WebKit suffers from an out-of-bounds read in WebCore::SimpleLineLayout::RunResolver::runForPoint.
7f0b76853cb76566efef7ad4bbe91c9b1977f8a050e942ee1915da7aaa16182dWebKit suffers from an out-of-bounds read in WebCore::RenderText::localCaretRect.
d2bf26a53165b570a6f5bd7f1fb66d35b7d3557d70deadf09f219c638ad86390There is a use-after-free security vulnerability in WebCore::AXObjectCache::performDeferredCacheUpdate in WebKit.
62c0de0a642ecdcec245a8979e15e6e5eae034411bc424e6de622292cdf7d05dThere is a use-after-free security vulnerability in WebCore::PositionIterator::decrement in WebKit.
217896fe315974d6577ecc8038ef7d0482b7caa767addabaa181135a8707de87There is a use-after-free security vulnerability in WebCore::InputType::element in WebKit.
9a6ded12652b60c99c885a3f11eb3a8a7fd2b0c6515de6074753cec8628787a6There is a use-after-free security vulnerability in WebCore::TreeScope::documentScope in WebKit.
3105ce149b3a63d509b7533ead0fa793978656a94530db60af67ab8b9675497fMicrosoft Internet Explorer 11 suffers from a use-after-free vulnerability in jscript!JsErrorToString.
b68b161a3b42e7a725d37eb0375faba5d57699ba45d34baf650b120307b35284There is a security issue in Microsoft Edge related to how HTML documents are loaded. If Edge displays a HTML document from a slow HTTP server, it is possible that a part of the document is going to be rendered before the server has finished sending the document. It is also possible that some JavaScript code is going to trigger. By making DOM modifications before the document had a chance of fully loading, followed by another set of DOM modifications after the page has been loaded, it is possible to trigger memory corruption that could possibly lead to an exploitable condition.
5907d1f5e11d78ce0680fb433a3f355dee6f8223e8d01f9b8f025438c5f23e93There is an out-of-bounds read issue in Microsoft Edge that could potentially be turned into remote code execution. The vulnerability has been confirmed on Microsoft Edge 38.14393.1066.0 (Microsoft EdgeHTML 14.14393) as well as Microsoft Edge 40.15063.0.0 (Microsoft EdgeHTML 15.15063).
50a17f878e4cb540b01d5045a6e10dff2e139109eb14511dd0fda4dc068c0013ACG (Arbitrary Code Guard) in Microsoft Edge is bypassable. The bypass has been tested on Microsoft Edge 40.15063.0.0 running on Windows 10 Enterprise 64-bit with Creators Update (Version 1703, OS build 15063.413).
be1f44546390cca193ef1aff01a301005ed93d7d18025eb795e529774e3bd275The Microsoft Chakra JIT server suffers from an out-of-bounds write when processing a Js::OpCode::ProfiledLoopStart opcode.
387a94a74877e5ae454670d88bca2108bf8b2e2ad1eedbea3c88071c8f4cfb35The Microsoft Chakra JIT server suffers from an integer overflow in IRBuilder::Build.
6639f5e0c1bdd2f5bed8084c2cf405fcb0a5da8cf37e3dda8f8472c91bcd2d16Microsoft Edge suffers from an out-of-bounds read in CInputDateTimeScrollerElement::_SelectValueInternal. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit (OS version 1607, OS build 14393.1198) and Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393.
0c7c105204e786ed354e8850c674a49c8d2983959710c13a19f428b802d31607There is a use-after-free vulnerability in Microsoft Edge that can lead to memory disclosure. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit (OS version 1607, OS build 14393.1198), Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393.
6c092dbe2c1f903c835e705268adc2d309af972d14f860be14610356e48c272cWebKit suffers from a WebCore::RenderSearchField::addSearchResult heap buffer overflow vulnerability.
4857989b812be535ca2a0333f4fc063225535c5a1fe5d4ed290ef1ed550fe158WebKit suffers from a WebCore::AccessibilityNodeObject::textUnderElement use-after-free vulnerability.
2c4791349359086c7adcb2d645742cfa4c6b35eba2831689924c2a562b2a4f62WebKit suffers from a use-after-free vulnerability in WebCore::RenderObject with accessibility enabled.
6f4055f8c47d2cd352507cfd33da6af6a1b23136f339db9715ff1454fc57d670WebKit suffers from a WebCore::AccessibilityRenderObject::handleAriaExpandedChanged use-after-free vulnerability.
98991424a644c47d5333233cabf4be78b0b7efb8db1eb885c5daeef0bfbfa1d2WebKit suffers from a WebCore::InputType::element use-after-free vulnerability.
26accfef3c015e940fb5ee457cb6a29a72c381aeafaf3f15e41b5c7a42c7d015WebKit suffers from a WebCore::Node::getFlag use-after-free vulnerability.
6eef1993e0cd62e0fad5f186f71640c1ddc0dd0940b55f1ad76e91e12504c088WebKit suffers from a WebCore::getCachedWrapper use-after-free vulnerability.
b0d62cf7ab42c752da7c6b95126b1b47b02f6705a61df1f00207db405ed0dcffWebKit suffers from a WebCore::Node::nextSibling use-after-free vulnerability.
8fb09a6df3645a5bb6ae947a46e56826654f1c6c20cf3208f9247bd19743e887Microsoft Internet Explorer suffers from a VBScript arithmetic function type confusion vulnerability.
f40f028ace681031a746b0e8ecc785e770f04baf897fa1f1b397ec507e8a1a00Microsoft Internet Explorer suffers from a memory corruption vulnerability in CMarkup::DestroySplayTree. The bug was confirmed on IE version 11.0.9600.18617 (Update version 11.0.40) running on Windows 7 64-bit.
c58903dd193f7839cd836f12f61a126151db2248cb30e60241e98c8ec782dd43Microsoft Edge suffers from a type confusion vulnerability in CssParser::RecordProperty.
1aa785f1fd6f0eb74b2354c469073d303a744ebbead37d6b9b3783902311bdfb
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed