Jsish
by Jsish
Source repositories
CVEs (53)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-24189 | Cri | 0.64 | 9.8 | 0.01 | Feb 7, 2024 | Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c. | ||
| CVE-2024-24188 | Cri | 0.64 | 9.8 | 0.01 | Feb 7, 2024 | Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. | ||
| CVE-2024-24186 | Cri | 0.64 | 9.8 | 0.01 | Feb 7, 2024 | Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c. | ||
| CVE-2019-1010177 | Cri | 0.64 | 9.8 | 0.02 | Jul 24, 2019 | Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: denial of service and possibly arbitrary code execution. The component is: function Jsi_RegExpNew (jsi/jsiRegexp.c:39). The attack vector is: executing crafted javascript code. The fixed version is: after commit… | ||
| CVE-2021-46483 | Hig | 0.51 | 7.8 | 0.01 | Jan 25, 2022 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c. | ||
| CVE-2021-46482 | Hig | 0.51 | 7.8 | 0.01 | Jan 25, 2022 | Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c. | ||
| CVE-2020-23260 | Hig | 0.49 | 7.5 | 0.01 | Apr 4, 2023 | An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file. | ||
| CVE-2020-23259 | Hig | 0.49 | 7.5 | 0.01 | Apr 4, 2023 | An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file. | ||
| CVE-2020-23258 | Hig | 0.49 | 7.5 | 0.01 | Apr 4, 2023 | An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file. | ||
| CVE-2020-22907 | Hig | 0.49 | 7.5 | 0.02 | Jul 13, 2021 | Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter. | ||
| CVE-2019-1010172 | Hig | 0.49 | 7.5 | 0.01 | Jul 25, 2019 | Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString (jsiUtils.c). The attack vector is: executing crafted javascript code. The fixed version is: after commit… | ||
| CVE-2019-1010173 | Hig | 0.49 | 7.5 | 0.01 | Jul 23, 2019 | Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function Jsi_ValueArrayIndex (jsiValue.c:366). The attack vector is: executing crafted javascript code. The fixed version is: after commit… | ||
| CVE-2019-1010171 | Hig | 0.49 | 7.5 | 0.01 | Jul 23, 2019 | Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsi_DumpFunctions (jsiEval.c:567). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84. | ||
| CVE-2019-1010170 | Hig | 0.49 | 7.5 | 0.01 | Jul 23, 2019 | Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function Jsi_ObjFree (jsiObj.c:230). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78. | ||
| CVE-2019-1010169 | Hig | 0.49 | 7.5 | 0.01 | Jul 23, 2019 | Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: denial of service. The component is: function lexer_getchar (jsiLexer.c:9). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78. | ||
| CVE-2018-1000668 | Med | 0.42 | 6.5 | 0.01 | Sep 6, 2018 | jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This… | ||
| CVE-2018-1000663 | Med | 0.42 | 6.5 | 0.01 | Sep 6, 2018 | jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. | ||
| CVE-2018-1000661 | Med | 0.42 | 6.5 | 0.01 | Sep 6, 2018 | jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability… | ||
| CVE-2018-1000655 | Med | 0.42 | 6.5 | 0.01 | Aug 20, 2018 | Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to… | ||
| CVE-2021-46507 | Med | 0.36 | 5.5 | 0.01 | Jan 27, 2022 | Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c. |
- risk 0.64cvss 9.8epss 0.01
Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c.
- risk 0.64cvss 9.8epss 0.01
Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c.
- risk 0.64cvss 9.8epss 0.01
Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c.
- risk 0.64cvss 9.8epss 0.02
Jsish 2.4.70 2.047 is affected by: Use After Free. The impact is: denial of service and possibly arbitrary code execution. The component is: function Jsi_RegExpNew (jsi/jsiRegexp.c:39). The attack vector is: executing crafted javascript code. The fixed version is: after commit…
- risk 0.51cvss 7.8epss 0.01
Jsish v3.5.0 was discovered to contain a heap buffer overflow via BooleanConstructor at src/jsiBool.c.
- risk 0.51cvss 7.8epss 0.01
Jsish v3.5.0 was discovered to contain a heap buffer overflow via NumberConstructor at src/jsiNumber.c.
- risk 0.49cvss 7.5epss 0.01
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the StringReplaceCmd function in the src/jsiChar.c file.
- risk 0.49cvss 7.5epss 0.01
An issue found in Jsish v.3.0.11 and before allows an attacker to cause a denial of service via the Jsi_Strlen function in the src/jsiChar.c file.
- risk 0.49cvss 7.5epss 0.01
An issue found in Jsish v.3.0.11 allows a remote attacker to cause a denial of service via the Jsi_ValueIsNumber function in ./src/jsiValue.c file.
- risk 0.49cvss 7.5epss 0.02
Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter.
- risk 0.49cvss 7.5epss 0.01
Jsish 2.4.84 2.0484 is affected by: Uncontrolled Resource Consumption. The impact is: denial of service. The component is: function jsiValueGetString (jsiUtils.c). The attack vector is: executing crafted javascript code. The fixed version is: after commit…
- risk 0.49cvss 7.5epss 0.01
Jsish 2.4.84 2.0484 is affected by: Reachable Assertion. The impact is: denial of service. The component is: function Jsi_ValueArrayIndex (jsiValue.c:366). The attack vector is: executing crafted javascript code. The fixed version is: after commit…
- risk 0.49cvss 7.5epss 0.01
Jsish 2.4.83 2.0483 is affected by: Nullpointer dereference. The impact is: denial of service. The component is: function jsi_DumpFunctions (jsiEval.c:567). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.84.
- risk 0.49cvss 7.5epss 0.01
Jsish 2.4.77 2.0477 is affected by: Use After Free. The impact is: denial of service. The component is: function Jsi_ObjFree (jsiObj.c:230). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.
- risk 0.49cvss 7.5epss 0.01
Jsish 2.4.77 2.0477 is affected by: Out-of-bounds Read. The impact is: denial of service. The component is: function lexer_getchar (jsiLexer.c:9). The attack vector is: executing crafted javascript code. The fixed version is: 2.4.78.
- risk 0.42cvss 6.5epss 0.01
jsish version 2.4.70 2.047 contains a CWE-125: Out-of-bounds Read vulnerability in function jsi_ObjArrayLookup (jsiObj.c:274) that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code. This…
- risk 0.42cvss 6.5epss 0.01
jsish version 2.4.70 2.047 contains a Buffer Overflow vulnerability in function _jsi_evalcode from jsiEval.c that can result in Crash due to segmentation fault. This attack appear to be exploitable via The victim must execute crafted javascript code.
- risk 0.42cvss 6.5epss 0.01
jsish version 2.4.67 contains a CWE-476: NULL Pointer Dereference vulnerability in Jsi_LogMsg (jsiUtils.c:196) that can result in Crash due to segmentation fault. This attack appear to be exploitable via the victim executing specially crafted javascript code. This vulnerability…
- risk 0.42cvss 6.5epss 0.01
Jsish version 2.4.65 contains a CWE-476: NULL Pointer Dereference vulnerability in Function jsi_ValueCopyMove from jsiValue.c:240 that can result in Crash due to segmentation fault. This attack appear to be exploitable via a crafted javascript code. This vulnerability appears to…
- risk 0.36cvss 5.5epss 0.01
Jsish v3.5.0 was discovered to contain a stack overflow via Jsi_LogMsg at src/jsiUtils.c.
Page 1 of 3