CVE-2019-1010162

jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function JsiStrcmpDict jsiChar.c:121. The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77...

CVE-2019-1010169

Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: denial of service. The component is: function lexergetchar jsiLexer.c:9. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78...

CVE-2019-1010171

Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsiDumpFunctions jsiEval.c:567. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84...

CVE-2019-1010170

Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function JsiObjFree jsiObj.c:230. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78...

CVE-2019-1010162

jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function JsiStrcmpDict jsiChar.c:121. The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77...

Design/Logic Flaw

Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function JsiObjFree jsiObj.c:230. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78...

Design/Logic Flaw

Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: denial of service. The component is: function lexergetchar jsiLexer.c:9. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78...

Code injection

Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsiDumpFunctions jsiEval.c:567. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84...

Null pointer dereference

jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function JsiStrcmpDict jsiChar.c:121. The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77...

CVE-2019-1010173

Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function JsiValueArrayIndex jsiValue.c:366. The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3...

CVE-2019-1010171

Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsiDumpFunctions jsiEval.c:567. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84...

CVE-2019-1010171

The CVE-2019-1010171 entry describes a vulnerability in Jsish 2.4.83/2.0483 where a null pointer dereference in the function jsi_DumpFunctions (jsiEval.c:567) can be triggered by executing crafted JavaScript code, leading to denial of service. The fixed version is 2.4.84. References in the provid...

CVE-2019-1010170

Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function JsiObjFree jsiObj.c:230. The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78...

CVE-2019-1010162

jsish 2.4.74 2.0474 is affected by: CWE-476: NULL Pointer Dereference. The impact is: denial of service. The component is: function JsiStrcmpDict jsiChar.c:121. The attack vector is: The victim must execute crafted javascript code. The fixed version is: 2.4.77...

CVE-2018-20637

PHP Scripts Mall Chartered Accountant : Auditor Website 2.0.1 allows remote attackers to cause a denial of service unrecoverable blank profile via crafted JavaScript code in the First Name and Last Name field...

Code injection

PHP Scripts Mall Entrepreneur Job Portal Script 3.0.1 allows remote attackers to cause a denial of service outage of profile editing via crafted JavaScript code in the KeySkills field...

(0Day) (Pwn2Own) Xiaomi Mi6 Browser downloadAndInstallApk Improper Authorization Remote Code Execution Vulnerability

This vulnerability allows network adjacent attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser. User interaction is required to exploit this vulnerability in that the target must connect to a malicious access point. The specific flaw exists within the handling of...

CVE-2018-18334

A vulnerability in the Private Browser of Trend Micro Dr. Safety for Android Consumer versions below 3.0.1478 could allow an remote attacker to bypass the Same Origin Policy SOP and obtain sensitive information via crafted JavaScript code on vulnerable installations...

CVE-2018-18334

A vulnerability in the Private Browser of Trend Micro Dr. Safety for Android Consumer versions below 3.0.1478 could allow an remote attacker to bypass the Same Origin Policy SOP and obtain sensitive information via crafted JavaScript code on vulnerable installations...

[ASA-201810-6] firefox: multiple issues

Arch Linux Security Advisory ASA-201810-6 ========================================= Severity: Critical Date : 2018-10-04 CVE-ID : CVE-2018-12386 CVE-2018-12387 Package : firefox Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-775 Summary ======= The package firefox...