| Email address | private |
|---|---|
| First Active | 2007-03-08 |
| Last Active | 2018-05-24 |
Skia and Firefox suffer from an issue where an integer overflow in SkTDArray can lead to an out-of-bounds write.
f7eb1e6d567bfd69e4a654a5a1a0c0cfThere is a use-after-free security vulnerability in WebKit. The vulnerability was confirmed on ASan build of revision 227958 on OSX.
35af2b53d57b81fe5f7927312787ad3fMicrosoft Edge suffers from an ACG bypass vulnerability with OpenProcess().
0872aa70743c4a85442779d23b9462d1Microsoft Windows suffers from multiple use-after-free issues in jscript Array methods.
54dbc94c4392c67aa6871073166ebbc0Microsoft Internet Explorer 11 suffers from a RegExp.lastMatch memory disclosure vulnerability.
0bbddb1e1bbe894461a1ab5b58369ce0Microsoft IE11 suffers from a use-after-free vulnerability in Js::RegexHelper::RegexReplace.
21e0ce967c4444c198feef093336a61eMicrosoft Edge suffers from an ACG bypass using UnmapViewOfFile.
00e8f8ad6ea4b8b6fa4ff8c9f691a03aWebKit suffers from a use-after-free vulnerability in detachWrapper.
ab40e72385ce2ecec8785d781b2d76e7WebKit suffers from a use-after-free vulnerability in WebCore::FrameView::clientToLayoutViewportPoint.
16c7265e2776a0e63832f568c8f7359dThere is an out-of-bounds read in jscript.dll library (used in IE, WPAD and other places).
5d6d4de766996a82680340bb4a93c196There is an heap overflow vulnerability in jscript.dll library (used in IE, WPAD and other places). The bug affects 2 functions, JsArrayStringHeapSort and JsArrayFunctionHeapSort.
615276599b5ee6f637294ed8b1cf135cThere is a use-after-free in jscript.dll library that can be exploited in IE11.
70d9dab62006eb1aac80ab95307a311bThere is a use-after-free vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors.
aec6b9f25c8ebc849fe5b43820ec5473There is a heap overflow in jscript.dll when compiling a regex. This issue could potentially be exploited through multiple vectors.
6090424aeefb73a1046a5bb0694554fcThere is an uninitialized variable vulnerability in jscript.dll. This issue could potentially be exploited through multiple vectors.
07bd43902bf61cc1da46b2ac1db3304cChakra suffers from a CFG bypass by overwriting JavaScript bytecode.
9e57eaebd2d21e12b8ff2602894b0871Charka suffers from a CFG bypass due to a bug in ServerFreeAllocation.
6411c53089610f19e5d46f685bd4d1a1Chakra suffers from a CFG bypass with leafInterpreterFrame. Every JavaScript variable in Chakra (except a tagged int) is a pointer. From this pointer, using an arbitrary read, it is possible to follow a chain of pointers and end up with a pointer to the native stack. This allows disclosing the stack location and subsequently overwriting a return address on the stack leading to CFG bypass.
d1393f9681bc2674203c0bdd4afaea99WebKit suffers from a use-after-free vulnerability in WebCore::FormSubmission::create.
98d087c67a0a6cedef693c7155034473WebKit suffers from a use-after-free vulnerability in WebCore::RenderObject::previousSibling.
0226ddcb9777ea7067a169d6a553b7c8WebKit suffers from a use-after-free vulnerability in WebCore::DocumentLoader::frameLoader.
c07fda98eca843e82ef5236fd67fb80bWebKit suffers from a use-after-free vulnerability in WebCore::Style::TreeResolver::styleForElement.
63b43c75cbc1b4ad33a88819f4eedddeWebKit suffers from an out-of-bounds read in WebCore::SVGPatternElement::collectPatternAttributes.
95cd5b7f1af7b8093b7bf246a111a82cWebKit suffers from an out-of-bounds read in WebCore::SimpleLineLayout::RunResolver::runForPoint.
ae668f6385f367907250b9be6fb654fbWebKit suffers from an out-of-bounds read in WebCore::RenderText::localCaretRect.
769ad8e20766a4d8c4e777f522f6d619
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed