CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 1CVE-2023-37139
https://notcve.org/view.php?id=CVE-2023-37139
18 Jul 2023 — ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray(). • https://github.com/chakra-core/ChakraCore/issues/6884 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37140
https://notcve.org/view.php?id=CVE-2023-37140
18 Jul 2023 — ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount(). • https://github.com/chakra-core/ChakraCore/issues/6885 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37141
https://notcve.org/view.php?id=CVE-2023-37141
18 Jul 2023 — ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray(). • https://github.com/chakra-core/ChakraCore/issues/6886 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37142
https://notcve.org/view.php?id=CVE-2023-37142
18 Jul 2023 — ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees(). • https://github.com/chakra-core/ChakraCore/issues/6887 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 1%CPEs: 1EXPL: 1CVE-2023-37143
https://notcve.org/view.php?id=CVE-2023-37143
18 Jul 2023 — ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp(). • https://github.com/chakra-core/ChakraCore/issues/6888 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 1CVE-2020-23315
https://notcve.org/view.php?id=CVE-2020-23315
20 Jan 2022 — There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta. Se presenta un fallo de ASERCIÓN (pFuncBody-)GetYieldRegister() == oldYieldRegister) en Js::DebugContext::RundownSourcesAndReparse en ChakraCore versión 1.12.0.0-beta • https://github.com/microsoft/ChakraCore/issues/6453 •
CVSS: 8.8EPSS: 2%CPEs: 18EXPL: 0CVE-2020-17131 – Chakra Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-17131
09 Dec 2020 — Chakra Scripting Engine Memory Corruption Vulnerability Vulnerabilidad de corrupción de memoria en el motor de scripting de Chakra This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the JIT compiler. By performing actions in JavaScript, an attacker can trigger a memory corruption co... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17131 • CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 2%CPEs: 12EXPL: 0CVE-2020-17054 – Chakra Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-17054
11 Nov 2020 — Chakra Scripting Engine Memory Corruption Vulnerability Vulnerabilidad de Corrupción de Memoria del Motor de Scripting de Chakra Este ID de CVE es diferente deCVE-2020-17048. • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17054 • CWE-787: Out-of-bounds Write •
CVSS: 8.1EPSS: 2%CPEs: 11EXPL: 0CVE-2020-17048 – Chakra Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-17048
11 Nov 2020 — Chakra Scripting Engine Memory Corruption Vulnerability Vulnerabilidad de Corrupción de Memoria del Motor de Scripting de Chakra Este ID de CVE es diferente deCVE-2020-17054. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of array iterator objects. By performing act... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17048 • CWE-787: Out-of-bounds Write •
CVSS: 7.6EPSS: 2%CPEs: 12EXPL: 0CVE-2020-1180 – Scripting Engine Memory Corruption Vulnerability
https://notcve.org/view.php?id=CVE-2020-1180
11 Sep 2020 —
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take con... • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1180 • CWE-787: Out-of-bounds Write •