cvelistv5 - cve-2019-0592

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:51:27.239Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Edge",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows 10 Version 1809 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1809 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1809 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows Server 2019"
            }
          ]
        },
        {
          "product": "ChakraCore",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "datePublic": "2019-03-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-0611."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Other",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-08T22:22:27",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0592",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Edge",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows 10 Version 1809 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1809 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1809 for ARM64-based Systems"
                          },
                          {
                            "version_value": "Windows Server 2019"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ChakraCore",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-0611."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0592",
    "datePublished": "2019-04-08T22:22:27",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:51:27.239Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.11.7\", \"matchCriteriaId\": \"DC8A2BE9-47F9-425C-9A83-B198A5973DAD\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77D197D7-57FB-4898-8C70-B19D5F0D5BE0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B8F3DD2-A145-4AF1-8545-CC42892DA3D1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-0611.\"}, {\"lang\": \"es\", \"value\": \"Se presenta una vulnerabilidad de ejecuci\\u00f3n de c\\u00f3digo remota  en la manera en que el motor de scripts Chakra maneja los objetos en memoria en Microsoft Edge, tambi\\u00e9n se conoce como \\\"Chakra Scripting Engine Memory Corruption Vulnerability\\\". Este ID de CVE es diferente de CVE-2019-0611.\"}]",
      "id": "CVE-2019-0592",
      "lastModified": "2024-11-21T04:16:55.230",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:H/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.6, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 4.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-04-08T23:29:00.337",
      "references": "[{\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-0592\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-04-08T23:29:00.337\",\"lastModified\":\"2024-11-21T04:16:55.230\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-0611.\"},{\"lang\":\"es\",\"value\":\"Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remota  en la manera en que el motor de scripts Chakra maneja los objetos en memoria en Microsoft Edge, tambi\u00e9n se conoce como \\\"Chakra Scripting Engine Memory Corruption Vulnerability\\\". Este ID de CVE es diferente de CVE-2019-0611.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.11.7\",\"matchCriteriaId\":\"DC8A2BE9-47F9-425C-9A83-B198A5973DAD\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77D197D7-57FB-4898-8C70-B19D5F0D5BE0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8F3DD2-A145-4AF1-8545-CC42892DA3D1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]}],\"references\":[{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

GHSA-FV38-4C3M-25V8

Vulnerability from github – Published: 2019-04-09 19:43 – Updated: 2021-09-10 19:20

Summary

High severity vulnerability that affects Microsoft.ChakraCore

Details

Severity ?

7.5 (High)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "NuGet",
        "name": "Microsoft.ChakraCore"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.11.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-0592"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-787"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:35:13Z",
    "nvd_published_at": null,
    "severity": "HIGH"
  },
  "details": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-0611.",
  "id": "GHSA-fv38-4c3m-25v8",
  "modified": "2021-09-10T19:20:26Z",
  "published": "2019-04-09T19:43:56Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0592"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-fv38-4c3m-25v8"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "High severity vulnerability that affects Microsoft.ChakraCore"
}

GSD-2019-0592

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-0592

Aliases

CVE-2019-0592

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-0592",
    "description": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-0611.",
    "id": "GSD-2019-0592"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-0592"
      ],
      "details": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-0611.",
      "id": "GSD-2019-0592",
      "modified": "2023-12-13T01:23:39.823849Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2019-0592",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Edge",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Windows 10 Version 1809 for 32-bit Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1809 for x64-based Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1809 for ARM64-based Systems"
                        },
                        {
                          "version_value": "Windows Server 2019"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ChakraCore",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-0611."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Other"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[,1.11.7)",
          "affected_versions": "All versions before 1.11.7",
          "cvss_v2": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-787",
            "CWE-937"
          ],
          "date": "2020-08-24",
          "description": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-0611.",
          "fixed_versions": [
            "1.11.7"
          ],
          "identifier": "CVE-2019-0592",
          "identifiers": [
            "CVE-2019-0592"
          ],
          "not_impacted": "All versions starting from 1.11.7",
          "package_slug": "nuget/Microsoft.ChakraCore",
          "pubdate": "2019-04-08",
          "solution": "Upgrade to version 1.11.7 or above.",
          "title": "Out-of-bounds Write",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-0592",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592"
          ],
          "uuid": "40fd8234-c200-4ea0-b436-462a19ea1169"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.11.7",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0592"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka \u0027Chakra Scripting Engine Memory Corruption Vulnerability\u0027. This CVE ID is unique from CVE-2019-0611."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-787"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "HIGH",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.6,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 4.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 1.6,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-04-08T23:29Z"
    }
  }
}

CNVD-2019-16749

Vulnerability from cnvd - Published: 2019-06-09

Title

Microsoft Edge和ChakraCore远程代码执行漏洞（CNVD-2019-16749）

Description

Microsoft ChakraCore和Microsoft Edge都是美国微软（Microsoft）公司的产品。ChakraCore是使用在Edge浏览器中的一个开源的ChakraJavaScript脚本引擎的核心部分，也可作为单独的JavaScript引擎使用。Microsoft Edge是一款Windows 10之后版本系统附带的Web浏览器。 Microsoft Edge和ChakraCore中存在远程代码执行漏洞，远程攻击者可利用该漏洞在当前用户的上下文中执行任意代码，造成内存损坏。

Severity

高

Patch Name

Microsoft Edge和ChakraCore远程代码执行漏洞（CNVD-2019-16749）的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0592

Reference

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0592

Impacted products

Name
['Microsoft Edge', 'Microsoft ChakraCore']

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-0592"
    }
  },
  "description": "Microsoft ChakraCore\u548cMicrosoft Edge\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002ChakraCore\u662f\u4f7f\u7528\u5728Edge\u6d4f\u89c8\u5668\u4e2d\u7684\u4e00\u4e2a\u5f00\u6e90\u7684ChakraJavaScript\u811a\u672c\u5f15\u64ce\u7684\u6838\u5fc3\u90e8\u5206\uff0c\u4e5f\u53ef\u4f5c\u4e3a\u5355\u72ec\u7684JavaScript\u5f15\u64ce\u4f7f\u7528\u3002Microsoft Edge\u662f\u4e00\u6b3eWindows 10\u4e4b\u540e\u7248\u672c\u7cfb\u7edf\u9644\u5e26\u7684Web\u6d4f\u89c8\u5668\u3002\n\nMicrosoft Edge\u548cChakraCore\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u9020\u6210\u5185\u5b58\u635f\u574f\u3002",
  "discovererName": "MoonLiang,Yuki Chen,Zhenhuan Li",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0592",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-16749",
  "openTime": "2019-06-09",
  "patchDescription": "Microsoft ChakraCore\u548cMicrosoft Edge\u90fd\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002ChakraCore\u662f\u4f7f\u7528\u5728Edge\u6d4f\u89c8\u5668\u4e2d\u7684\u4e00\u4e2a\u5f00\u6e90\u7684ChakraJavaScript\u811a\u672c\u5f15\u64ce\u7684\u6838\u5fc3\u90e8\u5206\uff0c\u4e5f\u53ef\u4f5c\u4e3a\u5355\u72ec\u7684JavaScript\u5f15\u64ce\u4f7f\u7528\u3002Microsoft Edge\u662f\u4e00\u6b3eWindows 10\u4e4b\u540e\u7248\u672c\u7cfb\u7edf\u9644\u5e26\u7684Web\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft Edge\u548cChakraCore\u4e2d\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u5f53\u524d\u7528\u6237\u7684\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u4efb\u610f\u4ee3\u7801\uff0c\u9020\u6210\u5185\u5b58\u635f\u574f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Edge\u548cChakraCore\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2019-16749\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft Edge",
      "Microsoft ChakraCore"
    ]
  },
  "referenceLink": "https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-0592",
  "serverity": "\u9ad8",
  "submitTime": "2019-03-13",
  "title": "Microsoft Edge\u548cChakraCore\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff08CNVD-2019-16749\uff09"
}

CERTFR-2019-AVI-102

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-0639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0639"
    },
    {
      "name": "CVE-2019-0769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0769"
    },
    {
      "name": "CVE-2019-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0762"
    },
    {
      "name": "CVE-2019-0592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0592"
    },
    {
      "name": "CVE-2019-0612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0612"
    },
    {
      "name": "CVE-2019-0678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0678"
    },
    {
      "name": "CVE-2019-0770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0770"
    },
    {
      "name": "CVE-2019-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0746"
    },
    {
      "name": "CVE-2019-0779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0779"
    },
    {
      "name": "CVE-2019-0611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0611"
    },
    {
      "name": "CVE-2019-0773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0773"
    },
    {
      "name": "CVE-2019-0609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0609"
    },
    {
      "name": "CVE-2019-0771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0771"
    },
    {
      "name": "CVE-2019-0780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0780"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-102",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code \u00e0 distance et un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 mars 2019",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2019-AVI-106

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance, une usurpation d'identité et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Nuget 4.6.3
Microsoft	N/A	ChakraCore
Microsoft	N/A	Mono Framework Version 5.18.0.223
Microsoft	N/A	Team Foundation Server 2018 Update 3.2
Microsoft	N/A	Nuget 4.4.2
Microsoft	N/A	Visual Studio pour Mac
Microsoft	N/A	Nuget 4.7.2
Microsoft	N/A	Skype pour Business Server 2015 March 2019 Update
Microsoft	N/A	Mono Framework Version 5.20.0
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9
Microsoft	N/A	Nuget 4.8.2
Microsoft	N/A	Team Foundation Server 2017 Update 3.1
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 8
Microsoft	N/A	Nuget 4.9.4
Microsoft	N/A	Microsoft Lync Server 2013 July 2018 Update
Microsoft	N/A	Team Foundation Server 2018 Updated 1.2
Microsoft	N/A	UbuntuServer:18.04-LTS
Microsoft	N/A	Nuget 4.3.1
Microsoft	N/A	Nuget 4.5.2

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nuget 4.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Mono Framework Version 5.18.0.223",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Update 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 4.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visual Studio pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 4.7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business Server 2015 March 2019 Update",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Mono Framework Version 5.20.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 4.8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2017 Update 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 4.9.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync Server 2013 July 2018 Update",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Updated 1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "UbuntuServer:18.04-LTS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 4.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 4.5.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-0639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0639"
    },
    {
      "name": "CVE-2019-0769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0769"
    },
    {
      "name": "CVE-2019-0592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0592"
    },
    {
      "name": "CVE-2019-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0777"
    },
    {
      "name": "CVE-2019-0809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0809"
    },
    {
      "name": "CVE-2019-0798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0798"
    },
    {
      "name": "CVE-2019-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0746"
    },
    {
      "name": "CVE-2019-0757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0757"
    },
    {
      "name": "CVE-2019-0611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0611"
    },
    {
      "name": "CVE-2019-0773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0773"
    },
    {
      "name": "CVE-2018-8654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8654"
    },
    {
      "name": "CVE-2019-0609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0609"
    },
    {
      "name": "CVE-2019-0771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0771"
    },
    {
      "name": "CVE-2019-0816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0816"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-106",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, une\nusurpation d\u0027identit\u00e9 et un contournement de la fonctionnalit\u00e9 de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 mars 2019",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2019-AVI-102

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-0639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0639"
    },
    {
      "name": "CVE-2019-0769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0769"
    },
    {
      "name": "CVE-2019-0762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0762"
    },
    {
      "name": "CVE-2019-0592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0592"
    },
    {
      "name": "CVE-2019-0612",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0612"
    },
    {
      "name": "CVE-2019-0678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0678"
    },
    {
      "name": "CVE-2019-0770",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0770"
    },
    {
      "name": "CVE-2019-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0746"
    },
    {
      "name": "CVE-2019-0779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0779"
    },
    {
      "name": "CVE-2019-0611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0611"
    },
    {
      "name": "CVE-2019-0773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0773"
    },
    {
      "name": "CVE-2019-0609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0609"
    },
    {
      "name": "CVE-2019-0771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0771"
    },
    {
      "name": "CVE-2019-0780",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0780"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-102",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code \u00e0 distance et un contournement de la\nfonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 mars 2019",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2019-AVI-106

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	Nuget 4.6.3
Microsoft	N/A	ChakraCore
Microsoft	N/A	Mono Framework Version 5.18.0.223
Microsoft	N/A	Team Foundation Server 2018 Update 3.2
Microsoft	N/A	Nuget 4.4.2
Microsoft	N/A	Visual Studio pour Mac
Microsoft	N/A	Nuget 4.7.2
Microsoft	N/A	Skype pour Business Server 2015 March 2019 Update
Microsoft	N/A	Mono Framework Version 5.20.0
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9
Microsoft	N/A	Nuget 4.8.2
Microsoft	N/A	Team Foundation Server 2017 Update 3.1
Microsoft	N/A	Microsoft Dynamics 365 (on-premises) version 8
Microsoft	N/A	Nuget 4.9.4
Microsoft	N/A	Microsoft Lync Server 2013 July 2018 Update
Microsoft	N/A	Team Foundation Server 2018 Updated 1.2
Microsoft	N/A	UbuntuServer:18.04-LTS
Microsoft	N/A	Nuget 4.3.1
Microsoft	N/A	Nuget 4.5.2

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Nuget 4.6.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Mono Framework Version 5.18.0.223",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Update 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 4.4.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visual Studio pour Mac",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 4.7.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business Server 2015 March 2019 Update",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Mono Framework Version 5.20.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 4.8.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2017 Update 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Dynamics 365 (on-premises) version 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 4.9.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Lync Server 2013 July 2018 Update",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Updated 1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "UbuntuServer:18.04-LTS",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 4.3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Nuget 4.5.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-0639",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0639"
    },
    {
      "name": "CVE-2019-0769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0769"
    },
    {
      "name": "CVE-2019-0592",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0592"
    },
    {
      "name": "CVE-2019-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0777"
    },
    {
      "name": "CVE-2019-0809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0809"
    },
    {
      "name": "CVE-2019-0798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0798"
    },
    {
      "name": "CVE-2019-0746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0746"
    },
    {
      "name": "CVE-2019-0757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0757"
    },
    {
      "name": "CVE-2019-0611",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0611"
    },
    {
      "name": "CVE-2019-0773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0773"
    },
    {
      "name": "CVE-2018-8654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-8654"
    },
    {
      "name": "CVE-2019-0609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0609"
    },
    {
      "name": "CVE-2019-0771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0771"
    },
    {
      "name": "CVE-2019-0816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0816"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-106",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-03-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, une\nusurpation d\u0027identit\u00e9 et un contournement de la fonctionnalit\u00e9 de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 mars 2019",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

FKIE_CVE-2019-0592

Vulnerability from fkie_nvd - Published: 2019-04-08 23:29 - Updated: 2024-11-21 04:16

Severity ?

7.5 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592	Patch, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0592	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	chakracore	*
microsoft	edge	-
microsoft	windows_10	1809
microsoft	windows_server_2019	-