5834 matches found
Memory corruption
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...
CVE-2020-1915
CVE-2020-1915 targets Facebook Hermes’ JavaScript Interpreter. A crafted JavaScript input can trigger an out-of-bounds read prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0, enabling denial-of-service or possible memory corruption. Exploitation is only relevant if the app using Hermes eva...
CVE-2020-1915
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...
CVE-2020-1915
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...
KB2793634 - Windows Installer starts repeatedly after you install SQL Server 2012 SP1
KB2793634 - Windows Installer starts repeatedly after you install SQL Server 2012 SP1 Symptoms After you install SQL Server 2012 SP1 on a computer, the Windows Installer Msiexec.exe process is repeatedly started to repair certain assemblies. Additionally, the following events are logged in the...
SSJ - Your Everyday Linux Distribution Gone Super Saiyan
SSJ is s silly little script that relies on docker installed on your everyday Linux distribution Ubuntu, Debian, etc. and magically arms it with hundreds of penetration testing and forensics tools. All of these run with almost native performance as containers utilize the host kernel and thus is a...
Security Bulletin: Netcool Operations Insight - Cloud Native Event Analytics is affected by an Apache Commons Codec vulnerability
Summary Netcool Operations Insight - Cloud Native Event Analytics has addressed the following vulnerability in Apache Commons Codec Vulnerability Details Third Party Entry: 177835 DESCRIPTION: Apache Commons Codec information disclosure CVSS Base score: 7.5 CVSS Temporal Score: See:...
FIN11 Hackers Spotted Using New Techniques In Ransomware Attacks
A financially-motivated threat actor known for its malware distribution campaigns has evolved its tactics to focus on ransomware and extortion. According to FireEye's Mandiant threat intelligence team, the collective — known as FIN11 — has engaged in a pattern of cybercrime campaigns at least sin...
[SECURITY] Fedora 31 Update: oniguruma-6.9.4-2.fc31
Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. supported APIs: GNU regex, POSIX and Oniguruma native...
[SECURITY] Fedora 32 Update: oniguruma-6.9.5-3.rev1.fc32
Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. supported APIs: GNU regex, POSIX and Oniguruma native...
CVE-2020-1914
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...
CVE-2020-1914
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...
Design/Logic Flaw
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...
CVE-2020-1914
The CVE-2020-1914 entry describes a logic vulnerability in Facebook Hermes related to the SaveGeneratorLong instruction. Before the commit b2021df620824627f5a8c96615edbd1eb7fdddfc, attackers could theoretically read out of bounds or execute arbitrary code via crafted JavaScript, but exploitation ...
CVE-2020-1914
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...
CVE-2020-1914
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...
GHSA-56PC-6JQP-XQJ8 Context isolation bypass in Electron
Impact Apps using both contextIsolation and sandbox: true are affected. Apps using both contextIsolation and nativeWindowOpen: true are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context an...
[SECURITY] Fedora 33 Update: oniguruma-6.9.5-3.rev1.fc33
Oniguruma is a regular expressions library. The characteristics of this library is that different character encoding for every regular expression object can be specified. supported APIs: GNU regex, POSIX and Oniguruma native...
Enter the Vault: Authentication Issues in HashiCorp Vault
Posted by Felix Wilhelm, Project Zero Introduction In this blog post I'll discuss two vulnerabilities in HashiCorp Vault and its integration with Amazon Web Services AWS and Google Cloud Platform GCP. These issues can lead to an authentication bypass in configurations that use the aws and gcp aut...
Cross-site Scripting (XSS)
react-native-webview is vulnerable to cross-site scripting XSS. The vulnerability exists through the lack of policy enforcement that allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. The vulnerability exists on all applications running on systems with an Andro...