10 matches found
PT-2026-39191
Name of the Vulnerable Software and Affected Versions VM2 affected versions not specified Description A sandbox breakout allows attackers to execute arbitrary commands on the host system. The issue occurs because the neutralizeArraySpeciesBatch function interacts with objects from an external...
EUVD-2023-34830
Malicious code in bioql PyPI...
CVE-2023-50883
ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression IIFE, and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446...
CVE-2023-50883
ONLYOFFICE Docs before 8.0.1 allows XSS because a macro is an immediately-invoked function expression IIFE, and therefore a sandbox escape is possible by directly calling the constructor of the Function object. NOTE: this issue exists because of an incorrect fix for CVE-2021-43446...
PT-2024-40765 · Git +1 · Boringssl
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash caused by the use of an uninitialized value. The crash occurs in the ssl ctx make profiles function. Technical details...
JerryScript 缓冲区错误漏洞
JerryScript is a lightweight JavaScript engine from the Jerryscript project. A security vulnerability exists in JerryScript version 1a2c047, which stems from a stack overflow in the component ecma-function-object.c. The vulnerability is caused by a stack overflow in the component...
CVE-2022-21227
The package sqlite3 before 5.0.3 are vulnerable to Denial of Service DoS which will invoke the toString function of the passed parameter. If passed an invalid Function object it will throw and crash the V8 engine...
XSS using outer window's Function object — Mozilla
mozbugra4 demonstrated that the Function prototype regression described in bug 355161 could be exploited to bypass the protections against cross site script XSS injection, which could be used to steal credentials or sensitive data from arbitrary sites or perform destructive actions on behalf of a...
CVE-2006-3803
Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used...
CVE-2006-3803
Race condition in the JavaScript garbage collection in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 might allow remote attackers to execute arbitrary code by causing the garbage collector to delete a temporary variable while it is still being used...