Code injection

Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsiDumpFunctions jsiEval.c:567. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84...

Design/Logic Flaw

Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: denial of service. The component is: function lexergetchar jsiLexer.c:9. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78...

CVE-2019-1010173

Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function JsiValueArrayIndex jsiValue.c:366. The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3...

CVE-2019-1010171

Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsiDumpFunctions jsiEval.c:567. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84...

CVE-2019-1010171

The CVE-2019-1010171 entry describes a vulnerability in Jsish 2.4.83/2.0483 where a null pointer dereference in the function jsi_DumpFunctions (jsiEval.c:567) can be triggered by executing crafted JavaScript code, leading to denial of service. The fixed version is 2.4.84. References in the provid...

CVE-2019-1010170

Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function JsiObjFree jsiObj.c:230. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78...

CVE-2019-1010162

jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function JsiStrcmpDict jsiChar.c:121. The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77...

CVE-2018-18334

A vulnerability in the Private Browser of Trend Micro Dr. Safety for Android Consumer versions below 3.0.1478 could allow an remote attacker to bypass the Same Origin Policy SOP and obtain sensitive information via crafted JavaScript code on vulnerable installations...

[ASA-201810-6] firefox: multiple issues

Arch Linux Security Advisory ASA-201810-6 ========================================= Severity: Critical Date : 2018-10-04 CVE-ID : CVE-2018-12386 CVE-2018-12387 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-775 Summary ======= The package firefox...

CVE-2018-1000668

jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsiObjArrayLookup jsiObj.c:274 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to ha...

CVE-2018-1000663

jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function jsievalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code...

Out-of-bounds

jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsiObjArrayLookup jsiObj.c:274 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to ha...

CVE-2018-1000663

jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function jsievalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code...

CVE-2018-1000655

Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsiValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in...

CVE-2018-1000655

Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsiValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in...

CVE-2018-15191

PHP Scripts Mall hotel-booking-script 2.0.4 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, or Address field...

Design/Logic Flaw

ephy-session.c in libephymain.so in GNOME Web aka Epiphany through 3.28.2.1 allows remote attackers to cause a denial of service application crash via JavaScript code that triggers access to a NULL URL, as demonstrated by a crafted window.open call...

CVE-2018-4911

An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability is an instance of a use after free vulnerability in the JavaScript API related to bookmark functionality. The...

Type confusion

runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service segmentation violation and application crash via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function...

CVE-2016-10226

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service bitfield out-of-bounds read and application crash via crafted JavaScript code that is mishandled in the operatorString function, related to...