Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception

The Mozilla Foundation Security Advisory describes this flaw as: When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a...

Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception

The Mozilla Foundation Security Advisory describes this flaw as: When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a...

Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception

The Mozilla Foundation Security Advisory describes this flaw as: When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a...

Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception

The Mozilla Foundation Security Advisory describes this flaw as: When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a...

Mozilla: Error reporting methods in SpiderMonkey could have triggered an Out of Memory Exception

The Mozilla Foundation Security Advisory describes this flaw as: When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a...

The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, stems from the lack of measures to neutralize XSS alternative syntax. This allows attackers to replace the displayed URL with their own malicious content.

The vulnerability of the XWiki Platform lies in the lack of measures taken to neutralize the XSS alternative syntax. Exploiting this vulnerability allows a malicious actor to substitute the displayed URL with another value...

The vulnerability of the XWiki platform for creating collaborative web applications lies in its lack of measures to neutralize alternative syntaxes that constitute XSS attacks. This allows attackers to replace the displayed URL.

The vulnerability of the XWiki Platform lies in the lack of measures taken to neutralize the XSS alternative syntax. Exploiting this vulnerability allows a malicious actor to substitute the displayed URL with another value...

SUSE CVE-2023-4578

When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Synt...

CVE-2023-4578

The Mozilla Foundation Security Advisory describes this flaw as: When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a...

CVE-2023-4578

When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Synt...

UBUNTU-CVE-2023-4578

When calling JS::CheckRegExpSyntax a Syntax Error could have been set which would end in calling convertToRuntimeErrorAndClear. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Synt...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a security vulnerability that stems from a syntax error that may be set by JS::CheckRegExpSyntax when called, which will result in a call to convertToRuntimeErrorAndClear...

Security Update for Microsoft Visual Studio Code Cloudfoundry Manifest YML Support Extension (CVE-2022-31691)

The Microsoft Visual Studio Code Cloudfoundry Manifest YML Support Extension is version 1.39.0 or below. It is, therefore, affected by a remote code execution vulnerability. The extension uses the Snakeyaml library for YAML editing support. This library allows for some special syntax in the YAML...

Mozilla Firefox < 117.0

The version of Firefox installed on the remote macOS or Mac OS X host is prior to 117.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-34 advisory. - Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs show...

XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action

Impact The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. To reproduce, the XWiki syntax...

The vulnerability of the syntax analyzer of the file system for Hierarchical File System Plus (HFS+) in ClamAV allows a perpetrator to trigger a service failure due to improper cleaning or release of resources.

The vulnerability of the syntax analyzer for the Hierarchical File System Plus HFS+ ClamAV is related to improper cleaning or release of resources. Exploiting this vulnerability allows a malicious actor to cause service failure by sending a specially crafted version of the HFS+ file system image...

CVE-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...

DEBIAN-CVE-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...

CVE-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...

UBUNTU-CVE-2023-36674

An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list aka badFile by using the thumb parameter aka Manualthumb of the File syntax...