Aggregates CVE and security vulnerability intelligence across all moddable-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk memory corruption and vendor risk buffer overflow and related problems; some flaws may lead to vendor impact application crash, affecting vendor surface production workloads scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-25464 | Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger. | [email protected] | 7.5 | 0.35% | 2020-12-04 | 2024-11-21 |
| CVE-2020-25463 | Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV). | [email protected] | 7.5 | 0.33% | 2020-12-04 | 2024-11-21 |
| CVE-2020-25462 | Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903. | [email protected] | 9.8 | 0.46% | 2020-12-04 | 2024-11-21 |
| CVE-2020-25461 | Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV). | [email protected] | 7.5 | 0.33% | 2020-12-04 | 2024-11-21 |
| CVE-2019-16366 | In XS 9.0.0 in Moddable SDK OS180329, there is a heap-based buffer overflow in fxBeginHost in xsAPI.c when called from fxRunDefine in xsRun.c, as demonstrated by crafted JavaScript code to xst. | [email protected] | 9.8 | 0.39% | 2019-09-16 | 2024-11-21 |