CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

OpenVAS•added 2020/11/10 12:0 a.m.•13 views

Fedora: Security Advisory for mujs (FEDORA-2020-496ab4615a)

9.8CVSS8.8AI score0.0215EPSS

OSV•added 2020/10/26 9:15 p.m.•13 views

CVE-2020-1915

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

7.5CVSS6.8AI score0.01092EPSS

Prion•added 2020/10/26 9:15 p.m.•16 views

Memory corruption

4.3CVSS7.5AI score0.01092EPSS

Cvelist•added 2020/10/26 8:20 p.m.•16 views

CVE-2020-1915

7.5AI score0.01092EPSS

AlpineLinux•added 2020/10/26 8:20 p.m.•28 views

CVE-2020-1915

7.5CVSS7.6AI score0.01092EPSS

CVE•added 2020/10/26 8:20 p.m.•94 views

CVE-2020-1915

CVE-2020-1915 targets Facebook Hermes’ JavaScript Interpreter. A crafted JavaScript input can trigger an out-of-bounds read prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0, enabling denial-of-service or possible memory corruption. Exploitation is only relevant if the app using Hermes eva...

7.5CVSS7.5AI score0.01092EPSS

Prion•added 2020/09/09 7:15 p.m.•11 views

Integer overflow

An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...

6.8CVSS7.7AI score0.002EPSS

CVE•added 2020/09/09 7:0 p.m.•58 views

CVE-2020-1913

The CVE-2020-1913 issue affects Facebook Hermes’ JavaScript interpreter and is caused by an Integer signedness error. A crafted JavaScript payload can cause denial of service or potentially remote code execution if untrusted JS is evaluated by the Hermes runtime. The description notes that most R...

8.1CVSS7.7AI score0.002EPSS

Cvelist•added 2020/09/09 7:0 p.m.•18 views

CVE-2020-1913

7.8AI score0.002EPSS

Gentoo Linux•added 2020/07/28 12:0 a.m.•30 views

Background mujs is an embeddable Javascript interpreter in C. Description Multiple vulnerabilities have been discovered in mujs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround...

9.8CVSS2.7AI score0.0215EPSS

CNVD•added 2019/04/22 12:0 a.m.•2 views

Artifex Software MuJS Resource Management Error Vulnerability

Artifex Software MuJS is a lightweight JavaScript interpreter from Artifex Software, USA, which is used to embed into other software to provide script execution capabilities. A resource management error vulnerability exists in Artifex Software MuJS version 1.0.5. The vulnerability stems from...

7.5CVSS7AI score0.00839EPSS

Exploits0References1

Fedora•added 2018/02/14 5:11 p.m.•19 views

[SECURITY] Fedora 26 Update: mujs-0-11.20180129git25821e6.fc26

MuJS is a lightweight Javascript interpreter designed for embedding in other software to extend them with scripting capabilities...

5.5CVSS1.2AI score0.03779EPSS

Exploits10

Microsoft Malware Protection•added 2017/10/18 1:1 p.m.•216 views

Browser security beyond sandboxing

Security is now a strong differentiator in picking the right browser. We all use browsers for day-to-day activities like staying in touch with loved ones, but also for editing sensitive private and corporate documents, and even managing our financial assets. A single compromise through a web...

6.8CVSS9.8AI score0.05118EPSS

seebug.org•added 2017/10/17 12:0 a.m.•31 views

Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2017-11809)

Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var Js::InterpreterStackFrame::INTERPRETERLOOPNAME PROBESTACKscriptContext, Js::Constants::MinStackInterpreter; closureInitDone Assertthis-mreader.GetCurrentOffset == 0; this-InitializeClosures; DoStackScopeSlots...

7.6CVSS7.6AI score0.78672EPSS

Exploits3

ThreatPost•added 2017/05/09 9:12 a.m.•41 views

Emergency Update Patches Zero Day in Microsoft Malware Protection Engine

Microsoft made quick work of what two prominent Google researchers called the worst Windows vulnerability in recent memory, releasing an emergency patch Monday night, 48 hours after Google’s private disclosure was made. The mystery Windows zero day CVE-2017-0290 was in the Microsoft Malware...

9.3CVSS0.8AI score0.87143EPSS

Exploits5References5

Exploit DB•added 2017/05/09 12:0 a.m.•187 views

Microsoft Security Essentials / SCEP (Microsoft Windows 8/8.1/10 / Windows Server) - 'MsMpEng' Remote Type Confusion

Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5 MsMpEng is the Malware Protection service that is enabled by default on Windows 8, 8.1, 10, Windows Server 2012, and so on. Additionally, Microsoft Security Essentials, System Centre Endpoint Protection and various othe...

7.4AI score