5843 matches found
CVE-2023-23557
An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScrip...
CVE-2023-23557
CVE-2023-23557 affects Facebook Hermes (JavaScript engine used in React Native). The root cause is a type-confusion bug caused by copying object properties prior to commit, enabling an attacker to execute arbitrary code when Hermes runs untrusted JavaScript. The vulnerability is described across ...
CVE-2023-23557
An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScrip...
CVE-2023-23556
CVE-2023-23556 affects the Facebook Hermes JavaScript engine. A bug in BigInt conversion to Number exists in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80, allowing a malicious actor to execute arbitrary code via an out-of-bounds write when untrusted JavaScript is executed. The ...
CVE-2023-23556
An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted...
CVE-2023-23556
An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted...
CVE-2023-23556
An error in BigInt conversion to Number in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. Note that this bug is only exploitable in cases where Hermes is used to execute untrusted...
Facebook Hermes 资源管理错误漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. A security vulnerability exists in...
PT-2023-21541 · Hermes · Hermes
Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 Description: A bytecode optimization bug could be used to cause a use-after-free and obtain arbitrary code execution via a carefully crafted payload. This is only...
PT-2023-22710 · Hermes · Hermes
Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit da8990f737ebb9d9810633502f65ed462b819c09 Description: A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled could have been used by an attacker to achieve remot...
PT-2023-19037 · Facebook · Hermes
Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 Description: An error in BigInt conversion to Number in Hermes could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. This...
Facebook Hermes 资源管理错误漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. Facebook Hermes has a security...
Facebook Hermes 代码问题漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. Facebook Hermes has a security...
Facebook Hermes 安全漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client apps, but is not applicable to server-side infrastructures such as browsers & Node.js. Facebook Hermes...
Facebook Hermes 资源管理错误漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browsers & Node.js. Facebook Hermes suffers from a...
Facebook Hermes 安全漏洞
Facebook Hermes is a JavaScript engine from Facebook Inc. in the United States. The engine is targeted at React Native applications to improve the performance of mobile client application apps, but not for server-side infrastructures such as browser & Node.js. Facebook Hermes has a security...
The vulnerability of the Native Image component in the Oracle GraalVM Enterprise Edition virtual machine allows a hacker to gain access to modify, add, or delete data.
The vulnerability of the Native Image component in the Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient testing of input data. Exploiting this vulnerability can allow an attacker to modify, add, or delete data...
Security Bulletin: IBM Cognos Command Center is affected by multiple vulnerabilities
Summary There are vulnerabilities in IBM® Semeru Java™ Version 11 used by IBM Cognos Command Center. IBM Cognos Command Center 10.2.4 Fix Pack 1 IF17 has addressed the applicable CVEs by upgrading to IBM® Semeru JRE 11.0.18.0 CVE-2022-21449, CVE-2022-21434, CVE-2022-21443, CVE-2022-21624,...
Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report
As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as...
Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report
As we continue to drive toward making the world safer and more productive for all, it is vital we empower our customers to secure every aspect of their organization. Each day we are seeing more advanced security threats as bad actors develop new tactics that aim to take advantage of businesses as...