3656 matches found
CVE-2020-7603
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization...
CVE-2020-7603
closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization...
CVE-2020-7603
CVE-2020-7603 affects the Node.js module closure-compiler-stream (version 0.1.15 and earlier). The root cause is that the argument module’s exports function options parameter in index.js is controllable by users without sanitization, enabling arbitrary command execution. Multiple sources corrobor...
Command Injection
Overview closure-compiler-stream is a Streaming interface for closure compiler. Affected versions of this package are vulnerable to Command Injection. The argument options of the exports function in index.js can be controlled by users without any sanitization. PoC var root =...
Google Chrome 67, 68 and 69 - Object.create Type Confusion (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome 67, 68 and 69 Object.create exploit', 'Description' = %q This modules exploits a type confusion in Google Chromes JIT compiler. The...
NewStart CGSL CORE 5.04 / MAIN 5.04 : thunderbird Multiple Vulnerabilities (NS-SA-2020-0010)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has thunderbird packages installed that are affected by multiple vulnerabilities: - When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer does not escape characters. Because the resulting string is...
Google Chrome 67 / 68 / 69 Object.create Type Confusion Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome 67, 68 and 69 Object.create exploit', 'Description' = %q This modules exploits a type confusion in Google Chromes JIT compiler. The...
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1...
CVE-2019-17026
CVE-2019-17026 describes a type-confusion vulnerability in the IonMonkey JIT used by Mozilla products. The issue stems from incorrect alias information when storing array elements, enabling a type confusion that could be exploited for arbitrary code execution. Affected products include Firefox ES...
CVE-2019-17026
Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR 68.4.1, Thunderbird 68.4.1, and Firefox 72.0.1. Recent assessments: gwillcox-r7 a...
SUSE SLES12 Security Update : gcc9 (SUSE-SU-2020:0394-1)
This update for gcc9 fixes the following issues : The GNU Compiler Collection is shipped in version 9. A detailed changelog on what changed in GCC 9 is available at https://gcc.gnu.org/gcc-9/changes.html The compilers have been added to the SUSE Linux Enterprise Toolchain Module. To use these...
Google Chrome 67, 68 and 69 Object.create exploit
This modules exploits a type confusion in Google Chromes JIT compiler. The Object.create operation can be used to cause a type confusion between a PropertyArray and a NameDictionary. The payload is executed within the rwx region of the sandboxed renderer process. This module can target the render...
Important: thunderbird
Issue Overview: When pasting a tag from the clipboard into a rich text editor, the CSS sanitizer incorrectly rewrites a @namespace rule. This could allow for injection into certain types of websites resulting in data exfiltration. This vulnerability affects Firefox ESR tag from the clipboard into...
RUSTSEC-2020-0169 multi_mut is Unmaintained
Last release was about 6 years ago. There is an outstanding soundness issue. The maintainer has not responded for two years to the existing soundness issue. Rust compiler has enabled errors relating to LLVM noalias rules and may not compile anymore where as the old compiler versions had turned...
multi_mut is Unmaintained
Last release was about 6 years ago. There is an outstanding soundness issue. The maintainer has not responded for two years to the existing soundness issue. Rust compiler has enabled errors relating to LLVM noalias rules and may not compile anymore where as the old compiler versions had turned...
The vulnerability of the GraalVM Compiler component of the Oracle GraalVM Enterprise Edition allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the GraalVM Compiler component in the Oracle GraalVM Enterprise Edition is related to access control deficiencies. Exploiting this vulnerability may allow an attacker operating remotely to gain unauthorized access to protected information...
Joomla! 3.x < 3.9.15 Multiple Vulnerabilities
According to its self-reported version number, the detected Joomla! application is affected by multiple vulnerabilities : - A cross-site request forgery CSRF exists in versions 3.0.0 to 3.9.14 due to a missing token checks in the batch actions of various components CVE-2020-8419 - A cross-site...
CVE-2020-8420
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of comtemplates causes a CSRF vulnerability...
CVE-2020-8420
An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of comtemplates causes a CSRF vulnerability...