Mozilla: Fix potential race conditions when releasing platform objects

The Mozilla Foundation Security Advisory describes this flaw as: Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities...

Mozilla: Incorrect value used during WASM compilation

The Mozilla Foundation Security Advisory describes this flaw as: In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process...

SUSE CVE-2023-4058

Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox 116...

SUSE CVE-2023-4070

Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2021-46667

MariaDB before 10.6.5 has a sqllex.cc integer overflow, leading to an application crash...

SUSE CVE-2023-4055

When the number of cookies per domain was exceeded in document.cookie, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox 116, Firefox ESR 102.14,...

SUSE CVE-2023-38285

Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity...

webkitgtk: Processing web content may lead to arbitrary code execution

A vulnerability was found in WebKit. This flaw allows a remote attacker to perform arbitrary code execution when processing web content. This flaw is caused by insufficient memory handling, which attackers could exploit to execute malicious code on affected systems...

Important: Red Hat Security Advisory: webkit2gtk3 security update

An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...

SUSE CVE-2023-28362

The redirectto method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header...

SUSE CVE-2023-38200

A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections...

CVE-2023-29458

Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use...

python: urllib.parse url blocklisting bypass

A flaw was found in the Python package. An issue in the urllib.parse component could allow attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.This may lead to compromised Integrity...

c-ares: Insufficient randomness in generation of DNS query IDs

A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom are unavailable, c-ares will use rand to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand, so it will generate predictable output...

c-ares: 0-byte UDP payload Denial of Service

A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service...

SUSE CVE-2023-3600

During the worker lifecycle, a use-after-free condition could have occurred, which could have led to a potentially exploitable crash. This vulnerability affects Firefox 115.0.2, Firefox ESR 115.0.2, and Thunderbird 115.0.1...

IBM DB2 安全漏洞

IBM DB2 is a relational database management system from International Business Machines IBM. The system is implemented in UNIX, Linux, IBMi, z/OS, and Windows server versions. A security vulnerability exists in IBM DB2 that stems from vulnerability to insufficient audit logging...

OESA-2023-1404 golang security update

The Go Programming Language Security Fixes: On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a...

SUSE CVE-2023-37210

A website could prevent a user from exiting full-screen mode via alert and prompt calls. This could lead to user confusion and possible spoofing attacks. This vulnerability affects Firefox 115...

SUSE CVE-2009-3571

Unspecified vulnerability in OpenOffice.org OOo has unknown impact and client-side attack vector, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, aka "Client-side exploit." NOTE: as of 20091005, this disclosure has no actionable information. However, because the VulnDisco...