Lucene search
K

67 matches found

OpenVAS
OpenVAS
added 2020/11/10 12:0 a.m.13 views

Fedora: Security Advisory for mujs (FEDORA-2020-f3d08b9b3a)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.8AI score0.03284EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/11/10 12:0 a.m.13 views

Fedora: Security Advisory for mujs (FEDORA-2020-496ab4615a)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.8AI score0.03284EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2020/11/10 12:0 a.m.16 views

Fedora: Security Advisory for mujs (FEDORA-2020-53773f4954)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

9.8CVSS8.8AI score0.03284EPSS
Exploits0References2
OSV
OSV
added 2020/10/26 9:15 p.m.41 views

CVE-2020-1915

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

7.5CVSS6.8AI score0.01584EPSS
Exploits0References2
Prion
Prion
added 2020/10/26 9:15 p.m.25 views

Memory corruption

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

4.3CVSS7.5AI score0.01584EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/10/26 8:20 p.m.113 views

CVE-2020-1915

CVE-2020-1915 targets Facebook Hermes’ JavaScript Interpreter. A crafted JavaScript input can trigger an out-of-bounds read prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0, enabling denial-of-service or possible memory corruption. Exploitation is only relevant if the app using Hermes eva...

7.5CVSS7.5AI score0.01584EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/10/26 8:20 p.m.52 views

CVE-2020-1915

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

7.5AI score0.01584EPSS
Exploits0References2
AlpineLinux
AlpineLinux
added 2020/10/26 8:20 p.m.30 views

CVE-2020-1915

An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...

7.5CVSS7.6AI score0.01584EPSS
Exploits0
Prion
Prion
added 2020/09/09 7:15 p.m.21 views

Integer overflow

An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...

6.8CVSS7.7AI score0.01202EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/09/09 7:0 p.m.72 views

CVE-2020-1913

The CVE-2020-1913 issue affects Facebook Hermes’ JavaScript interpreter and is caused by an Integer signedness error. A crafted JavaScript payload can cause denial of service or potentially remote code execution if untrusted JS is evaluated by the Hermes runtime. The description notes that most R...

8.1CVSS7.7AI score0.01202EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/09/09 7:0 p.m.70 views

CVE-2020-1913

An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...

7.8AI score0.01202EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2020/07/28 12:0 a.m.36 views

Background mujs is an embeddable Javascript interpreter in C. Description Multiple vulnerabilities have been discovered in mujs. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There is no known workaround...

9.8CVSS2.7AI score0.03284EPSS
Exploits0
CNVD
CNVD
added 2019/04/22 12:0 a.m.4 views

Artifex Software MuJS Resource Management Error Vulnerability

Artifex Software MuJS is a lightweight JavaScript interpreter from Artifex Software, USA, which is used to embed into other software to provide script execution capabilities. A resource management error vulnerability exists in Artifex Software MuJS version 1.0.5. The vulnerability stems from...

7.5CVSS7AI score0.02323EPSS
Exploits0References1
Fedora
Fedora
added 2018/02/14 5:11 p.m.53 views

[SECURITY] Fedora 26 Update: mujs-0-11.20180129git25821e6.fc26

MuJS is a lightweight Javascript interpreter designed for embedding in other software to extend them with scripting capabilities...

5.5CVSS1.2AI score0.05295EPSS
Exploits10
BDU FSTEC
BDU FSTEC
added 2017/10/26 12:0 a.m.10 views

The vulnerability of Microsoft Edge’s JavaScript interpreter allows a perpetrator to execute arbitrary code using specially crafted content.

The vulnerability of Microsoft Edge’s JavaScript interpreter is related to improper handling of objects in memory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...

7.6CVSS7.7AI score0.64437EPSS
Exploits3References6
BDU FSTEC
BDU FSTEC
added 2017/10/26 12:0 a.m.6 views

The vulnerability of Microsoft Edge’s JavaScript interpreter allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft Edge’s JavaScript interpreter is related to improper handling of objects in memory when displaying content. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, resulting from memory corruption caused b...

7.6CVSS7.7AI score0.08597EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2017/10/26 12:0 a.m.6 views

The vulnerability of Microsoft Edge’s JavaScript interpreter allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft Edge’s JavaScript interpreter is related to improper handling of objects in memory when displaying content. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user, resulting from memory corruption caused b...

9.3CVSS7.8AI score0.10144EPSS
Exploits0References4
Microsoft Malware Protection
Microsoft Malware Protection
added 2017/10/18 1:1 p.m.218 views

Browser security beyond sandboxing

Security is now a strong differentiator in picking the right browser. We all use browsers for day-to-day activities like staying in touch with loved ones, but also for editing sensitive private and corporate documents, and even managing our financial assets. A single compromise through a web...

6.8CVSS9.8AI score0.05288EPSS
Exploits0
seebug.org
seebug.org
added 2017/10/17 12:0 a.m.35 views

Microsoft Edge Scripting Engine Remote Memory Corruption Vulnerability(CVE-2017-11809)

Here's a snippet of the method that interprets a javascript function's bytecode. Js::Var Js::InterpreterStackFrame::INTERPRETERLOOPNAME PROBESTACKscriptContext, Js::Constants::MinStackInterpreter; closureInitDone Assertthis-mreader.GetCurrentOffset == 0; this-InitializeClosures; DoStackScopeSlots...

7.6CVSS7.6AI score0.68027EPSS
Exploits3
ThreatPost
ThreatPost
added 2017/05/09 9:12 a.m.42 views

Emergency Update Patches Zero Day in Microsoft Malware Protection Engine

Microsoft made quick work of what two prominent Google researchers called the worst Windows vulnerability in recent memory, releasing an emergency patch Monday night, 48 hours after Google’s private disclosure was made. The mystery Windows zero day CVE-2017-0290 was in the Microsoft Malware...

9.3CVSS0.8AI score0.77207EPSS
Exploits5References5
Rows per page
Query Builder