Lucene search
K

2114 matches found

CNNVD
CNNVD
added 2025/06/19 12:0 a.m.3 views

WebAssembly wabt 安全漏洞

WebAssembly wabt is a WebAssembly binary toolkit open-sourced by WebAssembly. A security vulnerability exists in WebAssembly wabt 1.0.37 and earlier versions, which originates from a reachable assertion in the function LogOpcode in the file src/binary-reader-objdump.cc...

4.8CVSS4.2AI score0.00189EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/06/19 12:0 a.m.4 views

PT-2025-26237 · Unknown +1 · Webassembly Wabt +1

Name of the Vulnerable Software and Affected Versions: WebAssembly wabt versions up to 1.0.37 Description: A vulnerability was found in WebAssembly wabt, affecting the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible t...

4.8CVSS3.6AI score0.00194EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2025/06/19 12:0 a.m.5 views

PT-2025-26236 · Unknown +1 · Webassembly Wabt +1

Name of the Vulnerable Software and Affected Versions: WebAssembly wabt versions up to 1.0.37 Description: A vulnerability was found in WebAssembly wabt, classified as problematic. The function OnDataCount of the file src/interp/binary-reader-interp.cc is affected, leading to resource consumption...

4.8CVSS3.8AI score0.00184EPSS
Exploits1References19
Positive Technologies
Positive Technologies
added 2025/06/19 12:0 a.m.5 views

PT-2025-26235

Name of the Vulnerable Software and Affected Versions WebAssembly wabt versions 1.0.37 and earlier Description A vulnerability was found in the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to a reachable assertion. Local access is required to approach this...

4.8CVSS4AI score0.00189EPSS
Exploits1References19
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.5 views

Astra Linux – Vulnerability in Firefox

On 64-bit CPUs, when the JIT compiler compiles WASM i32 return values, it may pick up bits from remaining memory. This could potentially lead to these values being treated as a different type. This vulnerability has been fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136...

7.6CVSS7AI score0.00294EPSS
Exploits0References3
Packet Storm News
Packet Storm News
added 2025/05/31 12:0 a.m.4 views

Browser Fingerprinting Using WebAssembly

Web client fingerprinting has become a widely used technique for uniquely identifying users, browsers, operating systems, and devices with high accuracy. While it is beneficial for applications such as fraud detection and personalized experiences, it also raises privacy concerns by enabling...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:8 a.m.10 views

CVE-2024-30266

wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This...

5.5CVSS3.8AI score0.00318EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:59 a.m.9 views

CVE-2023-51661

Wasmer is a WebAssembly runtime that enables containers to run anywhere: from Desktop to the Cloud, Edge and even the browser. Wasm programs can access the filesystem outside of the sandbox. Service providers running untrusted Wasm code on Wasmer can unexpectedly expose the host filesystem. This...

8.6CVSS6.9AI score0.00595EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 4:35 a.m.7 views

CVE-2023-41880

Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...

5.3CVSS7.1AI score0.00605EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:29 a.m.7 views

CVE-2023-26489

wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x8664 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug mea...

9.9CVSS9.6AI score0.01251EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:2 a.m.10 views

CVE-2022-31104

Wasmtime is a standalone runtime for WebAssembly. In affected versions wasmtime's implementation of the SIMD proposal for WebAssembly on x8664 contained two distinct bugs in the instruction lowerings implemented in Cranelift. The aarch64 implementation of the simd proposal is not affected. The bu...

6.8CVSS7AI score0.01625EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:43 p.m.5 views

CVE-2022-21685

Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 8a93fdc6c9f4eb1d2f2a11b7ff1d12d70bf5a664, a bug in Frontier's MODEXP precompile implementation can cause an integer underflow in certain conditions. This will cause a node crash for debug builds. For release builds and...

6.5CVSS6.7AI score0.01331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:5 p.m.11 views

CVE-2022-39392

Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mappi...

7.4CVSS6.6AI score0.00577EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 p.m.5 views

CVE-2020-6103

An exploitable code execution vulnerability exists in the Shader functionality of AMD Radeon DirectX 11 Driver atidxx64.dll 26.20.15019.19000. An attacker can provide a a specially crafted shader file to trigger this vulnerability, resulting in code execution. This vulnerability can be triggered...

9.9CVSS7.9AI score0.02781EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/17 5:59 p.m.228 views

CVE-2025-43853

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...

7CVSS6.9AI score0.0024EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 6:15 p.m.13 views

CVE-2025-43853

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...

7CVSS0.0024EPSS
Exploits1References2
CVE
CVE
added 2025/05/15 5:13 p.m.52 views

CVE-2025-43853

CVE-2025-43853 concerns the WebAssembly Micro Runtime (WAMR) iwasm binary, including builds with WASI support. A symlink-following vulnerability affects WAMR up to and including version 2.2.0 (and WAMR builds on Windows using libc-uvwasi), where creating a symlink outside the preopened sandbox an...

7CVSS6.5AI score0.0024EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/05/15 5:13 p.m.6 views

CVE-2025-43853 iwasm vulnerable to filesystem sandbox escape with symlink when using uvwasi feature

The WebAssembly Micro Runtime's WAMR iwasm package is the executable binary built with WAMR VMcore which supports WebAssembly System Interface WASI and command line interface. Anyone running WAMR up to and including version 2.2.0 or WAMR built with libc-uvwasi on Windows is affected by a symlink...

7CVSS6.7AI score0.0024EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/05/15 12:0 a.m.3 views

WebAssembly Micro Runtime 安全漏洞

WebAssembly Micro Runtime WAMR is a lightweight, standalone WebAssembly runtime open-sourced by the Bytecode Alliance. With a small footprint, high performance, and highly configurable features for applications ranging from embedded, IoT, and edge to Trusted Execution Environments TEEs, smart...

7CVSS6.4AI score0.0024EPSS
Exploits1References2
Akamai Blog
Akamai Blog
added 2025/05/11 10:20 a.m.8 views

WebAssembly Jobs and CronJobs in Kubernetes with SpinKube & the Spin Command Trigger

Learn how to run WebAssembly workloads as Kubernetes Jobs and CronJobs using SpinKube and the Spin command trigger...

5.8AI score
Exploits0
Rows per page
Query Builder