GHSA-PQ7C-X8G4-RVP6 NiceGUI: Unauthenticated log-volume denial of service in dynamic resource routes

Summary Two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside Starlette's FileResponse, which Uvicorn writes to the server log...

SUSE CVE-2024-50202

In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfsfindentry Syzbot reported that a task hang occurs in vcsopen during a fuzzing test for nilfs2. The root cause of this problem is that in nilfsfindentry, which searches for directo...

The vulnerability of the Edge Installer component of the Microsoft Edge browser allows a perpetrator to elevate their privileges and execute arbitrary code.

The vulnerability of the Microsoft Edge browser’s Edge Installer component is related to errors during the connection to directories. Exploiting this vulnerability can allow an attacker to enhance their privileges and execute arbitrary code...

PT-2021-3742 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge affected versions not specified Description: The issue is related to errors in creating connections with directories in the Edge Installer component of Microsoft Edge, allowing an attacker to potentially elevate privileges and...