25 matches found
CVE-2026-47307
NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9...
EUVD-2026-30823
NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9...
CVE-2026-47307
NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9...
SUSE CVE-2026-26055
Yoke is a Helm-inspired infrastructure-as-code IaC package deployer. In 0.19.0 and earlier, a vulnerability exists in the Air Traffic Controller ATC component of Yoke. The ATC webhook endpoints lack proper authentication mechanisms, allowing any pod within the cluster network to directly send...
EUVD-2023-43064
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-39333
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that t...
BIT-NODE-MIN-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...
CVE-2024-35410
wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted wasm file...
ALPINE-CVE-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...
UBUNTU-CVE-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability...
wasmtime 安全漏洞
Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. A security vulnerability exists in wasmtime version 19.0.0, which stems from a security flaw in the valid WebAssembly module in the host runtime...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, Inc. A security vulnerability previously existed in Google Chrome version 123.0.6312.86, which stemmed from a type confusion issue in the WebAssembly module...
Fedora 39 : nodejs18 (2023-dbe64661af)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-dbe64661af advisory. 2023-10-13, Version 18.18.2 'Hydrogen' LTS, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...
SUSE SLES15 Security Update : nodejs18 (SUSE-SU-2023:4207-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4207-1 advisory. - When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the...
Fedora 38 : nodejs20 (2023-4d2fd884ea)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-4d2fd884ea advisory. 2023-10-13, Version 20.8.1 Current, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...
Fedora 37 : nodejs18 (2023-e9c04d81c1)
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e9c04d81c1 advisory. 2023-10-13, Version 18.18.2 'Hydrogen' LTS, @RafaelGSS This is a security release. Notable Changes The following CVEs are fixed in this release:...
CVE-2023-39333
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module...
Node.js Security Vulnerabilities
Node.js is an open source, cross-platform JavaScript runtime environment. A security vulnerability exists in Node.js versions 18.x and 20.x that originates in the WebAssembly module where JavaScript code can be injected via maliciously crafted export names...
PT-2023-7025 · Node.Js +6 · Node.Js +6
Name of the Vulnerable Software and Affected Versions: Node.js versions prior to the fixed version Description: Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module...
Exploit for Improper Input Validation in Google Chrome
This is a PoC exploit for CVE-2020-16040, a vulnerability in the WebAssembly WASM module loader. The exploit targets the WASM module loader's ability to load and execute WASM code, which can lead to arbitrary code execution. The exploit is implemented in JavaScript and uses the WebAssembly API to...