoft scripting engine handles objects in memory, leading to memory corruption. Affected products listed in the description include Internet Explorer 9, ChakraCore, Internet Explorer 11, Microsoft Edge, and Internet Expl...
CVE-2018-8355
CVE-2018-8355 is a remote code execution vulnerability in Microsoft’s scripting stack (ChakraCore, Internet Explorer 11, Edge) due to memory handling flaws in the scripting engine. Public details in connected sources point to an object/memory handling vulnerability exploited via type-confusion in...
CVE-2020-0970
CVE-2020-0970 describes a remote code execution vulnerability in the ChakraCore scripting engine, arising from how the engine handles in-memory objects. It is associated with ChakraCore used by Microsoft Edge/Internet Explorer, and is explicitly distinguished from CVE-2020-0968. The connected doc...
CVE-2018-8288
CVE-2018-8288 is a remote code execution vulnerability in ChakraCore, Internet Explorer 11, and Microsoft Edge caused by memory handling of objects in the scripting engine (memory corruption). The CVE notes high impact with network access and required user interaction. Public references in the co...
CVE-2019-0739
Technical details for CVE-2019-0739 are not available in the provided connected documents. The sources only offer a high-level description of an Edge scripting engine memory corruption without specifying affected components, versions, impact, or fixes.
CVE-2019-1428
Technical details for CVE-2019-1428 are not publicly provided in the connected documents. The available materials confirm Edge memory corruption in HTML-based scripting engine but do not specify affected versions, exploit vectors, or fixes. Monitor for vendor advisories.
CVE-2018-8291
The CVE-2018-8291 entry describes a remote code execution in the ChakraCore scripting engine affecting ChakraCore, Internet Explorer 11, and Microsoft Edge due to memory handling in scripting objects. Root cause: memory object handling in the scripting engine leading to RCE. Public references sho...
CVE-2019-1427
Technical details for CVE-2019-1427 are not publicly provided in the connected documents. We cannot specify affected products, root cause, impact, or fixes from these sources. Monitor official advisories and vendor disclosures for updates.
CVE-2018-8287
CVE-2018-8287 describes a remote code execution vulnerability in the ChakraCore scripting engine and affected Microsoft browsers (Internet Explorer 11, Edge) due to memory handling. The connected advisories (GHSA) mirror the description and identify ChakraCore as the affected component; no specif...
CVE-2025-21253
CVE-2025-21253 affects Microsoft Edge for iOS and Android. A spoofing vulnerability is described, arising from UI handling errors that could mislead users. The CVE has a MEDIUM base score (CVSSv3.1: 5.3; Network attack vector, no user interaction required, low attack complexity) per the provided ...
CVE-2020-0827
Technical details about CVE-2020-0827 are not publicly provided in the supplied documents. The connected EUVD records mention malware in 'sbrugna' but do not describe affected products, root cause, or mitigation. Monitor for updates.
CVE-2016-7288
CVE-2016-7288 is discussed in connected analysis as an MS Edge UAF vulnerability in the JavaScript TypedArray.sort path (TypedArrayBase::EntrySort) triggered via a user-supplied compare function. The root cause is memory-safety misuse during qsort_s-based sorting of TypedArrays, enabling memory c...
CVE-2019-0539
CVE-2019-0539 is an in-memory memory-corruption vulnerability in Microsoft Edge/ChakraCore where the Chakra JIT/type-confusion paths expose remote code execution. Public references describe exploitation through Type Confusion in Chakra Core/Edge, with exploit examples showing read/write primitive...
CVE-2019-1237
Technical details for CVE-2019-1237 are not publicly available in the provided connected documents. No concrete affected products, versions, root cause, or mitigations are present here. Monitor for updates from authoritative sources to obtain specifics and remediation guidance.
CVE-2020-17052
CVE-2020-17052 is a Scripting Engine Memory Corruption Vulnerability. Connected data confirms the issue as a memory corruption in a scripting engine and labels it with CVSS metrics (CVSSv3.1 base score 8.1, high impact on confidentiality, integrity, and availability; network attack vector; no pri...
CVE-2020-1172
CVE-2020-1172 describes a remote code execution in the ChakraCore scripting engine caused by memory corruption when handling objects in memory. The issue could let an attacker execute code with the current user’s privileges (high impact if the user has admin rights). The vulnerability is addresse...
CVE-2020-1057
Technical details for CVE-2020-1057 are not publicly available in the provided connected documents. We cannot identify affected products/versions or remediation from these sources. Monitor official Microsoft/MSRC advisories and related CVE references for concrete information.
CVE-2020-0768
Technical details for CVE-2020-0768 are not provided in the connected documents. Public details appear limited to initial description. Monitor for updates from official sources.
CVE-2020-0823
Technical details on CVE-2020-0823 are not provided in the supplied documents; no specifics on affected products, root cause, impact, or fixes are disclosed. Monitor for updates.
CVE-2019-0608
Technical details about CVE-2019-0608 are not publicly available in the provided documents. The connected EUVD and MSKB entries do not specify affected products, impact, or remediation. Monitor for updates as new information becomes available.
CVE-2019-1217
Technical details for CVE-2019-1217 are not publicly available in the provided connected documents; no affected products, versions, or remediation are described here. Monitor for updates.
CVE-2019-1107
CVE-2019-1107 concerns a remote code execution in Microsoft Edge via the Chakra scripting engine’s in-memory handling. The connected docs (GitHub advisories GHSA entries) reference an Out-of-bounds write/memory corruption in Chakra as the underlying issue and identify Edge/chakra as affected, ali...
CVE-2019-0592
CVE-2019-0592 is a ChakraCore/Edge memory-corruption remote code execution issue. Connected sources corroborate a Chakra memory-management flaw that can lead to RCE in Microsoft Edge when handling in-memory objects. No exploit specifics are provided in the documents. Remediation details are not e...
CVE-2019-1335
Technical details for CVE-2019-1335 are not publicly available in the provided documents. Monitor for updates and potential advisory disclosures.
CVE-2020-0829
Technical details about CVE-2020-0829 are not publicly available in the provided documents. Monitor for updates from trusted sources to assess impact, affected products, and fixes.
CVE-2020-1555
CVE-2020-1555 is a memory corruption vulnerability in the Edge HTML-based scripting engine. The vulnerability allows an attacker to execute arbitrary code in the context of the current user, with the potential for full system compromise if the user has admin rights. The issue stems from how the E...
CVE-2019-0567
CVE-2019-0567 is a remote code execution in the Chakra scripting engine used by Microsoft Edge and ChakraCore, stemming from memory handling issues in Chakra. Public exploits are referenced in Exploit-DB (e.g., 46203) and are part of a trio of Edge Chakra memory‑corruption advisories (CVE-2019-05...
CVE-2020-17048
Technical details for CVE-2020-17048 are not publicly provided in the supplied connected documents. No specific affected products, root cause, impact, or remediation are confirmed here. Monitor for updates from NVD/MSRC/GHSA as they become available.
CVE-2020-17131
CVE-2020-17131 concerns a memory corruption vulnerability in the Chakra Scripting Engine described in the connected advisories as an out-of-bounds write in Chakra . The linked sources identify the issue as part of Chakra’s scripting engine and associate it with the same CVE across multiple feeds,...
CVE-2016-3325
CVE-2016-3325 affects Microsoft Internet Explorer 11 and Microsoft Edge. A memory handling flaw in IE/Edge enables information disclosure when visiting a crafted site; attack vector is network, with user interaction required (per CVSS3). Exploitation has been observed (CVE-2016-3325 appears in ex...
CVE-2019-0884
Technical details for CVE-2019-0884 are not publicly available in the provided documents; no affected product/version or exploit guidance are specified. Monitor for updates from official advisories.
CVE-2019-0912
Technical details about CVE-2019-0912 are not publicly available in the provided documents; no product, impact, or remediation specifics are disclosed. Monitor for updates from official advisories.