105 matches found
JerryScript 安全漏洞
JerryScript, a lightweight JavaScript engine from the JerryScript project, is vulnerable in JerryScript 3.0.0, which originates in /base/ecma-helpers.cecmagetlexenvtype An assertion ecmaislexicalenvironment objectp fails at /base/ecma-helpers.c ecmagetlexenvtype. No detailed vulnerability details...
The vulnerability of the `ecma_is_lexical_environment` function in the `ecma-helpers.c` component of the JavaScript engine for Things.js and the IoT.js platform, related to memory management after its deallocation, allows a attacker to cause a service failure.
The vulnerability of the ecmaislexicalenvironment function in the ecma-helpers.c component of the JavaScript engine for Things.js and the IoT.js platform is related to the use of memory after it is released. Exploiting this vulnerability could allow an attacker to cause a service failure...
Data races in lexer
lexer is a plugin based lexical reader.Affected versions of this crate implements Sync for ReaderResult with the trait bound T: Send, E: Send. Since matching on the public enum ReaderResult provides access to &T & &E, allowing data race to a non-Sync type T or E. This can result in a memory...
Unspecified Vulnerability in JerryScript (CNVD-2021-43002)
JerryScript is a lightweight JavaScript engine . An unspecified vulnerability exists in ecmaislexicalenvironment in ecma-helpers.c in JerryScript version 2.4.0. No detailed vulnerability details are provided at this time...
CVE-2021-26194
An issue was discovered in JerryScript 2.4.0. There is a heap-use-after-free in ecmaislexicalenvironment in the ecma-helpers.c file...
JerryScript 资源管理错误漏洞
JerryScript is a lightweight JavaScript engine . An unspecified vulnerability exists in ecmaislexicalenvironment in ecma-helpers.c in JerryScript version 2.4.0. No detailed vulnerability details are provided at this time...
MS15-022: Description of the security update for SharePoint Server 2013: March 10, 2015
Resolves vulnerabilities in Microsoft Office that could allow remote code execution if an attacker convinces a user to open or preview a specially crafted Microsoft Word file in an affected version of Office.IntroductionThis security update resolves vulnerabilities in Microsoft Office that could...
CVE-2019-5477
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being called with unsafe user input as the filename. This...
Nokogiri -- injection vulnerability
Nokogiri GitHub release: A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess by Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is being passed untrusted user input...
THULAC Buffer Out-of-Bounds Read Vulnerability
THULAC is a Chinese lexical analysis toolkit introduced by the Natural Language Processing and Social Humanities Computing Laboratory of Tsinghua University, which supports Chinese word segmentation and lexical annotation functions. The 'NGramFeature::findbases ' function in the...
[SECURITY] Fedora 23 Update: flex-2.6.0-2.fc23
The flex program generates scanners. Scanners are programs which can recognize lexical patterns in text. Flex takes pairs of regular expressions and C code as input and generates a C source file as output. The output file is compiled and linked with a library to produce an executable. The...
[SECURITY] Fedora 24 Update: flex-2.6.0-2.fc24
The flex program generates scanners. Scanners are programs which can recognize lexical patterns in text. Flex takes pairs of regular expressions and C code as input and generates a C source file as output. The output file is compiled and linked with a library to produce an executable. The...
CVE-2006-0459
flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator flex before 2.5.33 does not allocate enough memory for grammars containing 1 REJECT statements or 2 trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependen...
From the parsing perspective analysis of the Shellshock Vulnerability[CVE-2 0 1 4-6 2 7 1]-vulnerability warning-the black bar safety net
Author: yaoxi Documentation This time, we combined The poc analysis to know about the Bash syntax rules, from another angle to help everyone better understand the bash and the shellshock vulnerability. Vulnerability description CVE-2 0 1 4-6 2 7 1 vulnerability is Stéphane Hassles France found th...
Fedora 13 : socat-1.7.1.3-1.fc13 (2010-13412)
This resolves CVE-2010-2799 Socat: Stack overflow by lexical scanning of nested character patterns Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as...
Security feature bypass
Unspecified vulnerability in Fast Lexical Analyzer Generator flex before 2.5.35 has unknown impact and attack vectors...
CVE-2010-0634
Unspecified vulnerability in Fast Lexical Analyzer Generator flex before 2.5.35 has unknown impact and attack vectors...
Debian: Security Advisory (DSA-1634-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-1634-1 : wordnet - stack and heap overflows
Rob Holland discovered several programming errors in WordNet, an electronic lexical database of the English language. These flaws could allow arbitrary code execution when used with untrusted input, for example when WordNet is in use as a back end for a web application. %NASLMINLEVEL 70300 C...
CVE-2006-0459
flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator flex before 2.5.33 does not allocate enough memory for grammars containing 1 REJECT statements or 2 trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependen...