Search for packages
| purl | pkg:nuget/Microsoft.ChakraCore@1.7.6 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-17w1-5t1v-4kff
Aliases: CVE-2020-0710 GHSA-67xp-4726-4978 |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 28 other vulnerabilities. |
|
VCID-17w6-s2wv-qba4
Aliases: CVE-2019-1092 GHSA-2x75-mf24-588m |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107. |
Affected by 50 other vulnerabilities. |
|
VCID-1pjr-72cx-fkbc
Aliases: CVE-2018-0872 GHSA-h9h7-4jfm-3fxr |
Out-of-bounds Write ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. |
Affected by 146 other vulnerabilities. |
|
VCID-1xvg-d68g-83ff
Aliases: CVE-2020-0812 GHSA-g67x-mgrv-m3gv |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). |
Affected by 13 other vulnerabilities. |
|
VCID-2ghg-tbs8-wyfq
Aliases: CVE-2018-0936 GHSA-6v8r-83v3-rmrf |
Out-of-bounds Write ChakraCore and Microsoft Windows 10 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0937. |
Affected by 146 other vulnerabilities. |
|
VCID-2n5v-mke8-fbgu
Aliases: CVE-2019-0592 GHSA-fv38-4c3m-25v8 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0611. |
Affected by 88 other vulnerabilities. |
|
VCID-2rmm-pbds-9ff2
Aliases: CVE-2018-8177 GHSA-7cc5-cqmx-9v7g |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8133, CVE-2018-8145. |
Affected by 126 other vulnerabilities. Affected by 124 other vulnerabilities. |
|
VCID-2vzj-1wm1-ebgk
Aliases: CVE-2018-0990 GHSA-vh9x-fprq-2hhj |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. |
Affected by 126 other vulnerabilities. |
|
VCID-31cx-9d7s-7fhx
Aliases: CVE-2019-0769 GHSA-8qh8-cv77-h83g |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783. |
Affected by 88 other vulnerabilities. |
|
VCID-367j-fhnf-dfbn
Aliases: CVE-2019-0639 GHSA-6jf5-rmhv-38cw |
Integer Overflow or Wraparound A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783. |
Affected by 88 other vulnerabilities. |
|
VCID-36ck-4uuw-fbeq
Aliases: CVE-2019-1196 GHSA-hfm2-fffh-v47v |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1197. |
Affected by 43 other vulnerabilities. |
|
VCID-36zy-vxpq-ebgj
Aliases: CVE-2019-1195 GHSA-ppxc-pmx9-qjv9 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1196, CVE-2019-1197. |
Affected by 43 other vulnerabilities. |
|
VCID-3fch-6tev-nybc
Aliases: CVE-2020-0713 GHSA-g6mc-8679-ghx9 |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 28 other vulnerabilities. |
|
VCID-3nr2-txtn-eye8
Aliases: CVE-2018-8229 GHSA-jv5x-p843-g4qr |
Access of Resource Using Incompatible Type ('Type Confusion') A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8227. |
Affected by 124 other vulnerabilities. Affected by 124 other vulnerabilities. |
|
VCID-436y-v35a-mkc3
Aliases: CVE-2020-0833 GHSA-86gw-g9jv-8vfg |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0848. |
Affected by 13 other vulnerabilities. |
|
VCID-4gds-1a3w-mbaf
Aliases: CVE-2019-1139 GHSA-9qw8-ccq9-ffj9 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197. |
Affected by 43 other vulnerabilities. |
|
VCID-4jw9-zwav-ukcd
Aliases: CVE-2019-0591 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. |
Affected by 96 other vulnerabilities. |
|
VCID-4ue8-z2ru-4qfq
Aliases: CVE-2019-0916 GHSA-7423-5qfm-g648 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. |
Affected by 67 other vulnerabilities. |
|
VCID-4vs6-cmfh-5kcn
Aliases: CVE-2019-0607 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. |
Affected by 96 other vulnerabilities. |
|
VCID-4wv2-madk-h3hs
Aliases: CVE-2020-0711 GHSA-63fw-7jgf-5hwv |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 28 other vulnerabilities. |
|
VCID-53hq-3sv9-d3cq
Aliases: CVE-2018-0953 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. |
Affected by 126 other vulnerabilities. |
|
VCID-5bg3-mxuq-93af
Aliases: CVE-2020-1172 GHSA-xxfr-jrgh-x392 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1057, CVE-2020-1180. |
Affected by 3 other vulnerabilities. |
|
VCID-5men-95qp-7uay
Aliases: CVE-2019-1237 GHSA-q99r-j969-6jwr |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298, CVE-2019-1300. |
Affected by 38 other vulnerabilities. |
|
VCID-5u6k-t96g-1uf1
Aliases: CVE-2020-1057 GHSA-9f8c-f7h4-xghf |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1172, CVE-2020-1180. |
Affected by 3 other vulnerabilities. |
|
VCID-5uhu-4eee-dkfc
Aliases: CVE-2019-1003 GHSA-w32p-76xr-88pc |
Chakra Scripting Engine Out-of-bounds write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. |
Affected by 56 other vulnerabilities. |
|
VCID-61nr-bz5m-sba3
Aliases: CVE-2019-0655 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652. |
Affected by 96 other vulnerabilities. |
|
VCID-63fm-j38k-7bb1
Aliases: CVE-2018-8178 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka "Microsoft Browser Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge. |
Affected by 126 other vulnerabilities. |
|
VCID-6e2x-jpst-2uap
Aliases: CVE-2019-1023 |
Exposure of Sensitive Information to an Unauthorized Actor An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0990. |
Affected by 56 other vulnerabilities. |
|
VCID-6myn-e1rr-ufca
Aliases: CVE-2019-0993 GHSA-2rfj-2mwp-787v |
Chakra Scripting Engine Out-of-bounds write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. |
Affected by 56 other vulnerabilities. |
|
VCID-6tcu-txtu-u3ej
Aliases: CVE-2019-1138 GHSA-pwpr-vp2v-99xw |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1217, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300. |
Affected by 38 other vulnerabilities. |
|
VCID-6ts3-98bc-1fh4
Aliases: CVE-2019-0913 GHSA-59cj-99cw-rq64 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. |
Affected by 67 other vulnerabilities. |
|
VCID-6ujv-35uz-hqbe
Aliases: CVE-2019-0812 GHSA-rpfg-xf88-cq5r |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. |
Affected by 81 other vulnerabilities. |
|
VCID-74es-h3es-tuea
Aliases: CVE-2020-0827 GHSA-7j34-xq9v-9mqg |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 13 other vulnerabilities. |
|
VCID-76wt-pptq-yuf5
Aliases: CVE-2019-1024 GHSA-g8q3-rcf9-qx4q |
Chakra Scripting Engine RCE Vulnerability A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. |
Affected by 56 other vulnerabilities. |
|
VCID-7aaz-s9sc-bya1
Aliases: CVE-2019-0771 GHSA-fvpg-qx3g-7mp7 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0773, CVE-2019-0783. |
Affected by 88 other vulnerabilities. |
|
VCID-7htw-uznd-e7e4
Aliases: CVE-2019-1131 GHSA-mw7r-3g6w-85qg |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197. |
Affected by 43 other vulnerabilities. |
|
VCID-7xa6-9phe-1bhr
Aliases: CVE-2019-0914 GHSA-h6wf-hvwc-fm77 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. |
Affected by 67 other vulnerabilities. |
|
VCID-88ge-vc6p-kkgf
Aliases: CVE-2019-0933 GHSA-5rq8-3wvf-wrfg |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0937. |
Affected by 67 other vulnerabilities. |
|
VCID-8e71-ekze-c7a6
Aliases: CVE-2020-0826 GHSA-6cc6-66f5-mxjj |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 13 other vulnerabilities. |
|
VCID-8jab-mh9u-uuf7
Aliases: CVE-2020-1073 GHSA-g3m9-qrfj-xw4g |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 7 other vulnerabilities. |
|
VCID-8ums-z8cj-f7eg
Aliases: CVE-2020-0768 GHSA-pfrg-w49c-8432 |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. |
Affected by 13 other vulnerabilities. |
|
VCID-8x8m-rvgq-gbf1
Aliases: CVE-2020-0831 GHSA-h2xm-2p6w-mj2v |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 13 other vulnerabilities. |
|
VCID-973h-tuxs-e3ax
Aliases: CVE-2019-0644 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. |
Affected by 96 other vulnerabilities. |
|
VCID-9d1p-jufh-ckbf
Aliases: CVE-2018-8137 GHSA-frh8-wrx9-gc53 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8139. |
Affected by 126 other vulnerabilities. Affected by 124 other vulnerabilities. |
|
VCID-9dp4-8238-63a7
Aliases: CVE-2019-1051 GHSA-fxrx-5j36-pwg5 |
Chakra Scripting Engine RCE via Out-of-bounds write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. |
Affected by 56 other vulnerabilities. |
|
VCID-9kxa-tcn4-g3gj
Aliases: CVE-2018-0934 GHSA-phcc-frh9-q545 |
Out-of-bounds Write ChakraCore and Microsoft Windows Gold, and Windows Server allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937. |
Affected by 146 other vulnerabilities. |
|
VCID-9qqa-hzyr-23ex
Aliases: CVE-2019-0590 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. |
Affected by 96 other vulnerabilities. |
|
VCID-a7js-b43t-rfdc
Aliases: CVE-2020-0712 GHSA-w6qf-35f2-j6h7 |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 28 other vulnerabilities. |
|
VCID-atn9-g7ky-1bex
Aliases: CVE-2019-1428 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1429. |
Affected by 33 other vulnerabilities. |
|
VCID-az84-qurw-3bes
Aliases: CVE-2018-1022 GHSA-wjmf-6x7g-xq67 |
Out-of-bounds Write A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. |
Affected by 126 other vulnerabilities. Affected by 124 other vulnerabilities. |
|
VCID-b7w7-efgp-wybu
Aliases: CVE-2018-1019 GHSA-prhh-h793-h32r |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995. |
Affected by 126 other vulnerabilities. |
|
VCID-bdrq-3src-4bh3
Aliases: CVE-2019-0917 GHSA-rx34-jff5-ph35 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. |
Affected by 67 other vulnerabilities. |
|
VCID-bdtx-jz4f-qkdx
Aliases: CVE-2018-0860 GHSA-v3xp-3wpq-rvhp |
Out-of-bounds Write Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0861, and CVE-2018-0866. |
Affected by 156 other vulnerabilities. |
|
VCID-bfpu-b6h6-yqba
Aliases: CVE-2020-0829 GHSA-jv2c-mhcq-6wp4 |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 13 other vulnerabilities. |
|
VCID-bqev-84c9-2bdt
Aliases: CVE-2019-0829 GHSA-5rq3-9wc9-m9c3 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0860, CVE-2019-0861. |
Affected by 81 other vulnerabilities. |
|
VCID-bshv-rtt8-uydm
Aliases: CVE-2018-0939 GHSA-xgcc-r2f3-rq6p |
Out-of-bounds Write ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0891. |
Affected by 146 other vulnerabilities. |
|
VCID-c2rx-c4w9-d3fe
Aliases: CVE-2020-0811 GHSA-pg99-mp4c-75g6 |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). |
Affected by 13 other vulnerabilities. |
|
VCID-c4a3-9yyr-53du
Aliases: CVE-2019-0922 GHSA-hrmm-f4j8-8vxc |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. |
Affected by 67 other vulnerabilities. |
|
VCID-c5ja-nzs7-kug9
Aliases: CVE-2019-0810 GHSA-2mmc-5phj-4wjj |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. |
Affected by 81 other vulnerabilities. |
|
VCID-c7j8-ppbg-h7bh
Aliases: CVE-2018-8133 GHSA-8rqh-8726-83h7 |
Access of Resource Using Incompatible Type ('Type Confusion') A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8130, CVE-2018-8145, CVE-2018-8177. |
Affected by 126 other vulnerabilities. Affected by 124 other vulnerabilities. |
|
VCID-cds4-1scr-muc4
Aliases: CVE-2019-1197 GHSA-v89p-5hr2-4rh4 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196. |
Affected by 43 other vulnerabilities. |
|
VCID-cmbp-3zpq-uqbk
Aliases: CVE-2018-0995 GHSA-c6mx-gwgr-mfm2 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-1019. |
Affected by 126 other vulnerabilities. |
|
VCID-d5dd-b6re-kfcr
Aliases: CVE-2019-0989 GHSA-9824-rp6m-xx9w |
Chakra Scripting Engine Memory Corruption Vulnerability A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. |
Affected by 56 other vulnerabilities. |
|
VCID-d7tq-rdtb-qbgt
Aliases: CVE-2020-0832 GHSA-2qgv-2cv4-g4cg |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0833, CVE-2020-0848. |
Affected by 13 other vulnerabilities. |
|
VCID-dddf-j2v3-jbac
Aliases: CVE-2019-0746 GHSA-jhx3-2w5x-x39x |
Exposure of Sensitive Information to an Unauthorized Actor An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. |
Affected by 88 other vulnerabilities. |
|
VCID-e2bn-6ucv-fucd
Aliases: CVE-2020-0848 GHSA-5p67-cp9c-hqw4 |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 13 other vulnerabilities. |
|
VCID-ecxv-bssd-kucp
Aliases: CVE-2018-0931 GHSA-h575-j3ph-hjvc |
Out-of-bounds Write ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. |
Affected by 146 other vulnerabilities. |
|
VCID-ekug-fvtn-3qcv
Aliases: CVE-2019-0610 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. |
Affected by 96 other vulnerabilities. |
|
VCID-etyr-p112-wyc6
Aliases: CVE-2018-0993 GHSA-7c7v-g484-j4cf |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. |
Affected by 126 other vulnerabilities. |
|
VCID-eumg-61kj-sfg2
Aliases: CVE-2019-0652 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0655. |
Affected by 96 other vulnerabilities. |
|
VCID-eute-6mw8-xbfd
Aliases: CVE-2019-0593 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. |
Affected by 96 other vulnerabilities. |
|
VCID-eyq8-75rj-9bhn
Aliases: CVE-2019-0924 GHSA-prxj-c66c-4gcf |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. |
Affected by 67 other vulnerabilities. |
|
VCID-ezf3-yaet-ckhr
Aliases: CVE-2018-0874 GHSA-67f9-qmg7-fmcq |
Out-of-bounds Write ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. |
Affected by 146 other vulnerabilities. |
|
VCID-fg48-sak7-5uem
Aliases: CVE-2019-0915 GHSA-fm9p-5m9f-rq85 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. |
Affected by 67 other vulnerabilities. |
|
VCID-fxrs-bakn-1bfg
Aliases: CVE-2019-0651 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0652, CVE-2019-0655. |
Affected by 96 other vulnerabilities. |
|
VCID-fy4b-bjke-7uf5
Aliases: CVE-2020-0830 GHSA-g644-6fg4-hrh9 |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers. |
Affected by 13 other vulnerabilities. |
|
VCID-gb88-ebyw-skg2
Aliases: CVE-2018-0994 GHSA-g549-jfg6-98ch |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0995, CVE-2018-1019. |
Affected by 126 other vulnerabilities. |
|
VCID-gch5-djz8-bfhr
Aliases: CVE-2019-0649 GHSA-6c6r-39cv-x5fq |
Privilege Escalation A vulnerability exists in Microsoft Chakra JIT server, aka 'Scripting Engine Elevation of Privileged Vulnerability'. |
Affected by 96 other vulnerabilities. |
|
VCID-gh38-ssv6-m3am
Aliases: CVE-2020-0823 GHSA-wvhv-rr3v-vhpj |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 13 other vulnerabilities. |
|
VCID-gh52-u7cx-mudx
Aliases: CVE-2019-1141 GHSA-cwp9-956f-vcwh |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197. |
Affected by 43 other vulnerabilities. |
|
VCID-gnw3-h42t-k7ha
Aliases: CVE-2018-8128 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8137, CVE-2018-8139. |
Affected by 126 other vulnerabilities. |
|
VCID-gt5q-77u9-b3bg
Aliases: CVE-2020-0825 GHSA-j89m-gcjf-6ghp |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 13 other vulnerabilities. |
|
VCID-h1dx-3pfc-47e8
Aliases: CVE-2020-1219 |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory. |
Affected by 7 other vulnerabilities. |
|
VCID-heb9-gz3z-5bf1
Aliases: CVE-2019-0648 GHSA-wwfw-m54g-gv72 |
ChakraCore information disclosure vulnerability An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data.To exploit the vulnerability, an attacker must know the memory address of where the object was created. The update addresses the vulnerability by changing the way certain functions handle objects in memory, aka Scripting Engine Information Disclosure Vulnerability. This CVE ID is unique from CVE-2019-0658. |
Affected by 96 other vulnerabilities. |
|
VCID-hkqu-2mv4-nbff
Aliases: CVE-2019-0611 GHSA-7ph8-f946-q5r7 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0592. |
Affected by 88 other vulnerabilities. |
|
VCID-hp26-tbjy-fqdn
Aliases: CVE-2018-8291 GHSA-j67m-wpv6-pv44 |
Access of Resource Using Incompatible Type ('Type Confusion') A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8296, CVE-2018-8298. |
Affected by 110 other vulnerabilities. |
|
VCID-hpyh-gnpg-e7g7
Aliases: CVE-2019-0937 GHSA-8gvg-8vhf-h26g |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933. |
Affected by 67 other vulnerabilities. |
|
VCID-hr3u-g7d4-8bhk
Aliases: CVE-2018-0980 GHSA-xmvg-c4x3-9qwp |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0979, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. |
Affected by 126 other vulnerabilities. |
|
VCID-hzx3-9ejh-j3gj
Aliases: CVE-2018-8276 GHSA-wg47-6cqc-q52j |
ChakraCore Security Bypass A security feature bypass vulnerability exists in the Microsoft Chakra scripting engine that allows Control Flow Guard (CFG) to be bypassed, aka "Scripting Engine Security Feature Bypass Vulnerability." This affects Microsoft Edge, ChakraCore. |
Affected by 110 other vulnerabilities. |
|
VCID-j1yk-y75u-ybc2
Aliases: CVE-2019-1300 GHSA-grvw-q343-58wh |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1298. |
Affected by 38 other vulnerabilities. |
|
VCID-j42w-gmza-vuaj
Aliases: CVE-2019-0923 GHSA-h23m-w6x5-jwr4 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. |
Affected by 67 other vulnerabilities. |
|
VCID-jbxs-r88s-ffca
Aliases: CVE-2020-1037 GHSA-8xv4-c7rq-j577 |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). |
Affected by 10 other vulnerabilities. Affected by 9 other vulnerabilities. |
|
VCID-jg9m-x53z-4qe1
Aliases: CVE-2018-0933 GHSA-3j65-2jcq-w9fr |
Out-of-bounds Write ChakraCore and Microsoft Windows Gold, and Windows Server allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. |
Affected by 146 other vulnerabilities. |
|
VCID-jvu4-fttu-vqbw
Aliases: CVE-2020-1065 GHSA-9hjg-j983-mqcc |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 9 other vulnerabilities. |
|
VCID-jx13-5c1x-z3fq
Aliases: CVE-2020-0969 GHSA-jr84-p554-62pm |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). |
Affected by 10 other vulnerabilities. |
|
VCID-k1eq-drg4-hubf
Aliases: CVE-2019-1298 GHSA-2452-3rwv-x89c |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1237, CVE-2019-1300. |
Affected by 38 other vulnerabilities. |
|
VCID-k8jf-jm72-jkab
Aliases: CVE-2019-0991 GHSA-6973-94v8-5mgw |
Chakra Scripting Engine Out-of-bounds write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. |
Affected by 56 other vulnerabilities. |
|
VCID-kafx-3255-vfc7
Aliases: CVE-2018-0954 GHSA-h5hw-qrrw-vfxg |
Out-of-bounds Write A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Explorer, Microsoft Edge, Internet Explorer This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. |
Affected by 126 other vulnerabilities. Affected by 124 other vulnerabilities. |
|
VCID-ksty-fpaz-p3g9
Aliases: CVE-2020-0813 GHSA-vvvh-5xrm-pxff |
Information Exposure An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data. To exploit the vulnerability, an attacker must know the memory address of where the object was created. |
Affected by 13 other vulnerabilities. |
|
VCID-m6rf-hppx-zqg3
Aliases: CVE-2018-0873 GHSA-wc52-2xwv-h7xr |
Out-of-bounds Write ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. |
Affected by 146 other vulnerabilities. |
|
VCID-m8j2-x953-7fcn
Aliases: CVE-2020-0970 GHSA-233h-59m2-qqf2 |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 10 other vulnerabilities. |
|
VCID-maq3-4mu9-3kaf
Aliases: CVE-2019-0861 GHSA-qxmj-3c5h-546c |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860. |
Affected by 81 other vulnerabilities. |
|
VCID-mc6e-9396-g7ck
Aliases: CVE-2018-0943 GHSA-7724-427r-8rvm |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8130, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177. |
Affected by 126 other vulnerabilities. Affected by 124 other vulnerabilities. |
|
VCID-mgpt-e1ra-v3bw
Aliases: CVE-2018-8459 GHSA-pcgp-vfgq-mf5j |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8354, CVE-2018-8391, CVE-2018-8456, CVE-2018-8457. |
Affected by 110 other vulnerabilities. Affected by 111 other vulnerabilities. |
|
VCID-mwqc-f5kr-kkhf
Aliases: CVE-2019-1426 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1427, CVE-2019-1428, CVE-2019-1429. |
Affected by 33 other vulnerabilities. |
|
VCID-mycx-3wzv-sqgs
Aliases: CVE-2019-0739 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0752, CVE-2019-0753, CVE-2019-0862. |
Affected by 81 other vulnerabilities. |
|
VCID-ndt7-82ev-uuch
Aliases: CVE-2018-8283 GHSA-ch84-pxpj-7hhm |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298. |
Affected by 110 other vulnerabilities. |
|
VCID-ne4a-3a8j-yufb
Aliases: CVE-2018-8290 GHSA-vgxq-xv7f-jxjx |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8294. |
Affected by 118 other vulnerabilities. Affected by 110 other vulnerabilities. |
|
VCID-nmrh-vecc-5ffd
Aliases: CVE-2019-1307 GHSA-6j89-jhpr-849f |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1308, CVE-2019-1335, CVE-2019-1366. |
Affected by 36 other vulnerabilities. |
|
VCID-ny33-2muh-ryaf
Aliases: CVE-2019-1002 GHSA-4v6q-gjm6-6vv4 |
ChakraCore RCE via Out-of-bounds write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. |
Affected by 56 other vulnerabilities. |
|
VCID-nz4e-t72k-kbfz
Aliases: CVE-2018-8298 GHSA-wgw2-wwq8-c7wf |
ChakraCore RCE Vulnerability A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296. |
Affected by 110 other vulnerabilities. |
|
VCID-prdx-1uzt-57hn
Aliases: CVE-2020-0828 GHSA-c8qc-62qv-5p2x |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 13 other vulnerabilities. |
|
VCID-pt1u-mqq9-myby
Aliases: CVE-2018-8371 GHSA-85j8-g29g-m326 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10. This CVE ID is unique from CVE-2018-8353, CVE-2018-8355, CVE-2018-8359, CVE-2018-8372, CVE-2018-8373, CVE-2018-8385, CVE-2018-8389, CVE-2018-8390. |
Affected by 110 other vulnerabilities. |
|
VCID-pyhu-mvgh-xbf4
Aliases: CVE-2018-0937 GHSA-6c2v-xc8f-fvf7 |
Out-of-bounds Write ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, and CVE-2018-0936. |
Affected by 146 other vulnerabilities. |
|
VCID-q34w-zm56-wfgd
Aliases: CVE-2020-17131 GHSA-qwwg-gc55-qqrv |
Out-of-bounds Write in Chakra Chakra Scripting Engine Memory Corruption Vulnerability |
Affected by 1 other vulnerability. |
|
VCID-q7g9-336k-zqch
Aliases: CVE-2019-0773 GHSA-3w9q-c44j-37jj |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0609, CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0783. |
Affected by 88 other vulnerabilities. |
|
VCID-q9a4-e6te-xkep
Aliases: CVE-2018-8288 GHSA-4f79-fxh8-vgq2 |
Out-of-bounds Write A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge. This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8287, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298. |
Affected by 110 other vulnerabilities. |
|
VCID-qsfh-5z2t-1kaa
Aliases: CVE-2021-42279 GHSA-jgrp-6qqq-3284 |
Chakra Scripting Engine and ChakraCore Vulnerable to Memory Corruption Chakra Scripting Engine and ChakraCore are vulnerable to memory corruption due to an out-of-bounds write. The Microsoft advisory for CVE-2021-42279 was modified in August 2022 to include Microsoft.ChakraCore as an affected product. | There are no reported fixed by versions. |
|
VCID-qvd3-jhzp-cufb
Aliases: CVE-2019-0912 GHSA-w89r-qch4-8jv5 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. |
Affected by 67 other vulnerabilities. |
|
VCID-r8ww-4jae-ubae
Aliases: CVE-2018-0979 GHSA-25vh-gq6v-hrx5 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0980, CVE-2018-0990, CVE-2018-0993, CVE-2018-0994, CVE-2018-0995, CVE-2018-1019. |
Affected by 126 other vulnerabilities. |
|
VCID-r9vg-y637-2uft
Aliases: CVE-2018-8280 GHSA-wwm6-r38h-ppg7 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8286, CVE-2018-8290, CVE-2018-8294. |
Affected by 118 other vulnerabilities. Affected by 110 other vulnerabilities. |
|
VCID-rbpf-56qy-gfgd
Aliases: CVE-2020-0767 GHSA-fhc8-h6hr-h9mq |
Improper Restriction of Operations within the Bounds of a Memory Buffer A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. |
Affected by 28 other vulnerabilities. |
|
VCID-rcy6-c6wy-dbfe
Aliases: CVE-2019-1140 GHSA-758c-g2ff-9444 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196, CVE-2019-1197. |
Affected by 43 other vulnerabilities. |
|
VCID-rk1q-c5dz-vkgp
Aliases: CVE-2019-0609 GHSA-pjpj-f6r8-56rm |
Out-of-bounds Write A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0639, CVE-2019-0680, CVE-2019-0769, CVE-2019-0770, CVE-2019-0771, CVE-2019-0773, CVE-2019-0783. |
Affected by 88 other vulnerabilities. |
|
VCID-rmkx-d954-gfey
Aliases: CVE-2019-1217 GHSA-pcgf-qjx2-qv4q |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300. |
Affected by 38 other vulnerabilities. |
|
VCID-rqah-64cs-ffa9
Aliases: CVE-2019-0860 GHSA-fv87-p7qr-xh5x |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0806, CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0861. |
Affected by 81 other vulnerabilities. |
|
VCID-rtm9-vhf2-zfa8
Aliases: CVE-2018-0930 GHSA-wc4x-9h9p-9494 |
Out-of-bounds Write ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937. |
Affected by 146 other vulnerabilities. |
|
VCID-ruz6-cvvm-t7gd
Aliases: CVE-2019-0927 GHSA-37pf-w9ff-gqvm |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0925, CVE-2019-0933, CVE-2019-0937. |
Affected by 67 other vulnerabilities. |
|
VCID-rvhd-memy-eyc6
Aliases: CVE-2018-8275 |
Out-of-bounds Write A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8279, CVE-2018-8301. |
Affected by 118 other vulnerabilities. |
|
VCID-s2u8-u4pq-n7ay
Aliases: CVE-2018-8130 GHSA-3fvw-g6mr-w247 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0943, CVE-2018-8133, CVE-2018-8145, CVE-2018-8177. |
Affected by 126 other vulnerabilities. Affected by 124 other vulnerabilities. |
|
VCID-s6tu-qk8r-73dm
Aliases: CVE-2019-1052 GHSA-v8jw-x9wq-hw4v |
Chakra Scripting Engine RCE via Out-of-bounds write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. |
Affected by 56 other vulnerabilities. |
|
VCID-s7sv-fmhb-x7ar
Aliases: CVE-2018-8287 GHSA-p97q-j98q-f98w |
Out-of-bounds Write A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer, Microsoft Edge, Internet Explorer This CVE ID is unique from CVE-2018-8242, CVE-2018-8283, CVE-2018-8288, CVE-2018-8291, CVE-2018-8296, CVE-2018-8298. |
Affected by 110 other vulnerabilities. |
|
VCID-sxhq-hbuz-n7g6
Aliases: CVE-2019-1308 GHSA-vw2g-5827-m9fp |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1307, CVE-2019-1335, CVE-2019-1366. |
Affected by 36 other vulnerabilities. |
|
VCID-t7an-hsmw-s3f3
Aliases: CVE-2019-1107 GHSA-5rcr-q3rx-j7vr |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1106. |
Affected by 50 other vulnerabilities. |
|
VCID-tfzp-pq86-cfc8
Aliases: CVE-2018-8286 GHSA-vwqh-cmvp-6694 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8290, CVE-2018-8294. |
Affected by 118 other vulnerabilities. Affected by 110 other vulnerabilities. |
|
VCID-thsq-abfa-37en
Aliases: CVE-2019-0806 GHSA-hg36-rmmm-hc5r |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0810, CVE-2019-0812, CVE-2019-0829, CVE-2019-0860, CVE-2019-0861. |
Affected by 81 other vulnerabilities. |
|
VCID-tx13-dy95-tbaw
Aliases: CVE-2019-0990 |
Exposure of Sensitive Information to an Unauthorized Actor An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1023. |
Affected by 56 other vulnerabilities. |
|
VCID-u2vx-qjca-63dz
Aliases: CVE-2019-0640 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. |
Affected by 96 other vulnerabilities. |
|
VCID-u3w9-3xea-mqgk
Aliases: CVE-2019-0658 |
Privilege Escalation An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka 'Scripting Engine Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-0648. |
Affected by 96 other vulnerabilities. |
|
VCID-udkj-r6hr-kfbm
Aliases: CVE-2020-0878 |
A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. |
Affected by 3 other vulnerabilities. |
|
VCID-uktz-ff73-hkbf
Aliases: CVE-2019-1427 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1428, CVE-2019-1429. |
Affected by 33 other vulnerabilities. |
|
VCID-uuzg-ntts-5ubk
Aliases: CVE-2018-8279 |
Access of Resource Using Incompatible Type ('Type Confusion') A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka "Microsoft Edge Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8125, CVE-2018-8262, CVE-2018-8274, CVE-2018-8275, CVE-2018-8301. |
Affected by 118 other vulnerabilities. |
|
VCID-vn8v-chqu-4qf8
Aliases: CVE-2018-0945 GHSA-5439-x5v5-2vhj |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. |
Affected by 126 other vulnerabilities. Affected by 124 other vulnerabilities. |
|
VCID-w1mv-6p24-xbd9
Aliases: CVE-2019-0911 GHSA-9735-p6r2-2hgh |
Out-of-bounds Write A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0884, CVE-2019-0918. |
Affected by 67 other vulnerabilities. |
|
VCID-w5ez-ps57-afgg
Aliases: CVE-2019-0925 GHSA-v648-p92f-9996 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0912, CVE-2019-0913, CVE-2019-0914, CVE-2019-0915, CVE-2019-0916, CVE-2019-0917, CVE-2019-0922, CVE-2019-0923, CVE-2019-0924, CVE-2019-0927, CVE-2019-0933, CVE-2019-0937. |
Affected by 67 other vulnerabilities. |
|
VCID-w771-z7gh-sudd
Aliases: CVE-2019-1062 GHSA-rh4p-g7x6-8pqg |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1092, CVE-2019-1103, CVE-2019-1106, CVE-2019-1107. |
Affected by 50 other vulnerabilities. |
|
VCID-whbh-n6ht-3yhy
Aliases: CVE-2018-8139 GHSA-5hxp-3237-j2hp |
Out-of-bounds Read A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0946, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137. |
Affected by 126 other vulnerabilities. Affected by 124 other vulnerabilities. |
|
VCID-x7p1-azb5-zka6
Aliases: CVE-2018-8294 GHSA-gxxx-j8m7-hh7m |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8280, CVE-2018-8286, CVE-2018-8290. |
Affected by 118 other vulnerabilities. Affected by 110 other vulnerabilities. |
|
VCID-xgn4-t4hw-tkba
Aliases: CVE-2019-1001 |
Out-of-bounds Write A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1004, CVE-2019-1056, CVE-2019-1059. |
Affected by 50 other vulnerabilities. |
|
VCID-yb1f-mred-tyc8
Aliases: CVE-2020-1180 GHSA-wc43-7wj6-4ggr |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1057, CVE-2020-1172. |
Affected by 3 other vulnerabilities. |
|
VCID-ydrm-ec1q-jfe8
Aliases: CVE-2018-0946 GHSA-wc67-4cg3-35wf |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139. |
Affected by 126 other vulnerabilities. Affected by 124 other vulnerabilities. |
|
VCID-yjh2-4qcm-6fcp
Aliases: CVE-2019-0992 GHSA-53r4-h27g-rg3x |
Chakra Scripting Engine Out-of-bounds write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based). The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge (HTML-based) and then convince a user to view the website. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability. The security update addresses the vulnerability by modifying how the Chakra scripting engine handles objects in memory. |
Affected by 56 other vulnerabilities. |
|
VCID-ykp3-zww3-2kgd
Aliases: CVE-2019-1106 GHSA-mg98-x2cm-4cpf |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1103, CVE-2019-1107. |
Affected by 50 other vulnerabilities. |
|
VCID-yz2r-ckb1-7ucj
Aliases: CVE-2019-0642 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0605, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. |
Affected by 96 other vulnerabilities. |
|
VCID-z1vc-213w-jffs
Aliases: CVE-2019-1103 GHSA-vmf5-924f-25f2 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1062, CVE-2019-1092, CVE-2019-1106, CVE-2019-1107. |
Affected by 50 other vulnerabilities. |
|
VCID-zk3h-kan5-53d7
Aliases: CVE-2019-0605 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-0590, CVE-2019-0591, CVE-2019-0593, CVE-2019-0607, CVE-2019-0610, CVE-2019-0640, CVE-2019-0642, CVE-2019-0644, CVE-2019-0651, CVE-2019-0652, CVE-2019-0655. |
Affected by 96 other vulnerabilities. |
|
VCID-zwrk-qm3p-c7aj
Aliases: CVE-2018-8227 GHSA-gqh4-4r89-pr95 |
Out-of-bounds Write A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8229. |
Affected by 124 other vulnerabilities. Affected by 124 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-15bg-k749-f3cq | Out-of-bounds Write Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0778, and CVE-2018-0781. |
CVE-2018-0777
|
| VCID-4k33-tc8h-tffb | Out-of-bounds Read Microsoft Edge in Microsoft Windows, and Windows Server allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0780 and CVE-2018-0800. |
CVE-2018-0767
|
| VCID-4wz9-u984-ukgc | Out-of-bounds Write Microsoft Edge in Windows allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. |
CVE-2018-0774
|
| VCID-6514-5san-1fd2 | Out-of-bounds Read Microsoft Edge in Microsoft Windows Gold, and Windows Server allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0800. |
CVE-2018-0780
|
| VCID-8t5y-hq2y-ybfq | Out-of-bounds Write Internet Explorer in Microsoft Windows 7 SP1, Windows Server and R2 SP1, Windows and Windows RT, Windows Server and R2, and Internet Explorer and Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. |
CVE-2018-0762
|
| VCID-a3dx-3h9w-v3d6 | Out-of-bounds Write Microsoft Edge in Windows allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. |
CVE-2018-0773
|
| VCID-bkg3-1ej1-7yfv | Out-of-bounds Write Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. |
CVE-2018-0776
|
| VCID-dhv5-de9y-xfer | Out-of-bounds Write Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. |
CVE-2018-0769
|
| VCID-ex22-dquk-dkcx | Out-of-bounds Write Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0778. |
CVE-2018-0781
|
| VCID-g1ap-ydcm-7yac | Out-of-bounds Write Internet Explorer in Microsoft Windows 7 SP1, Windows Server and R2 SP1, Windows and Windows RT, Windows Server and R2, and Internet Explorer and Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. |
CVE-2018-0772
|
| VCID-jg6m-vsyt-j3b2 | Out-of-bounds Write Microsoft Edge in Windows allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, and CVE-2018-0781. |
CVE-2018-0778
|
| VCID-padz-39c7-2fb9 | Exposure of Sensitive Information to an Unauthorized Actor Microsoft Edge in Microsoft Windows allows an attacker to obtain information to further compromise the user's system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2018-0767 and CVE-2018-0780. |
CVE-2018-0800
|
| VCID-qtt7-arcn-e7at | Out-of-bounds Write Microsoft Edge in Windows allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. |
CVE-2018-0768
|
| VCID-s4ax-ybgv-aye8 | Out-of-bounds Write Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. |
CVE-2018-0770
|
| VCID-xwsh-h1ve-sydh | Out-of-bounds Write Microsoft Edge in Windows allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. |
CVE-2018-0775
|
| VCID-yqq5-65kj-57hp | Out-of-bounds Write Microsoft Edge in Windows Gold, and Windows Server allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0770, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781. |
CVE-2018-0758
|