CVSS: 9.3EPSS: 15%CPEs: 4EXPL: 0CVE-2016-3259
https://notcve.org/view.php?id=CVE-2016-3259
The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3248. Los motores de Microsoft (1) JScript 9, (2) VBScript y (3) Chakra JavaScript, como se utilizan en Microsoft Internet Explorer 9 hasta la versión 11, Microsoft Edge y otros productos, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocido como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3248. • http://www.securityfocus.com/bid/91581 http://www.securitytracker.com/id/1036283 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 15%CPEs: 4EXPL: 0CVE-2016-3248
https://notcve.org/view.php?id=CVE-2016-3248
The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 9 through 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3259. Los motores de Microsoft (1) JScript 9, (2) VBScript y (3) Chakra JavaScript, como se utilizan en Microsoft Internet Explorer 9 hasta la versión 11, Microsoft Edge y otros productos, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3259. • http://www.securityfocus.com/bid/91578 http://www.securitytracker.com/id/1036283 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 28%CPEs: 1EXPL: 0CVE-2016-3269
https://notcve.org/view.php?id=CVE-2016-3269
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3265. El motor Chakra de JavaScript en Microsoft Edge permite a atacantes ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability", una vulnerabilidad diferente a CVE-2016-3265. • http://www.securityfocus.com/bid/91595 http://www.securitytracker.com/id/1036286 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 15%CPEs: 2EXPL: 0CVE-2016-3260
https://notcve.org/view.php?id=CVE-2016-3260
The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript engines, as used in Microsoft Internet Explorer 11, Microsoft Edge, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability." Los motores de Microsoft (1) JScript 9, (2) VBScript y (3) Chakra JavaScript, como se utilizan en Microsoft Internet Explorer 11, Microsoft Edge, y otros productos, permiten a atacantes remotos ejecutar código arbitrario o provocar una denegación de servicio (corrupción de memoria) a través de un sitio web manipulado, también conocida como "Scripting Engine Memory Corruption Vulnerability". • http://www.securityfocus.com/bid/91580 http://www.securitytracker.com/id/1036283 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-084 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 19%CPEs: 1EXPL: 0CVE-2016-3271 – Microsoft Chakra ArrayBuffer.transfer Uninitialized Buffer Information Leak Vulnerability
https://notcve.org/view.php?id=CVE-2016-3271
The VBScript engine in Microsoft Edge allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Scripting Engine Information Disclosure Vulnerability." El motor VBScript en Microsoft Edge permite a atacantes remotos obtener información sensible de la memoria de proceso a través de un sitio web manipulado, también conocida como "Scripting Engine Information Disclosure Vulnerability". This vulnerability allows remote attackers to leak sensitive information on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ArrayBuffer.transfer. The issue lies in the failure to properly initialize a buffer prior to returning it to the user. • http://www.securityfocus.com/bid/91586 http://www.securitytracker.com/id/1036286 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-085 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •