Security Bulletin: IBM SPSS Modeler is affected by multiple vulnerabilities in xercesImpl

Summary IBM SPSS Modeler is affected by multiple vulnerabilities in xercesImpl CVE-2009-2625, CVE-2012-0881, CVE-2013-4002, CVE-2020-14338, CVE-2022-23437. This has been addressed in the remediation section. Vulnerability Details CVEID:CVE-2009-2625 DESCRIPTION: XMLScanner.java in Apache Xerces2...

EUVD-2023-42153

Malicious code in bioql PyPI...

EUVD-2024-51809

Malicious code in bioql PyPI...

NewStart CGSL MAIN 7.02 : qt5-qtbase Multiple Vulnerabilities (NS-SA-2025-0204)

The remote NewStart CGSL host, running version MAIN 7.02, has qt5-qtbase packages installed that are affected by multiple vulnerabilities: - An issue was discovered in the HTTP2 implementation in Qt before 5.15.17, 6.x before 6.2.11, 6.3.x through 6.5.x before 6.5.4, and 6.6.x before 6.6.2...

chromium -- multiple security fixes

Chrome Releases reports: This update includes 8 security fixes: 409911705 High CVE-2025-4096: Heap buffer overflow in HTML. Reported by Anonymous on 2025-04-11 409342999 Medium CVE-2025-4050: Out of bounds memory access in DevTools. Reported by Anonymous on 2025-04-09 404000989 Medium...

DNS-over-HTTPS implementation suffers from multiple issues under heavy query load

...

Ubuntu 14.04 LTS / 16.04 LTS : Linux kernel vulnerabilities (USN-7183-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-7183-1 advisory. Andy Nguyen discovered that the Bluetooth L2CAP implementation in the Linux kernel contained a type- confusion error. A physically proximate...

Fedora 41 : chromium (2024-3a6f9ab958)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3a6f9ab958 advisory. Update to 130.0.6723.58 High CVE-2024-9954: Use after free in AI Medium CVE-2024-9955: Use after free in Web Authentication Medium CVE-2024-9956:...

biscuit-java vulnerable to public key confusion in third party block

Impact Tokens with third-party blocks containing trusted annotations generated through a third party block request. Due to implementation issues in biscuit-java, third party block support in published versions is inoperating. Nevertheless, to synchronize with other implementations, we publish thi...

OPENSUSE-SU-2024:0084-1 Security update for chromium

This update for chromium fixes the following issue: Chromium 122.0.6261.128 boo1221335 CVE-2024-2400: Use after free in Performance Manager Chromium 122.0.6261.111 boo1220131,boo1220604,boo1221105 New upstream security release. CVE-2024-2173: Out of bounds memory access in V8. CVE-2024-2174:...

KLA63367 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service, spoof user interface, gain privileges, bypass security restrictions. Below is a complete list of...

CVE-2023-38335

Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassin...

Design/Logic Flaw

Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassin...

OPENSUSE-SU-2020:1929-1 Security update for chromium

This update for chromium fixes the following issues: Update to 86.0.4240.198 boo1178703 - CVE-2020-16013: Inappropriate implementation in V8 - CVE-2020-16017: Use after free in site isolation Update to 86.0.4240.193 boo1178630 - CVE-2020-16016: Inappropriate implementation in base...

Debian DLA-1199-1 : thunderbird security update

Multiple security issues have been found in the Mozilla Thunderbird mail client: Multiple memory safety errors, use after free and other implementation errors may lead to crashes or the execution of arbitrary code. For Debian 7 'Wheezy', these problems have been fixed in version 1:52.5.0-1deb7u1...

Android Stagefright Flaws Put 950 Million Devices at Risk

Vulnerabilities discovered in the Stagefright media playback engine that is native to Android devices could be the mobile world’s equivalent to Heartbleed. Almost all Android devices contain the security and implementation issues in question; unpatched devices are at risk to straightforward attac...

DSA-3132-1 icedove - security update

Bulletin has no description...

[oCERT 2014-008] libFLAC multiple issues

Description: FLAC is an open source lossless audio codec supported by several software and music players. The libFLAC project, an open source library implementing reference encoders and decoders for native FLAC and Ogg FLAC audio content, suffers from multiple implementation issues. In particular...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (2)

source: https://www.securityfocus.com/bid/11712/info Multiple remote vulnerabilities reportedly affect the Opera Web Browser Java implementation. These issues are due to the insecure proprietary design of the Web browser's Java implementation. These issues may allow an attacker to craft a Java...