#microsoft

CVE-2022-23258: Microsoft Edge for Android Spoofing Vulnerability

**What is the version information for this release?** Microsoft Edge Version Date Released Based on Chromium Version 97.0.1072.69 1/20/2022 97.0.4692.99

2 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #android #microsoft #Microsoft Edge (Chromium-based)#Security Vulnerability

CVE-2013-3900: WinVerifyTrust Signature Validation Vulnerability

**What is the result of opting into the stricter verification behavior?** Opting into the stricter verification behavior causes the WinVerifyTrust function to perform strict Windows Authenticode signature verification for PE files. After you opt in, PE files will be considered "unsigned" if Windows identifies content in them that does not conform to the Authenticode specification. This may impact some installers. If you are using an installer that is impacted, Microsoft recommends using an installer that only extracts content from validated portions of the signed file. **How can I enable the new signature verification behavior?** Customers who would like to enable the new Authenticode signature verification behavior can do so by setting a key in the system registry. When the key is set, Windows Authenticode signature verification will no longer recognize binaries with Authenticode signatures that contain extraneous information in the WIN\_CERTIFICATE structure. Customers can choose ...

2 years ago

Microsoft Security Response Center

Open in Source

#vulnerability #mac #windows #microsoft #git #WinVerifyTrust Signature Verification #Security Vulnerability

CVE-2022-22888: Stack-overflow in ecma-objects (ecma_op_object_find_own) · Issue #4848 · jerryscript-project/jerryscript

Jerryscript 3.0.0 was discovered to contain a stack overflow via ecma_op_object_find_own in /ecma/operations/ecma-objects.c.

2 years ago

CVE

Open in Source

#microsoft #ubuntu #linux #js

CVE-2021-46332: Heap-buffer-overflow xs/sources/xsDataView.c:2883 in fxUint8Getter · Issue #752 · Moddable-OpenSource/moddable

Moddable SDK v11.5.0 was discovered to contain a heap-buffer-overflow via xs/sources/xsDataView.c in fxUint8Getter.

2 years ago

CVE

Open in Source

#microsoft #ubuntu #linux #js

CVE-2021-46339: Assertion 'lit_is_valid_cesu8_string (string_p, string_size)' failed at jerryscript/jerry-core/ecma/base/ecma-helpers-string.c(ecma_new_ecma_string_from_utf8):371. · Issue #4935 · jerryscript-project

There is an Assertion 'lit_is_valid_cesu8_string (string_p, string_size)' failed at /base/ecma-helpers-string.c(ecma_new_ecma_string_from_utf8) in JerryScript 3.0.0.

2 years ago

CVE

Open in Source

#microsoft #ubuntu #linux #js #git

CVE-2021-46336: Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' failed at jerryscript/jerry-core/parser/js/js-parser-expr.c(parser_parse_class_body):656. · Issue #4927 · jerryscript-project/jerryscript

There is an Assertion 'opts & PARSER_CLASS_LITERAL_CTOR_PRESENT' failed at /parser/js/js-parser-expr.c(parser_parse_class_body) in JerryScript 3.0.0.

2 years ago

CVE

Open in Source

#microsoft #ubuntu #linux #js

CVE-2021-46337: Assertion 'page_p != NULL' failed at jerryscript/jerry-core/parser/js/js-parser-mem.c(parser_list_get):279. · Issue #4930 · jerryscript-project/jerryscript

There is an Assertion 'page_p != NULL' failed at /parser/js/js-parser-mem.c(parser_list_get) in JerryScript 3.0.0.