nilfs2: propagate directory read errors from nilfs_find_entry()

...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: disallow timeout for anonymous sets CVE-2023-52620 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix oob in ntfslistxattr CVE-2023-52640 In the Linux kernel, th...

Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: 1-byte array overrun in common path resolve code CVE-2023-0568 php: Passwordverify always return true with some hash CVE-2023-0567 php: Missing error check and insufficient random bytes in...

PT-2024-34638 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further...

PT-2024-9423 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a Lightweight Directory Access Protocol LDAP client remote code execution. It is caused by synchronization errors when using a shared resource. This allows a remote...

ARM多款产品 安全漏洞

The ARM Cortex-A77, among others, is a central processing unit from the British company ARM. A security vulnerability exists in various Arm products, which stems from the possibility that memory accesses may be incorrectly converted. The following products are affected: ARM Cortex-A77, ARM...

PT-2024-9528 · Microsoft · Windows Cloud Files Mini Filter Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Cloud Files Mini Filter Driver affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver, which is associated with synchronization errors...

PT-2024-36966

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description A vulnerability in the Linux kernel has been resolved, related to the ALSA control, where the use of WARN for showing symlink creation errors was downgraded to dev err to avoid confusing fuzzer...

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

GHSA-MWCW-C2X4-8C55 Predictable results in nanoid generation when given non-integer values

When nanoid is called with a fractional value, there were a number of undesirable effects: 1. in browser and non-secure, the code infinite loops on while size-- 2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled 3. if the...

PT-2024-10289 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in Microsoft Edge, which is based on Chromium. This vulnerability can be exploited by a remote attacker...

Security update for postgresql14

This update for postgresql14 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

DRUPAL-CONTRIB-2024-067

This module enables you to authenticate users through an Identity Provider IdP or OAuth Server, allowing them to log in to your Drupal site. The module does not sufficiently escape query parameters sent to the callback URL when displaying error messages, particularly if the code parameter is...

ROS-20241204-01

A vulnerability in the libstub component of the Linux kernel is related to the use of an uninitialized resource in the uninitialized resource in the efifree function in drivers/firmware/efi/libstub/fdt.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of servic...

Cisco NX-OS Resource Management Errors (CVE-2013-1121)

The regex engine in the BGP implementation in Cisco NX-OS, when a complex regular expression is configured for inbound routes, allows remote attackers to cause a denial of service device reload via a crafted AS path set, aka Bug ID CSCuf49554. This plugin only works with Tenable.ot. Please visit...

Important: Red Hat Security Advisory: rhc-worker-playbook security update

An update for rhc-worker-playbook is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

Exploit for Integer Underflow (Wrap or Wraparound) in 7-Zip

CVE-2024-11477 Writeup This is a writeup of my research...