RHEL 9 : thunderbird (RHSA-2024:0984)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0984 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 115.8.0. Security Fixes: Mozilla:...

SUSE CVE-2024-1546

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...

CVE-2024-1546

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...

DEBIAN-CVE-2024-1546

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...

CVE-2024-1546

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...

CVE-2024-1546

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...

CVE-2024-1546

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...

CVE-2024-1546

Mozilla Firefox and Thunderbird are affected by CVE-2024-1546 (out-of-bounds memory read due to potential buffer length confusion when storing/re-accessing data over a network channel). Affected products and versions per provided documents: Firefox <= 122? (reported as Firefox < 123) and Fi...

CVE-2024-1546

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from an out-of-bounds read vulnerability that originates from a buffer length that may be obfuscated when data is stored and re-accessed over a network channel, which can be...

Security Vulnerabilities fixed in Firefox 123 — Mozilla

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim...

Security Vulnerabilities fixed in Firefox ESR 115.8 — Mozilla

When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website with the victim...

virt:kvm_utils1 security update

hivex libguestfs libguestfs-winsupport libiscsi libnbd libvirt 5.7.0-41 - qemumonitor: Add defensive protection on mon-msg Wim ten Have Orabug: 35699260 - vircpi: Add PCIe 5.0 and 6.0 link speeds Michal Privoznik Orabug: 35496776 - qemuProcessSetupVcpusVnuma: add NULL check for def-cpu Shaleen...

SUSE-SU-2023:4662-1 Security update for qemu

This update for qemu fixes the following issues: - CVE-2021-3638: hw/display/ati2d: Fix buffer overflow in ati2dblt bsc1188609 - CVE-2023-3180: virtio-crypto: verify src and dst buffer length for sym request bsc1213925 - CVE-2023-3354: io: remove io watch if TLS channel is closed during handshake...

kernel: NFSD: Finish converting the NFSv2 GETACL result encoder

A flaw was identified in the Linux kernel’s NFSD NFSv2 GETACL result encoder. During conversion to xdrstream, leftover code erroneously set the pagelen field of the send buffer. The XDR stream encoders are expected to manage buffer length automatically, and the incorrect manual setting can result...

PT-2023-6288 · Linux +9 · Linux Kernel +9

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.5.3 Description: An issue was discovered in the IGB driver in the Linux kernel. A buffer size may not be adequate for frames larger than the MTU, which could lead to a buffer overflow. This issue is related to...

PT-2025-54160

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s af9005 i2c xfer function. The function processes data controlled by the user through the msg variable. A null pointer dereference can occur if msgi.bu...

kernel: NFSD: Finish converting the NFSv2 GETACL result encoder

A flaw was identified in the Linux kernel’s NFSD NFSv2 GETACL result encoder. During conversion to xdrstream, leftover code erroneously set the pagelen field of the send buffer. The XDR stream encoders are expected to manage buffer length automatically, and the incorrect manual setting can result...

D-Link DIR-1935 安全漏洞

The D-Link DIR-1935 is a wireless router from China-based AUO D-Link. A security vulnerability exists in the D-Link DIR-1935 that stems from a failure to properly validate the length of user-supplied data before copying it into a fixed-length buffer when parsing NetMask elements...

K81859243: Kernel vulnerability CVE-2018-8822

Security Advisory Description Incorrect buffer length handling in the ncpreadkernel function in fs/ncpfs/ncplibkernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplibkernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to...