CVE-2018-1000661

jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in JsiLogMsg jsiUtils.c:196 that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been...

CVE-2020-23260

An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file...

EUVD-2019-1922

Malware in sbrugna...

EUVD-2021-33162

Malicious code in bioql PyPI...

EUVD-2021-33175

Malicious code in bioql PyPI...

CVE-2024-24188

Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c...

CVE-2024-24186

Jsish v3.5.0 commit 42c694c was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c...

CVE-2021-46494

Jsish v3.5.0 was discovered to contain a heap-use-after-free via jsiValueLookupBase in src/jsiValue.c. This vulnerability can lead to a Denial of Service DoS...

CVE-2018-1000655

Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsiValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to have been fixed in...

PT-2024-20309 · Jsish · Jsish

Name of the Vulnerable Software and Affected Versions: Jsish version 3.5.0 Description: A heap-buffer-overflow issue was discovered in Jsish. The issue is located in ./src/jsiUtils.c. Recommendations: For Jsish version 3.5.0, at the moment, there is no information about a newer version that...

PT-2023-11645 · Jsish · Jsish

Name of the Vulnerable Software and Affected Versions: Jsish versions 3.0.11 and earlier Description: An issue in Jsish allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file. Recommendations: For versions 3.0.11 and earlier, consider disabling...

CVE-2020-23259

An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the JsiStrlen function in the src/jsiChar.c file...

CVE-2020-23258

An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the JsiValueIsNumber function in ./src/jsiValue.c file...

CVE-2021-46488

Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsiArrayConcatCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service DoS...

Design/Logic Flaw

Jsish v3.5.0 was discovered to contain a SEGV vulnerability via jsiArraySpliceCmd at src/jsiArray.c. This vulnerability can lead to a Denial of Service DoS...

CVE-2019-1010173

Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function JsiValueArrayIndex jsiValue.c:366. The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3...

Code injection

Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function JsiValueArrayIndex jsiValue.c:366. The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3...

CVE-2018-1000668

jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsiObjArrayLookup jsiObj.c:274 that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This vulnerability appears to ha...

CVE-2018-1000661

jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in JsiLogMsg jsiUtils.c:196 that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability appears to have been...

CVE-2018-1000663

jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function jsievalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code...