4335 matches found
Google Chrome 竞争条件问题漏洞
Chrome is a web browsing tool developed by Google. a competing condition vulnerability exists in V8 in versions prior to Google Chrome 95.0.4638.54. An attacker could exploit this vulnerability to potentially exploit heap corruption via a crafted HTML page...
DEBIAN-CVE-2021-37975
Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
DEBIAN-CVE-2021-30632
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
UBUNTU-CVE-2021-30632
Out of bounds write in V8 in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
CVE-2021-37975
Use after free in V8 in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Recent assessments: gwillcox-r7 at October 02, 2021 7:38pm UTC reported: Exploitation in the wild of this bug has been noted as reported by Google ...
Google Emergency Update Fixes Two Chrome Zero Days
Google has pushed out an emergency Chrome update to fix yet another pair of zero days – the second pair this month – that are being exploited in the wild. This hoists this year’s total number of zero days found in the browser up to a dozen. “Google is aware the exploits for CVE-2021-37975 and...
Remote Code Execution (RCE)
Overview md-to-pdf is a CLI tool for converting Markdown files to PDF. Affected versions of this package are vulnerable to Remote Code Execution RCE due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine. PoC: bash //Before running poc.js: $ cat...
Update now! Google Chrome fixes two in-the-wild zero-days
Google announced on Monday that it will be issuing patches for 11 high severity vulnerabilities found in Chrome, including two that are currently being exploited in the wild. The patch, which is part of the Stable Channel Update for Chrome 93 93.0.4577.82, will be released for Windows, Mac, and...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser from Google, Inc. A code execution vulnerability exists in Google Chrome V8. A remote attacker could use this vulnerability to execute arbitrary code on the system or cause a denial of service condition...
CVE-2021-38493
Mozilla developers reported memory safety bugs present in Firefox 91 and Firefox ESR 78.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR 78.14,...
DEBIAN-CVE-2021-30598
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
UBUNTU-CVE-2021-30599
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
UBUNTU-CVE-2021-30598
Type confusion in V8 in Google Chrome prior to 92.0.4515.159 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...
CVE-2021-29983
Firefox for Android could get stuck in fullscreen mode and not exit it even after normal interactions that should cause it to exit. Note: This issue only affected Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 91...
VulnCheck KEV: CVE-2017-8601
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory...
VulnCheck KEV: CVE-2017-8605
Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allow an attacker to execute arbitrary code in the context of the current user when the JavaScript engine fails to render when handling objects in memory in Microsoft Edge, aka "Scripting Engine Memory...
VulnCheck KEV: CVE-2016-7242
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200,...
VulnCheck KEV: CVE-2016-0193
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0186 and CVE-2016-0191...
VulnCheck KEV: CVE-2016-3207
The Microsoft 1 JScript 5.8 and 2 VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service memory corruption via a crafted web site, aka "Scripting Engine Memory Corruption...
CVE-2021-29990
Mozilla developers and community members reported memory safety bugs present in Firefox 90. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 91...