Wasmtime vulnerable to segfault when using component resources

Impact The implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a segfault or assert failure. This bug was introduced in the release of...

UBUNTU-CVE-2025-62711

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a...

CVE-2025-62711 Wasmtime vulnerable to segfault when using component resources

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a...

CVE-2025-62711 Wasmtime vulnerable to segfault when using component resources

Wasmtime is a runtime for WebAssembly. In versions from 38.0.0 to before 38.0.3, the implementation of component-model related host-to-wasm trampolines in Wasmtime contained a bug where it's possible to carefully craft a component, which when called in a specific way, would crash the host with a...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the SessionClicks class. An attacker can exhaust system memory by sending crafted HTTP requests that cause excessive request parameters to be stored in the HTTP session. Details...

a2grunnerp (>=0.1.0 <=0.1.8), aad-fastapi (>=1.0.0 <=1.1.2) +2282 more potentially affected by CVE-2024-26130 via cryptography (>=38.0.0 <=42.0.3)

cryptography PYPI version =38.0.0, =0.1.0, =1.0.0, =1.0.0, =0.0.1, =1.0.2, =0.1.1, =2.3.36, =0.1.17, =0.3.4, =0.4.7, =0.0.1, =0.1.1, =0.1.1, =0.1.5 and more Source cves: CVE-2024-26130 Source advisory: OSV:GHSA-6VQW-3V5J-54X4...

CVE-2024-26130

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serializekeyandcertificates is called with both a certificate whose public key did not match the provided private key and an...

python-cryptography Security Vulnerabilities

python-cryptography is a Python code library for cryptographic applications from the Cryptographic team. A security vulnerability exists in python-cryptography version 38.0.0 through versions prior to 42.0.4, which stems from a NULL pointer dereference that can cause a Python process to crash...