Use after free with `externref`s and epoch interruption in Wasmtime

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gwc9-348x-qwv2. For more information see the GitHub-hosted security advisory...

RUSTSEC-2022-0099 Use after free with `externref`s and epoch interruption in Wasmtime

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gwc9-348x-qwv2. For more information see the GitHub-hosted security advisory...

CVE-2021-27430

GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR...

Hardcoded credentials

GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR...

CVE-2021-27430

GE UR bootloader binary versions 7.00–7.02 include unused hardcoded credentials. With physical access to the UR Intelligent Electronic Device, an attacker can interrupt the boot sequence by rebooting the UR. The issue is fixed by upgrading UR firmware to 8.10 or newer (GE publication GES-2021-004...

The vulnerabilities of PDF viewing and editing programs from Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, Adobe Acrobat 2020, Adobe Acrobat Reader 2020 are related to the manipulation of the null pointer pointer, allowing attackers to cause service interruptions.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 are related to the use of a null pointer. Exploiting these...

The vulnerability in the implementation of the TCP/IP protocol stack for Linux-based operating systems allows a hacker to cause a service failure.

The vulnerability of the TCP/IP protocol stack implementation in Linux-based operating systems is related to errors in processing ICMPv6 packets. Exploiting this vulnerability can allow a remote attacker to cause service interruptions...

expat: Integer overflow in addBinding in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability confidentiality a...

expat: Integer overflow in defineAttribute in xmlparse.c

expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to availability,...

Medium: expat

Issue Overview: expat libexpat is susceptible to a software flaw that causes process interruption. When processing a large number of prefixed XML attributes on a single tag can libexpat can terminate unexpectedly due to integer overflow. The highest threat from this vulnerability is to...

GSD-2022-1000545 vsock: remove vsock from connected table when connect is interrupted by a signal

vsock: remove vsock from connected table when connect is interrupted by a signal This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.11 by...

GSD-2022-1000347 vsock: remove vsock from connected table when connect is interrupted by a signal

vsock: remove vsock from connected table when connect is interrupted by a signal This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.181 by...

GSD-2022-1000293 vsock: remove vsock from connected table when connect is interrupted by a signal

vsock: remove vsock from connected table when connect is interrupted by a signal This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.303 by...

The vulnerability of the Windows Hyper-V hardware virtualization system allows a attacker to trigger a service failure.

The vulnerability of the Windows Hyper-V hardware virtualization system is related to an uncontrolled consumption of resources. Exploiting this vulnerability can allow a perpetrator to cause service interruptions...

The vulnerability of the Samba network file system, related to insufficient verification of data authenticity, allows a perpetrator to cause service interruptions.

The vulnerability of the Samba network file system is related to insufficient verification of data authenticity. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the smgd subscriber management demon on Juniper Networks’ Junos OS-based MX router devices allows a attacker to cause a service failure.

The vulnerability of the smgd subscriber management daemon for Juniper Networks’ Junos OS routers in the MX series operating systems is related to improper handling of exceptions. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the Windows operating system’s DNS server, related to errors in handling DNS requests, allows a hacker to cause a service failure.

The vulnerability of the Windows operating system’s DNS server is related to errors in handling DNS requests. Exploiting this vulnerability can allow a malicious actor to cause service interruptions through a specially crafted DNS request...

The vulnerability of the Packet Forwarding Engine (PFE) module in Juniper Networks’ Junos OS allows a hacker to trigger a service failure.

The vulnerability of the Packet Forwarding Engine PFE module in Juniper Networks’ Junos OS lies in the fact that resources are not released after their useful life has expired. Exploiting this vulnerability allows a malicious actor to cause service interruptions by sending specially crafted packe...

Cyberinsurance companies don’t want to pay out for “acts of war”

Due to the evolving and growing impact of cybersecurity incidents there are some questions starting to arise about the way that insurance companies deal with the costs that are the results of such incidents. Cyber insurance is a form of cover designed to protect your business from threats in the...

Merck Wins Insurance Lawsuit re NotPetya Attack

The insurance company Ace American has to pay for the losses: On 6th December 2021, the New Jersey Superior Court granted partial summary judgment attached in favour of Merck and International Indemnity, declaring that the War or Hostile Acts exclusion was inapplicable to the dispute. Merck...