firefox: thunderbird: Unsafe attribute access during XPath parsing

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access an...

firefox: thunderbird: Unsafe attribute access during XPath parsing

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A vulnerability was identified in Firefox where XPath parsing could trigger undefined behavior due to missing null checks during attribute access. This could lead to out-of-bounds read access an...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

HCL BigFix Compliance 安全漏洞

HCL BigFix Compliance is a continuous monitoring and application of endpoint security settings by HCL India to ensure compliance with regulatory or organizational security policies. A security vulnerability exists in HCL BigFix Compliance that stems from missing or improper SameSite attributes,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an unchecked changespktdata attribute of an extension, which could lead to invalid package pointers...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing CVE-2025-4087 firefox: thunderbird: Process isolation bypass using...

PT-2025-19760 · Hcl · Hcl Bigfix Compliance

Name of the Vulnerable Software and Affected Versions: HCL BigFix Compliance affected versions not specified Description: The issue is related to an improper or missing SameSite attribute, which can lead to Cross-Site Request Forgery CSRF attacks. A malicious site could trick a user's browser int...

ALSA-2025:4458 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing CVE-2025-4087 firefox:...

ALSA-2025:4460 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing CVE-2025-4087 firefox: thunderbird: Process isolation bypass using...

ALSA-2025:4443 Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing CVE-2025-4087 firefox:...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Privilege escalation in Firefox Updater CVE-2025-2817 firefox: thunderbird: Unsafe attribute access during XPath parsing CVE-2025-4087 firefox:...

SUSE CVE-2022-49762

In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTRRECORDs Kernel iterates over ATTRRECORDs in mft record in ntfsattrfind. Because the ATTRRECORDs are next to each other, kernel can get the next ATTRRECORD from end address of current...

An Approach for Handling Missing Attribute Values in Attribute-Based Access Control Policy Mining

Attribute-Based Access Control ABAC enables highly expressive and flexible access decisions by considering a wide range of contextual attributes. ABAC policies use logical expressions that combine these attributes, allowing for precise and context-aware control. Algorithms that mine ABAC policies...

PT-2025-18930 · WordPress · Subpage List

Name of the Vulnerable Software and Affected Versions: Subpage List plugin for WordPress versions up to, and including, 1.3.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'subpages' shortcode due to insufficient input sanitization and output escaping on...

CVE-2025-24887

OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the external flag on/off and change...

SUSE-SU-2025:1436-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: - Firefox Extended Support Release 128.10.0 ESR MFSA 2025-29 bsc1241621: CVE-2025-2817: Potential privilege escalation in Firefox Updater CVE-2025-4082: WebGL shader attribute memory corruption in Firefox for macOS CVE-2025-4083: Process...

DEBIAN-CVE-2022-49868

In the Linux kernel, the following vulnerability has been resolved: phy: ralink: mt7621-pci: add sentinel to quirks table With mt7621 socdevattr fixed to register the soc as a device, kernel will experience an oops in socdevicematchattr This quirk test was introduced in the staging driver in comm...

UBUNTU-CVE-2022-49886

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Panic on bad configs that VE on "private" memory access All normal kernel memory is "TDX private memory". This includes everything from kernel stacks to kernel text. Handling exceptions on arbitrary accesses to kernel...

CVE-2022-49763

In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfsattrfind Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs relative to Attribute in record: Patch 1 adds a sanity check to ensure that, attrsoffset field in first mf...

DEBIAN-CVE-2022-49763

In the Linux kernel, the following vulnerability has been resolved: ntfs: fix use-after-free in ntfsattrfind Patch series "ntfs: fix bugs about Attribute", v2. This patchset fixes three bugs relative to Attribute in record: Patch 1 adds a sanity check to ensure that, attrsoffset field in first mf...