MiracleLinux 9 : protobuf-3.14.0-13.el9 (AXSA:2022-4552:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2022-4552:03 advisory. protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference CVE-2021-22570 Tenable has extracted the preceding description block...

CVE-2023-25676

TensorFlow is an open source machine learning platform. When running versions prior to 2.12.0 and 2.11.1 with XLA, tf.rawops.ParallelConcat segfaults with a nullptr dereference when given a parameter shape with rank that is not greater than zero. A fix is available in TensorFlow 2.12.0 and 2.11.1...

EUVD-2025-22362

Malicious code in bioql PyPI...

EUVD-2022-0299

Malicious code in bioql PyPI...

EUVD-2024-0146

Malicious code in bioql PyPI...

firefox: thunderbird: Incorrect JavaScript state machine for generators

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: The JavaScript engine did not handle closed generators correctly, and it was possible to resume them, resulting in a nullptr dereference...

FreeBSD : Mozilla -- nullptr dereference (4d03efe7-685e-11f0-a12d-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 4d03efe7-685e-11f0-a12d-b42e991fc52e advisory. [email protected] reports: The JavaScript engine did not handle closed generators correctly and it w...

CVE-2025-8033

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-8033

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability affects Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-8033

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-8033 Incorrect JavaScript state machine for generators

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2025-8033

The CVE-2025-8033 issue is a memory-safety bug in Mozilla’s JavaScript engine where closing generators could be resumed, causing a null pointer dereference. Affected products include Firefox and Thunderbird forks across multiple release lines (Firefox < 141, ESR tracks <115.26, <128.13, ...

CVE-2025-8033 Incorrect JavaScript state machine for generators

The JavaScript engine did not handle closed generators correctly and it was possible to resume them leading to a nullptr deref. This vulnerability was fixed in Firefox 141, Firefox ESR 115.26, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

CVE-2024-49901

In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Assign msmgpu-pdev earlier to avoid nullptrs There are some cases, such as the one uncovered by Commit 46d4efcccc68 "drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails" where msmgpucleanup :...

CVE-2024-38390

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xxdestroy before adrenogpuinit leads to a null pointer dereference on: msmgpucleanup : platformsetdrvdatagpu-pdev, NULL; as gpu-pdev is only assigned...

CVE-2024-38390 drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xxdestroy before adrenogpuinit leads to a null pointer dereference on: msmgpucleanup : platformsetdrvdatagpu-pdev, NULL; as gpu-pdev is only assigned...

CVE-2024-38390

CVE-2024-38390 affects the Linux kernel DRM/MSM a6xx path. The vulnerability arises when speedbin setting fails, causing a null pointer dereference during cleanup if msm_gpu_init() did not complete (gpu->pdev is only assigned in a6xx_gpu_init -> adreno_gpu_init -> msm_gpu_init). The cano...

CVE-2024-38390 drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails

In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails Calling a6xxdestroy before adrenogpuinit leads to a null pointer dereference on: msmgpucleanup : platformsetdrvdatagpu-pdev, NULL; as gpu-pdev is only assigned...

Moderate: Red Hat Security Advisory: protobuf security update

An update for protobuf is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

BIT-TENSORFLOW-2022-35965 Segfault in `LowerBound` and `UpperBound` in TensorFlow

TensorFlow is an open source platform for machine learning. If LowerBound or UpperBound is given an emptysortedinputs input, it results in a nullptr dereference, leading to a segfault that can be used to trigger a denial of service attack. We have patched the issue in GitHub commit...