CVSS: 7.6EPSS: 7%CPEs: 8EXPL: 0CVE-2017-11910
https://notcve.org/view.php?id=CVE-2017-11910
ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930. ChakraCore en Windows 10 Gold, 1511, 1607, 1703 y 1709 y Windows Server 2016 permite que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que el motor de scripting manipula objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918 y CVE-2017-11930. • http://www.securityfocus.com/bid/102086 http://www.securitytracker.com/id/1039990 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11910 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 1%CPEs: 1EXPL: 0CVE-2017-11916
https://notcve.org/view.php?id=CVE-2017-11916
ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918, and CVE-2017-11930. ChakraCore permite que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que ChakraCore manipula objetos en la memoria. Esto también se conoce como "Scripting Engine Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11918 y CVE-2017-11930. • http://www.securityfocus.com/bid/102090 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11916 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 7%CPEs: 13EXPL: 0CVE-2017-11930
https://notcve.org/view.php?id=CVE-2017-11930
ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, and CVE-2017-11916. ChakraCore e Internet Explorer en Microsoft Windows 7 SP1, Windows Server 2008 y R2 SP1, Windows 8.1 y Windows RT 8.1, Windows Server 2012 y R2, Windows 10 Gold, 1511, 1607, 1703 y 1709 y Windows Server 2016 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual por como gestiona el motor de scripting los objetos en la memoria. Esta vulnerabilidad también se conoce como "Scripting Engine Memory Corruption Vulnerability". El ID de este CVE es diferente de CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914 y CVE-2017-11916. • http://www.securityfocus.com/bid/102058 http://www.securitytracker.com/id/1039991 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11930 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 1%CPEs: 1EXPL: 0CVE-2017-11797
https://notcve.org/view.php?id=CVE-2017-11797
ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. ChakraCore permite que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que el motor de scripting de ChakraCore gestiona objetos en la memoria, lo que también se conoce como "Scripting Engine Information Disclosure Vulnerability". Este ID CVE es exclusivo de CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11802, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812 y CVE-2017-11821. • http://www.securityfocus.com/bid/101145 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11797 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 92%CPEs: 7EXPL: 1CVE-2017-11802 – Microsoft Edge Chakra JIT - 'RegexHelper::StringReplace' Must Call the Callback Function with Updating ImplicitCallFlags
https://notcve.org/view.php?id=CVE-2017-11802
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812, and CVE-2017-11821. ChakraCore y Microsoft Edge en Microsoft Windows 10 Gold, 1511, 1607, 1703, y Windows Server 2016 permiten que un atacante ejecute código arbitrario en el contexto del usuario actual debido a la forma en la que el motor de scripting gestiona objetos en la memoria, lo que también se conoce como "Scripting Engine Memory Corruption Vulnerability". Este ID CVE es exclusivo de CVE-2017-11792, CVE-2017-11793, CVE-2017-11796, CVE-2017-11797, CVE-2017-11798, CVE-2017-11799, CVE-2017-11800, CVE-2017-11801, CVE-2017-11804, CVE-2017-11805, CVE-2017-11806, CVE-2017-11807, CVE-2017-11808, CVE-2017-11809, CVE-2017-11810, CVE-2017-11811, CVE-2017-11812 y CVE-2017-11821. The "String.prototype.replace" method can be inlined in the JIT process. • https://www.exploit-db.com/exploits/43000 http://www.securityfocus.com/bid/101130 http://www.securitytracker.com/id/1039529 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11802 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •