Mozilla多款产品 安全漏洞

Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. An information disclosure vulnerability exists in several Mozilla produc...

MiracleLinux 9 : java-11-openjdk-11.0.23.0.9-3.el9.ML.1 (AXSA:2024-7717:10)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-7717:10 advisory. OpenJDK: long Exception message leading to crash 8319851 CVE-2024-21011 OpenJDK: integer overflow in C1 compiler address generation 8322122...

Mozilla Firefox 安全漏洞

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox versions prior to 146 and ESR 140.6, which stems from a compilation error in the JavaScript Engine JIT component that could lead to code execution...

EUVD-2006-2466

Malware in sbrugna...

CVE-2025-37893

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix off-by-one error in buildprologue Vincent reported that running BPF progs with tailcalls on LoongArch causes kernel hard lockup. Debugging the issues shows that the JITed image missing a jirl instruction at th...

CVE-2025-37893

The CVE-2025-37893 issue affects the Linux kernel’s LoongArch BPF JIT path. Debugging shows that when BPF programs mix bpf2bpf and tailcalls, build_prologue() can generate N instructions in the first pass and N+1 in the second, causing epilogue_offset to be off by one. This can cause the JITed ep...

xorg-x11-server security update

1.20.11-26 - Fix regression caused by the fix for CVE-2024-31083 1.20.11-25 - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083 - Add util-linux as a dependency of Xvfb - Fix compilation error on i686...

xorg-x11-server security update

1.20.14-23 - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083 - Add util-linux as a dependency of Xvfb - Fix compilation error on i686...

MGASA-2024-0179 Updated java-1.8.0, java-11, java-17, java-latest packages fix security vulnerabilities

Long Exception message leading to crash. CVE-2024-21011 HTTP/2 client improper reverse DNS lookup. CVE-2024-21012 Integer overflow in C1 compiler address generation. CVE-2024-21068 Pack200 excessive memory allocation. CVE-2024-21085 C2 compilation fails with "Exceeded noderegs array". CVE-2024-21...

X.Org server security update

1.20.4-29 - Fix regression caused by the fix for CVE-2024-31083 1.20.4-28 - CVE fix for: CVE-2024-31080, CVE-2024-31081, CVE-2024-31082 and CVE-2024-31083 Resolves: https://issues.redhat.com/browse/RHEL-31003 Resolves: https://issues.redhat.com/browse/RHEL-30989 Resolves:...

Mozilla: Incorrect value used during WASM compilation

The Mozilla Foundation Security Advisory describes this flaw as: In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process...

Compilation Error: Undefined function 'shiftl_toFix' in CTokenFiatCollateral Contract

Lines of code Vulnerability details Impact return shiftltoFixrate, shiftLeft; It should be noted that the function "shiftltoFix" is not defined in the contract and not imported from any library, this means that the compiler will throw an error when trying to deploy the contract and this function...

GHSA-5J8W-R7G8-5472 Arrow2 allows double free in `safe` code

The struct FfiArrowArray implements deriveClone that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned. Cloning this struct in safe results in a segmentation fault, which is unsound. This derive was removed from this struct. All users are advised to...

OPENSUSE-SU-2021:1244-1 Security update for ntfs-3g_ntfsprogs

This update for ntfs-3gntfsprogs fixes the following issues: Update to version 2021.8.22 bsc1189720: Fixed compile error when building with libfuse vs Allowed using the full library API on systems without extended attributes support Fixed DISABLEPLUGINS as the condition for not using plugins...

OPENSUSE-SU-2021:1178-1 Security update for tor

This update for tor fixes the following issues: tor 0.4.6.7: Fix a DoS via a remotely triggerable assertion failure boo1189489, TROVE-2021-007, CVE-2021-38385 tor 0.4.6.6: Fix a compilation error with gcc 7, drop tor-0.4.6.5-gcc7.patch Enable the deterministic RNG for unit tests that covers the...

OPENSUSE-SU-2021:1169-1 Security update for tor

This update for tor fixes the following issues: tor 0.4.6.7: Fix a DoS via a remotely triggerable assertion failure boo1189489, TROVE-2021-007, CVE-2021-38385 tor 0.4.6.6: Fix a compilation error with gcc 7, drop tor-0.4.6.5-gcc7.patch Enable the deterministic RNG for unit tests that covers the...

Security update for tor (important)

openSUSE Security Update: Security update for tor Announcement ID: openSUSE-SU-2021:1169-1 Rating: important References: 1189489 Cross-References: CVE-2021-38385 Affected Products: openSUSE Leap 15.2 An update that fixes one vulnerability is now available. Description: This update for tor fixes t...

openSUSE Security Update : opera (openSUSE-2021-712)

This update for opera fixes the following issues : Update to version 76.0.4017.94 - released on the stable branch Update to version 76.0.4017.88 - CHR-8404 Update chromium on desktop-stable-90-4017 to 90.0.4430.85 - DNA-92219 Add bookmark API supports to the front-end - DNA-92409 MAC Present now...

SUSE-SU-2021:1652-1 Security update for redis

This update for redis fixes the following issues: redis was updated to 6.0.13: CVE-2021-29477: Integer overflow in STRALGO LCS command bsc1185729 CVE-2021-29478: Integer overflow in COPY command for large intsets bsc1185730 Cluster: Skip unnecessary check which may prevent failure detection Fix...

Code injection

BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."...