Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Jsish Subscribe

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-46482 1 Jsish 1 Jsish 2022-01-27 6.8 MEDIUM 7.8 HIGH
Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c.
CVE-2021-46483 1 Jsish 1 Jsish 2022-01-27 6.8 MEDIUM 7.8 HIGH
Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c.
CVE-2019-1010173 1 Jsish 1 Jsish 2020-08-24 5.0 MEDIUM 7.5 HIGH
Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function Jsi_ValueArrayIndex (jsiValue.c:366). The attack vector is: executing crafted javascript code. The fixed version is: after commit 738ead193aff380a7e3d7ffb8e11e446f76867f3.
CVE-2019-1010172 1 Jsish 1 Jsish 2019-08-01 5.0 MEDIUM 7.5 HIGH
Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString (jsiUtils.c). The attack vector is: executing crafted javascript code. The fixed version is: after commit f3a8096e0ce44bbf36c1dcb6e603adf9c8670c39.
CVE-2019-1010170 1 Jsish 1 Jsish 2019-07-23 5.0 MEDIUM 7.5 HIGH
Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function Jsi_ObjFree (jsiObj.c:230). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.
CVE-2019-1010169 1 Jsish 1 Jsish 2019-07-23 5.0 MEDIUM 7.5 HIGH
Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: denial of service. The component is: function lexer_getchar (jsiLexer.c:9). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.
CVE-2019-1010171 1 Jsish 1 Jsish 2019-07-23 5.0 MEDIUM 7.5 HIGH
Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsi_DumpFunctions (jsiEval.c:567). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84.