Mozilla: Potential Memory Corruption following Garbage Collector compaction

The Mozilla Foundation Security Advisory describes this flaw as: Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash...

Mozilla: Potential Memory Corruption following Garbage Collector compaction

The Mozilla Foundation Security Advisory describes this flaw as: Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash...

Mozilla: Potential Memory Corruption following Garbage Collector compaction

The Mozilla Foundation Security Advisory describes this flaw as: Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash...

Unbreakable Enterprise kernel-container security update

5.4.17-2136.318.7.1.el7 - KVM: arm64: Disabling disabled PMU counters wastes a lot of time Alexandre Chartre Orabug: 33312587 - KVM: arm64: Don't zero the cycle count register when PMCREL0.P is set Alexandru Elisei Orabug: 33312587 - KVM: arm64: pmu: Only handle supported event counters Eric Auge...

Oracle Linux 9 : firefox (ELSA-2023-1786)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-1786 advisory. 102.10.0-1.0.1 - Updated homepages to use https Orabug: 34648274 102.10.0-1 - Update to 102.10.0 build1 102.9.0-4 - Update to 102.9.0 build2 Tenable ha...

Mozilla: Potential Memory Corruption following Garbage Collector compaction

The Mozilla Foundation Security Advisory describes this flaw as: Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash...

Mozilla: Potential Memory Corruption following Garbage Collector compaction

The Mozilla Foundation Security Advisory describes this flaw as: Following a Garbage Collector compaction, weak maps may have been accessed before they were correctly traced. This resulted in memory corruption and a potentially exploitable crash...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2023-102-01)

The version of mozilla-thunderbird installed on the remote host is prior to 102.10.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2023-102-01 advisory. - OCSP revocation status of recipient certificates was not checked when sending S/Mime encrypted email, and...

Ubuntu: Security Advisory (USN-6010-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6010-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. CVE-2023-29537, CVE-2023-29540,...

Mozilla Firefox ESR < 102.10

The version of Firefox ESR installed on the remote Windows host is prior to 102.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2023-14 advisory. - Mozilla developers Andrew Osmond, Sebastian Hengst, Andrew McCreight, and the Mozilla Fuzzing Team reported memor...

Denial Of Service (DoS)

Snappier is vulnerable to Denial Of Service DoS. The vulnerability exists because the Short-lived stack references to locations outside buffers may become invalid if they exist during a GC compaction, which leads to an attacker causing an application crash by providing a malicious input...

Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer

Impact This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change generally improves performance and reduces workload on the garbage collector. Howeve...

Buffer overflow

Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...

CVE-2023-28638 Stack references to locations outside buffers may become invalid if they exist during a GC compaction in Snappier

Snappier is a high performance C implementation of the Snappy compression algorithm. This is a buffer overrun vulnerability that can affect any user of Snappier 1.1.0. In this release, much of the code was rewritten to use byte references rather than pointers to pinned buffers. This change...

GSD-2023-1001298 mm, compaction: fix fast_isolate_around() to stay within boundaries

mm, compaction: fix fastisolatearound to stay within boundaries This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1000955 mm, compaction: fix fast_isolate_around() to stay within boundaries

mm, compaction: fix fastisolatearound to stay within boundaries This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.87 by commit...

GSD-2023-1000505 mm, compaction: fix fast_isolate_around() to stay within boundaries

mm, compaction: fix fastisolatearound to stay within boundaries This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.17 by commit...

GSD-2022-1003744 mm, compaction: fast_find_migrateblock() should return pfn in the target zone

mm, compaction: fastfindmigrateblock should return pfn in the target zone This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.198 by commit...

GSD-2022-1003552 mm, compaction: fast_find_migrateblock() should return pfn in the target zone

mm, compaction: fastfindmigrateblock should return pfn in the target zone This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.121 by commit...