Wasmtime has host data leakage with 64-bit tables and Winch

Impact Wasmtime's Winch compiler contains a bug where a 64-bit table, part of the memory64 proposal of WebAssembly, incorrectly translated the table.size instruction. This bug could lead to disclosing data on the host's stack to WebAssembly guests. The host's stack can possibly contain sensitive...

wasmtime 安全漏洞

Wasmtime is a lightweight WebAssembly runtime open source by the Bytecode Alliance. Versions of Wastime prior to 25.0.0, 36.0.7, 42.0.2, and 43.0.1 contained security vulnerabilities. These vulnerabilities stemmed from the Winch compiler incorrectly translating the table.size instruction, which i...

EUVD-2025-208662

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system...

CVE-2025-14483

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.1.0.0 through 6.1.2.72, 6.2.0.0 through 6.2.0.51, 6.2.1.0 through 6.2.1.11, and 6.2.2.0 could disclose sensitive host information to authenticated users in responses that could be used in further attacks against the system...

runc 安全漏洞

runc is an Open Container Initiative open source CLI Command Line Interface tool for generating and running containers according to the OCI specification. A security vulnerability exists in runc versions 1.2.7 and earlier, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1, and 1.4.0-rc.2, which stems from...

CVE-2022-24714 Disclosure of hosts and related data, linked to decommissioned services in Icinga Web 2

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...