CVE-2022-37376

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Editor 11.1.1.53537. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists...

CVE-2022-37376

CVE-2022-37376 affects Foxit PDF Editor 11.1.1.53537. The flaw lies in the handling of arrays, where actions in JavaScript can trigger a read past the end of an allocated object, enabling sensitive information disclosure. User interaction is required (target must visit a malicious page or open a ...

PT-2022-23953 · Foxit · Foxit Pdf Editor

Name of the Vulnerable Software and Affected Versions: Foxit PDF Editor version 11.1.1.53537 Description: This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious...

CVE-2022-30763

Janet before 1.22.0 mishandles arrays...

Janet 输入验证错误漏洞

Janet is a functional and imperative programming language and bytecode interpreter. A security vulnerability exists in Janet version 1.22.0 that stems from incorrectly handling arrays...

The vulnerability of the DataTables table processing plugin, related to the lack of protection for website structure, allows attackers to compromise data integrity.

The vulnerability of the DataTables table processing plugin is related to incorrect handling of arrays in the input data. Exploiting this vulnerability allows an attacker to compromise the integrity of the data...

CVE-2021-46671

options.c in atftp before 0.7.5 reads past the end of an array, and consequently discloses server-side /etc/group data to a remote client...

CVE-2021-46501

Jsish v3.5.0 was discovered to contain a heap-use-after-free via SortSubCmd in src/jsiArray.c. This vulnerability can lead to a Denial of Service DoS...

PT-2021-3135 · Postgresql +9 · Postgresql +9

Name of the Vulnerable Software and Affected Versions: postgresql versions prior to 13.3 postgresql versions prior to 12.7 postgresql versions prior to 11.12 postgresql versions prior to 10.17 postgresql versions prior to 9.6.22 Description: A flaw was found in postgresql that allows authenticate...

Microsoft Internet Explorer array Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

(Pwn2Own) Amazon Echo Show Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Amazon Echo Show. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

(Pwn2Own) Samsung Galaxy S10 Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Microsoft Edge Chakra JIT - Type Confusion

Microsoft Edge Chakra JIT - Type Confusion / The switch statement only handles Js::TypeIdsArray but not Js::TypeIdsNativeIntArray and Js::TypeIdsNativeFloatArray. So for example, a native float array can be considered as of type ObjectType::Object under certain circumstances where...

CVE-2016-10556

sequelize is an Object-relational mapping, or a middleman to convert things from Postgres, MySQL, MariaDB, SQLite and Microsoft SQL Server into usable data for NodeJS In Postgres, SQLite, and Microsoft SQL Server there is an issue where arrays are treated as strings and improperly escaped. This...

Security update for java-1_8_0-openjdk (important)

OpenJDK Java was updated to jdk8u111 icedtea 3.2.0 to fix the following issues: Security fixes + S8146490: Direct indirect CRL checks + S8151921: Improved page resolution + S8155968: Update command line options + S8155973, CVE-2016-5542: Tighten jar checks bsc1005522 + S8156794: Extend data shari...

CVE-2016-4333

The HDF5 1.8.16 library allocating space for the array using a value from the file has an impact within the loop for initializing said array allowing a value within the file to modify the loop's terminator. Due to this, an aggressor can cause the loop's index to point outside the bounds of the...

CVE-2015-4717

The filename sanitization component in ownCloud Server before 6.0.8, 7.0.x before 7.0.6, and 8.0.x before 8.0.4 does not properly handle $GET parameters cast by PHP to an array, which allows remote attackers to cause a denial of service infinite loop and log file consumption via crafted endpoint...

IP. Board <= 3.4.7 SQL Injection analysis-vulnerability warning-the black bar safety net

IPB stands for Invision Power Board is a PHP Development Forum program, foreign used more widely. In its 3. 4. 7 version and the previous presence of a SQL injection vulnerability, this article to its analysis. poc link http://seclists.org/fulldisclosure/2014/Nov/20 !/ usr/bin/env python Sunday,...

CVE-2014-7928

hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service memory corruption or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy...

Iterators gonna iterate

ES6 gives us a new way to iterate, and it's already supported in stable releases of Firefox, Chrome, & Opera. Here it is: for var num of 1, 2, 3 console.lognum; // Result: 1 // Result: 2 // Result: 3 Unlike for part in thing which iterates through property names of an object in a generic way, for...