SUSE SLES12 Security Update : kernel (SUSE-SU-2024:3566-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:3566-1 advisory. The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: -...

The vulnerability of Microsoft Windows operating system consoles allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft Windows operating system consoles relates to errors in processing input data. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user downloads a specially crafted MSC file...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel. Attackers have exploited the vulnerability to cause tagging errors and unauthorized writes...

SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings

The error rendering code from the parser would panic when handling failed parsing of queries where the error occurred when converting an empty string to a SurrealDB value. This would be the case when casting an empty string to a record, duration or datetime, as well as potentially when parsing an...

GHSA-QJRV-V6QP-X99X SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings

The error rendering code from the parser would panic when handling failed parsing of queries where the error occurred when converting an empty string to a SurrealDB value. This would be the case when casting an empty string to a record, duration or datetime, as well as potentially when parsing an...

DEBIAN-CVE-2024-8925

In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, erroneous parsing of multipart form data contained in an HTTP POST request could lead to legitimate data not being processed. This could lead to malicious attacker able to control part of the submitted data being able to...

PT-2024-6726

Name of the Vulnerable Software and Affected Versions: Windows Kernel affected versions not specified Description: An elevation-of-privilege vulnerability exists within the Windows kernel due to synchronization errors when a shared resource is used. Successful exploitation of this issue may allow...

PT-2024-6835 · Microsoft · Defender For Endpoint For Linux

Name of the Vulnerable Software and Affected Versions: Microsoft Defender for Endpoint for Linux affected versions not specified Description: The issue is related to errors in handling relative directory paths, which can be exploited to conduct spoofing attacks. Recommendations: At the moment,...

The vulnerability of the kernel component of the Linux operating system, which allows a hacker to cause a service failure

The vulnerability of the kernel component of the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the iommu/arm-smmu-v3 component of the Linux operating system, which allows a hacker to trigger a service failure.

The vulnerability of the iommu/arm-smmu-v3 component in the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the iommu/vt-d component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the iommu/vt-d component in the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the microprogrammed software in Rockwell Automation’s CompactLogix, ControlLogix, and GuardLogix programmable logic controllers allows a intruder to trigger a service failure.

The vulnerability of the microprogrammed software in Rockwell Automation’s CompactLogix, ControlLogix, and GuardLogix controllers is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to cause malfunctions in the system from a remote location...

Microsoft Edge browser’s vulnerability, related to errors in data type mixing, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Edge is related to type conversion errors. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...

The vulnerability of the C++ Botan cryptographic library, related to incorrect certificate verification, allows attackers to influence the integrity of the system.

The vulnerability of the C++ Botan cryptographic library is related to errors in the certificate validation process. Exploiting this vulnerability could allow a malicious actor to influence the integrity of the system remotely...

OpenTofu potential leaking of secret variable values when using static evaluation in v1.8

Impact Users who have opted into static evaluation of module sources, versions, and backend configurations may be at risk of exposing sensitive variables and locals. This is a workflow that should not be possible and explicitly show errors. Workarounds Check that you are not using sensitive...

GHSA-WPR2-J6GR-PJW9 OpenTofu potential leaking of secret variable values when using static evaluation in v1.8

Impact Users who have opted into static evaluation of module sources, versions, and backend configurations may be at risk of exposing sensitive variables and locals. This is a workflow that should not be possible and explicitly show errors. Workarounds Check that you are not using sensitive...

The vulnerability of the microprogrammed software in Rockwell Automation’s CompactLogix, ControlLogix, GuardLogix, and Communication Module 1756-EN4 systems allows a intruder to trigger a service failure.

The vulnerability of the microprogrammed software in Rockwell Automation’s CompactLogix, ControlLogix, GuardLogix, and Communication Module 1756-EN4 is related to errors in processing input data. Exploiting this vulnerability can allow an attacker to cause malfunctions in the system remotely...

The vulnerability of the vlapic_error function in Xen hypervisors allows a perpetrator to trigger a service failure.

The vulnerability of the vlapicerror function in supervisors is related to access control errors. Exploiting this vulnerability could allow a malicious actor to cause service failures...

ROS-20241001-13

A vulnerability in the Botan C++ cryptographic library is related to asymmetric resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service A vulnerability in the C++ Botan cryptographic library is related to errors in parsing...

ROS-20241002-05

A vulnerability in the PWM PWM device driver of the Linux kernel operating system is related to reading memory outside of the allocated buffer. Exploitation of the vulnerability could allow An intruder can affect confidentiality, integrity and availability of protected information Vulnerability o...