Lucene search
K

816 matches found

OSV
OSV
added 2026/04/09 7:16 p.m.9 views

UBUNTU-CVE-2026-34983

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

5CVSS5.8AI score0.00117EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/09 6:47 p.m.3 views

CVE-2026-34983 Wasmtime has a use-after-free bug after cloning `wasmtime::Linker`

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

1CVSS5.8AI score0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/09 6:47 p.m.18 views

CVE-2026-34983 Wasmtime has a use-after-free bug after cloning `wasmtime::Linker`

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

1CVSS0.00117EPSS
Exploits0References1
CVE
CVE
added 2026/04/09 6:47 p.m.28 views

CVE-2026-34983

Wasmtime 43.0.0 contains a use-after-free bug when cloning wasmtime::Linker, triggered by a specific host embedder API sequence (clone, drop original, use cloned linker). The issue is not controllable by guest Wasm programs and can manifest as a segfault; it does not enable heap corruption or dat...

5CVSS5.9AI score0.00117EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/09 6:47 p.m.7 views

CVE-2026-34983

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

1CVSS5.9AI score0.00117EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/04/09 12:0 p.m.1 views

RUSTSEC-2026-0090 Use-after-free bug after cloning `wasmtime::Linker`

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hfr4-7c6c-48w2 For more information see the GitHub-hosted security advisory...

1CVSS5.8AI score0.00117EPSS
Exploits0References3
RustSec
RustSec
added 2026/04/09 12:0 p.m.6 views

Use-after-free bug after cloning `wasmtime::Linker`

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hfr4-7c6c-48w2 For more information see the GitHub-hosted security advisory...

5CVSS5.9AI score0.00117EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/04/09 12:0 a.m.7 views

wasmtime 资源管理错误漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Version 43.0.0 of Wastime contains a resource management vulnerability. This vulnerability stems from a flaw in cloning wastim::Linker, which may lead to reuse after reclamation...

5CVSS5.8AI score0.00117EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/09 12:0 a.m.4 views

PT-2026-31689

Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be triggered by a specific sequence of embedder API calls made by the host. Specifically, the following...

1CVSS5.9AI score0.00117EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/04/09 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2026-34983

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by...

5CVSS5.5AI score0.00117EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/04/08 9:20 a.m.5 views

CVE-2026-34079

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS6AI score0.00323EPSS
Exploits0References4
OSV
OSV
added 2026/04/07 10:16 p.m.2 views

DEBIAN-CVE-2026-34079

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on t...

7.5CVSS5.5AI score0.00323EPSS
Exploits0References1
NVD
NVD
added 2026/04/07 10:16 p.m.6 views

CVE-2026-34079

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on t...

8.7CVSS0.00323EPSS
Exploits0References1
OSV
OSV
added 2026/04/07 10:16 p.m.9 views

UBUNTU-CVE-2026-34079

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on t...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/07 9:29 p.m.4 views

CVE-2026-34079 Flatpak affected by arbitrary file deletion on the host filesystem

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on t...

8.7CVSS5.9AI score0.00323EPSS
Exploits0References1
CVE
CVE
added 2026/04/07 9:29 p.m.36 views

CVE-2026-34079

Flatpak (Linux application sandboxing) before version 1.16.4 had a flaw in ld.so cache cleanup: it could delete arbitrary files on the host if the app-controlled path to outdated cache wasn't properly verified within the cache directory. The vulnerability is fixed in 1.16.4. Impact is described a...

8.7CVSS6.1AI score0.00323EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/07 9:29 p.m.26 views

CVE-2026-34079 Flatpak affected by arbitrary file deletion on the host filesystem

Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on t...

8.7CVSS0.00323EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.4 views

CVE-2026-22177

OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODEOPTIONS or LD through configuration to execute arbitrary code in the OpenClaw gateway service...

8.8CVSS6.2AI score0.00371EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/26 12:0 a.m.2 views

Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-11.0.1)

The version of AHV installed on the remote host is prior to AHV-11.0.1. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AHV-11.0.1 advisory. - A flaw was found in libssh when using the ChaCha20 cipher with the OpenSSL library. If an attacker manages to exhaust the...

8.6CVSS5.8AI score0.02394EPSS
Exploits15References18
EUVD
EUVD
added 2026/03/16 3:30 p.m.5 views

EUVD-2026-12196

A flaw was found in GNU Binutils. This vulnerability, a heap-based buffer overflow, specifically an out-of-bounds read, exists in the bfd linker component. An attacker could exploit this by convincing a user to process a specially crafted malicious XCOFF object file. Successful exploitation may...

6.1CVSS5.9AI score0.00245EPSS
Exploits1References3
Rows per page
Query Builder