libxml2: Fix of CVE-2025-27113

CVE-2025-27113: fix compilation of explicit child axis...

CLSA-2025-1741628775 libxml2: Fix of CVE-2025-27113

CVE-2025-27113: fix compilation of explicit child axis...

CLSA-2025-1741291888 libxml2: Fix of CVE-2025-27113

CVE-2025-27113: fix compilation of explicit child axis...

Linux Distros Unpatched Vulnerability : CVE-2025-1933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a...

CVE-2025-1933

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability affects Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

CVE-2025-1933

On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type. This vulnerability was fixed in Firefox 136, Firefox ESR 115.21, Firefox ESR 128.8, Thunderbird 136, and Thunderbird 128.8...

mozilla -- 64 bit JIT WASM read on left over memory

[email protected] reports: On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type...

Mozilla Firefox ESR < 115.21

The version of Firefox ESR installed on the remote macOS or Mac OS X host is prior to 115.21. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2025-15 advisory. - Memory safety bugs present in Firefox 135, Thunderbird 135, Firefox ESR 115.20, Firefox ESR 128.7, and...

Security Vulnerabilities fixed in Firefox ESR 115.21 — Mozilla

In resizeToAtLeast of SkRegion.cpp, there was a possible out of bounds write due to an integer overflow On Windows, a compromised content process could use bad StreamData sent over AudioIPC to trigger a use-after-free in the Browser process. This could have led to a sandbox escape. It was possibl...

MITRE Caldera dynamic compilation command injection

Added: 02/28/2025 Background MITRE Caldera is a security platform for emulating adversaries. Problem The dynamic compilation functionality in the Manx and Sandcat agents is affected by an injection vulnerability which could allow remote command execution. Resolution Upgrade to Caldera 5.1.0 or...

RHEL 9 : pki-servlet-engine (RHSA-2025:1920)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:1920 advisory. Tomcat is the servlet engine that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java...

CVE-2025-27364

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution RCE vulnerability was found in the dynamic agent implant compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web...

CVE-2025-27364

In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution RCE vulnerability was found in the dynamic agent implant compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web...

Astra Linux – Vulnerability in Firefox, Thunderbird

A potential memory corruption vulnerability could be triggered if an attacker had the ability to cause a “Out-of-Memory” exception at a specific moment during JIT compilation. This vulnerability affects Firefox 131, Firefox ESR 128.3, Thunderbird 128.3, and Thunderbird 131...

SUSE-SU-2025:0394-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2024-50379: Fixed remote code execution RCE due to TOCTOU issue in JSP compilation bsc1234663. - CVE-2024-54677: Fixed denial-of-service DoS attack in examples web application bsc1234664...

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

tomcat: RCE due to TOCTOU issue in JSP compilation

A flaw was found in Tomcat. A Time-of-check Time-of-use TOCTOU race condition occurs during JSP compilation on case-insensitive file systems when the default servlet is enabled for writing. This vulnerability allows an uploaded file to be treated as a JSP and executed, resulting in remote code...

MGASA-2024-0394 Updated tomcat packages fix security vulnerabilities

RCE due to TOCTOU issue in JSP compilation. CVE-2024-50379 DoS in examples web application. CVE-2024-54677...