Lucene search
K

260 matches found

cve
cve
added 2017/12/12 9:0 p.m.102 views

CVE-2017-11889

Technical details for CVE-2017-11889 are not provided in the supplied documents. Please monitor official advisories and vendor advisories for updates, patches, and exact impact guidance once publicly disclosed.

7.6CVSS7.8AI score0.08643EPSS
Exploits0References3Affected Software2
nvd
nvd
added 2017/10/13 1:29 p.m.27 views

CVE-2017-11797

ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796,...

7.6CVSS7.5AI score0.05799EPSS
Exploits0References2
prion
prion
added 2017/10/13 1:29 p.m.24 views

Memory corruption

ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792,...

7.6CVSS7.6AI score0.69163EPSS
Exploits20References3Affected Software1
bdu_fstec
bdu_fstec
added 2017/07/06 12:0 a.m.7 views

The vulnerability in the JavaScript engine of Internet Explorer and Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability in the JavaScript engine of Internet Explorer and Microsoft Edge is related to improper data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code under the identity of the current user, during errors in data processing in memory using...

7.6CVSS7.8AI score0.08215EPSS
Exploits0References3Affected Software1
bdu_fstec
bdu_fstec
added 2017/06/08 12:0 a.m.8 views

The vulnerability in the Chakra JavaScript engine of the Microsoft Edge browser allows a hacker to execute arbitrary code or trigger memory corruption.

The vulnerability in the Chakra JavaScript engine of Microsoft Edge occurs due to an operation going beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause memory corruption...

7.6CVSS8AI score0.38115EPSS
Exploits1References3
cnvd
cnvd
added 2017/05/24 12:0 a.m.3 views

Apple iOS and Safari WebKit Cross-Site Scripting Vulnerability

Apple iOS and Safari are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; WebKit is an open-source web browser engine developed by KDE, Apple, Google,...

6.1CVSS5.9AI score0.02025EPSS
Exploits3References1
bdu_fstec
bdu_fstec
added 2016/07/06 12:0 a.m.7 views

The vulnerability of Cisco ASA software allows a malicious actor to induce a service failure.

The vulnerability in the SIP control engine of Cisco’s multifunctional security devices ASA allows malicious actors to remotely trigger service failures—such as excessive memory consumption or device reboots—by using specially crafted SIP packets...

7.1CVSS7.8AI score0.01682EPSS
Exploits0References4
redhat
redhat
added 2016/06/01 10:50 a.m.5 views

chromium-browser: heap overflow in v8

objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JavaScript code...

8.8CVSS7.6AI score0.01635EPSS
Exploits0References5
attackerkb
attackerkb
added 2016/05/11 1:59 a.m.3 views

CVE-2016-0191

The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0193...

7.6CVSS8AI score0.28261EPSS
Exploits0References5
cve
cve
added 2016/05/11 1:0 a.m.105 views

CVE-2016-0193

CVE-2016-0193 targets the Chakra JavaScript engine in Microsoft Edge, allowing remote attackers to cause memory corruption via a crafted web site, potentially leading to arbitrary code execution or a denial of service. The vulnerability is part of the Chakra memory-corruption family, with CVSSv3 ...

7.6CVSS7.7AI score0.20081EPSS
Exploits0References4Affected Software1
bdu_fstec
bdu_fstec
added 2016/02/24 12:0 a.m.8 views

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.

The vulnerability of the LoadIC::UpdateCaches function in the ic/ic.cc file of the Google V8 browser module allows for unauthorized actors to cause service failures or other effects by using specially crafted JavaScript code. This vulnerability arises due to the lack of compatibility checks befor...

6.8CVSS7.3AI score0.01131EPSS
Exploits1References5Affected Software1
cnvd
cnvd
added 2015/12/16 12:0 a.m.5 views

Google Chrome Denial of Service Vulnerability (CNVD-2015-08299)

Google Chrome is a web browser developed by Google Inc. A security vulnerability exists in Google Chrome versions prior to 47.0.2526.73 and Google V8 versions prior to 4.7.80.23, which can be exploited by attackers to cause a denial of service...

10CVSS6.5AI score0.01198EPSS
Exploits0References1
osv
osv
added 2015/12/05 12:0 a.m.5 views

UBUNTU-CVE-2015-8478

Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.73, allow attackers to cause a denial of service or possibly have other impact via unknown vectors...

7.5CVSS7.1AI score0.00628EPSS
Exploits0References4
redhat
redhat
added 2015/11/23 12:56 p.m.7 views

ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042)

Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS7.2AI score0.07514EPSS
Exploits0References5
cnvd
cnvd
added 2015/10/22 12:0 a.m.6 views

Medicomp Systems MEDCIN Engine Denial of Service Vulnerability

Medicomp Systems MEDCIN Engine is an electronic medical record system from French company Medicomp Systems. The system provides content and tools for physician and nurse documentation, clinical decision support and patient management. A security vulnerability exists in the 'AddUserFinding...

6.8CVSS6.7AI score0.03166EPSS
Exploits0References1
cnvd
cnvd
added 2015/10/22 12:0 a.m.4 views

Vulnerability in Oracle Fusion Middleware Oracle Access Manager Component

Oracle Fusion Middleware Oracle Fusion Middleware is a suite of business innovation platforms for enterprise and cloud environments from Oracle Corporation that provides middleware, software collections, and other capabilities.Oracle Access Manager is one of the components that provides identity...

4.3CVSS6.7AI score0.01665EPSS
Exploits0References1
redhat
redhat
added 2015/07/17 8:6 a.m.6 views

ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)

Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...

10CVSS6.7AI score0.07031EPSS
Exploits0References5
redhat
redhat
added 2015/02/25 12:38 p.m.7 views

Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11)

Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...

7.5CVSS7.3AI score0.04359EPSS
Exploits0References5
seebug
seebug
added 2014/07/01 12:0 a.m.12 views

id Software Doom 3 Engine Console String Visualization Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/25893/info id Software Doom 3 engine is prone to a format-string vulnerability. Exploiting this issue will allow attackers to execute arbitrary code with the permissions of a user running the application. Failed attacks...

7.1AI score
Exploits0
prion
prion
added 2012/05/21 10:55 p.m.14 views

Cross site scripting

Cross-site scripting XSS vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter...

4.3CVSS6.1AI score0.01623EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder