JerryScript 安全漏洞

JerryScript, a lightweight JavaScript engine from the JerryScript project, has a security vulnerability in JerryScript 3.0.0, which stems from /parser/js/js-scanner.cscannerscan statementend has an assertion contextp-stacktopuint8 == SCANSTACKTRYSTATEMENT || contextp-stacktopuint8 ==...

JerryScript 安全漏洞

JerryScript is a lightweight JavaScript engine from the JerryScript project.JerryScript has a denial-of-service vulnerability in version 3.0.0, which stems from an assertion failure in /jerry-core/lit/lit-strings.c. An attacker could use this vulnerability to launch a denial of service...

CVE-2022-22747

After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

CVE-2022-22752

Mozilla developers Christian Holler and Jason Kratzer reported memory safety bugs present in Firefox 95. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox...

CVE-2022-22743

When navigating from inside an iframe while requesting fullscreen access, an attacker-controlled tab could have made the browser unable to leave fullscreen mode. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

CVE-2022-22738

Applying a CSS filter effect could have accessed out of bounds memory. This could have lead to a heap-buffer-overflow causing a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

CVE-2022-22742

When inserting text while in edit mode, some characters might have lead to out-of-bounds memory access causing a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

CVE-2022-22737

Constructing audio sinks could have lead to a race condition when playing audio files and closing windows. This could have lead to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox ESR 91.5, Firefox 96, and Thunderbird 91.5...

Ubuntu: Security Advisory (USN-5213-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome V8, which can be exploited by remote attackers to execute arbitrary code or cause a denial of service condition on a system...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to bypass existing security restrictions.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine arises from the simultaneous execution using a shared resource with incorrect synchronization in the “Race Situation” mode. Exploiting this vulnerability allows an attacker to bypass existing security restrictions...

DEBIAN-CVE-2021-4078

Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2021-4061

Type confusion in V8 in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

Markdown To Pdf 输入验证错误漏洞

Markdown To Pdf is a simple and crackable Cli tool from the individual developer Simon Hanisch in Germany. It is used to convert Markdown to pdf. An input validation error vulnerability exists in Markdown To Pdf, which stems from the product's use of gray-matter to parse front-end content when th...

CVE-2021-43533

When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as phishing. This vulnerability affects Firefox 94...

CVE-2021-43530

A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 94...

CVE-2021-43542

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

CVE-2021-43536

Under certain circumstances, asynchronous functions could have caused a navigation to fail but expose the target URL. This vulnerability affects Thunderbird 91.4.0, Firefox ESR 91.4.0, and Firefox 95...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. and V8 is an open source JavaScript engine. A security vulnerability exists in Google Chrome that stems from type obfuscation in V8...

Nodebb path traversal vulnerability

NodeBB is a forum system built by the Design Create Play team using Node.js, a web application platform built on top of Google's V8 JavaScript engine. Nodebb is vulnerable to a path traversal vulnerability that could be exploited to access locations outside of restricted directories...