CVE-2024-2608

AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

CVE-2024-2608

AppendEncodedAttributeValue, ExtraSpaceNeededForAttrEncoding and AppendEncodedCharacters could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9...

Slackware Linux 15.0 / current mozilla-thunderbird Multiple Vulnerabilities (SSA:2024-079-03)

The version of mozilla-thunderbird installed on the remote host is prior to 115.9.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2024-079-03 advisory. - NSS was susceptible to a timing side-channel attack when performing RSA decryption. This attack could...

Mozilla Firefox ESR < 115.9

The version of Firefox ESR installed on the remote Windows host is prior to 115.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-13 advisory. - Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed...

Mozilla Thunderbird < 115.9

The version of Thunderbird installed on the remote macOS or Mac OS X host is prior to 115.9. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-14 advisory. - Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs...

Security Vulnerabilities fixed in Firefox 124 — Mozilla

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. Note: This issue only affected Windows operating systems. Other operating systems are unaffected. Passing invalid data could have led to invalid wasm values being created, such as...

Huawei EulerOS: Security Advisory for motif (EulerOS-SA-2024-1283)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : motif (EulerOS-SA-2024-1283)

According to the versions of the motif packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflows in libXpm before 3.5.12, when a program requests parsing XPM extensions on a 64-bit platform, allow remote attackers t...

openSUSE: Security Advisory for gstreamer (SUSE-SU-2023:3247-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 9 : libxml2-2.9.13-2.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the libxml2-2.9.13-2.el9 build changelog. - In libxml2 before 2.9.14, several buffer handling functions in buf.c xmlBuf and tree.c xmlBuffer don't check for integer overflows. This can resu...

Moderate: Red Hat Security Advisory: libxml2 security update

An update for libxml2 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

Important: java-11-amazon-corretto

Issue Overview: A vulnerability that allows an attacker to execute arbitrary java code from the javascript engine even though the option "--no-java" was set. CVE-2024-20918 With carefully crafted custom bytecodes, arbitrary unverified bytecodes could be executed. CVE-2024-20919 Loop optimizations...

CVE-2024-21631

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...

CVE-2024-21631 Integer overflow in URI leading to potential host spoofing

Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's vaporurlparserparse function uses uint16t indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact...

GitLab 0.0 < 15.5.9 / 15.6 < 15.6.6 / 15.7 < 15.7.5 (CVE-2022-23521)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a .gitattributes file to the repository, whi...

GitLab < 15.5.9 (CRITICAL-SECURITY-RELEASE-GITLAB-15-7-5-RELEASED)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Git is distributed revision control system. git log can display commits in an arbitrary format using its --format specifiers. This functionality is also exposed to git archive via the export-subst...

NewStart CGSL MAIN 6.02 : p11-kit Multiple Vulnerabilities (NS-SA-2023-0106)

The remote NewStart CGSL host, running version MAIN 6.02, has p11-kit packages installed that are affected by multiple vulnerabilities: - An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and...

Slackware: Security Advisory (SSA:2023-343-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

NewStart CGSL MAIN 6.06 : git Multiple Vulnerabilities (NS-SA-2023-0143)

The remote NewStart CGSL host, running version MAIN 6.06, has git packages installed that are affected by multiple vulnerabilities: - Git is distributed revision control system. gitattributes are a mechanism to allow defining attributes for paths. These attributes can be defined by adding a...

Rocky Linux 9 : krb5 (RLSA-2022:8637)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:8637 advisory. - PAC parsing in MIT Kerberos 5 aka krb5 before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution in KDC, kadmind, or ...