CLSA-2025-1765986482 webkit2gtk3: Fix of 4 CVEs

CVE-2025-13502: fix out of bounds read and integer underflow by adding bounds checking and validating message delimiters - CVE-2025-43430: fix bbq jit compiler writing to wrong stack slots in wasm try/catch blocks - CVE-2025-43421: fix memory handling issues that cause unexpected process crashes...

Linux Distros Unpatched Vulnerability : CVE-2021-29982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Due to incorrect JIT optimization, we incorrectly interpreted data from the wrong type of object, resulting in the potential leak of a single bit of memory. Thi...

firefox: JIT corruption of WASM i32 return values on 64-bit CPUs

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: On 64-bit CPUs, when the JIT compiles WASM i32 return values they can pick up bits from left over memory. This can potentially cause them to be treated as a different type...

Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 128.3.0 ESR MFSA-2024-47, bsc1230979: CVE-2024-8900: Clipboard write permission bypass CVE-2024-9392: Compromised content process can bypass site isolation CVE-2024-9393: Cross-origin access to P...

CVE-2021-47303 bpf: Track subprog poke descriptors correctly and fix use-after-free

In the Linux kernel, the following vulnerability has been resolved: bpf: Track subprog poke descriptors correctly and fix use-after-free Subprograms are calling mappoketrack, but on program release there is no hook to call mappokeuntrack. However, on program release, the aux memory and poke...

Google Chrome 78.0.3904.70 - Remote Code Execution Exploit

Exploit Title: Google Chrome 78.0.3904.70 - Remote Code Execution Exploit Author: deadlock Forrest Orr Type: RCE Platform: Windows Website: https://forrest-orr.net Twitter: https://twitter.com/ForrestOrr Vendor Homepage: https://www.google.com/chrome/ Software Link:...

CVE-2021-0959

In jitmemoryregion.cc, there is a possible bypass of memory restrictions due to a logic error in the code. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID:...

CVE-2017-11874

Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, version 1709, and ChakraCore allows an attacker to bypass Control Flow Guard CFG to run arbitrary code on a target system, due to how Microsoft Edge handles accessing memory in code compiled by the Edge Just-In-Time JIT compiler,...

iOS 9.3.4 Patches Critical Code Execution Flaw

Apple last week patched a critical iOS memory corruption vulnerability that could allow attackers to execute code on compromised devices. The flaw was found by Team Pangu, a Chinese hacker group that specializes in building iOS jailbreak tools. The vulnerability is fixed in iOS 9.3.4. “An...

SigPlus Pro 3.74 - ActiveX LCDWriteString() Remote BoF JIT Spray - aslr/dep bypass

No description provided by source. html !-- =================================================================================================== SigPlus Pro v3.74 ActiveX Signature Capture LCDWriteString Remote BoF JIT Spray - aslr/dep bypass Author: mrme - @StevenSeeley Download:...

PT-2010-4664 · Microsoft · .Net Framework

Name of the Vulnerable Software and Affected Versions: Microsoft .NET Framework version 4.0 Description: A remote code execution issue exists in the Microsoft .NET Framework, specifically affecting the x64 and Itanium architectures. This is due to improper optimizations by the JIT compiler,...