PYSEC-2019-222

Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file...

CVE-2018-10055

Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file...

CVE-2018-10055

CVE-2018-10055 affects the TensorFlow XLA compiler in Google TensorFlow prior to 1.7.1. The issue is an invalid memory access and/or a heap buffer overflow triggered by a crafted configuration file, which could cause a crash or allow reading from other parts of process memory. Connected documents...

CVE-2018-10055

Invalid memory access and/or a heap buffer overflow in the TensorFlow XLA compiler in Google TensorFlow before 1.7.1 could cause a crash or read from other parts of process memory via a crafted configuration file...

Mozilla Firefox IonMonkey JIT Compiler Type Confusion (CVE-2019-9813)

A type confusion vulnerability exists in Mozilla Firefox IonMonkey JIT Compiler. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...

Security Bulletin: A security vulnerability has been identified in IBM Java Runtime could affect DB2 Query Management Facility (CVE-2018-12547, CVE-2019-2426, CVE-2018-1890, CVE-2018-12549, CVE-2018-11212)

Summary An unspecified vulnerability has been identified in IBM Java Runtime that could affect Db2 Query Management Facility. Vulnerability Details CVEID: CVE-2018-12547 CVSS Base Score: 9.8 DESCRIPTION: A widely used function in the OpenJ9 JVM is vulnerable to buffer overlows. Multiple Java...

The vulnerability of the Unified Shader Compiler graphics driver component in Intel Graphics Drivers allows a hacker to execute arbitrary code.

The vulnerability of the Unified Shader Compiler driver for Intel Graphics Drivers is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

Grasp the window of opportunity: see how do I get Chrome 1-day vulnerabilities and achieve the use-vulnerability warning-the black bar safety net

Overview For Chrome to say, when the discovery of a vulnerability, the first in the v8 source tree to be repaired, and then re-release a new stable version of Chrome, and in both during the process, the attacker can completely for a particular vulnerability, the development of a usable exploit...

jenkins-plugin-script-security: Sandbox Bypass in Script Security Plugin (SECURITY-1292)

A flaw was found in the Jenkins Script Security plugin through version 1.50. The fix for CVE-2019-1003000 was found to be incomplete. Script Security sandbox protection could be circumvented during the script compilation phase by applying AST transforming annotations such as @Grab to source code...

Updated firefox packages fix security vulnerability

Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow CVE-2019-9810. Incorrect handling of proto mutations may lead to type confusion in IonMonkey JIT code and can be leveraged for arbitrary memory read and...

The vulnerability of the __proto__ mutation function in the JIT-compiler of the Firefox ESR browser allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the proto mutation function in the JIT-compiler of the Firefox ESR browser is related to type confusion errors. Exploiting this vulnerability allows an attacker to compromise the confidentiality, integrity, and accessibility of the protected information...

SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types (Type Confusion)

SpiderMonkey - IonMonkey Compiled Code Fails to Update Inferred Property Types Type Confusion A bug in IonMonkey leaves type inference information inconsistent, which in turn allows the compilation of JITed functions that cause type confusions between arbitrary objects. Prerequisites In...

Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR

/ Spidermonkey - IonMonkey Type Inference is Incorrect for Constructors Entered via OSR A bug in IonMonkeys type inference system when JIT compiling and entering a constructor function via on-stack replacement OSR allows the compilation of JITed functions that cause type confusions between...

KLA11453 Multiple vulnerabilities in Mozilla Thunderbird

Multiple vulnerabilities were found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to execute arbitrary code and bypass security restrictions. Below is a complete list of vulnerabilities: 1. Buffer overflow vulnerability in IonMonkey JIT compiler can be exploited remote...

The vulnerability of the OpenJ9 JIT compiler component of the Eclipse OpenJ9 virtual machine, which allows a hacker to execute arbitrary code.

The vulnerability of the OpenJ9 JIT compiler in the Eclipse OpenJ9 virtual machine is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

KLA11451 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to execute arbitrary code and bypass security restrictions. Below is a complete list of vulnerabilities: 1. Buffer overflow vulnerability in IonMonkey JIT compiler can be exploited remote...

CVE-2019-9791

The type inference system allows the compilation of functions that can cause type confusions between arbitrary objects when compiled through the IonMonkey just-in-time JIT compiler and when the constructor function is entered through on-stack replacement OSR. This allows for possible arbitrary...

CVE-2019-9792

The IonMonkey just-in-time JIT compiler can leak an internal JSOPTIMIZEDOUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird...

DEBIAN-CVE-2019-9754

An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the endmacro function in tccpp.c...

CVE-2019-9754

An issue was discovered in Tiny C Compiler aka TinyCC or TCC 0.9.27. Compiling a crafted source file leads to an 1 byte out of bounds write in the endmacro function in tccpp.c...