wasmtime 缓冲区错误漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions of Wastime prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1 contained a buffer error vulnerability. This vulnerability stemmed from the lack of validation for the return value of the realloc function in guest...

[SECURITY] Fedora 42 Update: trustee-guest-components-0.13.0-3.fc42

Running in a confidential VM, gather confidential-computing evidence, send it to Trustee and get secrets. A part of the confidential-containers project...

Fedora 42 : rust-az-cvm-vtpm / rust-az-snp-vtpm / rust-az-tdx-vtpm / etc (2025-2408b72979)

The remote Fedora 42 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2025-2408b72979 advisory. Rebase trustee-guest-components to v0.13.0 Include rust-az-???-vtpm packages rebase to version 0.7.4 Adjust patches to work with 'sev' version 6...

Malicious code in xo-guest-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1517cef9707e50e928c86d5810217ee40f807230a72a4bb77e6b2176fd33ebf0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47363 Malicious code in xo-guest-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1517cef9707e50e928c86d5810217ee40f807230a72a4bb77e6b2176fd33ebf0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious Package

Overview xo-guest-components is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this packa...