CVE-2026-34217

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to...

CVE-2026-34217

CVE-2026-34217 (SandboxJS) affects @nyariv/sandboxjs

CVE-2026-34217 SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to...

CVE-2026-34217 SandboxJS has a Sandbox Escape via Prop Object Leak in New Handler

SandboxJS is a JavaScript sandboxing library. Prior to 0.8.36, a scope modification vulnerability exists in @nyariv/sandboxjs. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to...

SandboxJS: Sandbox Escape via Prop Object Leak in New Handler

Description A scope modification vulnerability exists in @nyariv/sandboxjs version 0.8.35 and below. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to untrusted code; an...

GHSA-HG73-4W7G-Q96W SandboxJS: Sandbox Escape via Prop Object Leak in New Handler

Description A scope modification vulnerability exists in @nyariv/sandboxjs version 0.8.35 and below. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to untrusted code; an...

PT-2026-30274

Description A scope modification vulnerability exists in @nyariv/sandboxjs version 0.8.35 and below. The vulnerability allows untrusted sandboxed code to leak internal interpreter objects through the new operator, exposing sandbox scope objects in the scope hierarchy to untrusted code; an...

RHEL 5 : gcc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gcc: integer overflow flaws in libgfortran CVE-2014-5044 - Integer overflow in the new operator in gcc...

RHEL 6 : gcc (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gcc: integer overflow flaws in libgfortran CVE-2014-5044 - Integer overflow in the new operator in gcc...

Memory corruption

Baidu braft 1.1.2 has a memory leak related to use of the new operator in example/atomic/atomicserver. NOTE: installations with brpc-0.14.0 and later are unaffected...

CVE-2023-30637

Baidu braft 1.1.2 has a memory leak in example/atomic/atomic_server related to the use of the new operator. The CVSS data indicates a high impact on availability with no confidentiality/integrity impact (Network attack, no user interaction, low complexity, no privileges). The vulnerability is not...

Baidu braft 安全漏洞

Baidu braft is an industrial-grade C++ implementation of the RAFT consensus algorithm and brpc-based replicated state machine from the Chinese company Baidu. A security vulnerability exists in Baidu braft version 1.1.2 due to a memory leak in example/atomic/atomicserver using the new operator...

Design/Logic Flaw

An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk...

CVE-2002-2439

Integer overflow in the new operator in gcc before 4.8.0 allows attackers to have unspecified impacts...

CVE-2002-2439

Integer overflow in the new operator in gcc before 4.8.0 allows attackers to have unspecified impacts...

CVE-2002-2439

CVE-2002-2439 describes an integer overflow in the C++ operator new[] in the GNU GCC compiler before 4.8.0, potentially allowing unspecified impacts. Affected software: GCC versions prior to 4.8.0. Root cause: integer overflow while calculating allocation size for new[] allocations. Impact as sta...

CVE-2018-18197

An issue was discovered in libgig 4.1.0. There is an operator new failure due to a big pSampleLoops heap request in DLS::Sampler::Sampler in DLS.cpp...