CVE-2019-12308

The CVE-2019-12308 issue in Django affects the AdminURLFieldWidget, where the current URL value is displayed without validating it as a safe URL. This allows an unvalidated value stored in the database or supplied via a URL query to render as a clickable JavaScript link, enabling cross-site scrip...

CVE-2018-8035

This CVE concerns Apache UIMA DUCC (

CVE-2019-9793

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully...

CVE-2019-9793

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully...

UBUNTU-CVE-2019-9793

A mechanism was discovered that removes some bounds checking for string, array, or typed array accesses if Spectre mitigations have been disabled. This vulnerability could allow an attacker to create an arbitrary value in compiled JavaScript, for which the range analysis will infer a fully...

UBUNTU-CVE-2018-12122

Node.js: All versions prior to Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Slowloris HTTP Denial of Service: An attacker can cause a Denial of Service DoS by sending headers very slowly keeping HTTP or HTTPS connections and associated resources alive for a long period of time...

CVE-2018-12386

A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered. This vulnerability affects Firefox ESR 60.2.2 and Firefox 62.0.3...

MGASA-2018-0396 Updated firefox packages fix security vulnerabilities

Updated firefox packages fix security vulnerabilities: A vulnerability in register allocation in JavaScript can lead to type confusion, allowing for an arbitrary read and write. This leads to remote code execution inside the sandboxed content process when triggered CVE-2018-12386. A vulnerability...

nodejs: Out of bounds (OOB) write via UCS-2 encoding

In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding recognized by Node.js under the names 'ucs2', 'ucs-2', 'utf16le' and 'utf-16le', Bufferwrite can be abused to write outside of the bounds of a single Buffer. Writes that start from the second-to-last...

Type confusion

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

i18next cross-site scripting vulnerability (CNVD-2018-14353)

i18next is a translation loading framework written in JavaScript. A cross-site scripting vulnerability exists in i18next 1.10.2 and earlier versions. A remote attacker can exploit this vulnerability by injecting script into the browser with the help of dictionary key names...

DEBIAN-CVE-2018-5178

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR 52.8, Thunderbird 52.8, and...

CVE-2018-5178

A buffer overflow was found during UTF8 to Unicode string conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable legacy extension in order to occur. This vulnerability affects Thunderbird ESR 52.8, Thunderbird 52.8, and...

CVE-2016-5297

An error in argument length checking in JavaScript, leading to potential integer overflows or other bounds checking issues. This vulnerability affects Thunderbird 45.5, Firefox ESR 45.5, and Firefox 50...

CVE-2018-11396

Epiphany (GNOME Web) is affected by CVE-2018-11396 through the component ephy-session.c in libephymain.so, with the vulnerability allowing a remote attacker to crash the application via crafted JavaScript (e.g., window.open triggering a NULL URL). Public sources in connected documents describe a ...

Foxit PDF Reader JavaScript setPersistent Remote Code Execution Vulnerability(CVE-2018-3842)

Summary An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code...

EUVD-2017-9387

Brave Browser before 0.13.0 allows remote attackers to cause a denial of service resource consumption via a long alert argument in JavaScript code, because window dialogs are mishandled...

Prototype Pollution

Overview lodash.mergewith is a Lodash method .mergewith exported as a Node.js module. Affected versions of this package are vulnerable to Prototype Pollution. The utilities function allow modification of the Object prototype. If an attacker can control part of the structure passed to this functio...

Microsoft Edge: Chakra: JIT: Incorrect bounds calculation(CVE-2018-0769)

Let's start with comments in the "GlobOpt::TrackIntSpecializedAddSubConstant" method. // Track bounds for add or sub with a constant. For instance, consider b = a + 2. The value of 'b' should track // that it is equal to the value of 'a' + 2. That part has been done above. Similarly, the value of...

CVE-2017-1000144

Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages...