Mozilla: Out-of-bounds-read after mis-optimized switch statement

The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads...

Mozilla: Incorrect JITting of arguments led to use-after-free during garbage collection

The Mozilla Foundation Security Advisory describes this flaw as: The JIT created incorrect code for arguments in certain cases. This led to potential use-after-free crashes during garbage collection...

OfflRouter virus causes Ukrainian users to upload confidential documents to VirusTotal

During a threat-hunting exercise, Cisco Talos discovered documents with potentially confidential information originating from Ukraine. The documents contained malicious VBA code, indicating they may be used as lures to infect organizations. The results of the investigation have shown that the...

ROS-20240411-05

The vulnerability of the eval function of the ImageMath module of the Pillow image manipulation library is related to incorrect control of code generation when processing the environment parameter. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

Improper Control of Generation of Code ('Code Injection')

Overview Affected versions of this package are vulnerable to Improper Control of Generation of Code 'Code Injection' due to improper handling of object lifecycles during the failure of CPimcManager object creation. An attacker can execute arbitrary code on the target system by convincing a user t...

PT-2024-3297 · Microsoft · Windows Dns Server +1

Name of the Vulnerable Software and Affected Versions: Windows DNS Server affected versions not specified Description: The issue is related to incorrect code generation management in the Windows DNS server, allowing remote attackers to execute arbitrary code and affect the system. Recommendations...

CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

LLVM 安全漏洞

LLVM is a toolkit for building highly optimized compilers, optimizers, and runtime environments for LLVM. A security vulnerability exists in LLVM versions prior to 18.1.3 that stems from the presence of an assembly code generation error problem...

CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

CVE-2024-31852

LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we...

CVE-2024-25096

Improper Control of Generation of Code 'Code Injection' vulnerability in Canto Inc. Canto allows Code Injection.This issue affects Canto: from n/a through 3.0.7...

PT-2024-21727 · Unknown · Inpersttion Slivery Extender

Name of the Vulnerable Software and Affected Versions: Inpersttion Slivery Extender versions n/a through 1.0.2 Description: The issue is related to an Improper Control of Generation of Code 'Code Injection' vulnerability, which allows Code Injection. Recommendations: For Inpersttion Slivery...

PT-2024-20503 · Cwicly · Cwicly

Name of the Vulnerable Software and Affected Versions: Cwicly versions 1.4.0.2 and earlier Description: The issue is related to improper control of code generation, allowing code injection. This means that an attacker could potentially inject malicious code into the system. Recommendations: For...

ROS-20240328-06

A vulnerability in the libssh library is related to NULL pointer dereferencing. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the ProxyCommand/ProxyJump component of the libssh library is related to improper control of co...

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

Rocky Linux 8 : firefox (RLSA-2024:0955)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0955 advisory. - When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read...

Fedora: Security Advisory for cglib (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for modello (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for byte-buddy (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for jdeparser (FEDORA-2024-129d8ca6fc)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...