Lucene search
K

144 matches found

alpinelinux
alpinelinux
added 2020/12/09 12:20 a.m.50 views

CVE-2020-26952

Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox 83...

9.3CVSS8.5AI score0.01154EPSS
Exploits0
veracode
veracode
added 2020/11/20 9:34 a.m.19 views

Remote Code Execution

firefox is vulnerable to remote code execution. Incorrect bookkeeping of functions inlined during JIT compilation allows an attacker to execute arbitrary code in the context of the victim by tricking the user into visiting a malicious web site. The vulnerability also allows a remote attacker to...

8.8CVSS4.7AI score0.01154EPSS
Exploits0References3Affected Software6
ubuntucve
ubuntucve
added 2020/11/17 12:0 a.m.23 views

CVE-2020-26952

Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox 83...

9.3CVSS7.2AI score0.01154EPSS
Exploits0References4
redhatcve
redhatcve
added 2020/02/14 2:37 p.m.46 views

CVE-2019-20454

An out-of-bounds read was discovered in PCRE when the pattern "\X" is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to crash the application...

7.5CVSS2.3AI score0.01561EPSS
Exploits1References3
nvd
nvd
added 2020/02/14 2:15 p.m.26 views

CVE-2019-20454

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. T...

7.5CVSS6AI score0.01561EPSS
Exploits1References7
osv
osv
added 2020/02/14 2:15 p.m.4 views

UBUNTU-CVE-2019-20454

An out-of-bounds read was discovered in PCRE before 10.34 when the pattern \X is JIT compiled and used to match specially crafted subjects in non-UTF mode. Applications that use PCRE to parse untrusted input may be vulnerable to this flaw, which would allow an attacker to crash the application. T...

7.5CVSS6.3AI score0.01561EPSS
Exploits1References2
ptsecurity
ptsecurity
added 2019/07/28 12:0 a.m.12 views

PT-2019-6339 · Pcre +7 · Pcre +7

Name of the Vulnerable Software and Affected Versions: PCRE versions prior to 10.34 Description: An out-of-bounds read was discovered in PCRE when the pattern X is JIT compiled and used to match specially crafted subjects in non-UTF mode. This issue affects applications that use PCRE to parse...

9.8CVSS6.4AI score0.08888EPSS
Exploits19References207
exploitdb
exploitdb
added 2019/03/26 12:0 a.m.125 views

Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR

/ A bug in IonMonkeys type inference system when JIT compiling and entering a constructor function via on-stack replacement OSR allows the compilation of JITed functions that cause type confusions between arbitrary objects. Prerequisites: 1. Spidermonkey can represent "plain" objects either as...

9.8CVSS10AI score0.19762EPSS
Exploits6
nvd
nvd
added 2019/03/24 2:29 p.m.23 views

CVE-2019-9977

The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants...

8.8CVSS8.6AI score0.03005EPSS
Exploits0References3
prion
prion
added 2019/03/24 2:29 p.m.17 views

Design/Logic Flaw

The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants...

6.8CVSS8.5AI score0.03005EPSS
Exploits0References3
cve
cve
added 2019/03/24 1:39 p.m.40 views

CVE-2019-9977

CVE-2019-9977 affects the Tesla Model 3 entertainment system: the renderer process mishandles JIT compilation, enabling an attacker to trigger firmware code execution and display a crafted message to occupants. Documents across NVD, Red Hat, and CVE listings confirm this issue; CVSS3 base score i...

8.8CVSS8.4AI score0.03005EPSS
Exploits0References3Affected Software1
cvelist
cvelist
added 2019/03/24 1:39 p.m.27 views

CVE-2019-9977

The renderer process in the entertainment system on Tesla Model 3 vehicles mishandles JIT compilation, which allows attackers to trigger firmware code execution, and display a crafted message to vehicle occupants...

8.6AI score0.03005EPSS
Exploits0References3
zdi
zdi
added 2019/02/12 12:0 a.m.36 views

Microsoft Chakra JavaScript Loop Type Confusion Vulnerability

This vulnerability allows remote attackers to produce abnormal program execution on vulnerable installations of Microsoft Chakra. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

5CVSS1.7AI score0.19784EPSS
Exploits0References1
googleprojectzero
googleprojectzero
added 2018/05/10 12:0 a.m.13 views

Bypassing Mitigations by Attacking JIT Server in Microsoft Edge

Posted by Ivan Fratric, Project Zero With Windows 10 Creators Update, Microsoft introduced a new security mitigation in Microsoft Edge: Arbitrary Code Guard ACG. When ACG is applied to a Microsoft Edge Content Process, it makes it impossible to allocate new executable memory within a process or...

8.1AI score
Exploits0
exploitpack
exploitpack
added 2017/11/27 12:0 a.m.20 views

Microsoft Edge Chakra JIT - BailOutOnTaggedValue Bailouts Type Confusion

Microsoft Edge Chakra JIT - BailOutOnTaggedValue Bailouts Type Confusion / Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1364 1. In the Chakra's JIT compilation process, it stores variables' type information by basic block. function optb let o; if b // BASIC BLOCK a o = ; else...

7.4AI score
Exploits0
fedora
fedora
added 2016/07/12 2:24 a.m.38 views

[SECURITY] Fedora 22 Update: pypy3-2.4.0-3.fc22

PyPy's implementation of Python 3, featuring a Just-In-Time compiler on som e CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc This build of PyPy has JIT-compilation enabled...

6.5CVSS1.7AI score0.1503EPSS
Exploits6
bdu_fstec
bdu_fstec
added 2016/07/06 12:0 a.m.10 views

The vulnerability of the SeaMonkey software allows a malicious attacker to execute arbitrary code or cause a service failure.

The vulnerability of the asm.js component of the SeaMonkey software lies in the improper definition of safe exception handling during JIT-compilation and the lack of access to dynamic memory. Exploiting this vulnerability allows a malicious actor to gain access to data in separate memory segments...

6.8CVSS7.5AI score0.03651EPSS
Exploits0References4Affected Software1
cnvd
cnvd
added 2015/07/08 12:0 a.m.2 views

Linux Kernel '/arch/x86/net/bpf_jit_comp.c' Local Denial of Service Vulnerability

The Linux kernel is the kernel used by the operating system Linux, released by the Linux Foundation in the United States. A denial of service vulnerability exists in the Linux kernel. An attacker could exploit this vulnerability to crash an application and deny service to legitimate users...

4.9CVSS6.5AI score0.00451EPSS
Exploits0References1
prion
prion
added 2015/03/24 12:59 a.m.19 views

Design/Logic Flaw

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to...

6.8CVSS7.5AI score0.03651EPSS
Exploits0References13Affected Software3
cvelist
cvelist
added 2015/03/24 12:0 a.m.30 views

CVE-2015-0817

The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ESR 31.x before 31.5.2, and SeaMonkey before 2.33.1 does not properly determine the cases in which bounds checking may be safely skipped during JIT compilation and heap access, which allows remote attackers to read or write to...

9.6AI score0.03651EPSS
Exploits0References13
Rows per page
Query Builder