Microsoft.ChakraCore
NuGet247 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting Microsoft.ChakraCorepage 2 of 5
- CVE-2017-11893HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.52017-12-12
vulnerable: 1.2.0 ... 1.7.4 (25 versions)
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Sc…
- CVE-2017-11905HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.52017-12-12
vulnerable: 1.2.0 ... 1.7.4 (25 versions)
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Sc…
- CVE-2017-11908HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.52017-12-12
vulnerable: 1.2.0 ... 1.7.4 (25 versions)
ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID …
- CVE-2017-11909HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.52017-12-12
vulnerable: 1.2.0 ... 1.7.4 (25 versions)
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Mem…
- CVE-2017-11910HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.52017-12-12
vulnerable: 1.2.0 ... 1.7.4 (25 versions)
ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engi…
- CVE-2017-11911HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.52017-12-12
vulnerable: 1.2.0 ... 1.7.4 (25 versions)
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Mem…
- CVE-2017-11914HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.52017-12-12
vulnerable: 1.2.0 ... 1.7.4 (25 versions)
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engi…
- CVE-2017-11916HIGHCVSS 7.5EG 7.5✓ Fixed in 1.7.52017-12-12
vulnerable: 1.2.0 ... 1.7.4 (25 versions)
ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique…
- CVE-2017-8658CRITICALCVSS 9.8EG 9.8✓ Fixed in 1.6.12017-08-11
vulnerable: 1.2.0 ... 1.6.0 (19 versions)
A remote code execution vulnerability exists in the way that the Chakra JavaScript engine renders when handling objects in memory, aka "Scripting Engine Memory Corruption Vulnerability".
- CVE-2017-8659MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.6.12017-08-08
vulnerable: 1.2.0 ... 1.6.0 (19 versions)
Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to obtain information to further compromise the user's system due to the Chakra scripting engine not properly handling objects in memory, aka "Scripting Engine Information Disc…
- CVE-2018-0818HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.02018-01-10
vulnerable: 1.2.0 ... 1.7.6 (27 versions)
Microsoft ChakraCore allows an attacker to bypass Control Flow Guard (CFG) in conjunction with another vulnerability to run arbitrary code on a target system, due to how the Chakra scripting engine handles accessing memory, aka "Scripting …
- CVE-2018-0834HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.12018-02-15
vulnerable: 1.2.0 ... 1.8.0 (28 versions)
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vu…
- CVE-2018-0835HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.12018-02-15
vulnerable: 1.2.0 ... 1.8.0 (28 versions)
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vu…
- CVE-2018-0836HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.12018-02-15
vulnerable: 1.2.0 ... 1.8.0 (28 versions)
Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from…
- CVE-2018-0837HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.12018-02-15
vulnerable: 1.2.0 ... 1.8.0 (28 versions)
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vu…
- CVE-2018-0838HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.12018-02-15
vulnerable: 1.2.0 ... 1.8.0 (28 versions)
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vu…
- CVE-2018-0856HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.12018-02-15
vulnerable: 1.2.0 ... 1.8.0 (28 versions)
Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from…
- CVE-2018-0857HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.12018-02-15
vulnerable: 1.2.0 ... 1.8.0 (28 versions)
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vu…
- CVE-2018-0858HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.12018-02-15
vulnerable: 1.2.0 ... 1.8.0 (28 versions)
ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, …
- CVE-2018-0859HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.12018-02-15
vulnerable: 1.2.0 ... 1.8.0 (28 versions)
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vu…
- CVE-2018-0860HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.12018-02-15
vulnerable: 1.2.0 ... 1.8.0 (28 versions)
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vu…
- CVE-2018-0872HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.22018-03-14
vulnerable: 1.2.0 ... 1.8.1 (29 versions)
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory…
- CVE-2018-0873HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.22018-03-14
vulnerable: 1.2.0 ... 1.8.1 (29 versions)
ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corru…
- CVE-2018-0874HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.22018-03-14
vulnerable: 1.2.0 ... 1.8.1 (29 versions)
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory…
- CVE-2018-0925HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.22018-03-14
vulnerable: 1.2.0 ... 1.8.1 (29 versions)
ChakraCore allows remote code execution, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, …
- CVE-2018-0930HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.22018-03-14
vulnerable: 1.2.0 ... 1.8.1 (29 versions)
ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique…
- CVE-2018-0931HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.22018-03-14
vulnerable: 1.2.0 ... 1.8.1 (29 versions)
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulner…
- CVE-2018-0933HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.22018-03-14
vulnerable: 1.2.0 ... 1.8.1 (29 versions)
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulner…
- CVE-2018-0934HIGHCVSS 7.5EG 9.0✓ Fixed in 1.8.22018-03-14
vulnerable: 1.2.0 ... 1.8.1 (29 versions)
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulner…
- CVE-2018-0936HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.22018-03-14
vulnerable: 1.2.0 ... 1.8.1 (29 versions)
ChakraCore and Microsoft Windows 10 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872…
- CVE-2018-0937HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.22018-03-14
vulnerable: 1.2.0 ... 1.8.1 (29 versions)
ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-…
- CVE-2018-0939MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.8.22018-03-14
vulnerable: 1.2.0 ... 1.8.1 (29 versions)
ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow information disclosure, due to how the scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-…
- CVE-2018-0943HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.42018-05-09
vulnerable: 1.2.0 ... 1.8.3 (31 versions)
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. T…
- CVE-2018-0945HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.42018-05-09
vulnerable: 1.2.0 ... 1.8.3 (31 versions)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is …
- CVE-2018-0946HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.42018-05-09
vulnerable: 1.2.0 ... 1.8.3 (31 versions)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is …
- CVE-2018-0954HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.42018-05-09
vulnerable: 1.2.0 ... 1.8.3 (31 versions)
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, ChakraCore, Internet Ex…
- CVE-2018-0979HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.32018-04-12
vulnerable: 1.2.0 ... 1.8.2 (30 versions)
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. T…
- CVE-2018-0980HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.32018-04-12
vulnerable: 1.2.0 ... 1.8.2 (30 versions)
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. T…
- CVE-2018-0990HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.32018-04-12
vulnerable: 1.2.0 ... 1.8.2 (30 versions)
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. T…
- CVE-2018-0993HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.32018-04-12
vulnerable: 1.2.0 ... 1.8.2 (30 versions)
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. T…
- CVE-2018-0994HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.32018-04-12
vulnerable: 1.2.0 ... 1.8.2 (30 versions)
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. T…
- CVE-2018-0995HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.32018-04-12
vulnerable: 1.2.0 ... 1.8.2 (30 versions)
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. T…
- CVE-2018-1019HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.32018-04-12
vulnerable: 1.2.0 ... 1.8.2 (30 versions)
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. T…
- CVE-2018-1022HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.42018-05-09
vulnerable: 1.2.0 ... 1.8.3 (31 versions)
A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka "Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore, Internet Explorer 11, Microsoft …
- CVE-2018-8130HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.42018-05-09
vulnerable: 1.2.0 ... 1.8.3 (31 versions)
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. T…
- CVE-2018-8133HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.42018-05-09
vulnerable: 1.2.0 ... 1.8.3 (31 versions)
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. T…
- CVE-2018-8137HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.42018-05-09
vulnerable: 1.2.0 ... 1.8.3 (31 versions)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is …
- CVE-2018-8139HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.42018-05-09
vulnerable: 1.2.0 ... 1.8.3 (31 versions)
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is …
- CVE-2018-8145HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.42018-05-09
vulnerable: 1.2.0 ... 1.8.3 (31 versions)
An information disclosure vulnerability exists when Chakra improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Chakra Scripting Engine Me…
- CVE-2018-8177HIGHCVSS 7.5EG 7.5✓ Fixed in 1.8.42018-05-09
vulnerable: 1.2.0 ... 1.8.3 (31 versions)
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects ChakraCore. This CVE ID is un…
Check whether Microsoft.ChakraCore is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for Microsoft.ChakraCore CVEs against the assets you own.
Start Free Scan →