CVE-2022-23731

CVE-2022-23731 involves a heap vulnerability in the V8 JavaScript engine used by some webOS TV models. The Red Hat/NVD/CVE records describe a local privilege-escalation flaw originating from the V8 heap, enabling an attacker with local access to gain higher privileges on affected TVs. Public mate...

CVE-2022-26382

While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox 98...

USN-5306-1 webkit2gtk vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

ALPINE-CVE-2022-25139

njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njsawaitfulfilled...

ALPINE-CVE-2021-46461

njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njsvmcodetypeof in /src/njsvmcode.c...

Nginx 缓冲区错误漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx, Inc. A buffer overflow vulnerability exists in njsvmcodetypeof in /src/njsvmcode.c in njs 0.7.0 and earlier versions. out-of-bounds array access. No detailed vulnerability details are currently...

Cesanta MJS has an unspecified vulnerability (CNVD-2022-77010)

Cesanta MJS is an embedded JavaScript engine for C/C from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are small footprint and simple C/C interoperability.Cesanta MJS has a security vulnerability that could be exploited by an attacker to cause...

Cesanta MJS has an unspecified vulnerability (CNVD-2022-77014)

Cesanta MJS is an embedded JavaScript engine for C/C from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are small footprint and simple C/C interoperability.Cesanta MJS has a security vulnerability that could be exploited by an attacker to cause...

Cesanta MJS has an unspecified vulnerability (CNVD-2022-77011)

Cesanta MJS is an embedded JavaScript engine for C/C from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are small footprint and simple C/C interoperability.Cesanta MJS has a security vulnerability that could be exploited by an attacker to cause...

UBUNTU-CVE-2022-0102

Type confusion in V8 in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-22754

If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. This vulnerability affects Firefox 97, Thunderbird 91.6, and Firefox ESR 91.6...

CVE-2022-22764

Mozilla developers Paul Adenot and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 96 and Firefox ESR 91.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This...

CVE-2022-22759

If a document created a sandboxed iframe without allow-scripts, and subsequently appended an element to the iframe's document that e.g. had a JavaScript event handler - the event handler would have run despite the iframe's sandbox. This vulnerability affects Firefox 97, Thunderbird 91.6, and...

Cesanta MJS has an unspecified vulnerability

Cesanta MJS is an embedded JavaScript engine for C/C from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are small footprint and simple C/C interoperability.Cesanta MJS has a security vulnerability that could be exploited by an attacker to cause...

CVE-2022-22150

A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary...

CVE-2022-22150

A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary...

CVE-2021-40420

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

CVE-2021-40420

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the...

Memory corruption

A memory corruption vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary...

Design/Logic Flaw

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 11.1.0.52543. A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user to open the...