CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-11872
https://notcve.org/view.php?id=CVE-2017-11872
Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server 2016 allows an attacker to force the browser to send data that would otherwise be restricted to a destination website of the attacker's choice, due to how Microsoft Edge handles redirect requests, aka "Microsoft Edge Security Feature Bypass Vulnerability". This CVE ID is unique from CVE-2017-11863 and CVE-2017-11874. Microsoft Edge en Microsoft Windows 10 1607, 1703 y Windows Server 2016 permite que un atacante fuerce que el navegador envíe datos que, de otra forma, estarían restringidos, a una página web de destino a elección del atacante, debido a la forma en la que Microsoft Edge gestiona las peticiones de redirección. Esto también se conoce como "Microsoft Edge Security Feature Bypass Vulnerability". El ID de este CVE es diferente de CVE-2017-11863 y CVE-2017-11874. • http://www.securityfocus.com/bid/101749 http://www.securitytracker.com/id/1039801 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11872 •
CVSS: 7.6EPSS: 0%CPEs: 18EXPL: 0CVE-2017-11838
https://notcve.org/view.php?id=CVE-2017-11838
ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, and Microsoft Edge and Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. ChakraCore e Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2 y Microsoft Edge e Internet Explorer en Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 y Windows Server en su versión 1709 permiten que un atacante obtenga los mismos derechos de usuario que el usuario actual debido a la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad también se conoce como "Scripting Engine Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-11836, CVE-2017-11837, CVE-2017-11839, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871 y CVE-2017-11873. • http://www.securityfocus.com/bid/101737 http://www.securitytracker.com/id/1039780 http://www.securitytracker.com/id/1039781 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11838 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 92%CPEs: 7EXPL: 1CVE-2017-11839 – Microsoft Edge Chakra JIT - 'BailOutOnTaggedValue' Bailouts Type Confusion
https://notcve.org/view.php?id=CVE-2017-11839
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to take control of an affected system, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. Microsoft Edge en Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016 y Windows Server en su versión 1709 permite que un atacante tome el control de un sistema afectado debido a la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad también se conoce como "Scripting Engine Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11840, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871 y CVE-2017-11873. • https://www.exploit-db.com/exploits/43180 http://www.securityfocus.com/bid/101735 http://www.securitytracker.com/id/1039780 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11839 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 92%CPEs: 9EXPL: 1CVE-2017-11840 – Microsoft Edge Chakra JIT - 'GlobOpt::OptTagChecks' Must Consider IsLoopPrePass Properly
https://notcve.org/view.php?id=CVE-2017-11840
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. ChakraCore y Microsoft Edge en Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016 y Windows Server en su versión 1709 permiten que un atacante obtenga los mismos derechos de usuario que el usuario actual debido a la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad también se conoce como "Scripting Engine Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11841, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871 y CVE-2017-11873. • https://www.exploit-db.com/exploits/43183 http://www.securityfocus.com/bid/101734 http://www.securitytracker.com/id/1039780 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11840 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 92%CPEs: 9EXPL: 1CVE-2017-11841 – Microsoft Edge Chakra JIT - 'Inline::InlineCallApplyTarget_Shared' does not Return the return Instruction
https://notcve.org/view.php?id=CVE-2017-11841
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows Server 2016 and Windows Server, version 1709 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871, and CVE-2017-11873. ChakraCore y Microsoft Edge en Windows 10 Gold, 1511, 1607, 1703 y 1709, Windows Server 2016 y Windows Server en su versión 1709 permiten que un atacante obtenga los mismos derechos de usuario que el usuario actual debido a la manera en la que el motor de scripting gestiona los objetos en la memoria. Esta vulnerabilidad también se conoce como "Scripting Engine Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-11836, CVE-2017-11837, CVE-2017-11838, CVE-2017-11839, CVE-2017-11840, CVE-2017-11843, CVE-2017-11846, CVE-2017-11858, CVE-2017-11859, CVE-2017-11861, CVE-2017-11862, CVE-2017-11866, CVE-2017-11869, CVE-2017-11870, CVE-2017-11871 y CVE-2017-11873. • https://www.exploit-db.com/exploits/43181 http://www.securityfocus.com/bid/101733 http://www.securitytracker.com/id/1039780 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11841 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •