Node.js 18.x < 18.18.2, 20.x < 20.8.1 Multiple Vulnerabilities - Mac OS X

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

Node.js 18.x < 18.18.2, 20.x < 20.8.1 Multiple Vulnerabilities - Windows

Node.js is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nodejs:node.js"; ifdescription...

Important: firefox

Issue Overview: The parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child process. This vulnerability affects Thunderbird 91.9. CVE-2022-29913 A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describe...

Important: firefox

Issue Overview: Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox 116, Firefox ESR 102.14, and Firefox ESR 115.1. CVE-2023-4045 In some...

PT-2024-2545

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 123.0.6312.86 Microsoft Edge Chromium-based versions prior to 123.0.6312.86 Chromium versions prior to 126.0.6478.182-alt0.p10.1 nodejs-electron-28.2.10-1.1 chromedriver-124.0.6367.201-1.1 OpenSUSE affected...

CVE-2023-41880

Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...

Design/Logic Flaw

Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...

CVE-2023-41880

Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...

CVE-2023-41880

CVE-2023-41880 affects Wasmtime on x86_64 where a miscompilation of the WebAssembly i64x2.shr_s instruction occurs for constant shift amounts greater than 32. Versions 10.0.0 through 10.0.2, 11.0.2, and 12.0.1 contain the issue; patch versions 10.0.2, 11.0.2, and 12.0.2 fix it (11.0.2 and 12.0.2 ...

CVE-2023-41880 Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64

Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...

CVE-2023-41880 Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64

Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...

CVE-2023-41880 Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64

Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...

Wasmtime Security Breach

Wasmtime is a bytecode consortium project that is a standalone wasm-optimized runtime for WebAssembly and WASI only. A security vulnerability exists in Wasmtime. No information about this vulnerability is available at this time, so please stay tuned to CNNVD or the vendor announcement...

Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64

Impact Wasmtime versions from 10.0.0 to 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so all other targets are not affected by this. The miscompilation results i...

GHSA-GW5P-Q8MJ-P7GH Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64

Impact Wasmtime versions from 10.0.0 to 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so all other targets are not affected by this. The miscompilation results i...

Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86\_64

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gw5p-q8mj-p7gh. For more information see the GitHub-hosted security advisory...

PT-2023-28139 · Wasmtime · Wasmtime

Name of the Vulnerable Software and Affected Versions: Wasmtime versions 10.0.0 through 12.0.1 Description: The issue is related to a miscompilation of the WebAssembly i64x2.shr s instruction on x86 64 platforms when the shift amount is a constant value that is larger than 32. This results in the...

Three vulnerabilities in NVIDIA graphics driver could cause memory corruption

Piotr Bania of Cisco Talos discovered the vulnerabilities mentioned in this post. Cisco Talos recently disclosed three vulnerabilities in the shader functionality of the NVIDIA D3D10 driver that works with NVIDIAs graphics cards. The driver is vulnerable to memory corruption if an adversary sends...

DEBIAN-CVE-2020-18382

Heap-buffer-overflow in /src/wasm/wasm-binary.cpp in wasm::WasmBinaryBuilder::visitBlockwasm::Block in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-opt...

DEBIAN-CVE-2020-18378

A NULL pointer dereference was discovered in SExpressionWasmBuilder::makeBlock in wasm/wasm-s-parser.c in Binaryen 1.38.26. A crafted wasm input can cause a segmentation fault, leading to denial-of-service, as demonstrated by wasm-as...