Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Webassembly Virtual Machine Security Vulnerabilities - February

cve
cve

CVE-2018-16764

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read.

8.8CVSS

9AI Score

0.002EPSS

2018-09-10 04:29 AM
21
cve
cve

CVE-2018-16765

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_.

8.8CVSS

8.9AI Score

0.003EPSS

2018-09-10 04:29 AM
22
cve
cve

CVE-2018-16766

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached.

8.8CVSS

8.9AI Score

0.002EPSS

2018-09-10 04:29 AM
23
cve
cve

CVE-2018-16767

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAndValidateOperand.

8.8CVSS

8.9AI Score

0.003EPSS

2018-09-10 04:29 AM
20
cve
cve

CVE-2018-16768

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::end.

8.8CVSS

8.9AI Score

0.003EPSS

2018-09-10 04:29 AM
26
cve
cve

CVE-2018-16769

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled.

8.8CVSS

8.9AI Score

0.002EPSS

2018-09-10 04:29 AM
27
cve
cve

CVE-2018-16770

In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails.

8.8CVSS

8.9AI Score

0.002EPSS

2018-09-10 04:29 AM
25
cve
cve

CVE-2018-17292

An issue was discovered in WAVM before 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing attackers to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file that has fewer tha...

6.5CVSS

6.3AI Score

0.001EPSS

2018-09-21 07:29 AM
22
cve
cve

CVE-2018-17293

An issue was discovered in WAVM before 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows attackers to cause a denial of service (application ...

8.8CVSS

9AI Score

0.002EPSS

2018-09-21 07:29 AM
26