Lucene search
K

58 matches found

RedhatCVE
RedhatCVE
added 2020/03/13 3:10 p.m.37 views

CVE-2020-7598

A flaw was found in nodejs-minimist, where it was tricked into adding or modifying properties of the Object.prototype using a "constructor" or "proto" payload. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability...

6.8CVSS3AI score0.01884EPSS
Exploits2References4
Cvelist
Cvelist
added 2020/02/28 8:23 p.m.29 views

CVE-2019-10805

valib through 2.0.0 allows Internal Property Tampering. A maliciously crafted JavaScript object can bypass several inspection functions provided by valib. Valib uses a built-in function hasOwnProperty from the unsafe user-input to examine an object. It is possible for a crafted payload to overwri...

7.5AI score0.01404EPSS
Exploits1References2
Zero Day Initiative
Zero Day Initiative
added 2019/07/05 12:0 a.m.27 views

Foxit Reader Text removeField Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote atackers to execute arbitrary code on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the removeField method...

7.8CVSS2.3AI score0.07711EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2019/05/21 12:0 a.m.18 views

CVE-2019-9816

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all...

5.9CVSS6.8AI score0.06175EPSS
Exploits1References5
Cvelist
Cvelist
added 2019/04/26 4:13 p.m.40 views

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

9.5AI score0.19762EPSS
Exploits6References6
AlpineLinux
AlpineLinux
added 2019/04/26 4:13 p.m.771 views

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

9.8CVSS9.6AI score0.19762EPSS
Exploits6
OpenVAS
OpenVAS
added 2019/03/13 12:0 a.m.82 views

Microsoft Windows Multiple Vulnerabilities (KB4489872)

This host is missing a critical security update according to Microsoft KB4489872 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...

9.3CVSS7.2AI score0.3126EPSS
Exploits1References3
OSV
OSV
added 2017/04/12 2:59 p.m.1 views

CVE-2017-3025

Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and earlier, 15.023.20070 and earlier have an exploitable memory corruption vulnerability related to internal object representation manipulation. Successful exploitation could lead to arbitrary code execution...

7.8CVSS6AI score0.0346EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2017/01/13 12:0 a.m.5 views

The vulnerability of the Flash Player software, which allows a perpetrator to execute arbitrary code

The vulnerability of the MovieClip class in the Flash Player software platform is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by manipulating objects...

10CVSS8.1AI score0.05856EPSS
Exploits0References3Affected Software2
BDU FSTEC
BDU FSTEC
added 2015/08/18 12:0 a.m.7 views

The vulnerability of WebSphere Application Server application servers allows a hacker to gain privileged access.

The vulnerability of WebSphere Application Server applications is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker, operating remotely, to gain privileged access by manipulating the value of the object...

6.8CVSS6.5AI score0.02144EPSS
Exploits0References3Affected Software1
Zero Day Initiative
Zero Day Initiative
added 2014/06/11 12:0 a.m.25 views

Microsoft Internet Explorer isindex Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS6.6AI score0.24458EPSS
Exploits0References1
Check Point Advisories
Check Point Advisories
added 2014/03/31 12:0 a.m.5 views

Oracle Java JPEGImageWriter Memory Corruption - Ver2 (CVE-2013-2429)

A memory corruption vulnerability has been reported in Oracle Java. The vulnerability is due to improper safeguards against object manipulation in stream writer callbacks from native code in com. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...

9.2AI score0.05724EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2014/03/31 12:0 a.m.5 views

Oracle Java and JavaFX JPEGImageReader Memory Corruption - Ver2 (CVE-2013-2430)

A memory corruption vulnerability has been reported in Oracle Java and JavaFX. The vulnerability is due to improper safeguards against object manipulation. A remote attacker can exploit this vulnerability by enticing the target user to visit a specially crafted web page. Successful exploitation o...

7.6CVSS9.2AI score0.05724EPSS
Exploits0
Zero Day Initiative
Zero Day Initiative
added 2013/07/26 12:0 a.m.31 views

Microsoft Internet Explorer CTreePos Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

6.8CVSS3.4AI score0.23587EPSS
Exploits0References1
NVD
NVD
added 2012/03/13 10:55 a.m.17 views

CVE-2012-1098

Cross-site scripting XSS vulnerability in Ruby on Rails 3.0.x before 3.0.12, 3.1.x before 3.1.4, and 3.2.x before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via vectors involving a SafeBuffer object that is manipulated through certain methods...

4.3CVSS5.5AI score0.02137EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2010/10/28 12:0 a.m.29 views

openSUSE Security Update : seamonkey (seamonkey-3372)

This update brings Mozilla SeaMonkey to version 2.0.9, fixing various bugs and security issues. The following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based...

9.3CVSS9AI score0.22109EPSS
Exploits4References28
Prion
Prion
added 2008/06/12 2:32 a.m.10 views

Heap overflow

Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."...

9.3CVSS8.2AI score0.38835EPSS
Exploits1References11Affected Software1
seebug.org
seebug.org
added 2008/03/01 12:0 a.m.10 views

5QIM 2.0.0.9 IE Crash Exploit

No description provided by source. object id="xiaonei" classid="clsid:5C56F4A7-71FC-4FFD-A9D7-18FB87A9DFC6" style="display:none;"/object script function crash var buff = ''; fori=0;i=5000;i++ buff+="AAAAAAAAAA"; object = document.getElementById"xiaonei"; object.Start5QIMWithItv'test','test',buff;...

7.1AI score
Exploits0
Rows per page
Query Builder