GHSA-RF6F-7FWH-WJGH Prototype Pollution via parse() in NodeJS flatted

--- Summary The parse function in flatted can use attacker-controlled string values from the parsed JSON as direct array index keys, without validating that they are numeric. Since the internal input buffer is a JavaScript Array, accessing it with the key "\proto\" returns Array.prototype via the...

EUVD-2011-0180

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2012-3748

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service...

SUSE CVE-2012-3748

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving JavaScript arrays...

Microsoft Windows JavaScript Array JIT Optimization Type Confusion Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling o...

WebKit JSC - JSGlobalObject::haveABadTime Causes Type Confusions

WebKit JSC - JSGlobalObject::haveABadTime Causes Type Confusions switchToSlowPutArrayStoragevm; = MINSPARSEARRAYINDEX || structurevm-holesMustForwardToPrototypevm return nullptr; Structure resultStructure = exec.l...

WebKit JSC - JSGlobalObject::haveABadTime Causes Type Confusions

switchToSlowPutArrayStoragevm; = MINSPARSEARRAYINDEX || structurevm-holesMustForwardToPrototypevm return nullptr; Structure resultStructure = exec.lexicalGlobalObject-arrayStruct...

WebKit JSC JSGlobalObject::haveABadTime Type Confusion

WebKit: JSC: JSGlobalObject::haveABadTime causes type confusions CVE-2017-7005 After JSGlobalObject::haveABadTime is called, the type of all JavaScript arraysincluding newly created arrays are of the same type: ArrayWithSlowPutArrayStorage. But of course this only affects objects that share the...

APPLE-SA-2012-11-29-1 Apple TV 5.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-29-1 Apple TV 5.1.1 Apple TV 5.1.1 is now available and addresses the following: Apple TV Available for: Apple TV 2nd generation and later Impact: Compromised applications may be able to determine addresses in the kernel Description: ...

APPLE-SA-2012-11-01-2 Safari 6.0.2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2012-11-01-2 Safari 6.0.2 Safari 6.0.2 is now available and addresses the following: WebKit Available for: OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.2 Impact: Visiting a maliciously crafted website may lead to an...

CVE-2012-3748

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving JavaScript arrays...

Race condition

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving JavaScript arrays...

UBUNTU-CVE-2012-3748

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving JavaScript arrays...

CVE-2012-3748

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving JavaScript arrays...

CVE-2012-3748

CVE-2012-3748 is a WebKit/JavaScriptCore memory corruption vulnerability in Apple Safari and WebKit-based components. The root cause is a race condition leading to heap memory corruption via JSArray::sort, enabling remote code execution or a crash when processing malicious JavaScript arrays. Affe...

CVE-2012-3748

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving JavaScript arrays...

Apple Patches Kernel, Passcode Lock and WebKit Flaws in iOS 6.0.1

A little more than a month out from the release of iOS 6, which in addition to new functionality addressed almost 200 security vulnerabilities, Apple pushed out iOS 6.0.1 yesterday that repaired four new critical security issues. The most serious seems to be a kernel flaw discovered by researcher...

Apple Safari Multiple Vulnerabilities (APPLE-SA-2012-09-19-3)

This host is installed with Apple Safari web browser and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbapplesafarimultvulnnov12macosx.nasl 5940 2017-04-12 09:02:05Z teissa $ Apple Safari Multiple Vulnerabilities APPLE-SA-2012-09-19-3 Authors: Antu Sanadi Copyright:...

Memory corruption

WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, does not properly implement the .sort function for JavaScript arrays, which allows man-in-the-middle attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related t...

Mozilla Foundation Security Advisory 2010-81

Mozilla Foundation Security Advisory 2010-81 Title: Integer overflow vulnerability in NewIdArray Impact: Critical Announced: December 9, 2010 Reporter: regenrecht Products: Firefox, SeaMonkey Fixed in: Firefox 3.6.13 Firefox 3.5.16 SeaMonkey 2.0.11 Description Security researcher regenrecht...