Microsoft Edge Chakra suffers from a type confusion vulnerability in JavascriptArray::ConcatArgs.
218f35cd65e75f8deb9766cd3f68774825fdd90974052767fde0b2b79b18b617This is a follow-up finding that the fix for an incorrect jit optimization with TypedArray setter in Microsoft Edge Chakra may not be sufficient.
f1455b5d16426b1fed7f2d0951c0b89d7dd75973cbee4a79240dd19472ffc899Microsoft Edge Chakra has an issue where EmitAssignment uses the "this" register without initializing.
31e0d764931a2b83c8b59dc12ca6bb5a7d420ed10202786ef5bb60c564333388Microsoft Edge Chakra suffers from an incorrect usage of TryUndeleteProperty.
4c976473480db8694122c88cc93c331174a29c45970f7f7a010917b8046b6a96Microsoft Edge Chakra suffers from an incorrect usage of PushPopFrameHelper in InterpreterStackFrame::ProcessLinkFailedAsmJsModule.
53077803d9044bae974a778111a9fcaf6c3e820a11cbd47102da400e9b90b579InterpreterStackFrame::ProcessLinkFailedAsmJsModule in Microsoft Edge Chakra incorrectly re-parses.
c53cd289f467e1de7349832a952c443f0911075c2b4e8105c672275feffcbb42Microsoft Edge suffers from an out-of-bounds access vulnerability when fetching source.
90333c9b80c4a525c88f900f5a40bd465f51ad669c4eb1250701f102f0bcbe41Microsoft Edge Chakra does not call SetIsCatch for all cases in PreVisitCatch.
fb550f7db174597f5dc9611f3e8ca799750409d21d7b6218303131f8b1c4cc78Red Hat Security Advisory 2017-2485-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.
d0e993b40955de54c4363cfe88cc9625abfe6287b9cdc2adc136bb176b908623Red Hat Security Advisory 2017-2484-01 - Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix: A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Git. An attacker could use this flaw to execute shell commands with the privileges of the user running the Git client, for example, when performing a "clone" action on a malicious repository or a legitimate repository containing a malicious commit.
01780fc738a7d8a000cc9b18013845a0836af96d698062475251ad88396d9220Red Hat Security Advisory 2017-2483-01 - The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix: It was discovered that the httpd's mod_auth_digest module did not properly initialize memory before using it when processing certain headers related to digest authentication. A remote attacker could possibly use this flaw to disclose potentially sensitive information or cause httpd child process to crash by sending specially crafted requests to a server.
8a737044c180f32453211dd81585baed4af7f306e1bdf7c6c8b08be7125f738aThe Microsoft Chakra JIT server suffers from an out-of-bounds write when processing a Js::OpCode::ProfiledLoopStart opcode.
387a94a74877e5ae454670d88bca2108bf8b2e2ad1eedbea3c88071c8f4cfb35The Microsoft Chakra JIT server suffers from an integer overflow in IRBuilder::Build.
6639f5e0c1bdd2f5bed8084c2cf405fcb0a5da8cf37e3dda8f8472c91bcd2d16Microsoft Edge suffers from an out-of-bounds read in CInputDateTimeScrollerElement::_SelectValueInternal. The vulnerability has been confirmed on Windows 10 Enterprise 64-bit (OS version 1607, OS build 14393.1198) and Microsoft Edge 38.14393.1066.0, Microsoft EdgeHTML 14.14393.
0c7c105204e786ed354e8850c674a49c8d2983959710c13a19f428b802d31607Philex CMS version 0.2 suffers from a directory traversal vulnerability.
413a323e988d90ebbb6c90349a66bc86d6b89c0eb0ddafc89ec41cb84ed9eb73Ubuntu Security Notice 3391-2 - USN-3391-1 fixed vulnerabilities in Firefox. This update provides the corresponding update for Ubufox. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to conduct cross-site scripting attacks, bypass sandbox restrictions, obtain sensitive information, spoof the origin of modal alerts, bypass same origin restrictions, read uninitialized memory, cause a denial of service via program crash or hang, or execute arbitrary code. Various other issues were also addressed.
a0e01ba0427bddbc999ed353b265c8e7b9e630011f5a0cf98b5ccc0dbecdf8d8FreeBSD jail incompletely protects the access to the IPC primitives. The 'allow.sysvipc' setting only affects IPC queues, leaving other IPC objects unprotected, making them reachable system-wide independently of the system configuration. Versions 7.0 through 10.3 are affected. Proof of concept included.
0beaf294618c4baefabc3693cafae6df318872d746e906006697c1f46542cd94Microsoft Resnet suffered from an insecure DNS configuration vulnerability.
d18d4269ee07a6b980977182396017c7194ca4a22a64d5add6fd2d531138b44f
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed