470 matches found
EUVD-2023-2511
Malicious code in bioql PyPI...
EUVD-2022-6282
Malicious code in bioql PyPI...
SUSE CVE-2025-11153
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 143.0.3...
CVE-2025-11153
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox 143.0.3...
UBUNTU-CVE-2025-11153
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 143.0.3...
Security Vulnerabilities fixed in Firefox 143.0.3 — Mozilla
CVE-2025-11152: Sandbox escape due to integer overflow in the Graphics: Canvas2D component Reporter Oskar L Impact high References Bug 1987246 CVE-2025-11153: JIT miscompilation in the JavaScript Engine: JIT component Reporter Nan Wang Impact high References Bug 1987481...
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs in Wasmtime
...
CVE-2023-41880
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
PT-2025-49851
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 146 Firefox ESR versions prior to 115.31 Firefox ESR versions prior to 140.6 Description The JavaScript Engine contains a JIT miscompilation issue within its JIT component. This can lead to potential problems during...
PT-2025-49852
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 146 Firefox ESR versions prior to 140.6 Thunderbird versions prior to 146 Thunderbird versions prior to 140.6 Description The JavaScript Engine contains a JIT miscompilation issue within the JIT component. This relate...
OPENSUSE-SU-2024:0201-1 Security update for Botan
This update for Botan fixes the following issues: Update to 2.19.5: Fix multiple Denial of service attacks due to X.509 cert processing: CVE-2024-34702 - boo1227238 CVE-2024-34703 - boo1227607 CVE-2024-39312 - boo1227608 Fix a crash in OCB Fix a test failure in compression with certain versions o...
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So if this function is covered by any testing the miscompile is most likely to be discovered before the binary is shipped to production."
...
Mozilla: Incorrect JITting of arguments led to use-after-free during garbage collection
The Mozilla Foundation Security Advisory describes this flaw as: The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection...
Mozilla: Incorrect JITting of arguments led to use-after-free during garbage collection
The Mozilla Foundation Security Advisory describes this flaw as: The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection...
RUSTSEC-2023-0078 Potential stack use-after-free in `Instrumented::into_inner`
The implementation of the Instrumented::intoinner method in affected versions of this crate contains undefined behavior due to incorrect use of std::mem::forget The function creates const pointers to self, calls mem::forgetselfstd::mem::forget, and then moves values out of those pointers using...
CVE-2023-41880
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
Design/Logic Flaw
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
UBUNTU-CVE-2023-41880
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
CVE-2023-41880 Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...
CVE-2023-41880 Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly i64x2.shrs instruction on x8664 platforms when the shift amount is a constant value that is larger than 32. Only x8664 is affected so a...