PT-2024-2155 · Google +5 · Google Chrome +6

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 122.0.6261.111 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in the V8 JavaScript engine, which can lead to heap corruption. A remote attack...

Important: java-11-openjdk

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

VulnCheck KEV: CVE-2019-5782

Incorrect optimization assumptions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page...

SUSE SLES12 Security Update : java-11-openjdk (SUSE-SU-2024:0203-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0203-1 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE componen...

CVE-2024-0748

A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox 122...

CVE-2024-0754

Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox 122...

CVE-2024-0745

The WebAudio OscillatorNode object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox 122...

CVE-2024-0751

A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...

CVE-2024-0746

A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...

AlmaLinux 9 : java-21-openjdk (ALSA-2024:0249)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:0249 advisory. - Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported...

Important: java-21-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Important: java-11-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

Update your browser: Security fixes for latest Chrome zero-day

News, Security Update your browser: Security fixes for latest Chrome zero-day Share January 18th, 2024 Hi everyone! The latest patches to the Opera, Opera GX, Opera Crypto, and Opera for Android browsers address several recent vulnerabilities, including a zero-day exploit CVE-2024-0519. We...

DEBIAN-CVE-2024-0518

Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

PT-2024-6073 · Google +4 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 121.0.6167.139 Description: The issue is related to an out of bounds read in the V8 component of Google Chrome, allowing a remote attacker to potentially access confidential data by using a specially crafted HT...

PT-2024-1166

The vulnerable software is Google Chrome, specifically the V8 JavaScript engine, which is also used in other Chromium-based browsers such as Microsoft Edge, Brave, and Opera. The issue is an out-of-bounds memory access vulnerability that can be exploited by attackers to trigger crashes or execute...

Cesanta MJS 安全漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. Designed for microcontrollers with limited resources. The main design goals were a small footprint and simple C/C++ interoperability. Cesanta MJS has a denial of service vulnerability that can be exploited by an attacker...

Cesanta MJS 安全漏洞

Cesanta MJS is an embedded JavaScript engine for C/C++ from Cesanta Ireland. A denial of service vulnerability exists in Cesanta MJS version 2.20.0, which is caused by a flaw in the mjs+0x4ec508 component. An attacker could exploit this vulnerability to cause a denial of service...

CVE-2023-6871

Under certain conditions, Firefox did not display a warning when a user attempted to navigate to a new protocol handler. This vulnerability affects Firefox 121...

CVE-2023-6859

A use-after-free condition affected TLS socket creation when under memory pressure. This vulnerability affects Firefox ESR 115.6, Thunderbird 115.6, and Firefox 121...