Lucene search
K

2108 matches found

Prion
Prion
added 2018/06/08 6:29 p.m.25 views

Out-of-bounds

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit"...

6.8CVSS8.4AI score0.10508EPSS
Exploits3References11Affected Software7
Cvelist
Cvelist
added 2018/06/08 6:0 p.m.26 views

CVE-2018-4222

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit"...

8.6AI score0.10508EPSS
Exploits3References11
Debian CVE
Debian CVE
added 2018/06/08 6:0 p.m.38 views

CVE-2018-4222

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit"...

8.8CVSS8.8AI score0.10508EPSS
Exploits3
OSV
OSV
added 2018/06/08 12:0 a.m.0 views

UBUNTU-CVE-2018-4222

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit"...

8.8CVSS7.6AI score0.10508EPSS
Exploits3References12
exploitpack
exploitpack
added 2018/06/08 12:0 a.m.12 views

WebKit - WebAssembly Compilation Info Leak

WebKit - WebAssembly Compilation Info Leak arrayBufferView-vector : staticcastarrayBuffer-impl-data; If the source buffer is a view DataView or TypedArray, arrayBufferView-vector is returned. The vector method returns the start of the data in the buffer, including any offset. However, the functio...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2018/06/08 12:0 a.m.10 views

Google Chrome - Integer Overflow when Processing WebAssembly Locals

Google Chrome - Integer Overflow when Processing WebAssembly Locals / When v8 decodes the locals of a function, it performs a check: if count + typelist-size kV8MaxWasmFunctionLocals decoder-errordecoder-pc - 1, "local count too large"; return false; On a 32-bit platform, this check can be bypass...

1AI score
Exploits0
seebug.org
seebug.org
added 2018/06/08 12:0 a.m.104 views

WebKit: Info leak in WebAssembly Compilation(CVE-2018-4222)

There is an out-of-bounds read when compiling WebAssembly source buffers in WebKit. When a source buffer is compiled, it is first copied into a read-only buffer by the functuion getWasmBufferFromValue. This function returns the code buffer as follows: return arrayBufferView ?...

0.4AI score0.10508EPSS
Exploits3
seebug.org
seebug.org
added 2018/06/08 12:0 a.m.98 views

Google Chrome: Integer Overflow when Processing WebAssembly Locals(CVE-2018-6092)

When v8 decodes the locals of a function, it performs a check: if count + typelist-size kV8MaxWasmFunctionLocals decoder-errordecoder-pc - 1, "local count too large"; return false; On a 32-bit platform, this check can be bypassed due to an integer overflow. This allows the number of function loca...

1AI score0.09186EPSS
Exploits2
UbuntuCve
UbuntuCve
added 2018/06/08 12:0 a.m.27 views

CVE-2018-4222

An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit"...

8.8CVSS7.5AI score0.10508EPSS
Exploits3References11
Exploit DB
Exploit DB
added 2018/06/08 12:0 a.m.33 views

WebKit - WebAssembly Compilation Info Leak

arrayBufferView-vector : staticcastarrayBuffer-impl-data; If the source buffer is a view DataView or TypedArray, arrayBufferView-vector is returned. The vector method returns the start of the data in the buffer, including any offset. However, the function createSourceBufferFromValue copies the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2018/06/08 12:0 a.m.36 views

Google Chrome - Integer Overflow when Processing WebAssembly Locals

/ When v8 decodes the locals of a function, it performs a check: if count + typelist-size kV8MaxWasmFunctionLocals decoder-errordecoder-pc - 1, "local count too large"; return false; On a 32-bit platform, this check can be bypassed due to an integer overflow. This allows the number of function...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
added 2018/06/07 8:37 p.m.5 views

chromium-browser: Incorrect mutability protection in WebAssembly

Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS7.4AI score0.00896EPSS
Exploits0References5
CNVD
CNVD
added 2018/06/05 12:0 a.m.2 views

Google Chrome WebAssembly Incorrect Mutability Protection Vulnerability

Google Chrome is a web browser developed by Google, and WebAssembly is a sandboxed execution environment. A security vulnerability exists in WebAssembly in versions of Google Chrome prior to 67.0.3396.62. A remote attacker can exploit the vulnerability with the help of a specially crafted website...

8.8CVSS9AI score0.00896EPSS
Exploits0References1
OSV
OSV
added 2018/06/01 6:29 p.m.3 views

CVE-2016-10587

wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

8.1CVSS6.3AI score0.01682EPSS
Exploits0References1
NVD
NVD
added 2018/06/01 6:29 p.m.19 views

CVE-2016-10587

wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

9.3CVSS8.3AI score0.01682EPSS
Exploits0References1
Prion
Prion
added 2018/06/01 6:29 p.m.13 views

Remote code execution

wasdk is a toolkit for creating WebAssembly modules. wasdk downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

9.3CVSS8AI score0.01682EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2018/06/01 6:0 p.m.54 views

CVE-2016-10587

The CVE-2016-10587 issue affects the wasdk toolkit for creating WebAssembly modules, where binary resources are downloaded over unencrypted HTTP. This plaintext transmission enables a man-in-the-middle to swap the requested binary with a malicious one, potentially causing remote code execution on...

9.3CVSS8.3AI score0.01682EPSS
Exploits0References1Affected Software1
OPENSUSE Linux
OPENSUSE Linux
added 2018/06/01 3:7 a.m.100 views

Security update for chromium (important)

This update for chromium to version 66.0.3359.181 fixes the following issues: The following security issues were fixed boo1095163: CVE-2018-6123: Use after free in Blink. CVE-2018-6124: Type confusion in Blink. CVE-2018-6125: Overly permissive policy in WebUSB. CVE-2018-6126: Heap buffer overflow...

1.6AI score0.07666EPSS
Exploits3References1
ThreatPost
ThreatPost
added 2018/05/30 3:32 p.m.33 views

Google Patches 34 Browser Bugs in Chrome 67, Adds Spectre Fixes

Google updated its Chrome browser to version 67.0.3396.62 on Tuesday patching 34 bugs and adding support for the credential management API called WebAuthn. The update will be available in the coming days for Windows, Mac and Linux platforms, Google said. Most notably to the browser update are...

6.8CVSS8.9AI score0.07666EPSS
Exploits3References8
RedhatCVE
RedhatCVE
added 2018/05/30 9:4 a.m.24 views

CVE-2018-6131

Object lifecycle issue in WebAssembly in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

8.8CVSS2.7AI score0.00896EPSS
Exploits0References2
Rows per page
Query Builder