The vulnerability of the phylib component in the Linux operating system’s kernel allows a hacker to gain elevated privileges within the system.

The vulnerability of the phylib component in the Linux operating system’s kernel is related to memory-related errors after deallocation. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

PT-2024-34638 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further...

ARM多款产品 安全漏洞

The ARM Cortex-A77, among others, is a central processing unit from the British company ARM. A security vulnerability exists in various Arm products, which stems from the possibility that memory accesses may be incorrectly converted. The following products are affected: ARM Cortex-A77, ARM...

PT-2024-9423 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a Lightweight Directory Access Protocol LDAP client remote code execution. It is caused by synchronization errors when using a shared resource. This allows a remote...

PT-2024-9528 · Microsoft · Windows Cloud Files Mini Filter Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Cloud Files Mini Filter Driver affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver, which is associated with synchronization errors...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems arises from errors in system configuration or settings, allowing unauthorized access by attackers to protected information.

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to errors in system settings or configuration. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

PT-2024-36966

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description A vulnerability in the Linux kernel has been resolved, related to the ALSA control, where the use of WARN for showing symlink creation errors was downgraded to dev err to avoid confusing fuzzer...

The vulnerability of Documenso’s digital signature software lies in errors in the user interface’s information presentation, which allows attackers to perform spoofing attacks.

The vulnerability of Documenso’s digital signature software is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spoofing attacks...

firefox: thunderbird: Unhandled Exception in Add-on Signature Verification

The Mozilla Foundation's Security Advisory: The application can fail to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw is triggered by an invalid or unsupported extension manifest and could cause runtime errors that disrupt the...

GHSA-MWCW-C2X4-8C55 Predictable results in nanoid generation when given non-integer values

When nanoid is called with a fractional value, there were a number of undesirable effects: 1. in browser and non-secure, the code infinite loops on while size-- 2. in node, the value of poolOffset becomes fractional, causing calls to nanoid to return zeroes until the pool is next filled 3. if the...

The vulnerability of the channel_request_lookahead() function in the WSGI server for Python Waitress allows a attacker to send hidden HTTP requests (HTTP Request Smuggling attack).

The vulnerability of the channelrequestlookahead function in the WSGI server for Python Waitress is related to synchronization errors when using shared resources due to inconsistent interpretation of HTTP requests. Exploiting this vulnerability allows a remote attacker to send hidden HTTP request...

The vulnerability of the Qlik Sense Enterprise data analysis platform, related to errors in processing input data from higher-level components, allows a perpetrator to execute arbitrary code.

The vulnerability of the Qlik Sense Enterprise data analysis platform is related to errors in processing input data from higher-level components. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by creating specially crafted connection objects remotely...

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems arises from errors in system configuration or setup. This vulnerability allows attackers to gain unauthorized access to application configuration information.

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to errors in system configuration or setup. Exploiting this vulnerability can allow an attacker to gain unauthorized access to application...

The vulnerability of the application for launching Puppet Agent, related to resource management errors, allows a hacker to trigger a service failure.

The vulnerability of the application for launching Puppet Agent is related to resource management errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the ar5523 component in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the ar5523 component in the Linux operating system is related to errors in resource management within the ar5523probe function. Exploiting this vulnerability can allow an attacker to cause a service failure...

PT-2024-10289 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to an elevation of privilege vulnerability in Microsoft Edge, which is based on Chromium. This vulnerability can be exploited by a remote attacker...

The vulnerability of the de4x5 component in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of DRM/MSM/A6XX components in the Linux operating system is related to errors in reading data beyond the memory boundaries. Exploiting this vulnerability can allow an attacker to cause a service failure...

Security update for postgresql14

This update for postgresql14 fixes the following issues: CVE-2024-10976: Ensure cached plans are marked as dependent on the calling role when RLS applies to a non-top-level table reference bsc1233323. CVE-2024-10977: Make libpq discard error messages received during SSL or GSS protocol negotiatio...

DRUPAL-CONTRIB-2024-067

This module enables you to authenticate users through an Identity Provider IdP or OAuth Server, allowing them to log in to your Drupal site. The module does not sufficiently escape query parameters sent to the callback URL when displaying error messages, particularly if the code parameter is...

ROS-20241204-01

A vulnerability in the libstub component of the Linux kernel is related to the use of an uninitialized resource in the uninitialized resource in the efifree function in drivers/firmware/efi/libstub/fdt.c. Exploitation of the of the vulnerability could allow an attacker to cause a denial of servic...