689 matches found
Facebook Hermes Out-of-Bounds Read Vulnerability
Facebook Hermes is a small and lightweight JavaScript engine , optimized for running React Native on Android . Facebook Hermes 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 Previous versions of the JavaScript interpreter have an out-of-bounds read vulnerability. An attacker could exploit this...
CVE-2020-1915
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...
CVE-2020-1915
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...
Memory corruption
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...
CVE-2020-1915
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...
CVE-2020-1915
An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application...
CVE-2020-1915
CVE-2020-1915 targets Facebook Hermes’ JavaScript Interpreter. A crafted JavaScript input can trigger an out-of-bounds read prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0, enabling denial-of-service or possible memory corruption. Exploitation is only relevant if the app using Hermes eva...
CVE-2020-1914
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...
CVE-2020-1914
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...
Design/Logic Flaw
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...
CVE-2020-1914
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...
CVE-2020-1914
The CVE-2020-1914 entry describes a logic vulnerability in Facebook Hermes related to the SaveGeneratorLong instruction. Before the commit b2021df620824627f5a8c96615edbd1eb7fdddfc, attackers could theoretically read out of bounds or execute arbitrary code via crafted JavaScript, but exploitation ...
CVE-2020-1914
A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable i...
Cross-site Scripting (XSS)
react-native-webview is vulnerable to cross-site scripting XSS. The vulnerability exists through the lack of policy enforcement that allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. The vulnerability exists on all applications running on systems with an Andro...
GHSA-36J3-XXF7-4PQG Android WebView Universal Cross-site Scripting
A universal cross-site scripting UXSS vulnerability, CVE-2020-6506 https://crbug.com/1083819, has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps whic...
Android WebView Universal Cross-site Scripting
A universal cross-site scripting UXSS vulnerability, CVE-2020-6506 https://crbug.com/1083819, has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps whic...
Universal XSS in Android WebView
Overview A universal cross-site scripting UXSS vulnerability, CVE-2020-6506 https://crbug.com/1083819, has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native...
Cross-site Scripting (XSS)
Overview react-native-webview is a React Native WebView component for iOS, Android, macOS, and Windows Affected versions of this package are vulnerable to Cross-site Scripting XSS. A universal cross-site scripting UXSS vulnerability has been identified in the Android WebView system component, whi...
@cqingwang/react-native-update (>=14.0.5 <=15.0.3), @mervinzhu/react-native-update-pod (>=5.0.1 <=5.0.3) +23 more potentially affected by unknown CVE via entitlements (>=1.0.0 <=1.2.0)
entitlements NPM version =1.0.0, =14.0.5, =5.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.2, =1.0.0, =1.0.0, =1.4.1, =1.0.2, =1.0.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G8VP-6HV4-M67C...
CVE-2020-1913
An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...