wasmtime 安全漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions of Wastime prior to 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0 contain security vulnerabilities. These vulnerabilities stem from the lack of proper restrictions on resource allocation for guest machine...

wasmtime 安全漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions of Wastime prior to 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0 contain security vulnerabilities. These vulnerabilities stem from the wasi:http/types Fields resource implementation, where excessive header...

CVE-2025-13590 Authenticated arbitrary file upload via a System REST API requiring administrator permission.

A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code execution. By leveraging the vulnerability, a malicious actor may perform Remote Code Execution by...

CVE-2025-13590

The CVE-2025-13590 entry describes an authenticated arbitrary file upload via a System REST API that requires administrator permissions. The vulnerability allows an admin-restricted user to upload a file to a user-controlled location, with the potential consequence of remote code execution. CVSS ...

PT-2026-20797

Name of the Vulnerable Software and Affected Versions versions prior to 2025-13590 Description A malicious actor with administrative privileges can upload an arbitrary file to a user-controlled location within the deployment via a system REST API. Successful uploads may lead to remote code...

UBUNTU-CVE-2025-71235

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Delay module unload while fabric scan in progress System crash seen during load/unload test in a loop. 105954.384919 RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086 105954.384920 R10:...

CVE-2026-23110

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error handler when final completions race against each other The fragile ordering between marking commands completed or failed so that the error handler only wakes when the last running command completes o...

CVE-2026-23059

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Sanitize payload size to prevent member overflow In qla27xxcopyfpinpkt and qla27xxcopymultiplepkt, the framesize reported by firmware is used to calculate the copy length into item-iocb. However, the iocb member is...

CVE-2026-0648

The vulnerability stems from an incorrect error-checking logic in the CreateCounter function in threadx/utility/rtoscompatibilitylayers/OSEK/txosek.c when handling the return value of osekgetcounter. Specifically, the current code checks if cntrid equals 0u to determine failure, but...

CVE-2020-36922

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests t...

CVE-2020-36922 Sony BRAVIA Digital Signage 1.7.8 Unauthenticated System API Information Disclosure

Sony BRAVIA Digital Signage 1.7.8 contains an information disclosure vulnerability that allows unauthenticated attackers to access sensitive system details through API endpoints. Attackers can retrieve network interface information, server configurations, and system metadata by sending requests t...

CVE-2020-36922

CVE-2020-36922 affects Sony BRAVIA Digital Signage 1.7.8 and describes an information disclosure vulnerability exposed via system API endpoints. Unauthenticated attackers can retrieve sensitive details such as network interface information, server configurations, and system metadata. Public refer...

CVE-2022-50785 fsi: occ: Prevent use after free

In the Linux kernel, the following vulnerability has been resolved: fsi: occ: Prevent use after free Use getdevice and putdevice in the open and close functions to make sure the device doesn't get freed while a file descriptor is open. Also, lock around the freeing of the device buffer and check...

CVE-2023-53760 scsi: ufs: core: mcq: Fix &hwq->cq_lock deadlock issue

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: mcq: Fix &hwq-cqlock deadlock issue When ufshcderrhandler is executed, CQ event interrupt can enter waiting for the same lock. This can happen in ufshcdhandlemcqcqevents and also in ufsmtkmcqintr. The following...

UBUNTU-CVE-2025-40226

In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...

ROS-20251110-03

Vulnerability in Google Chrome browser is related to insufficient input data validation when processing DOM elements. Exploitation of the vulnerability allows a remote attacker to launch a spoofing attack or cause a denial of service. Spoofing attack or cause a denial of service Vulnerability in...

EUVD-2019-15756

Malware in sbrugna...

EUVD-2017-11878

Malware in sbrugna...

EUVD-2021-27139

Malware in sbrugna...

EUVD-2020-29186

Malware in sbrugna...