Lucene search
K

57 matches found

CNNVD
CNNVD
added 2022/10/24 12:0 a.m.0 views

Eclipse Openj9 安全漏洞

Eclipse OpenJ9 is a Java application engine from the Eclipse Foundation. The product is primarily used to run Java applications. A security vulnerability exists in versions of Eclipse Openj9 prior to 0.35.0 that stems from its ability to inline interface calls without runtime type checking...

6.5CVSS6.3AI score0.00589EPSS
Exploits0References8
OSV
OSV
added 2020/12/09 1:15 a.m.6 views

CVE-2020-26952

Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox 83...

8.8CVSS7.4AI score
Exploits0References2
OSV
OSV
added 2020/11/17 12:0 a.m.5 views

UBUNTU-CVE-2020-26952

Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox 83...

8.8CVSS7.3AI score0.01154EPSS
Exploits0References5
Oracle linux
Oracle linux
added 2020/05/05 12:0 a.m.102 views

gcc security and bug fix update

8.3.1-5.0.3 - Fix Orabug 29838827 - provide an option to adjust the maximum depth of nested include This is the same bug as gcc upstream PR90581 from Gcc9: gcc9-pr90581.patch - Fix Orabug 29541051 - confusing error message when there is a problem with ASANOPTIONS 'ERROR: expected '='' This is the...

7.5CVSS7.5AI score0.03207EPSS
Exploits0
exploitpack
exploitpack
added 2019/05/29 12:0 a.m.16 views

Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation

Spidermonkey - IonMonkey Unexpected ObjectGroup in ObjectGroupDispatch Operation While fuzzing Spidermonkey, I encountered the following commented and modified JavaScript program which crashes debug builds of the latest release version of Spidermonkey from commit...

0.1AI score
Exploits0
OSV
OSV
added 2018/10/18 1:29 p.m.2 views

DEBIAN-CVE-2018-12387

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content...

9.1CVSS8.5AI score0.0959EPSS
Exploits2References1
OSV
OSV
added 2018/10/03 12:0 a.m.2 views

UBUNTU-CVE-2018-12387

A vulnerability where the JavaScript JIT compiler inlines Array.prototype.push with multiple arguments that results in the stack pointer being off by 8 bytes after a bailout. This leaks a memory address to the calling function which can be used as part of an exploit inside the sandboxed content...

9.1CVSS7.2AI score0.0959EPSS
Exploits2References4
Packet Storm
Packet Storm
added 2018/09/18 12:0 a.m.53 views

Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion

Microsoft Edge: Chakra: Type confusion with PathTypeHandlerBase::SetAttributesHelper CVE-2018-8384 Here's a snippet of PathTypeHandlerBase::SetAttributesHelper. PathTypeHandlerBase predTypeHandler = this; DynamicType currentType = instance-GetDynamicType; while predTypeHandler-GetPathLength...

0.1AI score0.6211EPSS
Exploits2
exploitpack
exploitpack
added 2018/09/18 12:0 a.m.15 views

Microsoft Edge Chakra - PathTypeHandlerBase::SetAttributesHelper Type Confusion

Microsoft Edge Chakra - PathTypeHandlerBase::SetAttributesHelper Type Confusion / Here's a snippet of PathTypeHandlerBase::SetAttributesHelper. PathTypeHandlerBase predTypeHandler = this; DynamicType currentType = instance-GetDynamicType; while predTypeHandler-GetPathLength propertyIndex...

Exploits0
0day.today
0day.today
added 2018/09/18 12:0 a.m.68 views

Microsoft Edge Chakra PathTypeHandlerBase::SetAttributesHelper Type Confusion Exploit

Exploit for windows platform in category dos / poc Microsoft Edge: Chakra: Type confusion with PathTypeHandlerBase::SetAttributesHelper CVE-2018-8384 Here's a snippet of PathTypeHandlerBase::SetAttributesHelper. PathTypeHandlerBase predTypeHandler = this; DynamicType currentType =...

7.7AI score0.6211EPSS
Exploits2
OSV
OSV
added 2018/06/13 4:29 p.m.3 views

DEBIAN-CVE-2018-11408

The security handlers in the Security component in Symfony in 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11 have an Open redirect vulnerability when security.httputils is inlined by a container. NOTE: this issue exists because of an...

6.1CVSS6.4AI score0.01139EPSS
Exploits0References1
0day.today
0day.today
added 2018/04/03 12:0 a.m.71 views

Microsoft Edge Chakra JIT - Stack-to-Heap Copy (Incomplete Fix) Exploit

Exploit for windows platform in category dos / poc / Here's a snippet of JavascriptArray::BoxStackInstance. To fix issue 1420 , "deepCopy" was introduced. But it only deep-copies the array when "instance-head" is on the stack. So simply by adding a single line of code that allocates "head" to the...

7.6CVSS7.6AI score0.66554EPSS
Exploits6
RedHat Linux
RedHat Linux
added 2017/08/07 4:11 p.m.7 views

postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference

A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code...

8.3CVSS7.6AI score0.05962EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/11/03 8:13 a.m.6 views

postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference

A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code...

8.3CVSS7.6AI score0.05962EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/09/07 10:11 a.m.6 views

postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference

A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code...

8.3CVSS7.6AI score0.05962EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/09/07 9:53 a.m.7 views

postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference

A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code...

8.3CVSS7.6AI score0.05962EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2016/08/31 5:48 a.m.14 views

postgresql: CASE/WHEN with inlining can cause untrusted pointer dereference

A flaw was found in the way PostgreSQL server handled certain SQL statements containing CASE/WHEN commands. A remote, authenticated attacker could use a specially crafted SQL statement to cause PostgreSQL to crash or disclose a few bytes of server memory or possibly execute arbitrary code...

8.3CVSS7.6AI score0.05962EPSS
Exploits0References4
Rows per page
Query Builder