Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
webassembly virtual machine project webassembly virtual machine vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2018-17292
An issue exists in WAVM prior to 2018-09-16. The loadModule function in Include/Inline/CLI.h lacks checking of the file length before a file magic comparison, allowing malicious users to cause a Denial of Service (application crash caused by out-of-bounds read) by crafting a file...
Webassembly Virtual Machine Project Webassembly Virtual Machine
8.8
CVSSv3
CVE-2018-16764
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an IR::FunctionValidationContext::catch_all heap-based buffer over-read.
Webassembly Virtual Machine Project Webassembly Virtual Machine
8.8
CVSSv3
CVE-2018-16766
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because Errors::unreachable() is reached.
Webassembly Virtual Machine Project Webassembly Virtual Machine
8.8
CVSSv3
CVE-2018-16767
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::popAnd...
Webassembly Virtual Machine Project Webassembly Virtual Machine
8.8
CVSSv3
CVE-2018-16768
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in IR::FunctionValidationContext::en...
Webassembly Virtual Machine Project Webassembly Virtual Machine
8.8
CVSSv3
CVE-2018-16769
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because libRuntime.so!llvm::InstructionCombiningPass::runOnFunction is mishandled.
Webassembly Virtual Machine Project Webassembly Virtual Machine
8.8
CVSSv3
CVE-2018-16770
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because a certain new_allocator allocate call fails.
Webassembly Virtual Machine Project Webassembly Virtual Machine
8.8
CVSSv3
CVE-2018-16765
In WAVM through 2018-07-26, a crafted file sent to the WebAssembly Virtual Machine may cause a denial of service (application crash) or possibly have unspecified other impact because of an unspecified "heap-buffer-overflow" condition in FunctionValidationContext::else_.
Webassembly Virtual Machine Project Webassembly Virtual Machine
8.8
CVSSv3
CVE-2018-17293
An issue exists in WAVM prior to 2018-09-16. The run function in Programs/wavm/wavm.cpp does not check whether there is Emscripten memory to store the command-line arguments passed by the input WebAssembly file's main function, which allows malicious users to cause a denial ...
Webassembly Virtual Machine Project Webassembly Virtual Machine
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started