Security Bulletin: Vulnerability in libexpat affects IBM Netezza Appliance

Summary The libexpat package is used by IBM Netezza Appliance . IBM Netezza Appliance has addressed the applicable CVE CVE-2025-66382 Vulnerability Details CVEID:CVE-2025-66382 DESCRIPTION: In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds o...

EUVD-2000-0141

Malware in sbrugna...

EUVD-2004-0808

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-31142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return...

CVE-2024-31142

Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...

CVE-2024-31142

Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...

ALPINE-CVE-2024-31142

Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...

DEBIAN-CVE-2024-31142

Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...

CVE-2024-31142

CVE-2024-31142 concerns the Xen hypervisor. The issue stems from a logical error in XSA-407 (Branch Type Confusion); the mitigation is not applied as intended, and XSA-434 (Speculative Return Stack Overflow) uses the same infrastructure, making it equally impacted. Available connected sources des...

CVE-2024-31142 x86: Incorrect logic for BTC/SRSO mitigations

Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...

CVE-2024-31142 x86: Incorrect logic for BTC/SRSO mitigations

Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...

SUSE CVE-2024-31142

Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see: https://xenbits.xen.org/xsa/advisory-407.html...

x86: Incorrect logic for BTC/SRSO mitigations

ISSUE DESCRIPTION Because of a logical error in XSA-407 Branch Type Confusion, the mitigation is not applied properly when it is intended to be used. XSA-434 Speculative Return Stack Overflow uses the same infrastructure, so is equally impacted. For more details, see:...

Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2023-407)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-407 advisory. A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. CVE-2023-5156 Tenable has extracted the...

SUSE CVE-2013-0776

Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, Thunderbird before 17.0.3, Thunderbird ESR 17.x before 17.0.3, and SeaMonkey before 2.16 allow man-in-the-middle attackers to spoof the address bar by operating a proxy server that provides a 407 HTTP status code accompanied by web...

SUSE CVE-2014-8639

Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird before 31.4, and SeaMonkey before 2.32 do not properly interpret Set-Cookie headers within responses that have a 407 aka Proxy Authentication Required status code, which allows remote HTTP proxy servers to conduct session...

x86: Multiple speculative security issues

ISSUE DESCRIPTION 1 Researchers have discovered that on some AMD CPUs, the implementation of IBPB Indirect Branch Prediction Barrier does not behave according to the specification. Specifically, IBPB fails to properly flush the RAS Return Address Stack, also RSB - Return Stack Buffer - in Intel...

Upgraded Q -> M from 407 [1667616784805]

Judge has assessed an item in Issue 407 as Medium risk. The relevant finding follows: --- The text was updated successfully, but these errors were encountered: All reactions...

festical.ca Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1091192 Security Researcher DakkarKey Helped patch 407 vulnerabilities Received 6 Coordinated Disclosure badges Received 14 recommendations , a holder of 6 badges for responsible and coordinated disclosure, found a security vulnerability affecting festical.ca website and i...

ief-larochelle.com Improper Access Control vulnerability

Open Bug Bounty ID: OBB-1090446 Security Researcher DakkarKey Helped patch 407 vulnerabilities Received 6 Coordinated Disclosure badges Received 14 recommendations , a holder of 6 badges for responsible and coordinated disclosure, found a security vulnerability affecting ief-larochelle.com websit...