CVE-2022-28289

Mozilla developers and community members Nika Layzell, Andrew McCreight, Gabriele Svelto, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 91.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have...

DEBIAN-CVE-2022-0457

Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

DEBIAN-CVE-2022-0470

Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-0457

Type confusion in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

CVE-2022-0470

Out of bounds memory access in V8 in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine exists due to a mix of data types. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

Google Chrome 安全漏洞

Google Chrome is a web browser from Google, Inc. and V8 is an open source JavaScript engine. A security vulnerability exists in Google Chrome V8 prior to version 100.0.4896.75, which stems from a type confusion issue. A remote attacker can exploit this vulnerability to potentially cause heap...

Security advisory: Recently reported Chromium "Type confusion" issue impacts Qt WebEngine

Google has recently reported that Chromium has a security issue - Type confusion in the V8 JavaScript engine - which is reported in a bit more detail here: https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop25.html. This has been assigned the CVE id CVE-2022-1096. This...

Google Chrome安全漏洞

Google Chrome is a web browser from Google, Inc.V8 is an open source JavaScript engine. A security vulnerability exists in Google Chrome due to a type obfuscation error in the V8 component of Google Chrome. A remote attacker can create a specially crafted web page and trick a victim into visiting...

Cesanta MJS has an unspecified vulnerability (CNVD-2022-77026)

Cesanta MJS is an embedded JavaScript engine for C/C from Cesanta Ireland. It is designed for microcontrollers with limited resources. The main design goals are small footprint and simple C/C interoperability.Cesanta MJS has a security vulnerability that could be exploited by an attacker to cause...

CVE-2022-23731

V8 javascript engine heap vulnerability can cause privilege escalation ,which can impact on some webOS TV models...

CVE-2022-23731

V8 javascript engine heap vulnerability can cause privilege escalation ,which can impact on some webOS TV models...

Heap overflow

V8 javascript engine heap vulnerability can cause privilege escalation ,which can impact on some webOS TV models...

CVE-2022-23731

CVE-2022-23731 involves a heap vulnerability in the V8 JavaScript engine used by some webOS TV models. The Red Hat/NVD/CVE records describe a local privilege-escalation flaw originating from the V8 heap, enabling an attacker with local access to gain higher privileges on affected TVs. Public mate...

CVE-2022-23731

V8 javascript engine heap vulnerability can cause privilege escalation ,which can impact on some webOS TV models...

CVE-2022-26382

While the text displayed in Autofill tooltips cannot be directly read by JavaScript, the text was rendered using page fonts. Side-channel attacks on the text by using specially crafted fonts could have lead to this text being inferred by the webpage. This vulnerability affects Firefox 98...

USN-5306-1 webkit2gtk vulnerabilities

A large number of security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service...

ALPINE-CVE-2022-25139

njs through 0.7.0, used in NGINX, was discovered to contain a heap use-after-free in njsawaitfulfilled...

ALPINE-CVE-2021-46461

njs through 0.7.0, used in NGINX, was discovered to contain an out-of-bounds array access via njsvmcodetypeof in /src/njsvmcode.c...

Nginx 缓冲区错误漏洞

Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from Nginx, Inc. A buffer overflow vulnerability exists in njsvmcodetypeof in /src/njsvmcode.c in njs 0.7.0 and earlier versions. out-of-bounds array access. No detailed vulnerability details are currently...