OESA-2026-2389 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

Security Bulletin: Multiple vulnerabilities in IBM watsonx Orchestrate with watsonx Assistant Cartridge

Summary Multiple vulnerabilities were addressed in IBM watsonx Orchestrate with watsonx Assistant Cartridge version 5.3.2 Vulnerability Details CVEID:CVE-2026-24398 DESCRIPTION: Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.11.7, IP...

CVE-2025-48630

PT-2026 entries show CVE-2025-48630 included in upcoming patch previews (Critical/High list) for patch levels described, with March/June 2026 release timing and ongoing patch delivery cadence. No public technical details (root cause, affected product/version, exploit info) are provided in the con...

MiracleLinux 8 : firefox-140.3.0-1.el8_10.ML.1 (AXSA:2025-10906:31)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2025-10906:31 advisory. firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect...

OPENSUSE-SU-2025:20021-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Changes in MozillaThunderbird: Mozilla Thunderbird 140.3.0 ESR: Right-clicking 'List-ID' - 'Unsubscribe' created double encoded draft subject Thunderbird could crash on startup Thunderbird could crash when importing mail Opening Websi...

RHEL 9 : thunderbird (RHSA-2025:17344)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2025:17344 advisory. Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Sandbox escape due to use-after-free i...

RockyLinux 10 : firefox (RLSA-2025:16109)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:16109 advisory. firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect boundary...

thunderbird security update

An update is available for thunderbird. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Thunderbird is a standalone mail and newsgroup client. Security...

Amazon Linux 2 : thunderbird, --advisory ALAS2-2025-3008 (ALAS-2025-3008)

The version of thunderbird installed on the remote host is prior to 140.3.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-3008 advisory. Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143,...

Amazon Linux 2023 : firefox (ALAS2023-2025-1203)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1203 advisory. Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. CVE-2025-10527...

Important: firefox

Issue Overview: Sandbox escape due to use-after-free in the Graphics: Canvas2D component. This vulnerability affects Firefox 143, Firefox ESR 140.3, Thunderbird 143, and Thunderbird 140.3. CVE-2025-10527 Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component...

Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.3 bsc1249391. Security issues fixed: MFSA 2025-78 CVE-2025-10527: sandbox escape due to use-after-free in the Graphics: Canvas2D component. CVE-2025-10528: sandbox escape due to undefined behavior,...

SUSE-SU-2025:03309-1 Security update for MozillaThunderbird

This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 140.3 bsc1249391. Security issues fixed: - MFSA 2025-78 CVE-2025-10527: sandbox escape due to use-after-free in the Graphics: Canvas2D component. CVE-2025-10528: sandbox escape due to undefined behavior,...

Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component CVE-2025-10532 firefox:...

Important: firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component CVE-2025-10527 firefox: thunderbird: Incorrect boundary conditions in the...

GitLab 代码问题漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE versions 14.9 to 15.2.5, 15.3 t...

CVE-2018-1664

IBM DataPower Gateway 7.1.0.0 - 7.1.0.23, 7.2.0.0 - 7.2.0.21, 7.5.0.0 - 7.5.0.16, 7.5.1.0 - 7.5.1.15, 7.5.2.0 - 7.5.2.15, and 7.6.0.0 - 7.6.0.8 as well as IBM DataPower Gateway CD 7.7.0.0 - 7.7.1.2 echoing of AMP management interface authorization headers exposes login credentials in browser cach...

CVE-2016-5288

CVE-2016-5288 concerns Mozilla Firefox versions prior to 49.0.2 where, when e10s is disabled, web content could read information from the HTTP cache (visited URLs and page contents). Affected products: Firefox 48 and 49 (Windows, macOS, Linux). Root cause details are not deeply described in the p...

SeaMonkey < 1.1.13 Multiple Vulnerabilities

Binary data 4753.prm...

Java Web Start, untrusted application may determine Cache Location (6704074)

Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.218 allows context-dependent attackers to obtain sensitive information the cache location via an untrusted application, aka CR 6704074...