CVE-2024-11696

The application failed to account for exceptions thrown by the loadManifestFromFile method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the...

kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create

A flaw was found in the Linux kernel in which a system crash can occur if there are certain errors establishing RPC-over-RDMA connections...

The vulnerability of the Basic Authentication mechanism in the Mendix Runtime environment allows a perpetrator to circumvent existing security restrictions.

The vulnerability of the Basic Authentication mechanism in the Mendix Runtime environment is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow a malicious actor to circumvent existing security restrictions remotely...

The vulnerability of the fbdev component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the fbdev component in the Linux operating system’s kernel is related to the execution of operations outside the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to gain access to confidential information...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to type mixing errors. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of the Intel Alias Checking Trusted Module (Intel ACTM), a microprogramming software component for Intel’s 4th and 5th generation processors, allows attackers to exploit it to increase their privileges.

The vulnerability of the Intel Alias Checking Trusted Module Intel ACTM, a microprogramming software component of Intel’s 4th and 5th generation processors, is related to synchronization errors when using common resources. Exploiting this vulnerability can allow attackers to increase their...

The vulnerability of the routing protocol demon in Juniper Networks’ Junos OS and Junos OS Evolved systems allows a attacker to cause service interruptions.

The vulnerability of the routing protocol demon pdrd in Juniper Networks’ Junos OS and Junos OS Evolved systems is related to memory release errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions remotely...

The vulnerability of the software tools for accelerated video processing at the hardware level, the Intel Video Processing Library (VPL), is related to pointer dereferencing errors. This vulnerability allows an attacker to trigger a service failure.

The vulnerability of the software tools for accelerated video processing at the hardware level, the Intel Video Processing Library VPL, is related to pointer dereferencing errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

GHSA-MH2X-FCQH-FMQV @sveltejs/kit has unescaped error message included on error page

Summary The static error.html template for errors contains placeholders that are replaced without escaping the content first. Details From https://kit.svelte.dev/docs/errors: error.html is the page that is rendered when everything else fails. It can contain the following placeholders:...

CentOS 9 : kernel-5.14.0-533.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the kernel-5.14.0-533.el9 build changelog. - In the Linux kernel, the following vulnerability has been resolved: netfilter: nfrejectipv6: fix nfrejectip6tcphdrput syzbot reported...

The vulnerability of the hisi component in the Linux operating system allows a hacker to gain elevated privileges within the system.

The vulnerability of the hisi component in the Linux operating system’s kernel is related to memory management errors after deallocation. Exploiting this vulnerability can allow an attacker to gain elevated privileges within the system...

The vulnerability of the bttvremove() function in the drivers/media/pci/bt8xx/bttv-driver.c module of the Linux kernel’s bttv component allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the bttvremove function in the drivers/media/pci/bt8xx/bttv-driver.c module of the Linux kernel’s bttv component is related to errors that occur after freeing resources. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

PT-2024-9572 · Ibm · Ibm Watson Speech Services Cartridge For Ibm Cloud Pak For Data

Name of the Vulnerable Software and Affected Versions: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data versions 4.0.0 through 5.0.2 Description: The issue is caused by synchronization errors when using a shared resource, potentially allowing a remote attacker to cause a denial of...

OESA-2024-2468 postgresql security update

PostgreSQL is an advanced Object-Relational database management system DBMS. The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine a...

The vulnerability of the Native Client component of the Microsoft SQL Server database management system allows a hacker to execute arbitrary code.

The vulnerability of Native Client components in the Microsoft SQL Server database management system is related to numerical truncation errors. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software, as well as the FortiAnalyzer and FortiAnalyzer-BigData security event monitoring and analysis tools, allows a malicious actor to delete arbitrary files from the file system.

The vulnerability of the CLI command-line interface of the Fortinet FortiManager device management software, as well as the FortiAnalyzer and FortiAnalyzer-BigData event monitoring and analysis tools, is related to errors in processing the relative path to the directory. Exploiting this...

DEBIAN-CVE-2024-53093

In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within the controller's scanwork context. If a path error occurs here, the IO will wait until a path becomes available or all paths are...

CVE-2024-50189

In the Linux kernel, the following vulnerability has been resolved: HID: amdsfh: Switch to device-managed dmamalloccoherent Using the device-managed version allows to simplify clean-up in probe error path. Additionally, this device-managed ensures proper cleanup, which helps to resolve memory...

CVE-2024-53093 nvme-multipath: defer partition scanning

In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within the controller's scanwork context. If a path error occurs here, the IO will wait until a path becomes available or all paths are...

CVE-2024-50202

In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfsfindentry Syzbot reported that a task hang occurs in vcsopen during a fuzzing test for nilfs2. The root cause of this problem is that in nilfsfindentry, which searches for directo...