Code injection

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object...

CVE-2017-1001003

CVE-2017-1001003 affects math.js prior to 3.17.0. The issue allows private properties (e.g., a constructor) to be replaced by using Unicode characters when creating an object, which can alter object behavior. Documents reference upgrades to 3.17.0+ as the advised remediation and indicate the vuln...

Apache OpenOffice Multiple DoS And Information Disclosure Vulnerabilities - Mac OS X

Apache OpenOffice is prone to multiple denial of service and information disclosure vulnerabilities. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

UBUNTU-CVE-2017-9806

A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service memory corruption and application crash potentially resulting in arbitrary code execution...

DEBIAN-CVE-2017-9806

A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service memory corruption and application crash potentially resulting in arbitrary code execution...

CVE-2017-9806

A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, and specifically in the WW8Fonts Constructor, allows attackers to craft malicious documents that cause denial of service memory corruption and application crash potentially resulting in arbitrary code execution...

Apache OpenOffice DOC File Parsing Remote Code Execution Vulnerability

Apache OpenOffice is open and free word processing software. The OpenOffice Writer DOC file parser and WW8Fonts constructor handles DOC file vulnerabilities, allowing remote attackers to exploit the vulnerability by submitting a special file and tricking the user into parsing it, which can crash...

Sandbox Breakout / Arbitrary Code Execution

Overview Affected versions of static-eval pass untrusted user input directly to the global function constructor, resulting in an arbitrary code execution vulnerability when user input is parsed via the package. Proof of concept var evaluate = require'static-eval'; var parse =...

CVE-2017-1000107

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...

CVE-2017-1000107

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...

Type confusion

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...

CVE-2017-1000107

CVE-2017-1000107 affects the Jenkins Script Security Plugin. The root cause is that sandboxing restrictions were not applied to constructor invocations via positional argument lists, super constructors, method references, or type coercion expressions, allowing potential bypass of sandbox protecti...

CVE-2017-1000107

Script Security Plugin did not apply sandboxing restrictions to constructor invocations via positional arguments list, super constructor invocations, method references, and type coercion expressions. This could be used to invoke arbitrary constructors and methods, bypassing sandbox protection...

Poppler Null Pointer Dereference Vulnerability

Poppler is a C++ class library for generating PDF, the library is inherited from Xpdf PDF reader. A security vulnerability exists in the 'AnnotRichMedia::Content::Content' function of the Annot.cc file in Poppler version 0.59.0. The vulnerability can be exploited to cause a denial of service null...

Linux PDF rendering engine poppler suffers from a denial of service vulnerability

Poppler is used to generate a PDF of the C++ class library , from xpdf inheritance. Linux PDF rendering engine poppler Stream.cc ImageStream::ImageStream there is a denial-of-service vulnerability. Attackers can use this vulnerability to launch denial-of-service attacks...

wpantund: Dynamic-stack-buffer-overflow in _ZNSt3__16vectorIhNS_9allocatorIhEEE18__construct_at_endIPKhEENS_9enable_ifIXsr2

Project: https://github.com/openthread/wpantund.git Detailed report: https://oss-fuzz.com/testcase?key=6499016432943104 Project: wpantund Fuzzer: libFuzzerwpantundwpantund-fuzz Fuzz target binary: wpantund-fuzz Job Type: libfuzzerasanwpantund Platform Id: linux Crash Type:...

UBUNTU-CVE-2017-12950

The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted gig file...

Microsoft Edge Chakra - 'InterpreterStackFrame::ProcessLinkFailedAsmJsModule' Incorrectly Re-parses

GetOriginalEntryPoint : nullptr; if this-pCurrentFunction && this-pCurrentFunction-IsFunctionParsed Assertthis-pCurrentFunction-StartInDocument == pnode-ichMin; pCurrentFunction" is the consturctor, but "pnode" refers to the method "f". PoC: -- class MyClass fa printa; constructor 'use asm';...

Microsoft Edge: Chakra: InterpreterStackFrame::ProcessLinkFailedAsmJsModule incorrectly re-parses(CVE-2017-8645)

When Chakra fails to link an asmjs module, it tries to re-parse the failed-to-link asmjs function to treat it as a normal javascript function. But it incorrectly handles the case where the function is a class. It starts to parse from the start of the class declaration instead of the constructor. ...

Microsoft Edge Chakra - InterpreterStackFrame::ProcessLinkFailedAsmJsModule Incorrectly Re-parses

Microsoft Edge Chakra - InterpreterStackFrame::ProcessLinkFailedAsmJsModule Incorrectly Re-parses GetOriginalEntryPoint : nullptr; if this-pCurrentFunction && this-pCurrentFunction-IsFunctionParsed Assertthis-pCurrentFunction-StartInDocument == pnode-ichMin; pCurrentFunction" is the consturctor,...