CVE-2026-26056 Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller context by injecting a...

Exploit for Type Confusion in Google Chrome

CVE-2024-2887 This is a short writeup for the CVE-2024-2887,...

BIT-GOLANG-2021-38297

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used...

nodejs: code injection via WebAssembly export names

Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module...

Denial Of Service (DoS)

firefox and thunderbird are vulnerable to Information Disclosure. An attacker could exploit this vulnerability by creating a malicious website that would contain a specially crafted WASM module when Firefox tried to compile the module, it would crash...

Important: golang

Issue Overview: A null pointer dereference vulnerability was found in golang. When using the library's ssh server without specifying an option for GSSAPIWithMICConfig, it is possible for an attacker to craft an ssh client connection using the authentication method and cause the server to panic...

Amazon Linux AMI : golang (ALAS-2022-1583)

The version of golang installed on the remote host is prior to 1.16.15-1.37. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1583 advisory. 2024-01-03: CVE-2021-27919 was added to this advisory. An out of bounds read vulnerability was found in golang. When...

EulerOS 2.0 SP10 : golang (EulerOS-SA-2022-1254)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler...

EulerOS 2.0 SP8 : golang (EulerOS-SA-2021-2802)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected ty...

AZL-6450 CVE-2021-38297 affecting package golang for versions less than 1.17.8-1

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used...

CVE-2021-38297

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used...

DEBIAN-CVE-2021-38297

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used...

Buffer overflow

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used...

CVE-2021-38297

Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used...

FreeBSD : go -- misc/wasm, cmd/link: do not let command line arguments overwrite global data (4fce9635-28c0-11ec-9ba8-002324b2fba8)

The Go project reports : When invoking functions from WASM modules, built using GOARCH=wasm GOOS=js, passing very large arguments can cause portions of the module to be overwritten with data from the arguments. If using wasmexec.js to execute WASM modules, users will need to replace their copy...

Exploit for Improper Input Validation in Google Chrome

PoC exploit for CVE-2020-16040, an out-of-bounds read vulnerability in the WebAssembly WASM module loader. The exploit targets the WASM module loader's handling of WebAssembly code, specifically the wasmcode array, which is used to load and execute WASM modules. The vulnerability allows an attack...

UBUNTU-CVE-2019-7151

A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt...

DEBIAN-CVE-2019-7151

A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt...

CVE-2019-7151

A NULL pointer dereference was discovered in wasm::Module::getFunctionOrNull in wasm/wasm.cpp in Binaryen 1.38.22. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by wasm-opt...

Google Chrome < 62.0.3202.89 Multiple Vulnerabilities

Binary data 700348.pasl...