CVE-2014-3150

CVE-2014-3150 affects Livebox 1.1. Remote authenticated attackers can upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted JavaScript. The connected sources corroborate the vulnerability but do not provide detailed root cause, affected...

PT-2017-4257 · Ruby +4 · Yajl-Ruby +4

Name of the Vulnerable Software and Affected Versions: yajl-ruby gem version 1.3.0 Description: The issue is related to insufficient processing of a format string in the yajl string decode function of the yajl encode.c component in the YAJL-ruby JSON library. When a crafted JSON file is supplied ...

UBUNTU-CVE-2017-14749

JerryScript 1.0 allows remote attackers to cause a denial of service jmemheapallocblockinternal heap memory corruption or possibly execute arbitrary code via a crafted .js file, because unrecognized \ characters cause incorrect 0x00 characters in bytecode.literal data...

WebKit Denial of Service Vulnerability (CNVD-2017-05499)

WebKit is KDE, Apple Apple, Google Google and other companies to develop a set of open source Web browser engine , currently used by Apple Safari and Google Chrome and other browsers . WebKit suffers from a denial of service vulnerability. A remote attacker could exploit the vulnerability to caus...

Type confusion

runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service segmentation violation and application crash via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function...

CVE-2016-10226

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service bitfield out-of-bounds read and application crash via crafted JavaScript code that is mishandled in the operatorString function, related to...

Out-of-bounds

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service bitfield out-of-bounds read and application crash via crafted JavaScript code that is mishandled in the operatorString function, related to...

CVE-2016-10222

runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service segmentation violation and application crash via crafted JavaScript code that triggers a "type confusion" in the JSON.stringify function...

CVE-2016-10226

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service bitfield out-of-bounds read and application crash via crafted JavaScript code that is mishandled in the operatorString function, related to...

CVE-2016-10226

JavaScriptCore in WebKit, as distributed in Safari Technology Preview Release 18, allows remote attackers to cause a denial of service bitfield out-of-bounds read and application crash via crafted JavaScript code that is mishandled in the operatorString function, related to...

CVE-2016-10226

Removed by vendor...

CVE-2017-5928

The W3C High Resolution Time API, as implemented in various web browsers, does not consider that memory-reference times can be measured by a performance.now "Time to Tick" approach even with the https://bugzilla.mozilla.org/showbug.cgi?id=1167489c9 protection mechanism in place, which makes it...

CVE-2017-5928

CVE-2017-5928 maps to a timing-related vulnerability in the W3C High Resolution Time API. The issue arises because memory-reference times can be measured in ways Cited as a “Time to Tick” approach, which bypasses protection mechanisms (e.g., Mozilla’s 1167489#c9) and facilitates AnC-style attacks...

CVE-2017-0037

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheet...

CVE-2017-0037

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheet...

CVE-2017-0037

Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type confusion issue in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement function in mshtml.dll, which allows remote attackers to execute arbitrary code via vectors involving a crafted Cascading Style Sheet...

PT-2017-2273 · Microsoft · Edge +2

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 10 through 11 Microsoft Edge affected versions not specified Description: The issue is caused by a type confusion problem in the Layout::MultiColumnBoxBuilder::HandleColumnBreakOnColumnSpanningElement...

CVE-2016-7592

CVE-2016-7592 affects WebKit components in Apple products: iOS before 10.2, Safari before 10.0.2, iCloud before 6.1, and iTunes before 12.5.4. The issue enables remote attackers to obtain sensitive information via crafted JavaScript prompts on a website, arising from a WebKit handling/validation ...

Artifex Software MuJS 'mujs/jsrun.c' Integer Overflow Vulnerability

Artifex Software MuJS is a lightweight JavaScript interpreter from Artifex Software, USA, which is used to embed into other software to provide script execution capabilities. Artifex Software MuJS 4006739a28367c708dea19aeb19b8a1a9326ce08 A security vulnerability exists in previous versions of...

Artifex Software MuJS Integer Overflow Vulnerability (CNVD-2017-01667)

Artifex Software MuJS is a lightweight JavaScript interpreter from Artifex Software, USA, which is used to embed into other software to provide script execution capabilities. Artifex Software MuJS 8f62ea10a0af68e56d5c00720523ebcba13c2e6a A security vulnerability exists in previous versions of...