The vulnerability of the ethtool component in the Linux operating system’s kernel allows a hacker to gain elevated privileges within the system.

The vulnerability of the ethtool component in the Linux operating system’s kernel is related to memory-related errors after deallocation. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

The vulnerability of the nfsd component in the Linux operating system allows a hacker to gain elevated privileges within the system.

The vulnerability of the nfsd component in Linux operating systems is related to memory management errors after freeing memory. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

The vulnerability of the btrfs component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the btrfs component in Linux operating systems is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the websReadEvent() function in the microprogramming software for Tenda FH451, Tenda FH1201, Tenda FH1202, and Tenda FH1206 allows a hacker to trigger a service failure.

The vulnerability of the websReadEvent function in the microprogramming software for Tenda FH451, Tenda FH1201, Tenda FH1202, and Tenda FH1206 is related to pointer assignment errors. Exploiting this vulnerability could allow a malicious actor to cause service failure by sending specially crafted...

The vulnerability of the ABB VPNI function in the S+ Control API of the software for management and monitoring of ABB Symphony Plus S+ Operations, S+ Engineering, and S+ Analyst allows a perpetrator to trigger a service failure.

The vulnerability of the ABB VPNI function in the S+ Control API of the ABB Symphony Plus S+ Operations, S+ Engineering, and S+ Analyst software for management and monitoring systems is related to errors in processing relative paths. Exploiting this vulnerability can allow attackers to cause...

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

The vulnerability of the Intel HID Event Filter driver installer in Intel NUC laptops allows a hacker to gain increased privileges.

The vulnerability of the Intel HID Event Filter driver installer for Intel NUC laptops is related to inherited permission errors. Exploiting this vulnerability can allow attackers to gain increased privileges...

The vulnerability in the set of development libraries for Intel Distribution for Python, related to errors in using standard permissions, allows a perpetrator to increase their privileges.

The vulnerability in the library set for application development with Intel Distribution for Python is related to errors in the use of standard permissions. Exploiting this vulnerability can allow an attacker to increase their privileges...

The vulnerability of the Linux operating system’s crypto kernel component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s crypto kernel component is related to errors in resource management in the pcryptaeadencrypt function. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of BigDL’s software, related to access control errors, allows attackers to escalate their privileges.

The vulnerability of BigDL software is related to errors in access control. Exploiting this vulnerability can allow a remote attacker to enhance their privileges...

Exploit for Integer Underflow (Wrap or Wraparound) in 7-Zip

CVE-2024-11477 Writeup This is a writeup of my research...

The vulnerability of the monitoring tool for VMware Aria Operations, related to errors in privilege management, allows a perpetrator to escalate their privileges.

The vulnerability of the monitoring tool for VMware Aria Operations is related to errors in privilege management. Exploiting this vulnerability can allow an attacker to enhance their privileges...

The vulnerabilities of the functions mtk_topckgen_init(), mtk_infrasys_init_early(), and mtk_infrasys_init() of the clk-mt6797 component in Linux operating systems allow a hacker to cause a service failure.

The vulnerabilities of the functions mtktopckgeninit, mtkinfrasysinitearly, and mtkinfrasysinit of the clk-mt6797 kernel component in Linux operating systems are related to pointer arithmetic errors. Exploiting these vulnerabilities can allow attackers to cause system failures...

ROS-20241129-02

A vulnerability in the openvswitch component of the Linux operating system kernel is related to incorrect input validation in the parseicmpv6 function in net/openvswitch/flow.c. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the cppccpufr...

CVE-2023-52922 can: bcm: Fix UAF in bcm_proc_show()

In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcmprocshow BUG: KASAN: slab-use-after-free in bcmprocshow+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 230 Hardwar...

Security update for postgresql15

This update for postgresql15 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

Security update for postgresql14

This update for postgresql14 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

Security update for postgresql15

This update for postgresql15 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

Mageia: Security Advisory (MGASA-2024-0375)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...