Adding Compilation Metadata to Binaries to Make Disassembly Decidable

The binary executable format is the standard method for distributing and executing software. Yet, it is also as opaque a representation of software as can be. If the binary format were augmented with metadata that provides security-relevant information, such as which data is intended by the...

PT-2025-36469

Name of the Vulnerable Software and Affected Versions: .NET 6.0.0 through 6.0.36 .NET 8.0.0 through 8.0.11 .NET 9.0.0 Description: A buffer over-read issue exists in DiaSymReader.dll. This occurs when a product reads from a buffer using buffer access mechanisms that reference memory locations aft...

Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by a vulnerability in Babel (CVE-2025-27789)

Summary There is a vulnerability in Babel/helpers and Babel/runtime consumed by IBM Cognos Analytics Mobile Android CVE-2025-27789. This Security Bulletin relates only to the direct usage of third-party components by IBM Cognos Analytics Mobile and not any nested dependencies within the product...

Security Bulletin: Multiple Vulnerabilities in IBM Event Processing

Summary Multiple vulnerabilities were addressed in IBM Event Processing version 1.4.1 Vulnerability Details CVEID:CVE-2025-27789 DESCRIPTION: Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression...

CVE-2025-27789 Inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...

CVE-2025-27789 Inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups

Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...

PT-2023-25989 · Unknown · Open Enclave

Name of the Vulnerable Software and Affected Versions: Open Enclave versions prior to 0.19.3 Description: The issue concerns two problems in the Open Enclave SDK. First, it does not properly sanitize the MXCSR register on enclave entry, making applications vulnerable to MXCSR Configuration...

CVE-2022-28614

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

DEBIAN-CVE-2022-28614

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

ALPINE-CVE-2022-28614

The aprwrite function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using aprwrite or aprputs, such as with modluas r:puts function. Modules compiled and distributed separately from Apache HTTP Server that use t...

Important: Red Hat Security Advisory: dotnet5.0 security and bugfix update

An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from...

Debian: Security Advisory (DLA-2442-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

gcc-toolset-9-binutils bug fix and enhancement update

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. For instructions on usage, see Using GCC Toolset linked from the References section. Components and specifics of this version are documente...

gcc-toolset-9-binutils bug fix and enhancement update

An update is available for gcc-toolset-9-binutils. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list GCC Toolset is a compiler toolset that provides recent version...

The vulnerability of the Firefox Web browser’s session object recompilation component, related to the access to freed memory segments, allows attackers to gain unauthorized access to confidential data, cause service failures, and compromise data integrity.

The vulnerability of the Firefox Web browser’s session object recompilation component relates to the access to freed memory resources. Exploiting this vulnerability can allow an attacker to gain unauthorized access to confidential data, cause service failures, and compromise data integrity...

gcc-toolset-9-binutils bug fix update

GCC Toolset is a compiler toolset that provides recent versions of development tools. GCC Toolset is an Application Stream packaged as a Software Collection. The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It...

2019.2 IPU – Intel® SGX Advisory

Summary: A potential security vulnerability in Intel SGX SDK may allow for information disclosure, escalation of privilege or denial of service. Intel is releasing software updates to mitigate this potential vulnerability. This potential vulnerability is present in all SGX enclaves built with the...

PCRE: Multiple vulnerabilities

Background The PCRE Library provides functions for Perl-compatible regular expressions. Description Multiple vulnerabilities have been discovered in The PCRE Library. Please review the references below for details. Impact A remote attacker could possibly cause a Denial of Service condition or oth...

Kpathsea: User-assisted execution of arbitrary code

Background Kpathsea is a library to do path searching. It is used by TeX Live and others TeX related software. Description It was discovered that the mpost program from the shellescapecommands list is capable of executing arbitrary external programs during the conversion of .tex files. The...

The vulnerability of the Android operating system, allowing a hacker to execute arbitrary code

The vulnerabilities of MediaTek components—M4U drivers, audio drivers, touchscreen drivers, GPU drivers, and Android operating system command queue drivers—are related to deficiencies in access control. Exploiting these vulnerabilities allows a remote attacker to execute arbitrary code, leading t...