Security Bulletin: Multiple vulnerabilities in Apache Commons Compress may affect IBM Decision Optimization for IBM Cloud Pak for Data (CVE-2024-26308 & CVE-2024-25710)

Summary There are multiple vulnerabilities in Apache Commons Compress used by IBM Decision Optimization for IBM Cloud Pak for Data. IBM Decision Optimization for IBM Cloud Pak for Data has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2024-26308 DESCRIPTION: Apache Commons Compre...

SUSE CVE-2024-3855

In certain cases the JIT incorrectly optimized MSubstr operations, which led to out-of-bounds reads. This vulnerability affects Firefox 125...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : MozillaThunderbird (SUSE-SU-2024:1437-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1437-1 advisory. - The permission prompt input delay could expire while the window is not in focus. This makes it...

SUSE CVE-2024-4141

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers...

Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6750-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6750-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsin...

CVE-2024-4141

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers...

UBUNTU-CVE-2024-4141

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers...

CVE-2024-4141

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers...

CVE-2024-4141

CVE-2024-4141: Out-of-bounds array write in Xpdf 4.05 and earlier caused by a bounds-check optimization bug in Type 1 font handling. The Fedora advisories indicate the issue is addressed by updating to xpdf 4.06 (Fedora 42/43 packages), which fixes the vulnerable code path. The CVE description no...

How to keep your visual effects settings in HDX/ICA session

In HDX/ICA session some visual effects are disabled. This article describes how to keep your visual effects settings in HDX/ICA session...

Debian dla-3791 : thunderbird - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3791 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3791-1 [email protected]...

Mozilla: Out-of-bounds-read after mis-optimized switch statement

The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads...

Mozilla: GetBoundName in the JIT returned the wrong object

The Mozilla Foundation Security Advisory describes this flaw as: GetBoundName could return the wrong version of an object when JIT optimizations were applied...

Mozilla: GetBoundName in the JIT returned the wrong object

The Mozilla Foundation Security Advisory describes this flaw as: GetBoundName could return the wrong version of an object when JIT optimizations were applied...

Mozilla: Out-of-bounds-read after mis-optimized switch statement

The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads...

Out-of-Bounds-Read

firefox is vulnerable to Out-of-Bounds-Read. The vulnerability is due to the incorrect optimization of MSubstr operations by the JIT Just-In-Time, leading to out-of-bounds reads in certain cases where MSubstr operations are incorrectly optimized...

Mozilla Thunderbird < 115.10

The version of Thunderbird installed on the remote Windows host is prior to 115.10. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-20 advisory. - The executable file warning was not presented when downloading .xrm-ms files. Note: This issue only affected...

Mozilla: Out-of-bounds-read after mis-optimized switch statement

The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads...

Mozilla: Out-of-bounds-read after mis-optimized switch statement

The Mozilla Foundation Security Advisory describes this flaw as: In some code patterns the JIT incorrectly optimized switch statements and generated code with out-of-bounds-reads...

Unspecified Vulnerability in Mozilla Firefox (CNVD-2024-37194)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox, which stems from a JIT incorrectly optimizing MSubstr operations under certain circumstances, and can be exploited by an attacker to cause an...