Remote Code Execution (RCE)

microsoft.chakracore is vulnerable to remote code execution. This is due to an error in handling objects in memory when the JavaScript engines fails to render, which would allow an attacker to execute arbitrary code in the context of the authenticated user. This CVE ID is different from...

CVE-2018-12405

Mozilla developers and community members reported memory safety bugs present in Firefox 63 and Firefox ESR 60.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects...

chromium-browser: Out of bounds write in V8

Execution of user supplied Javascript during object deserialization can update object length leading to an out of bounds write in V8 in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Google Chrome V8 Buffer Overflow Vulnerability (CNVD-2019-01580)

Google Chrome is the United States Google Google company developed a Web browser. v8 is one of the open source JavaScript engine. An out-of-bounds write vulnerability exists in V8 in versions prior to Google Chrome 71.0.3578.80. A remote attacker can exploit this vulnerability to execute arbitrar...

Google Chrome V8 Buffer Overflow Vulnerability (CNVD-2019-01581)

Google Chrome is the United States Google Google company developed a Web browser. v8 is one of the open source JavaScript engine. An out-of-bounds write vulnerability exists in V8 in versions prior to Google Chrome 71.0.3578.80. A remote attacker can exploit this vulnerability to execute arbitrar...

CVE-2018-9527

In vorbisbookdecodevset of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

UBUNTU-CVE-2018-6065

Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2018-17465

Incorrect implementation of object trimming in V8 in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

CVE-2018-17463

Incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

Google Chrome V8 Memory Access Out-of-Bounds Vulnerability

Google Chrome is the United States Google Google company developed a Web browser. v8 is one of the open source JavaScript engine. A security vulnerability exists in V8 in versions of Google Chrome prior to 70.0.3538.102. An attacker can exploit the vulnerability to perform write and read operatio...

CVE-2018-12395

By rewriting the Host: request headers using the webRequest API, a WebExtension can bypass domain restrictions through domain fronting. This would allow access to domains that share a host that are otherwise restricted. This vulnerability affects Firefox ESR 60.3 and Firefox 63...

CVE-2018-12399

When a new protocol handler is registered, the API accepts a title argument which can be used to mislead users about which domain is registering the new protocol. This may result in the user approving a protocol handler that they otherwise would not have. This vulnerability affects Firefox 63...

CVE-2018-12401

Some special resource URIs will cause a non-exploitable crash if loaded with optional parameters following a '?' in the parsed string. This could lead to denial of service DOS attacks. This vulnerability affects Firefox 63...

CVE-2018-12403

If a site is loaded over a HTTPS connection but loads a favicon resource over HTTP, the mixed content warning is not displayed to users. This vulnerability affects Firefox 63...

Google Chrome V8 Remote Code Execution Vulnerability

Google Chrome is the United States Google Google company developed a Web browser. v8 is one of the open source JavaScript engine. A security vulnerability exists in V8 in versions of Google Chrome prior to 70.0.3538.67. A remote attacker can exploit the vulnerability to execute code...

Google Chrome V8 Memory Misreference Vulnerability

Google Chrome is the United States Google Google company developed a Web browser. v8 is one of the open source JavaScript engine. A memory misreference vulnerability exists in V8 in versions of Google Chrome prior to 70.0.3538.67. A remote attacker can exploit this vulnerability to damage objects...

Foxit PDF Reader JavaScript Engine Remote Code Execution Vulnerability (CNVD-2018-20716)

Foxit PDF Reader is China's Foxit Foxit Software Corporation of a PDF document reader. JavaScript engine is one of the JavaScript scripting engine. A remote code execution vulnerability exists in the JavaScript engine in Foxit PDF Reader. A remote attacker can exploit this vulnerability to execut...

Foxit PDF Reader JavaScript Engine Remote Code Execution Vulnerability (CNVD-2018-20708)

Foxit PDF Reader is China's Foxit Foxit Software Corporation of a PDF document reader. JavaScript engine is one of the JavaScript scripting engine. A remote code execution vulnerability exists in the JavaScript engine in Foxit PDF Reader. A remote attacker can exploit this vulnerability to execut...

Foxit PDF Reader JavaScript Engine Arbitrary Code Execution Vulnerability

Foxit PDF Reader is China's Foxit Foxit Software Corporation of a PDF document reader. JavaScript engine is one of the JavaScript scripting engine. Foxit PDF Reader 9.2.0.9297 and previous versions of the JavaScript engine in the arbitrary code execution vulnerability, a remote attacker can be us...

Foxit Reader and Foxit PhantomPDF JavaScript Engine Memory Misreference Vulnerability (CNVD-2018-20722)

Foxit Reader is China Foxit Foxit software company a PDF document reader.Foxit PhantomPDF is a commercial version.JavaScript engine is one of the JavaScript scripting engine. A memory misreference vulnerability exists in the JavaScript engine in Foxit Reader 9.2.0.9297 and earlier versions and...