Mozilla: GC rooting failure when calling wasm instance methods

The Mozilla Foundation Security Advisory describes this flaw as: Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitab...

Mozilla: GC rooting failure when calling wasm instance methods

The Mozilla Foundation Security Advisory describes this flaw as: Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitab...

Mozilla: GC rooting failure when calling wasm instance methods

The Mozilla Foundation Security Advisory describes this flaw as: Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitab...

CVE-2021-43539

The Mozilla Foundation Security Advisory describes this flaw as: Failure to correctly record the location of live pointers across wasm instance calls resulted in a GC occurring within the call not tracing those live pointers. This could have led to a use-after-free causing a potentially exploitab...

8x8: Exposed kubernetes dashboard

The researcher found an exposed Kubernetes Dashboard. It was short lived as our developers were doing some testing and terminated the instance shortly after. The related instance did not contain anything sensitive...

GHSA-HF79-8HJP-RRVQ Use After Free in lucet

Impact There is a bug in the main branch of Lucet's lucet-runtime that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present in all releases. As a result of...

RUSTSEC-2021-0155 Use After Free in lucet-runtime

There is a bug in the main branch of Lucet's lucet-runtime that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present in all releases. As a result of this...

Use After Free in lucet-runtime

There is a bug in the main branch of Lucet's lucet-runtime that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduced early in the development of Lucet and is present in all releases. As a result of this...

CVE-2021-43790

Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of lucet-runtime affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduc...

Memory corruption

Lucet is a native WebAssembly compiler and runtime. There is a bug in the main branch of lucet-runtime affecting all versions published to crates.io that allows a use-after-free in an Instance object that could result in memory corruption, data race, or other related issues. This bug was introduc...

Lucet 资源管理错误漏洞

Lucet is an open source, native WebAssembly compiler and runtime from the Bytecode Alliance organization. Lucet has a resource management error vulnerability that stems from the presence of post-release usage in Lucet's Instance object, which can be exploited by attackers to cause memory...

Oracle Cloud Infrastructure Instance Metadata Enumeration (Windows)

Binary data enumerateociwin.nbin...

CVE-2021-3062

An improper access control vulnerability in PAN-OS software enables an attacker with authenticated access to GlobalProtect portals and gateways to connect to the EC2 instance metadata endpoint for VM-Series firewalls hosted on Amazon AWS. Exploitation of this vulnerability enables an attacker to...

CVE-2020-10221

creationtimestamp| type| source ---|---|--- 2021-11-08 08:58:19+00:00| seen| MISP/f5030aca-7d5a-43a4-ae03-8f4ac8e85422 2021-11-20 09:53:52+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-12-24 20:22:06+00:00| seen| https://feedsin.space/feed/CISAKevBot/items/2970944 2025-02-06...

CVE-2021-39903

In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings...

Dockerized-Android - A Container-Based Framework To Enable The Integration Of Mobile Components In Security Training Platforms

Dockerized Android is a container-based framework that allows to execute and Android Emulator inside Docker and control it through a browser. This project has been developed in order to provide a starting point for integrating mobile security components into Cyber Ranges but it can be used for an...

CVE-2021-34781

A vulnerability in the processing of SSH connections for multi-instance deployments of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. This vulnerability is due to a lack of proper error...

FreeSWITCH 1.10.6 SRTP Packet Denial Of Service Vulnerability

FreeSWITCH susceptible to Denial of Service via invalid SRTP packets - Fixed versions: v1.10.7 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-09-freeswitch-srtp-dos - Vendor Security Advisory:...

GHSA-4365-FHM5-QCRX Maliciously Crafted Model Archive Can Lead To Arbitrary File Write

Impact An Archive Extraction Zip Slip vulnerability in the functionality that allows a user to load a trained model archive in Rasa 2.8.9 and older allows an attacker arbitrary write capability within specific directories using a malicious crafted archive file. Patches The vulnerability is fixed ...

Oracle Cloud Infrastructure Instance Metadata Enumeration (Linux / Unix)

The remote host is an OCI Oracle Cloud Infrastructure instance for which metadata could be retrieved. TRUSTED...