wasmtime 安全漏洞

Wasmtime, a Bytecode Consortium project, is a standalone wasm-optimized runtime for WebAssembly and WASI only. A security vulnerability exists in wasmtime version 19.0.0, which stems from a security flaw in the valid WebAssembly module in the host runtime...

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 16 security bugs in Chromium: CVE-2024-2625: Object lifecycle issue in V8 CVE-2024-2626: Out of bounds read in Swiftshader CVE-2024-2885: Use after free in Dawn CVE-2024-2887: Type Confusion in WebAssembly CVE-2024-3157: Out of bounds write in...

The vulnerability of the WebAssembly module in Google Chrome and Microsoft Edge allows a hacker to execute arbitrary code.

The vulnerability of the WebAssembly module in Google Chrome and Microsoft Edge relates to access to resources through incompatible types. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created HTML page...

Wasmtime vulnerable to panic when using a dropped extenref-typed element segment

Impact The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. The panic in question is caused when a...

GHSA-75HQ-H6G9-H4Q5 Wasmtime vulnerable to panic when using a dropped extenref-typed element segment

Impact The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. The panic in question is caused when a...

Debian dsa-5648 : chromium - security update

The remote Debian 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5648 advisory. - Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page...

SUSE CVE-2024-2887

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

Fedora 38 : chromium (2024-b4dab205d7)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b4dab205d7 advisory. update to 123.0.6312.86 Critical CVE-2024-2883: Use after free in ANGLE High CVE-2024-2885: Use after free in Dawn High CVE-2024-2886: Use after fre...

FreeBSD : chromium -- multiple security fixes (814af1be-ec63-11ee-8e76-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 814af1be-ec63-11ee-8e76-a8a1599412c6 advisory. - Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to...

Chromium: CVE-2024-2887 Type Confusion in WebAssembly

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Microsoft Edge (Chromium) < 122.0.2365.113 / 123.0.2420.65 Multiple Vulnerabilities

The version of Microsoft Edge installed on the remote Windows host is prior to 122.0.2365.113 / 123.0.2420.65. It is, therefore, affected by multiple vulnerabilities as referenced in the March 27, 2024 advisory. - Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote...

The vulnerability of the Mozilla Firefox browser, related to incorrect processing of WASM register values, allows a hacker to execute arbitrary code.

The vulnerability of the Mozilla Firefox browser is related to incorrect processing of WASM register values. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

DEBIAN-CVE-2024-2887

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2024-2887

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2024-2887

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2024-2887

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2024-2887

CVE-2024-2887 is a Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 that allows remote code execution via a crafted HTML page. Connected sources confirm this affects Chromium/WebAssembly, with public disclosures tied to Pwn2Own 2024. The Chrome/Bugfix release 123.0.6312.86 (a...

CVE-2024-2887

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2024-2887

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

CVE-2024-2887

Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...