Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC

Arbitrary WASM Code Execution via AnnotationOverrideFlight Injection in Yoke ATC This vulnerability exists in the Air Traffic Controller ATC component of Yoke, a Kubernetes deployment tool. It allows users with CR create/update permissions to execute arbitrary WASM code in the ATC controller...

MiracleLinux 8 : thunderbird-102.11.0-1.el8.ML.1 (AXSA:2023-6153:18)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-6153:18 advisory. Mozilla: Browser prompts could have been obscured by popups CVE-2023-32205 Mozilla: Crash in RLBox Expat driver CVE-2023-32206 Mozilla: Potential...

EUVD-2022-53138

Malicious code in bioql PyPI...

EUVD-2022-44203

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2022-40957

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.This bug only affects Firefox on ARM64...

CentOS 7 : thunderbird (RHSA-2022:6710)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:6710 advisory. - When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects...

Invalid Memory Access

Firefox is vulnerable to invalid memory access. The vulnerability is due to a missing iterator stop condition when handling WASM code in the built-in profiler, which can lead to invalid memory access and undefined behavior...

Fedora 39 : firefox (2024-a2c6c8afa9)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a2c6c8afa9 advisory. - new upstream update 126.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has n...

CVE-2024-4775

An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running. This vulnerability affects Firefox 126...

CVE-2024-4775

An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. Note: This issue only affects the application when the profiler is running. This vulnerability affects Firefox 126...

Mozilla Firefox < 126.0

The version of Firefox installed on the remote Windows host is prior to 126.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-21 advisory. - Memory safety bugs present in Firefox 125, Firefox ESR 115.10, and Thunderbird 115.10. Some of these bugs showed...

CVE-2023-51661 Filesystem sandbox not enforced in wasmer-cli

Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This...

Rocky Linux 8 : thunderbird (RLSA-2022:6708)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:6708 advisory. - When receiving an HTML email that contained an iframe element, which used a srcdoc attribute to define the inner HTML document, remote objects specifi...

Important: firefox

Issue Overview: Integer overflow vulnerability in avtimecodemakestring in libavutil/timecode.c in FFmpeg version 4.3.2, allows local attackers to cause a denial of service DoS via crafted .mov file. CVE-2021-28429 A vulnerability was found in expat. With this flaw, it is possible to create a...

Mozilla: Content process crash due to invalid wasm code

The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled...

RHEL 8 : thunderbird (RHSA-2023:3221)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2023:3221 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.11.0. Security Fixes: Mozilla...

Mozilla: Content process crash due to invalid wasm code

The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled...

Mozilla: Content process crash due to invalid wasm code

The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled...

Mozilla: Content process crash due to invalid wasm code

The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled...

Mozilla: Content process crash due to invalid wasm code

The Mozilla Foundation Security Advisory describes this flaw as: A type checking bug would have led to invalid code being compiled...