CVE-2023-30470

A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled for Hermes prior to commit da8990f737ebb9d9810633502f65ed462b819c09 could have been used by an attacker to achieve remote code execution. Note that this is only exploitable in cases where Herme...

CVE-2023-28081

A bytecode optimization bug in Hermes prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could be used to cause an use-after-free and obtain arbitrary code execution via a carefully crafted payload. Note that this is only exploitable in cases where Hermes is used to execute untrusted...

CVE-2023-25933

CVE-2023-25933 concerns the Hermes JavaScript engine in React Native. A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could allow arbitrary code execution via untrusted JavaScript when Hermes processes such code. Most React Native apps are not affected ...

CVE-2023-25933

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, mos...

CVE-2023-25933

A type confusion bug in TypedArray prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, mos...

CVE-2023-24833

A use-after-free in BigIntPrimitive addition in Hermes prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 could have been used by an attacker to leak raw data from Hermes VM’s heap. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScript. Hence, most...

CVE-2023-24832

A null pointer dereference bug in Hermes prior to commit 5cae9f72975cf0e5a62b27fdd8b01f103e198708 could have been used by an attacker to crash an Hermes runtime where the EnableHermesInternal config option was set to true. Note that this is only exploitable in cases where Hermes is used to execut...

CVE-2023-23557

An error in Hermes' algorithm for copying objects properties prior to commit a00d237346894c6067a594983be6634f4168c9ad could be used by a malicious attacker to execute arbitrary code via type confusion. Note that this is only exploitable in cases where Hermes is used to execute untrusted JavaScrip...

PT-2023-20367 · Hermes +1 · Hermes +2

Name of the Vulnerable Software and Affected Versions: TypedArray versions prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 Description: A type confusion bug in TypedArray could have been used by a malicious attacker to execute arbitrary code via untrusted JavaScript. This is only...

PT-2023-22710 · Hermes · Hermes

Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit da8990f737ebb9d9810633502f65ed462b819c09 Description: A use-after-free related to unsound inference in the bytecode generation when optimizations are enabled could have been used by an attacker to achieve remot...

PT-2023-21541 · Hermes · Hermes

Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit e6ed9c1a4b02dc219de1648f44cd808a56171b81 Description: A bytecode optimization bug could be used to cause a use-after-free and obtain arbitrary code execution via a carefully crafted payload. This is only...

PT-2023-19037 · Facebook · Hermes

Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 Description: An error in BigInt conversion to Number in Hermes could have been used by a malicious attacker to execute arbitrary code due to an out-of-bound write. This...

PT-2023-19813 · Facebook · Hermes

Name of the Vulnerable Software and Affected Versions: Hermes versions prior to commit a6dcafe6ded8e61658b40f5699878cd19a481f80 Description: A use-after-free in BigIntPrimitive addition could have been used by an attacker to leak raw data from Hermes VM’s heap. This issue is only exploitable in...

PT-2023-19038 · Hermes · Hermes

Name of the Vulnerable Software and Affected Versions: Hermes affected versions not specified Description: An error in Hermes' algorithm for copying objects properties could be used by a malicious attacker to execute arbitrary code via type confusion. This issue is only exploitable in cases where...

SUSE CVE-2016-9901

HTML tags received from the Pocket server will be processed without sanitization and any JavaScript code executed will be run in the "about:pocket-saved" unprivileged page, giving it access to Pocket's messaging API through HTML injection. This vulnerability affects Firefox ESR 45.6 and Firefox...

SUSE CVE-2018-1999024

MathJax version prior to version 2.7.4 contains a Cross Site Scripting XSS vulnerability in the \unicode macro that can result in Potentially untrusted Javascript running within a web browser. This attack appear to be exploitable via The victim must view a page where untrusted content is processe...

CVE-2022-40138

An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...

CVE-2022-40138

An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...

CVE-2022-35289

A write-what-where condition in hermes caused by an integer overflow, prior to commit 5b6255ae049fa4641791e47fad994e8e8c4da374 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of...

CVE-2022-40138

An integer conversion error in Hermes bytecode generation, prior to commit 6aa825e480d48127b480b08d13adf70033237097, could have been used to perform Out-Of-Bounds operations and subsequently execute arbitrary code. Note that this is only exploitable in cases where Hermes is used to execute...