CVE-2016-1607
published 2016-08-01CVE-2016-1607: Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers…
PriorityP346high7.2CVSS 3.0
AVNACLPRHUINSUCHIHAH
EXPLOIT
EPSS
3.38%
87.3th percentile
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | windows_10 | — | — |
| msrc | windows_10_version_1607 | — | — |
| msrc | windows_10_version_1809 | — | — |
| msrc | windows_10_version_20h2 | — | — |
| msrc | windows_10_version_21h2 | — | — |
| msrc | windows_10_version_22h2 | — | — |
| msrc | windows_11_version_21h2 | — | — |
| msrc | windows_11_version_22h2 | — | — |
| msrc | windows_11_version_23h2 | — | — |
| msrc | windows_11_version_24h2 | — | — |
| msrc | windows_rt_8.1 | — | — |
| msrc | windows_server_2008 | — | — |
| msrc | windows_server_2008_r2 | — | — |
| msrc | windows_server_2012 | — | — |
| msrc | windows_server_2012_r2 | — | — |
| msrc | windows_server_2016 | — | — |
| msrc | windows_server_2019 | — | — |
| msrc | windows_server_2022 | — | — |
| msrc | windows_server_2022_23h2_edition | — | — |
| msrc | windows_server_2025 | — | — |
| novell | filr | <= 1.2 | — |
| novell | filr | <= 2.0 | — |
CVSS provenance
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
ghsa7.5HIGH
cisa7.8HIGH
vendor_msrc8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w3m9-q5q6-jr9h: Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2
ghsa_unreviewed·2022-05-17
CVE-2016-1607 [HIGH] CWE-352 GHSA-w3m9-q5q6-jr9h: Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Novell Filr before 2.0 Security Update 2 allow remote attackers to hijack the authentication of administrators, as demonstrated by reconfiguring time settings via a vaconfig/time request.
GHSA
ChakraCore vulnerable to remote code execution due to insufficient InlineCache check
ghsa·2022-05-17·CVSS 7.5
CVE-2017-11910 [HIGH] CWE-119 ChakraCore vulnerable to remote code execution due to insufficient InlineCache check
ChakraCore vulnerable to remote code execution due to insufficient InlineCache check
ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". An insufficient `InlineCache` check can lead to type confusion, which could potentially allow for remote code execution.
This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, C
GHSA
ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction
ghsa·2022-05-14·CVSS 7.5
CVE-2017-11914 [HIGH] CWE-119 ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction
ChakraCore vulnerable to privilege escalation due to exposure from scriptFunction
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to gain the same user rights as the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". The `JavascriptGeneratorFunction::GetPropertyBuiltIns` exposes `scriptFunction` while trying to get the length property passed the generator function.
This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-20
GHSA
ChakraCore vulnerable to remote code execution
ghsa·2022-05-14·CVSS 7.5
CVE-2017-11909 [HIGH] CWE-119 ChakraCore vulnerable to remote code execution
ChakraCore vulnerable to remote code execution
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". `BackwardPass::RemoveEmptyLoopAfterMemOp` doesn't insert branches or make break control flow, potentially leading to remote code execution.
This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-20
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-14·CVSS 7.5
CVE-2017-11889 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-14·CVSS 7.5
CVE-2017-11905 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-14·CVSS 7.5
CVE-2017-11911 [HIGH] CWE-119 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11893, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE-2017-11930.
GHSA
ChakraCore vulnerable to remote code execution
ghsa·2022-05-14·CVSS 7.5
CVE-2017-11893 [HIGH] CWE-119 ChakraCore vulnerable to remote code execution
ChakraCore vulnerable to remote code execution
ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". `Op_MaxInAnArray` and `Op_MinInAnArray` can explicitly call user defined JavaScript functions, potentially leading to remote code execution.
This CVE ID is unique from CVE-2017-11886, CVE-2017-11889, CVE-2017-11890, CVE-2017-11894, CVE-2017-11895, CVE-2017-11901, CVE-2017-11903, CVE-2017-11905, CVE-2017-11907, CVE-2017-11908, CVE-2017-11909, CVE-2017-11910, CVE-2017-11911, CVE-2017-11912, CVE-2017-11913, CVE-2017-11914, CVE-2017-11916, CVE-2017-11918, and CVE
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0835 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0857 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0859 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0933 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0874 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0860 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0861, and CVE-2018-0866.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0931 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0834 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0837 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0838, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0872 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0838 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0834, CVE-2018-0835, CVE-2018-0836, CVE-2018-0837, CVE-2018-0840, CVE-2018-0856, CVE-2018-0857, CVE-2018-0858, CVE-2018-0859, CVE-2018-0860, CVE-2018-0861, and CVE-2018-0866.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0873 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0934, CVE-2018-0936, and CVE-2018-0937.
GHSA
ChakraCore RCE Vulnerability
ghsa·2022-05-13·CVSS 7.5
CVE-2018-0934 [HIGH] CWE-787 ChakraCore RCE Vulnerability
ChakraCore RCE Vulnerability
ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the Chakra scripting engine handles objects in memory, aka "Chakra Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0872, CVE-2018-0873, CVE-2018-0874, CVE-2018-0930, CVE-2018-0931, CVE-2018-0933, CVE-2018-0936, and CVE-2018-0937.
Microsoft
Windows Kernel Memory Information Disclosure Vulnerability
vendor_msrc·2025-01-14·CVSS 5.5
CVE-2025-21320 [MEDIUM] CWE-532 Windows Kernel Memory Information Disclosure Vulnerability
Windows Kernel Memory Information Disclosure Vulnerability
FAQ: What type of information could be disclosed by this vulnerability?
Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities.
FAQ: **Are there any further steps I need to take to be protected from this vulnerability?
Customers running Windows Server 2016 or older, or Windows 10 version 1607 or older MUST install both the Servicing Stack Update (SSU) and the Security Update for that version to be fully protected from this vulnerability. See ADV990001 | Latest Servicing Stack Updates for the applicable Servicing Stack Update for your operating system version.
Cus
CISA
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2017-8540 [HIGH] CWE-119 Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Vulnerability: Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Affected: Microsoft Malware Protection Engine
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2017-8540
Remediation Due Date: 2022-03-24
No detection rules found.
No writeups or analysis indexed.
http://seclists.org/bugtraq/2016/Jul/119http://www.securityfocus.com/bid/92113https://download.novell.com/Download?buildid=3V-3ArYN85I~https://www.exploit-db.com/exploits/40161/https://www.novell.com/support/kb/doc.php?id=7017786http://seclists.org/bugtraq/2016/Jul/119http://www.securityfocus.com/bid/92113https://download.novell.com/Download?buildid=3V-3ArYN85I~https://www.exploit-db.com/exploits/40161/https://www.novell.com/support/kb/doc.php?id=7017786
2016-08-01
Published