Design/Logic Flaw

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe const cvoid and ExternalPointer leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe...

Design/Logic Flaw

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An aut...

CVE-2024-28123 Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters

Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit 128, as it will surpass the...

CVE-2024-28123

The CVE-2024-28123 issue affects Wasmi, a WebAssembly interpreter. The root cause is an out-of-bounds buffer write when the host calls or resumes a Wasm function with more than 128 parameters, causing stack overflow for host-to-Wasm calls (not for Wasm-to-Wasm). This vulnerability is addressed by...

CVE-2024-28123 Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters

Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit 128, as it will surpass the...

CVE-2024-28123 Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters

Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit 128, as it will surpass the...

CVE-2024-27936

CVE-2024-27936 (Deno) affects Deno runtime prior to 1.41.0. Maliciously crafted permission requests could inject a broken ANSI escape sequence, causing the prompt to display spoofed content (e.g., file path or program name) while permissions granted reflect the original input. This is resolved in...

CVE-2024-27936 Deno interactive permission prompt spoofing via improper ANSI stripping

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41.0 of the deno library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request...

CVE-2024-27935

Vulnerability summary (CVE-2024-27935): Deno’s Node.js compatibility runtime is vulnerable in versions 1.35.1 through 1.36.2 (up to but not including 1.36.3). A bug in stream_wrap.ts reuses a global buffer (BUF) to optimize asynchronous reads from Node.js streams, enabling cross-session data cont...

CVE-2024-27935 Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets o...

CVE-2024-27934

CVE-2024-27934 affects Deno (JavaScript/TypeScript runtime). From versions 1.36.2 through 1.40.3, use of unsafe *const c_void and ExternalPointer can cause use-after-free of internal structures, enabling arbitrary code execution when an attacker controls code in the Deno runtime. The issue is rep...

CVE-2024-27933

Summary: CVE-2024-27933 affects Deno 1.39.0, where use of raw file descriptors in op_node_ipc_pipe() can prematurely close arbitrary fds, enabling silent permission-prompt bypass and potential arbitrary code execution on the host when an attacker controls code in the Deno runtime. The issue arise...

CVE-2024-27932 Deno's improper suffix match testing for DENO_AUTH_TOKENS

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An aut...

CVE-2024-27932 Deno's improper suffix match testing for DENO_AUTH_TOKENS

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An aut...

CVE-2024-27932

The CVE-2024-27932 issue affects Deno (JavaScript/TypeScript/Wasmtime runtime). The vulnerability arises from an improper check in the import descriptor hostname logic (in the auth_tokens.rs path) where a token hostname is not correctly constrained to its domain, allowing a token intended for exa...

CVE-2024-27931

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect othe...

Path traversal

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect othe...

CVE-2024-27931

CVE-2024-27931 concerns Deno, a JavaScript/TypeScript runtime. The issue is insufficient validation of parameters in the Deno.makeTemp* APIs, which can allow a user to create files outside of the intended directories via path traversal in the provided prefix/suffix. The documented impact is poten...

The vulnerability in the implementation of the WASM technology of Mozilla Firefox browser allows a hacker to trigger a service failure.

The vulnerability of Mozilla Firefox’s WASM technology implementation exists due to insufficient validation of input data. Exploiting this vulnerability can allow a remote attacker to cause service failures...

Fedora 39 : firefox (2024-14dea9640b)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-14dea9640b advisory. - Updated to new upstream 122.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...