CVE-2023-32211

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

CVE-2023-32211

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

CVE-2023-32211

A type checking bug would have led to invalid code being compiled. This vulnerability affects Firefox 113, Firefox ESR 102.11, and Thunderbird 102.11...

CVE-2023-32211

CVE-2023-32211 describes a type checking bug in Mozilla Firefox and Thunderbird that could lead to invalid code being compiled. The connected documents confirm the flaw affects Firefox versions prior to 113, Firefox ESR prior to 102.11, and Thunderbird prior to 102.11. Multiple security advisorie...

[SECURITY] Fedora 38 Update: pypy-7.3.11-3.fc38

PyPy's implementation of Python, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc This build of PyPy has JIT-compilation enabled...

[SECURITY] Fedora 38 Update: pypy3.9-7.3.11-4.3.9.fc38

PyPy's implementation of Python 3.9, featuring a Just-In-Time compiler on some CPU architectures, and various optimized implementations of the standard types strings, dictionaries, etc.. This build of PyPy has JIT-compilation enabled...

SUSE-SU-2023:2313-1 Security update for c-ares

This update for c-ares fixes the following issues: Update to version 1.19.1: - CVE-2023-32067: 0-byte UDP payload causes Denial of Service bsc1211604 - CVE-2023-31147: Insufficient randomness in generation of DNS query IDs bsc1211605 - CVE-2023-31130: Buffer Underwrite in aresinetnetpton bsc12116...

Platbox - UEFI And SMM Assessment Tool

UEFI and SMM Assessment Tool Features Platbox is a tool that helps assessing the security of the platform: Dumps the platform registers that are interesting security-wise Flash Locks MMIO and Remapping Locks SMM Base and Locks MSRs RW access to the PCI configuration space of devices. RW to physic...

DEBIAN-CVE-2023-31124

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

CVE-2023-31124 AutoTools does not set CARES_RANDOM_FILE during cross compilation

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

SUSE CVE-2023-31124

c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARESRANDOMFILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand as a fallback which could allow an attacker to take advantage of the lack ...

Rocky Linux 8 : firefox (RLSA-2023:3220)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3220 advisory. - In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and...

Rocky Linux 8 : thunderbird (RLSA-2023:3221)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:3221 advisory. - In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and...

AlmaLinux 9 : firefox (ALSA-2023:3143)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:3143 advisory. - In multiple cases browser prompts could have been obscured by popups controlled by content. These could have led to potential user confusion and spoofin...

RustChain - Hide Memory Artifacts Using ROP And Hardware Breakpoints

This tool is a simple PoC of how to hide memory artifacts using a ROP chain in combination with hardware breakpoints. The ROP chain will change the main module memory page's protections to N/A while sleeping i.e. when the function Sleep is called. For more detailed information about this memory...

OpenJDK: Unbounded memory allocation when compiling crafted XPath expressions (JAXP, 8270504)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable...

Debian DSA-5403-1 : thunderbird - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5403 advisory. Multiple security issues were discovered in Thunderbird, which could result in denial of service or the execution of arbitrary code. For the stable distribution...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : Thunderbird vulnerabilities (USN-6075-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6075-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website ...

Debian dla-3417 : firefox-esr - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3417 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3417-1 [email protected]...

CVE-2023-32059 Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls

Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the type...