Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Moddable Security Vulnerabilities

cve
cve

CVE-2019-16366

In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst.

9.8CVSS

9.6AI Score

0.004EPSS

2019-09-16 05:15 PM
54
cve
cve

CVE-2020-22882

Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61.

7.5CVSS

7.2AI Score

0.001EPSS

2021-07-13 03:15 PM
17
cve
cve

CVE-2020-25461

Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV).

7.5CVSS

7.4AI Score

0.001EPSS

2020-12-04 05:15 PM
35
cve
cve

CVE-2020-25462

Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903.

9.8CVSS

9.7AI Score

0.003EPSS

2020-12-04 05:15 PM
41
cve
cve

CVE-2020-25463

Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV).

7.5CVSS

7.4AI Score

0.001EPSS

2020-12-04 05:15 PM
35
cve
cve

CVE-2020-25464

Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger.

7.5CVSS

7.7AI Score

0.002EPSS

2020-12-04 05:15 PM
42
cve
cve

CVE-2020-25465

Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV).

7.5CVSS

7.4AI Score

0.001EPSS

2020-12-04 05:15 PM
40
cve
cve

CVE-2021-29323

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow via the component /modules/network/wifi/esp/modwifi.c.

5.5CVSS

5.8AI Score

0.001EPSS

2021-11-19 05:15 PM
15
cve
cve

CVE-2021-29324

OpenSource Moddable v10.5.0 was discovered to contain a stack overflow via the component /moddable/xs/sources/xsScript.c.

7.8CVSS

7.8AI Score

0.001EPSS

2021-11-19 05:15 PM
15
cve
cve

CVE-2021-29325

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_String_prototype_repeat function at /moddable/xs/sources/xsString.c.

7.8CVSS

7.9AI Score

0.001EPSS

2021-11-19 05:15 PM
15
cve
cve

CVE-2021-29326

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fxIDToString function at /moddable/xs/sources/xsSymbol.c.

7.8CVSS

7.9AI Score

0.001EPSS

2021-11-19 05:15 PM
14
cve
cve

CVE-2021-29327

OpenSource Moddable v10.5.0 was discovered to contain a heap buffer overflow in the fx_ArrayBuffer function at /moddable/xs/sources/xsDataView.c.

7.8CVSS

7.9AI Score

0.001EPSS

2021-11-19 05:15 PM
17
cve
cve

CVE-2021-29328

OpenSource Moddable v10.5.0 was discovered to contain buffer over-read in the fxDebugThrow function at /moddable/xs/sources/xsDebug.c.

7.1CVSS

7AI Score

0.001EPSS

2021-11-19 05:15 PM
15
cve
cve

CVE-2021-29329

OpenSource Moddable v10.5.0 was discovered to contain a stack overflow in the fxBinaryExpressionNodeDistribute function at /moddable/xs/sources/xsTree.c.

7.8CVSS

7.8AI Score

0.001EPSS

2021-11-19 05:15 PM
15
cve
cve

CVE-2022-29368

Moddable commit before 135aa9a4a6a9b49b60aa730ebc3bcc6247d75c45 was discovered to contain an out-of-bounds read via the function fxUint8Getter at /moddable/xs/sources/xsDataView.c.

7.1CVSS

6.8AI Score

0.001EPSS

2022-05-12 07:15 PM
45
2