Lucene search
K

1763 matches found

NVD
NVD
added 2026/01/27 7:16 p.m.6 views

CVE-2026-24116

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

5.5CVSS0.00214EPSS
Exploits0References8
UbuntuCve
UbuntuCve
added 2026/01/27 7:16 p.m.6 views

CVE-2026-24116

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

5.5CVSS5.7AI score0.00214EPSS
Exploits0References12
OSV
OSV
added 2026/01/27 6:58 p.m.10 views

CVE-2026-24116 Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

4.1CVSS5.8AI score0.00214EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/01/27 6:58 p.m.5 views

CVE-2026-24116

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

4.1CVSS5.8AI score0.00214EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/01/27 6:58 p.m.14 views

CVE-2026-24116

CVE-2026-24116 affects Wasmtime (WebAssembly runtime) on x86-64 with AVX. The Cranelift-based compilation of the f64.copysign instruction may load 8 bytes too many, potentially causing an uncaught segfault when signals-based-traps are disabled and loading from guard pages occurs. Affected version...

5.5CVSS5.8AI score0.00214EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2026/01/27 6:58 p.m.5 views

CVE-2026-24116 Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64

Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are...

4.1CVSS5.8AI score0.00214EPSS
Exploits0References8
OSV
OSV
added 2026/01/27 12:48 a.m.5 views

GHSA-VC8C-J3XM-XJ73 Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64

On x86-64 platforms with AVX Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled...

4.1CVSS5.9AI score0.00214EPSS
Exploits0References10
Github Security Blog
Github Security Blog
added 2026/01/27 12:48 a.m.8 views

Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64

On x86-64 platforms with AVX Wasmtime's compilation of the f64.copysign WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled...

5.5CVSS5.9AI score0.00214EPSS
Exploits0References10Affected Software1
OSV
OSV
added 2026/01/26 12:0 p.m.4 views

RUSTSEC-2026-0006 Wasmtime segfault or unused out-of-sandbox load with `f64.copysign` operator on x86-64

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-vc8c-j3xm-xj73 For more information see the GitHub-hosted security advisory...

4.1CVSS5.9AI score0.00214EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.7 views

Azure Linux 3.0 Security Update: samba (CVE-2022-32745)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-32745 advisory. - A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add ...

8.1CVSS7AI score0.00904EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 8 : dpdk-19.11.3-1.el8 (AXSA:2021-1390:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1390:01 advisory. dpdk: librtevhost Malicious guest could cause segfault by sending invalid Virtio descriptor CVE-2020-10725 dpdk: librtevhost Integer overflow in...

7.7CVSS6.6AI score0.02213EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/20 12:0 a.m.4 views

MiracleLinux 9 : binutils-2.35.2-42.el9 (AXSA:2023-6593:04)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6593:04 advisory. binutils: NULL pointer dereference in bfdelfgetsymbolversionstring leads to segfault CVE-2022-4285 Tenable has extracted the preceding description block...

5.5CVSS5.5AI score0.00437EPSS
Exploits1References2
SUSE CVE
SUSE CVE
added 2026/01/14 12:28 a.m.5 views

SUSE CVE-2025-15514

Ollama 0.11.5-rc0 through current version 0.13.5 contain a null pointer dereference vulnerability in the multi-modal model image processing functionality. When processing base64-encoded image data via the /api/chat endpoint, the application fails to validate that the decoded data represents valid...

8.7CVSS7AI score0.00698EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/14 12:0 a.m.4 views

MiracleLinux 3 : glibc-2.5-81.4.0.1.AXS3 (AXSA:2012-695:04)

The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-695:04 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make...

6.8CVSS7AI score0.03163EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/01/13 1:14 p.m.7 views

postgresql: libpq: libpq undersizes allocations, via integer wraparound

A vulnerability has been identified in PostgreSQL’s libpq client library, where integer wraparound in several allocation-size calculations allows a peer or input provider to cause an undersized buffer and then write out-of-bounds by hundreds of megabytes. This can lead to a client application...

5.9CVSS5.8AI score0.00332EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/01/13 12:0 a.m.5 views

MiracleLinux 9 : perl-JSON-XS-4.04-1.el9_6 (AXSA:2025-10955:02)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-10955:02 advisory. JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON CVE-2025-40928 Tenable has extracted the preceding description block directly...

7.5CVSS7.6AI score0.00603EPSS
Exploits0References2
OSV
OSV
added 2026/01/10 5:53 a.m.4 views

CVE-2026-22693 Null Pointer Dereference in SubtableUnicodesCache::create leading to DoS

HarfBuzz is a text shaping engine. Prior to version 12.3.0, a null pointer dereference vulnerability exists in the SubtableUnicodesCache::create function located in src/hb-ot-cmap-table.hh. The function fails to check if hbmalloc returns NULL before using placement new to construct an object at t...

5.3CVSS6.7AI score0.00377EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/09 9:21 a.m.16 views

CVE-2021-41196

TensorFlow is an open source platform for machine learning. In affected versions the Keras pooling layers can trigger a segfault if the size of the pool is 0 or if a dimension is negative. This is due to the TensorFlow's implementation of pooling operations where the values in the sliding window...

5.5CVSS6.6AI score0.0023EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:14 a.m.13 views

CVE-2022-23593

Tensorflow is an Open Source Machine Learning Framework. The simplifyBroadcast function in the MLIR-TFRT infrastructure in TensorFlow is vulnerable to a segfault hence, denial of service, if called with scalar shapes. If all shapes are scalar, then maxRank is 0, so we build an empty SmallVector...

7.5CVSS6.5AI score0.0087EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:11 a.m.13 views

CVE-2022-35966

TensorFlow is an open source platform for machine learning. If QuantizedAvgPool is given mininput or maxinput tensors of a nonzero rank, it results in a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...

7.5CVSS6.6AI score0.00409EPSS
Exploits0References1
Rows per page
Query Builder