UBUNTU-CVE-2024-42299

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Update log-pagemask,bits if log-pagesize changed If an NTFS file system is mounted to another system with different PAGESIZE from the original system, log-pagesize will change in logreplay, but log-pagemask,bits don't...

The vulnerability of the CI/CD system’s continuous integration and delivery capabilities in JetBrains TeamCity, related to deficiencies in the authentication process due to time differences, allows attackers to compromise the confidentiality of the protected information.

The vulnerability of the Continuous Integration and Deployment Application Delivery system CI/CD of JetBrains TeamCity is related to deficiencies in the authentication process due to time differences when comparing tokens. Exploiting this vulnerability could allow a malicious actor to compromise...

Sustainability and ESG: Understanding the Difference and Why It Matters

...

CVE-2022-30636

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator \ vs. /, allowing a user to provide a relative path, i.e...

SUSE CVE-2024-38576

In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in printcpustallinfo The rcuc-starvation output from printcpustallinfo might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers...

CVE-2024-38576

In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in printcpustallinfo The rcuc-starvation output from printcpustallinfo might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers...

CVE-2024-38576 rcu: Fix buffer overflow in print_cpu_stall_info()

In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in printcpustallinfo The rcuc-starvation output from printcpustallinfo might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but computers...

GHSA-52XF-5P2M-9WRV s2n-tls has a potentially observable differences in RSA premaster secret handling

When receiving a message from a client that sent an invalid RSA premaster secret, an issue in s2n-tls results in the server performing additional processing when the premaster secret contains an incorrect client hello version. While no practical attack on s2n-tls has been demonstrated, this cause...

s2n-tls has a potentially observable differences in RSA premaster secret handling

When receiving a message from a client that sent an invalid RSA premaster secret, an issue in s2n-tls results in the server performing additional processing when the premaster secret contains an incorrect client hello version. While no practical attack on s2n-tls has been demonstrated, this cause...

Dell BSAFE Micro Edition Suite 安全漏洞

The Dell BSAFE Micro Edition Suite is a development toolkit from Dell Inc. that provides cryptographic, certificate, and transport layer security for c/c++ applications, devices, and systems. A security vulnerability exists in Dell BSAFE Micro Edition Suite versions prior to 4.6, Dell BSAFE...

SUSE CVE-2024-26828

In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parseserverinterfaces In this loop, we step through the buffer and after each item we check if the sizeleft is greater than the minimum size we need. However, the problem is that "bytesleft" is type ssizet...

xorg-x11-server: Heap buffer overread/data leakage in ProcXIGetSelectedEvents

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIGetSelectedEvents function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a...

CVE-2024-29296

A user enumeration vulnerability was found in Portainer CE 2.19.4. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not...

PT-2024-5801 · Unknown +1 · Portainer Ce +1

Name of the Vulnerable Software and Affected Versions: Portainer CE version 2.19.4 Description: A user enumeration issue is present in the user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This...

DEBIAN-CVE-2024-31081

A heap-based buffer over-read vulnerability was found in the X.org server's ProcXIPassiveGrabDevice function. This issue occurs when byte-swapped length values are used in replies, potentially leading to memory leakage and segmentation faults, particularly when triggered by a client with a...

CVE-2024-2464 Application users enumeration in CDeX

This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1...

BIT-MEDIAWIKI-2023-45362

An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser aka "X intermediate revisions by the same user not shown" ignores username suppression. This is an information leak...

Design/Logic Flaw

Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to...

Apache Pulsar Security Vulnerability

Apache Pulsar is the United States Apache Apache Foundation for cloud environments, set of messages, storage, lightweight functional computing as one of the distributed message flow platform. The software supports multi-tenancy, persistent storage, multi-room cross-region data replication, strong...

Difference between normalvalue and thresholdvalue under SNMP configuration

This article explains the difference between thresholdValue and normalValue under SNMP configuration...