CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2020/10/08 6:50 p.m.•117 views

CVE-2020-1914

The CVE-2020-1914 entry describes a logic vulnerability in Facebook Hermes related to the SaveGeneratorLong instruction. Before the commit b2021df620824627f5a8c96615edbd1eb7fdddfc, attackers could theoretically read out of bounds or execute arbitrary code via crafted JavaScript, but exploitation ...

9.8CVSS9.5AI score0.0241EPSS

Cvelist•added 2020/10/08 6:50 p.m.•23 views

CVE-2020-1914

9.7AI score0.0241EPSS

AlpineLinux•added 2020/10/08 6:50 p.m.•61 views

CVE-2020-1914

9.8CVSS9.7AI score0.0241EPSS

Veracode•added 2020/10/05 1:34 a.m.•34 views

Cross-site Scripting (XSS)

react-native-webview is vulnerable to cross-site scripting XSS. The vulnerability exists through the lack of policy enforcement that allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. The vulnerability exists on all applications running on systems with an Andro...

6.5CVSS4.3AI score0.03819EPSS

Exploits0References20Affected Software1

OSV•added 2020/10/02 4:22 p.m.•141 views

GHSA-36J3-XXF7-4PQG Android WebView Universal Cross-site Scripting

A universal cross-site scripting UXSS vulnerability, CVE-2020-6506 https://crbug.com/1083819, has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native apps whic...

6.5CVSS7.3AI score0.03819EPSS

Exploits0References19

Github Security Blog•added 2020/10/02 4:22 p.m.•215 views

Android WebView Universal Cross-site Scripting

6.5CVSS1.6AI score0.03819EPSS

Exploits0References19Affected Software1

Node.js•added 2020/09/25 5:5 p.m.•81 views

Universal XSS in Android WebView

Overview A universal cross-site scripting UXSS vulnerability, CVE-2020-6506 https://crbug.com/1083819, has been identified in the Android WebView system component, which allows cross-origin iframes to execute arbitrary JavaScript in the top-level document. This vulnerability affects React Native...

4.3CVSS2.3AI score0.03819EPSS

Exploits0Affected Software1

Snyk•added 2020/09/23 12:24 p.m.•3 views

Cross-site Scripting (XSS)

Overview react-native-webview is a React Native WebView component for iOS, Android, macOS, and Windows Affected versions of this package are vulnerable to Cross-site Scripting XSS. A universal cross-site scripting UXSS vulnerability has been identified in the Android WebView system component, whi...

8.8CVSS5.6AI score0.03819EPSS

OSV•added 2020/09/11 9:23 p.m.•11 views

GHSA-4WCX-C9C4-89P2 Malicious Package in react-datepicker-plus

Versions 2.4.3 and 2.4.2 of react-datepicker-plus contained malicious code. The code when executed in the browser would enumerate password, cvc and cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your...

9.8CVSS7.2AI score

Exploits0References1

Github Security Blog•added 2020/09/11 9:23 p.m.•31 views

Malicious Package in react-datepicker-plus

4.4AI score

vulnersOsv•added 2020/09/11 9:23 p.m.•1 views

@cqingwang/react-native-update (>=14.0.5 <=15.0.3), @mervinzhu/react-native-update-pod (>=5.0.1 <=5.0.3) +23 more potentially affected by unknown CVE via entitlements (>=1.0.0 <=1.2.0)

entitlements NPM version =1.0.0, =14.0.5, =5.0.1, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =0.1.0, =1.0.2, =1.0.0, =1.0.0, =1.4.1, =1.0.2, =1.0.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-G8VP-6HV4-M67C...

5.8AI score

vulnersOsv•added 2020/09/11 9:15 p.m.•5 views

@ieremeev/app (>=3.0.1 <=4.1.1), @meetup/swarm-docs (=0.7.10-beta.0) +7 more potentially affected by unknown CVE via serve (>=10.0.0 <=10.1.1)

serve NPM version =10.0.0, =3.0.1, =0.1.0, =0.0.12, =0.0.0, =0.0.10, =0.0.1, =0.0.10 Source cves: unknown CVE Source advisory: OSV:GHSA-48GC-5J93-5CFQ...

5.8AI score

vulnersOsv•added 2020/09/11 9:15 p.m.•2 views

react-endless (>=1.0.4 <=1.0.6), react-templet (>=1.0.0 <=1.0.3) potentially affected by unknown CVE via epress (=0.0.1-security)

epress NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on epress and may be impacted: - react-endless =1.0.4, =1.0.0, =1.0.3 Source cves: unknown CVE Source advisory: OSV:GHSA-VF8Q-PW7H-R2X2...

5.8AI score

OSV•added 2020/09/09 7:15 p.m.•44 views

CVE-2020-1913

An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes...

8.1CVSS6.7AI score0.01202EPSS

NVD•added 2020/09/09 7:15 p.m.•36 views

CVE-2020-1913

8.1CVSS0.01202EPSS

OSV•added 2020/09/09 7:15 p.m.•32 views

CVE-2020-1912

An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the...

8.1CVSS7.6AI score0.01813EPSS

NVD•added 2020/09/09 7:15 p.m.•41 views

CVE-2020-1912

8.1CVSS0.01813EPSS

Prion•added 2020/09/09 7:15 p.m.•20 views

Integer overflow

6.8CVSS7.7AI score0.01202EPSS