firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Memory safety bugs present in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148. Some of these bugs showed evidence of memory corruption and we presume th...

A week in security (October 20 – October 26)

Last week on Malwarebytes Labs: Is AI moving faster than its safety net? Thousands of online stores at risk as SessionReaper attacks spread Apple may have to open its walled garden to outside app stores Meta boosts scam protection on WhatsApp and Messenger Home Depot Halloween phish gives users a...

EUVD-2007-0305

Malware in sbrugna...

EUVD-2024-39998

Malicious code in bioql PyPI...

ASB-A-419563680

In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. This could lead to remote code execution in combination with other bugs, with no additional execution privileges needed. User interaction is not needed for exploitation...

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [3 February]

This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices...

CVE-2024-42172

HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application wi...

CVE-2024-42172 HCL MyXalytics is affected by broken authentication

HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application wi...

CVE-2024-42172 HCL MyXalytics is affected by broken authentication

HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application wi...

CVE-2024-42172

CVE-2024-42172 affects HCL MyXalytics and is described as a broken authentication vulnerability. The provided sources state attackers could compromise keys, passwords, and session tokens, potentially leading to identity theft and full system control. The underlying cause is attributed to poor con...

PT-2025-2622 · Hcl · Hcl Myxalytics

Name of the Vulnerable Software and Affected Versions: HCL MyXalytics affected versions not specified Description: The issue arises from broken authentication, allowing attackers to compromise keys, passwords, and session tokens. This can potentially lead to identity theft and system control. The...

MGASA-2024-0336 Updated thunderbird packages fix security vulnerabilities

The updated packages provide Thunderbird 128 for all mandatory arches of Mageia x8664, i586 and aarch64 and fix several bugs, including a security vulnerability:...

BIT-MATTERMOST-2024-47003

Mattermost versions 9.11.x = 9.11.0 and 9.5.x = 9.5.8 fail to validate that the message of the permalink post is a string, which allows an attacker to send a non-string value as the message of a permalink post and crash the frontend...

MGASA-2024-0141 Updated kernel, kmod-xtables-addons, kmod-virtualbox packages fix security vulnerabilities

Upstream kernel version 6.6.28 fix bugs and vulnerabilities. The kmod-virtualbox and kmod-xtables-addons packages have been updated to work with this new kernel. dwarves is a new requirement to build the kernel. For information about the vulnerabilities see the links...

SUSE-RU-2023:4063-1 Recommended update for glibc

This update of glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaihinet bsc1215286, BZ 28931 Other issues fixed: - S390: Fix relocation of nlcurrentLCCATETORYused in static build bsc1215504, BZ 19860 - added GB18030-2022 charmap...

SUSE-SU-2023:1815-1 Security update for amazon-ssm-agent

This update for amazon-ssm-agent fixes the following issue: - rebuilt using go1.19.7 to fix bugs and security issues...

OPENSUSE-SU-2023:0025-1 Security update for cacti, cacti-spine

This update for cacti, cacti-spine fixes the following issues: cacti-spine 1.2.23: Fix unexpected reindexing when using uptime as the reindex method Spine should prevent the script server from connecting to remote when offline Improve Script Server Timeout Logging Add SQLNOCACHE to Spine Queries...

The Ultimate Security Blind Spot You Don't Know You Have

How much time do developers spend actually writing code? According to recent studies, developers spend more time maintaining, testing and securing existing code than they do writing or improving code. Security vulnerabilities have a bad habit of popping up during the software development process,...

OSV-2022-77 Heap-buffer-overflow in hufDecode

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43916 Crash type: Heap-buffer-overflow READ 1 Crash state: hufDecode internalhufdecompress internalexrundopiz...

OPENSUSE-SU-2021:1330-1 Security update for opera

This update for opera fixes the following issues: Opera was updated to version 79.0.4143.50 - CHR-8571 Update chromium on desktop-stable-93-4143 to 93.0.4577.82 - DNA-94104 ContinueShoppingOnEbayBrowserTest.ShouldDisplayOffers TilesStartingWithMostActiveOnes fails - DNA-94894 Rich Hint Agent API...