cvelistv5 - cve-2019-0658

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:51:27.001Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658"
          },
          {
            "name": "106882",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106882"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microsoft Edge",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "Windows 10 Version 1703 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1703 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1709 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1709 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1803 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1803 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1803 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1809 for 32-bit Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1809 for x64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1809 for ARM64-based Systems"
            },
            {
              "status": "affected",
              "version": "Windows Server 2019"
            },
            {
              "status": "affected",
              "version": "Windows 10 Version 1709 for ARM64-based Systems"
            }
          ]
        },
        {
          "product": "ChakraCore",
          "vendor": "Microsoft",
          "versions": [
            {
              "status": "affected",
              "version": "unspecified"
            }
          ]
        }
      ],
      "datePublic": "2019-03-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka \u0027Scripting Engine Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-0648."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-03-06T10:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658"
        },
        {
          "name": "106882",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106882"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0658",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microsoft Edge",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Windows 10 Version 1703 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1703 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1709 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1709 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1803 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1803 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1803 for ARM64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1809 for 32-bit Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1809 for x64-based Systems"
                          },
                          {
                            "version_value": "Windows 10 Version 1809 for ARM64-based Systems"
                          },
                          {
                            "version_value": "Windows Server 2019"
                          },
                          {
                            "version_value": "Windows 10 Version 1709 for ARM64-based Systems"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "ChakraCore",
                      "version": {
                        "version_data": [
                          {
                            "version_value": ""
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Microsoft"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka \u0027Scripting Engine Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-0648."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658"
            },
            {
              "name": "106882",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106882"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2019-0658",
    "datePublished": "2019-03-06T00:00:00",
    "dateReserved": "2018-11-26T00:00:00",
    "dateUpdated": "2024-08-04T17:51:27.001Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77D197D7-57FB-4898-8C70-B19D5F0D5BE0\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AEE2E768-0F45-46E1-B6D7-087917109D98\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83B14968-3985-43C3-ACE5-8307196EFAE3\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7CB85C75-4D35-480E-843D-60579EC75FCB\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6B8F3DD2-A145-4AF1-8545-CC42892DA3D1\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.11.6\", \"matchCriteriaId\": \"754B3B80-FD4A-40A1-877A-7E9DB60AE890\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka \u0027Scripting Engine Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-0648.\"}, {\"lang\": \"es\", \"value\": \"Existe una vulnerabilidad de divulgaci\\u00f3n de informaci\\u00f3n cuando el motor de scripting no gestiona correctamente los objetos en la memoria en Microsoft Edge. Esto tambi\\u00e9n se conoce como \\\"Scripting Engine Information Disclosure Vulnerability\\\". El ID de este CVE es diferente de CVE-2019-0648.\"}]",
      "id": "CVE-2019-0658",
      "lastModified": "2024-11-21T04:17:03.473",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2019-03-05T23:29:02.067",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/106882\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658\", \"source\": \"secure@microsoft.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/106882\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secure@microsoft.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2019-0658\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2019-03-05T23:29:02.067\",\"lastModified\":\"2024-11-21T04:17:03.473\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka \u0027Scripting Engine Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-0648.\"},{\"lang\":\"es\",\"value\":\"Existe una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n cuando el motor de scripting no gestiona correctamente los objetos en la memoria en Microsoft Edge. Esto tambi\u00e9n se conoce como \\\"Scripting Engine Information Disclosure Vulnerability\\\". El ID de este CVE es diferente de CVE-2019-0648.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77D197D7-57FB-4898-8C70-B19D5F0D5BE0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AEE2E768-0F45-46E1-B6D7-087917109D98\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83B14968-3985-43C3-ACE5-8307196EFAE3\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CB85C75-4D35-480E-843D-60579EC75FCB\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6B8F3DD2-A145-4AF1-8545-CC42892DA3D1\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB79EE26-FC32-417D-A49C-A1A63165A968\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.11.6\",\"matchCriteriaId\":\"754B3B80-FD4A-40A1-877A-7E9DB60AE890\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106882\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106882\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2019-AVI-060

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Microsoft Edge. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données, une exécution de code à distance, une usurpation d'identité et un contournement de la fonctionnalité de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-0640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0640"
    },
    {
      "name": "CVE-2019-0644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0644"
    },
    {
      "name": "CVE-2019-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0591"
    },
    {
      "name": "CVE-2019-0654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0654"
    },
    {
      "name": "CVE-2019-0593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0593"
    },
    {
      "name": "CVE-2019-0605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0605"
    },
    {
      "name": "CVE-2019-0649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0649"
    },
    {
      "name": "CVE-2019-0650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0650"
    },
    {
      "name": "CVE-2019-0651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0651"
    },
    {
      "name": "CVE-2019-0643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0643"
    },
    {
      "name": "CVE-2019-0652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0652"
    },
    {
      "name": "CVE-2019-0607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0607"
    },
    {
      "name": "CVE-2019-0642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0642"
    },
    {
      "name": "CVE-2019-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0658"
    },
    {
      "name": "CVE-2019-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0590"
    },
    {
      "name": "CVE-2019-0645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0645"
    },
    {
      "name": "CVE-2019-0655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0655"
    },
    {
      "name": "CVE-2019-0641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0641"
    },
    {
      "name": "CVE-2019-0648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0648"
    },
    {
      "name": "CVE-2019-0610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0610"
    },
    {
      "name": "CVE-2019-0634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0634"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-060",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, une usurpation d\u0027identit\u00e9\net un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 f\u00e9vrier 2019",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2019-AVI-064

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans les produits Microsoft. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, une élévation de privilèges, une exécution de code à distance et une usurpation d'identité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	ChakraCore
Microsoft	N/A	Team Foundation Server 2018 Update 3.2
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9
Microsoft	N/A	Team Foundation Server 2017 Update 3.1
Microsoft	N/A	Visual Studio Code
Microsoft	N/A	Microsoft Visual Studio 2017
Microsoft	N/A	Team Foundation Server 2018 Updated 1.2
Microsoft	N/A	Skype pour Business Server 2015 CU 8
Microsoft	Azure	Java SDK pour Azure IoT

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Update 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2017 Update 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visual Studio Code",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Updated 1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business Server 2015 CU 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Java SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-0640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0640"
    },
    {
      "name": "CVE-2019-0644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0644"
    },
    {
      "name": "CVE-2019-0613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0613"
    },
    {
      "name": "CVE-2019-0657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0657"
    },
    {
      "name": "CVE-2019-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0624"
    },
    {
      "name": "CVE-2019-0741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0741"
    },
    {
      "name": "CVE-2019-0646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0646"
    },
    {
      "name": "CVE-2019-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0591"
    },
    {
      "name": "CVE-2019-0593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0593"
    },
    {
      "name": "CVE-2019-0605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0605"
    },
    {
      "name": "CVE-2019-0649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0649"
    },
    {
      "name": "CVE-2019-0651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0651"
    },
    {
      "name": "CVE-2019-0743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0743"
    },
    {
      "name": "CVE-2019-0652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0652"
    },
    {
      "name": "CVE-2019-0607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0607"
    },
    {
      "name": "CVE-2019-0647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0647"
    },
    {
      "name": "CVE-2019-0729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0729"
    },
    {
      "name": "CVE-2019-0642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0642"
    },
    {
      "name": "CVE-2019-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0658"
    },
    {
      "name": "CVE-2019-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0590"
    },
    {
      "name": "CVE-2019-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0728"
    },
    {
      "name": "CVE-2019-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0742"
    },
    {
      "name": "CVE-2019-0655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0655"
    },
    {
      "name": "CVE-2019-0610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0610"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-064",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune \u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de code \u00e0 distance et une\nusurpation d\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 f\u00e9vrier 2019",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2019-AVI-064

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	N/A	ChakraCore
Microsoft	N/A	Team Foundation Server 2018 Update 3.2
Microsoft	N/A	Microsoft Visual Studio 2017 version 15.9
Microsoft	N/A	Team Foundation Server 2017 Update 3.1
Microsoft	N/A	Visual Studio Code
Microsoft	N/A	Microsoft Visual Studio 2017
Microsoft	N/A	Team Foundation Server 2018 Updated 1.2
Microsoft	N/A	Skype pour Business Server 2015 CU 8
Microsoft	Azure	Java SDK pour Azure IoT

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "ChakraCore",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Update 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017 version 15.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2017 Update 3.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Visual Studio Code",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Visual Studio 2017",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Team Foundation Server 2018 Updated 1.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Skype pour Business Server 2015 CU 8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Java SDK pour Azure IoT",
      "product": {
        "name": "Azure",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-0640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0640"
    },
    {
      "name": "CVE-2019-0644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0644"
    },
    {
      "name": "CVE-2019-0613",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0613"
    },
    {
      "name": "CVE-2019-0657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0657"
    },
    {
      "name": "CVE-2019-0624",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0624"
    },
    {
      "name": "CVE-2019-0741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0741"
    },
    {
      "name": "CVE-2019-0646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0646"
    },
    {
      "name": "CVE-2019-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0591"
    },
    {
      "name": "CVE-2019-0593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0593"
    },
    {
      "name": "CVE-2019-0605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0605"
    },
    {
      "name": "CVE-2019-0649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0649"
    },
    {
      "name": "CVE-2019-0651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0651"
    },
    {
      "name": "CVE-2019-0743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0743"
    },
    {
      "name": "CVE-2019-0652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0652"
    },
    {
      "name": "CVE-2019-0607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0607"
    },
    {
      "name": "CVE-2019-0647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0647"
    },
    {
      "name": "CVE-2019-0729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0729"
    },
    {
      "name": "CVE-2019-0642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0642"
    },
    {
      "name": "CVE-2019-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0658"
    },
    {
      "name": "CVE-2019-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0590"
    },
    {
      "name": "CVE-2019-0728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0728"
    },
    {
      "name": "CVE-2019-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0742"
    },
    {
      "name": "CVE-2019-0655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0655"
    },
    {
      "name": "CVE-2019-0610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0610"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-064",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eles produits Microsoft\u003c/span\u003e. Elles permettent \u00e0 un\nattaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es,\nune \u00e9l\u00e9vation de privil\u00e8ges, une ex\u00e9cution de code \u00e0 distance et une\nusurpation d\u0027identit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Microsoft",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 f\u00e9vrier 2019",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CERTFR-2019-AVI-060

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Microsoft	Edge	Microsoft Edge

References

Title

Publication Time

Tags

None

vendor-advisory

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Edge",
      "product": {
        "name": "Edge",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2019-0640",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0640"
    },
    {
      "name": "CVE-2019-0644",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0644"
    },
    {
      "name": "CVE-2019-0591",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0591"
    },
    {
      "name": "CVE-2019-0654",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0654"
    },
    {
      "name": "CVE-2019-0593",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0593"
    },
    {
      "name": "CVE-2019-0605",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0605"
    },
    {
      "name": "CVE-2019-0649",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0649"
    },
    {
      "name": "CVE-2019-0650",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0650"
    },
    {
      "name": "CVE-2019-0651",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0651"
    },
    {
      "name": "CVE-2019-0643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0643"
    },
    {
      "name": "CVE-2019-0652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0652"
    },
    {
      "name": "CVE-2019-0607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0607"
    },
    {
      "name": "CVE-2019-0642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0642"
    },
    {
      "name": "CVE-2019-0658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0658"
    },
    {
      "name": "CVE-2019-0590",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0590"
    },
    {
      "name": "CVE-2019-0645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0645"
    },
    {
      "name": "CVE-2019-0655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0655"
    },
    {
      "name": "CVE-2019-0641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0641"
    },
    {
      "name": "CVE-2019-0648",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0648"
    },
    {
      "name": "CVE-2019-0610",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0610"
    },
    {
      "name": "CVE-2019-0634",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-0634"
    }
  ],
  "links": [],
  "reference": "CERTFR-2019-AVI-060",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2019-02-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Usurpation d\u0027identit\u00e9"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMicrosoft Edge\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une \u00e9l\u00e9vation de privil\u00e8ges, une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es, une ex\u00e9cution de code \u00e0 distance, une usurpation d\u0027identit\u00e9\net un contournement de la fonctionnalit\u00e9 de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Microsoft Edge",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft du 12 f\u00e9vrier 2019",
      "url": "https://portal.msrc.microsoft.com/fr-FR/security-guidance"
    }
  ]
}

CNVD-2019-42799

Vulnerability from cnvd - Published: 2019-11-29

Title

Microsoft Edge和ChakraCore信息泄露漏洞（CNVD-2019-42799）

Description

Microsoft Edge是美国微软（Microsoft）公司的一款Web浏览器，是Windows10操作系统附带的默认浏览器。 Microsoft Edge和ChakraCore中存在信息泄露漏洞。攻击者可利用该漏洞获取信息，从而进一步入侵系统。

Severity

中

Patch Name

Microsoft Edge和ChakraCore信息泄露漏洞（CNVD-2019-42799）的补丁

Patch Description

Microsoft Edge是美国微软（Microsoft）公司的一款Web浏览器，是Windows10操作系统附带的默认浏览器。 Microsoft Edge和ChakraCore中存在信息泄露漏洞。攻击者可利用该漏洞获取信息，从而进一步入侵系统。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0658

Reference

https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0658

Impacted products

Name
['Microsoft ChakraCore', 'Microsoft Edge']

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-0658",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0658"
    }
  },
  "description": "Microsoft Edge\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fWindows10\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002\n\nMicrosoft Edge\u548cChakraCore\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\uff0c\u4ece\u800c\u8fdb\u4e00\u6b65\u5165\u4fb5\u7cfb\u7edf\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0658",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-42799",
  "openTime": "2019-11-29",
  "patchDescription": "Microsoft Edge\u662f\u7f8e\u56fd\u5fae\u8f6f\uff08Microsoft\uff09\u516c\u53f8\u7684\u4e00\u6b3eWeb\u6d4f\u89c8\u5668\uff0c\u662fWindows10\u64cd\u4f5c\u7cfb\u7edf\u9644\u5e26\u7684\u9ed8\u8ba4\u6d4f\u89c8\u5668\u3002\r\n\r\nMicrosoft Edge\u548cChakraCore\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u4fe1\u606f\uff0c\u4ece\u800c\u8fdb\u4e00\u6b65\u5165\u4fb5\u7cfb\u7edf\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Microsoft Edge\u548cChakraCore\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-42799\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Microsoft ChakraCore",
      "Microsoft Edge"
    ]
  },
  "referenceLink": "https://portal.msrc.microsoft.com/zh-CN/security-guidance/advisory/CVE-2019-0658",
  "serverity": "\u4e2d",
  "submitTime": "2019-02-14",
  "title": "Microsoft Edge\u548cChakraCore\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2019-42799\uff09"
}

GHSA-W6QV-P5WM-6HVV

Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21

Details

Severity ?

6.5 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Show details on source website

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-0658"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2019-03-05T23:29:00Z",
    "severity": "MODERATE"
  },
  "details": "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka \u0027Scripting Engine Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-0648.",
  "id": "GHSA-w6qv-p5wm-6hvv",
  "modified": "2022-05-13T01:21:27Z",
  "published": "2022-05-13T01:21:27Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0658"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/106882"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2019-0658

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2019-0658

Aliases

CVE-2019-0658

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-0658",
    "description": "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka \u0027Scripting Engine Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-0648.",
    "id": "GSD-2019-0658"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-0658"
      ],
      "details": "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka \u0027Scripting Engine Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-0648.",
      "id": "GSD-2019-0658",
      "modified": "2023-12-13T01:23:39.349243Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@microsoft.com",
        "ID": "CVE-2019-0658",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Microsoft Edge",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Windows 10 Version 1703 for 32-bit Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1703 for x64-based Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1709 for 32-bit Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1709 for x64-based Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1803 for 32-bit Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1803 for x64-based Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1803 for ARM64-based Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1809 for 32-bit Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1809 for x64-based Systems"
                        },
                        {
                          "version_value": "Windows 10 Version 1809 for ARM64-based Systems"
                        },
                        {
                          "version_value": "Windows Server 2019"
                        },
                        {
                          "version_value": "Windows 10 Version 1709 for ARM64-based Systems"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "ChakraCore",
                    "version": {
                      "version_data": [
                        {
                          "version_value": ""
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Microsoft"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka \u0027Scripting Engine Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-0648."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Information Disclosure"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658",
            "refsource": "CONFIRM",
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658"
          },
          {
            "name": "106882",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/106882"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.11.6)",
          "affected_versions": "All versions before 1.11.6",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2020-08-24",
          "description": "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka \u0027Scripting Engine Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-0648.",
          "fixed_versions": [
            "1.11.6"
          ],
          "identifier": "CVE-2019-0658",
          "identifiers": [
            "CVE-2019-0658"
          ],
          "not_impacted": "All versions starting from 1.11.6",
          "package_slug": "nuget/Microsoft.ChakraCore",
          "pubdate": "2019-03-05",
          "solution": "Upgrade to version 1.11.6 or above.",
          "title": "Privilege Escalation",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2019-0658",
            "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658",
            "http://www.securityfocus.com/bid/106882"
          ],
          "uuid": "3578f849-a859-43c6-a9e6-bcefa2508ca9"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2019:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:microsoft:windows_10:1809:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:microsoft:chakracore:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.11.6",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2019-0658"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An information disclosure vulnerability exists when the scripting engine does not properly handle objects in memory in Microsoft Edge, aka \u0027Scripting Engine Information Disclosure Vulnerability\u0027. This CVE ID is unique from CVE-2019-0648."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658"
            },
            {
              "name": "106882",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/106882"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-08-24T17:37Z",
      "publishedDate": "2019-03-05T23:29Z"
    }
  }
}

FKIE_CVE-2019-0658

Vulnerability from fkie_nvd - Published: 2019-03-05 23:29 - Updated: 2024-11-21 04:17

Severity ?

6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
secure@microsoft.com	http://www.securityfocus.com/bid/106882	Third Party Advisory, VDB Entry
secure@microsoft.com	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/106882	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0658	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
microsoft	edge	-
microsoft	windows_10	1703
microsoft	windows_10	1709
microsoft	windows_10	1803
microsoft	windows_10	1809
microsoft	windows_server_2019	-
microsoft	chakracore	*