260 matches found
CVE-2017-11889
Technical details for CVE-2017-11889 are not provided in the supplied documents. Please monitor official advisories and vendor advisories for updates, patches, and exact impact guidance once publicly disclosed.
CVE-2017-11797
ChakraCore allows an attacker to execute arbitrary code in the context of the current user, due to how the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Information Disclosure Vulnerability". This CVE ID is unique from CVE-2017-11792, CVE-2017-11793, CVE-2017-11796,...
Memory corruption
ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11792,...
The vulnerability in the JavaScript engine of Internet Explorer and Microsoft Edge allows a hacker to execute arbitrary code.
The vulnerability in the JavaScript engine of Internet Explorer and Microsoft Edge is related to improper data processing. Exploiting this vulnerability allows a malicious actor to execute arbitrary code under the identity of the current user, during errors in data processing in memory using...
The vulnerability in the Chakra JavaScript engine of the Microsoft Edge browser allows a hacker to execute arbitrary code or trigger memory corruption.
The vulnerability in the Chakra JavaScript engine of Microsoft Edge occurs due to an operation going beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause memory corruption...
Apple iOS and Safari WebKit Cross-Site Scripting Vulnerability
Apple iOS and Safari are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices; Safari is a web browser that is the default browser that comes with Mac OS X and iOS operating systems; WebKit is an open-source web browser engine developed by KDE, Apple, Google,...
The vulnerability of Cisco ASA software allows a malicious actor to induce a service failure.
The vulnerability in the SIP control engine of Cisco’s multifunctional security devices ASA allows malicious actors to remotely trigger service failures—such as excessive memory consumption or device reboots—by using specially crafted SIP packets...
chromium-browser: heap overflow in v8
objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome before 51.0.2704.63, does not properly restrict lazy deoptimization, which allows remote attackers to cause a denial of service heap-based buffer overflow or possibly have unspecified other impact via crafted JavaScript code...
CVE-2016-0191
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0193...
CVE-2016-0193
CVE-2016-0193 targets the Chakra JavaScript engine in Microsoft Edge, allowing remote attackers to cause memory corruption via a crafted web site, potentially leading to arbitrary code execution or a denial of service. The vulnerability is part of the Chakra memory-corruption family, with CVSSv3 ...
The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure or cause other effects.
The vulnerability of the LoadIC::UpdateCaches function in the ic/ic.cc file of the Google V8 browser module allows for unauthorized actors to cause service failures or other effects by using specially crafted JavaScript code. This vulnerability arises due to the lack of compatibility checks befor...
Google Chrome Denial of Service Vulnerability (CNVD-2015-08299)
Google Chrome is a web browser developed by Google Inc. A security vulnerability exists in Google Chrome versions prior to 47.0.2526.73 and Google V8 versions prior to 4.7.80.23, which can be exploited by attackers to cause a denial of service...
UBUNTU-CVE-2015-8478
Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as used in Google Chrome before 47.0.2526.73, allow attackers to cause a denial of service or possibly have other impact via unknown vectors...
ICU: missing boundary checks in layout engine (OpenJDK 2D, 8132042)
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...
Medicomp Systems MEDCIN Engine Denial of Service Vulnerability
Medicomp Systems MEDCIN Engine is an electronic medical record system from French company Medicomp Systems. The system provides content and tools for physician and nurse documentation, clinical decision support and patient management. A security vulnerability exists in the 'AddUserFinding...
Vulnerability in Oracle Fusion Middleware Oracle Access Manager Component
Oracle Fusion Middleware Oracle Fusion Middleware is a suite of business innovation platforms for enterprise and cloud environments from Oracle Corporation that provides middleware, software collections, and other capabilities.Oracle Access Manager is one of the components that provides identity...
ICU: missing boundary checks in layout engine (OpenJDK 2D, 8071715)
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D...
Mozilla: Miscellaneous memory safety hazards (rv:31.5) (MFSA 2015-11)
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 36.0, Firefox ESR 31.x before 31.5, and Thunderbird before 31.5 allow remote attackers to cause a denial of service memory corruption and application crash or possibly execute arbitrary code via unknown vectors...
id Software Doom 3 Engine Console String Visualization Format String Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/25893/info id Software Doom 3 engine is prone to a format-string vulnerability. Exploiting this issue will allow attackers to execute arbitrary code with the permissions of a user running the application. Failed attacks...
Cross site scripting
Cross-site scripting XSS vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter...