RUSTSEC-2026-0092 Panic when transcoding misaligned component model UTF-16 strings

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-jxhv-7h78-9775 For more information see the GitHub-hosted security advisory...

CLEANSTART-2026-FZ55932 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process

Multiple security vulnerabilities affect the istio-fips package. SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process. See references for individual vulnerability details...

Linux Distros Unpatched Vulnerability : CVE-2026-34942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's...

PT-2026-31687

Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler contains a vulnerability where the compilation of the table.fill instruction can result in a host panic. This means that a valid guest can be compiled with Winch, on any architecture...

PT-2026-31684

Name of the Vulnerable Software and Affected Versions Wasmtime versions prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 Description Wasmtime, a runtime for WebAssembly, may experience a panic when a flags-typed component model value is lifted with the Val type. This occurs if bits are set outside the...

wasmtime 输入验证错误漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions of Wastime prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 contained a vulnerability related to input validation errors. This vulnerability stemmed from the improper validation of the alignment of reallocated...

PT-2026-31681

Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be...

Linux Distros Unpatched Vulnerability : CVE-2026-34943

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime contains a possible panic which can happen when a flags-typed...

Denial of Service due to Panic in AWS SDK for Go v2 SDK EventStream Decoder

CVSSv3.1 Rating: Medium CVSSv3.1 Score: 5.9 CVSSv3.1 Vector String: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Summary and Impact An issue exists in the the EventStream header decoder in AWS SDK for Go v2 in versions predating 2026-03-23. An actor can send a malformed EventStream response frame...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006716)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006716 advisory. In the Linux kernel, the following vulnerability has been resolved: qed: Don't collect too many protection override GRC elements In the protection override dump path...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006790)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006790 advisory. In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006648)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006648 advisory. In the Linux kernel, the following vulnerability has been resolved: mm/gup: fix guppudrange for dax For dax pud, pudhuge returns true on x86. So the function works a...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006638)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006638 advisory. In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix possible panic during hotplug remove During hotplug remove it is possible that the...

Cisco Nexus 9000 Series Fabric Switches in ACI Mode SNMP DoS (cisco-sa-nxos-dsnmp-cNN39Uh)

According to its self-reported version, Cisco NX-OS System Software in ACI Mode is affected by a vulnerability. - A vulnerability in the Simple Network Management Protocol SNMP subsystem of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an authenticated, remote attacker to cause ...

Improper Validation of Array Index

Overview github.com/jackc/pgx/v5/pgproto3 is a low-level PostgreSQL database driver Affected versions of this package are vulnerable to Improper Validation of Array Index in the Bind.Decode function. An attacker can cause unexpected memory access or application crashes by sending specially crafte...

GO-2026-4909 Missing validation decoding Index v4 files leads to panic in github.com/go-git/go-git

Missing validation decoding Index v4 files leads to panic in github.com/go-git/go-git...

Linux Distros Unpatched Vulnerability : CVE-2026-23432

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: mshv: Fix use-after-free in mshvmapusermemory error path In the error path of...

DEBIAN-CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...

CVE-2026-34986

Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption JWE, JSON Web Signature JWS, and JSON Web Token JWT standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption JWE object will panic if t...