The vulnerability of the Microsoft Visual Studio software and the Microsoft.NET platform allows attackers to execute arbitrary code.

The vulnerability of the Microsoft Visual Studio software and the Microsoft.NET platform is related to type conversion errors. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the kernel of Microsoft Windows, which allows a hacker to increase their privileges

The vulnerability of the kernel of Microsoft Windows is related to synchronization errors when using a shared resource „Race Conditions“. Exploiting this vulnerability can allow an attacker to increase their privileges...

PT-2024-41186 · Ооо 'Датэкс Софтвер' · E-Staff

Уязвимость системы автоматизации рекрутинговых процессов E-Staff связана с ошибками фильтрации данных при получении информации об объекте. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к защищаемой информации...

Low: Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.1 Bug Fix Update

Updated images that fix several bugs are now available for Red Hat OpenShift Data Foundation 4.17.1 on Red Hat Enterprise Linux 9 from Red Hat Container Registry. Red Hat OpenShift Data Foundation is software-defined storage integrated with and optimized for the Red Hat OpenShift Data Foundation...

nilfs2: propagate directory read errors from nilfs_find_entry()

...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets CVE-2023-52620 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix oob in ntfslistxattr CVE-2023-52640 In the Linux kernel, th...

The vulnerability of Remote Desktop Services (RDS) for Microsoft Windows operating systems allows a perpetrator to execute arbitrary code.

The vulnerability of Remote Desktop Services RDS for Microsoft Windows operating systems is related to data type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of DRM/VMWGFX components in Linux operating systems allows attackers to increase their privileges within the system.

The vulnerability of DRM/VMWGFX components in Linux operating systems is related to memory management errors after freeing memory. Exploiting this vulnerability can allow an attacker to increase their privileges within the system...

Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: Passwordverify always return true with some hash CVE-2023-0567 php: Missing error check and insufficient random bytes in...

The vulnerability of the phylib component in the Linux operating system’s kernel allows a hacker to gain elevated privileges within the system.

The vulnerability of the phylib component in the Linux operating system’s kernel is related to memory-related errors after deallocation. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

PT-2024-34638 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further...

ARM多款产品 安全漏洞

The ARM Cortex-A77, among others, is a central processing unit from the British company ARM. A security vulnerability exists in various Arm products, which stems from the possibility that memory accesses may be incorrectly converted. The following products are affected: ARM Cortex-A77, ARM...

PT-2024-9423 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a Lightweight Directory Access Protocol LDAP client remote code execution. It is caused by synchronization errors when using a shared resource. This allows a remote...

PT-2024-9528 · Microsoft · Windows Cloud Files Mini Filter Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Cloud Files Mini Filter Driver affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver, which is associated with synchronization errors...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems arises from errors in system configuration or settings, allowing unauthorized access by attackers to protected information.

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to errors in system settings or configuration. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

PT-2024-36966

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description A vulnerability in the Linux kernel has been resolved, related to the ALSA control, where the use of WARN for showing symlink creation errors was downgraded to dev err to avoid confusing fuzzer...

The vulnerability of Documenso’s digital signature software lies in errors in the user interface’s information presentation, which allows attackers to perform spoofing attacks.

The vulnerability of Documenso’s digital signature software is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks...

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

GHSA-MWCW-C2X4-8C55 Predictable results in nanoid generation when given non-integer values

When nanoid is called with a fractional value, there were a number of undesirable effects: 1. in browser and non-secure, the code infinite loops on while size-- 2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled 3. if the...

The vulnerability of the Qlik Sense Enterprise data analysis platform, related to errors in processing input data from higher-level components, allows a perpetrator to execute arbitrary code.

The vulnerability of the Qlik Sense Enterprise data analysis platform is related to errors in processing input data from higher-level components. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by creating specially crafted connection objects remotely...