Total
255 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11874 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2025-04-20 | 2.6 LOW | 3.1 LOW |
| Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard (CFG) to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time (JIT) compiler, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11872. | |||||
| CVE-2017-11912 | 1 Microsoft | 10 Chakracore, Edge, Internet Explorer and 7 more | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
| ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, and Internet Explorer and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. | |||||
| CVE-2017-11767 | 1 Microsoft | 1 Chakracore | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | |||||
| CVE-2017-11840 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2025-04-20 | 7.6 HIGH | 7.5 HIGH |
| ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. | |||||
| CVE-2023-37143 | 1 Microsoft | 1 Chakracore | 2024-11-21 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp(). | |||||
| CVE-2023-37142 | 1 Microsoft | 1 Chakracore | 2024-11-21 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees(). | |||||
| CVE-2023-37141 | 1 Microsoft | 1 Chakracore | 2024-11-21 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray(). | |||||
| CVE-2023-37140 | 1 Microsoft | 1 Chakracore | 2024-11-21 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount(). | |||||
| CVE-2023-37139 | 1 Microsoft | 1 Chakracore | 2024-11-21 | N/A | 5.5 MEDIUM |
| ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray(). | |||||
| CVE-2020-23315 | 1 Microsoft | 1 Chakracore | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta. | |||||
| CVE-2020-1219 | 1 Microsoft | 11 Chakracore, Edge, Internet Explorer and 8 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | |||||
| CVE-2020-1073 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | |||||
| CVE-2020-1065 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. | |||||
| CVE-2020-1037 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | |||||
| CVE-2020-17054 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2024-11-21 | 7.6 HIGH | 4.2 MEDIUM |
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2020-17048 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2024-11-21 | 6.8 MEDIUM | 4.2 MEDIUM |
| Chakra Scripting Engine Memory Corruption Vulnerability | |||||
| CVE-2020-0970 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0968. | |||||
| CVE-2020-0969 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. | |||||
| CVE-2020-0848 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833. | |||||
| CVE-2020-0831 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0830, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | |||||