WebKit JSC JIT Use-After-Free

WebKit: JSC: JIT: GetIndexedPropertyStorage can GC CVE-2018-4442 The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it's missing some cases such as StringCharAt, StringCharCodeAt and...

WebKit JSC JIT - GetIndexedPropertyStorage Use-After-Free

/ The doesGC function simply takes a node, and tells if it might cause a garbage collection. This function is used to determine whether to insert write barriers. But it's missing GetIndexedPropertyStorage that can cause a garbage collection via rope strings. As a result, it can lead to UaF. PoC: ...

Design/Logic Flaw

Inline metadata in GarbageCollection in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2018-6094

CVE-2018-6094 affects Google Chrome/Chromium, where a regression in GarbageCollection (Oilpan) could enable a remote attacker to exploit heap corruption via a crafted HTML page. The vulnerability is documented as fixed in Chrome/Chromium around version 66.0.3359.117 (e.g., Debian/ Gentoo advisori...

Description of Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4467087)

Description of Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2 KB 4467087 Applies to: Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6.1, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 4.7,...

Description of Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 (KB 4467086)

Description of Preview of Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 KB 4467086 Applies to: Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6.1, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 4.7, Microsoft .NET Framework...

Google Chrome < 68.0.3440.75 Multiple Vulnerabilities

Binary data 700361.pasl...

Chrome V8 KeyAccumulator Bug Exploit

Chrome V8 suffers from a bug in KeyAccumulator that can cause a crash. Chrome: V8: A bug with KeyAccumulator PoC: for let i = 0; i https://cs.chromium.org/chromium/src/v8/src/objects.cc?rcl=a2ca1996873f3ffa79d9495fb2cf4e7c0e51d9e9&l=18369. The new table is directly used as the backing store of th...

The vulnerability of the WebAssembly component in Mozilla Firefox’s browser allows a hacker to trigger a service failure.

The vulnerability of the WebAssembly component in Mozilla Firefox’s browser is related to an error during the call of “shrinkElements” during subsequent memory garbage collection. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

CVE-2018-5094

A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox 58...

DEBIAN-CVE-2017-5410

Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...

CVE-2017-5410

Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...

CVE-2018-5094

A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox 58...

CVE-2017-5410

Memory corruption resulting in a potentially exploitable crash during garbage collection of JavaScript due errors in how incremental sweeping is managed for memory cleanup. This vulnerability affects Firefox 52, Firefox ESR 45.8, Thunderbird 52, and Thunderbird 45.8...

artemis/hornetq: memory exhaustion via UDP and JGroups discovery

It was found that when Artemis and HornetQ are configured with UDP discovery and JGroups discovery a huge byte array is created when receiving an unexpected multicast message. This may result in a heap memory exhaustion, full GC, or OutOfMemoryError...

UBUNTU-CVE-2018-5094

A heap buffer overflow vulnerability may occur in WebAssembly when "shrinkElements" is called followed by garbage collection on memory that is now uninitialized. This results in a potentially exploitable crash. This vulnerability affects Firefox 58...

OpenJDK: incorrect handling of references in DGC (RMI, 8163958)

It was discovered that the DCG implementation in the RMI component of OpenJDK failed to correctly handle references. A remote attacker could possibly use this flaw to execute arbitrary code with the privileges of RMI registry or a Java RMI application...

Code injection

Red Hat CloudForms 3 Management Engine CFME allows remote authenticated users to cause a denial of service resource consumption via vectors involving calls to the .tosym rails function and lack of garbage collection of inserted symbols...

CVE-2014-7813

Red Hat CloudForms 3 Management Engine CFME allows remote authenticated users to cause a denial of service resource consumption via vectors involving calls to the .tosym rails function and lack of garbage collection of inserted symbols...

CVE-2014-7813

Red Hat CloudForms 3 Management Engine CFME allows remote authenticated users to cause a denial of service resource consumption via vectors involving calls to the .tosym rails function and lack of garbage collection of inserted symbols...