Lucene search
K

1341 matches found

Exploit DB
Exploit DB
added 2019/03/26 12:0 a.m.125 views

Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR

/ A bug in IonMonkeys type inference system when JIT compiling and entering a constructor function via on-stack replacement OSR allows the compilation of JITed functions that cause type confusions between arbitrary objects. Prerequisites: 1. Spidermonkey can represent "plain" objects either as...

9.8CVSS10AI score0.19762EPSS
Exploits6
Cent OS
Cent OS
added 2019/03/22 1:54 p.m.187 views

firefox security update

CentOS Errata and Security Advisory CESA-2019:0622 An update for firefox is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS6.7AI score0.19762EPSS
Exploits11References7
Cent OS
Cent OS
added 2019/03/22 1:50 p.m.187 views

firefox security update

CentOS Errata and Security Advisory CESA-2019:0623 An update for firefox is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

9.8CVSS6.7AI score0.19762EPSS
Exploits11References7
Mageia
Mageia
added 2019/03/21 4:36 p.m.61 views

Updated firefox packages fix security vulnerability

Proxy Auto-Configuration file can define localhost access to be proxied CVE-2018-18506. Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 CVE-2019-9788. Use-after-free when removing in-use DOM elements CVE-2019-9790. Type inference is incorrect for constructors entered through on-stack...

9.8CVSS1.5AI score0.19762EPSS
Exploits11References4
Tenable Nessus
Tenable Nessus
added 2019/03/21 12:0 a.m.44 views

Oracle Linux 7 : firefox (ELSA-2019-0622)

The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-0622 advisory. 60.6.0-3.0.1 - Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file 60.6.0-3 - Added Google API keys mozbz1531176 60.6.0-2 -...

9.8CVSS7.7AI score0.19762EPSS
Exploits11References9
Tenable Nessus
Tenable Nessus
added 2019/03/21 12:0 a.m.45 views

Scientific Linux Security Update : firefox on SL7.x x86_64 (20190320)

This update upgrades Firefox to version 60.6.0 ESR. Security Fixes : - Mozilla: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6 CVE-2019-9788 - Mozilla: Use-after-free when removing in-use DOM elements CVE-2019-9790 - Mozilla: Type inference is incorrect for constructors entered throu...

9.8CVSS7.5AI score0.19762EPSS
Exploits11References9
RedHat Linux
RedHat Linux
added 2019/03/20 3:26 p.m.5 views

Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

9.8CVSS7.4AI score0.19762EPSS
Exploits6References5
RedHat Linux
RedHat Linux
added 2019/03/20 3:21 p.m.8 views

Mozilla: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

9.8CVSS7.4AI score0.19762EPSS
Exploits6References5
Tenable Nessus
Tenable Nessus
added 2019/03/20 12:0 a.m.59 views

FreeBSD : mozilla -- multiple vulnerabilities (05da6b56-3e66-4306-9ea3-89fafe939726)

Mozilla Foundation reports : CVE-2019-9790: Use-after-free when removing in-use DOM elements CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey CVE-2019-9792: IonMonkey leaks JSOPTIMIZEDOUT magic value to script CVE-2019-9793: Improper...

9.8CVSS7.5AI score0.19762EPSS
Exploits13References24
UbuntuCve
UbuntuCve
added 2019/03/20 12:0 a.m.46 views

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

9.8CVSS7.2AI score0.19762EPSS
Exploits6References7
Tenable Nessus
Tenable Nessus
added 2019/03/19 12:0 a.m.260 views

Mozilla Firefox ESR < 60.6

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 60.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-08 advisory. - A use-after-free vulnerability can occur when the SMIL animation controller incorrectly registers with th...

9.8CVSS7.8AI score0.19762EPSS
Exploits11References11
FreeBSD
FreeBSD
added 2019/03/19 12:0 a.m.99 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2019-9790: Use-after-free when removing in-use DOM elements CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey CVE-2019-9792: IonMonkey leaks JSOPTIMIZEDOUT magic value to script CVE-2019-9793: Improper...

9.8CVSS0.9AI score0.19762EPSS
Exploits13References2
Tenable Nessus
Tenable Nessus
added 2019/03/19 12:0 a.m.53 views

Mozilla Firefox < 66.0

The version of Firefox installed on the remote Windows host is prior to 66.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2019-07 advisory. - A latent vulnerability exists in the Prio library where data may be read from uninitialized memory for some functions,...

9.8CVSS7.5AI score0.19762EPSS
Exploits13References22
Kitploit
Kitploit
added 2019/01/26 8:37 p.m.175 views

identYwaf - Blind WAF Identification Tool

identYwaf is an identification tool that can recognize web protection type i.e. WAF based on blind inference. Blind inference is being done by inspecting responses provoked by a set of predefined offensive non-destructive payloads, where those are used only to trigger the web protection system in...

7.3AI score
Exploits0References3
Hacker One
Hacker One
added 2018/11/25 7:57 a.m.15 views

Ruby: Command injection in Pathname

The command may be executed when the value passed to Pathname is the first character of "|". This is the same problem as https://bugs.ruby-lang.org/issues/14245, but here it is executed without warning. ruby $ ruby -v ruby 2.5.3p105 2018-10-18 revision 65156 x8664-darwin16 $ irb irbmain:001:0 ls ...

0.4AI score
Exploits0
NVD
NVD
added 2018/08/28 7:29 p.m.15 views

CVE-2017-15419

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...

6.5CVSS6.6AI score0.01287EPSS
Exploits0References5
Cvelist
Cvelist
added 2018/08/28 7:0 p.m.24 views

CVE-2017-15419

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page...

6.5AI score0.01287EPSS
Exploits0References5
OSV
OSV
added 2018/07/27 1:39 p.m.3 views

SUSE-SU-2018:2113-1 Security update for the Linux Kernel (Live Patch 21 for SLE 12 SP1)

This update for the Linux Kernel 3.12.74-606460 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data fro...

5.6CVSS5.7AI score0.00611EPSS
Exploits0References4
OSV
OSV
added 2018/07/27 1:38 p.m.4 views

SUSE-SU-2018:2105-1 Security update for the Linux Kernel (Live Patch 24 for SLE 12)

This update for the Linux Kernel 3.12.61-5283 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from...

5.6CVSS5.7AI score0.00611EPSS
Exploits0References4
OSV
OSV
added 2018/07/27 1:38 p.m.7 views

SUSE-SU-2018:2096-1 Security update for the Linux Kernel (Live Patch 32 for SLE 12)

This update for the Linux Kernel 3.12.61-52122 fixes several issues. The following security issue was fixed: - CVE-2018-3665: System software utilizing Lazy FP state restore technique on systems using Intel Core-based microprocessors may potentially have allowed a local process to infer data from...

5.6CVSS5.7AI score0.00611EPSS
Exploits0References4
Rows per page
Query Builder