Remotely exploitable Denial of Service in Tonic

Impact When using tonic::transport::Server there is a remote DoS attack that can cause the server to exit cleanly on accepting a tcp/tls stream. This can be triggered via causing the accept call to error out with errors there were not covered correctly causing the accept loop to exit. More...

Synology DiskStation Manager Credentials Management Errors (CVE-2010-3684)

The FTP authentication module in Synology Disk Station 2.x logs passwords to the web application interface in cases of incorrect login attempts, which allows local users to obtain sensitive information by reading a log, a different vulnerability than CVE-2010-2453. This plugin only works with...

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers allows attackers to execute arbitrary code.

The vulnerability of JavaScript script handlers in Microsoft Edge and Google Chrome browsers is related to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created HTML page from a remote location...

The vulnerability of the Blink web browser component in Google Chrome, which allows a hacker to access confidential data

The vulnerability of the Blink web browser component in Google Chrome is related to authentication errors. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data through a specially created HTML page...

The vulnerability of the RDMA/hns component of the Linux operating system allows for a malfunction to occur, leading to service failure.

The vulnerability of the RDMA/hns component of the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the arm64/mm component of the Linux operating system’s kernel allows for a denial-of-service attack to be initiated.

The vulnerability of the arm64/mm component in the Linux operating system’s kernel is related to improper handling of memory allocation errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the dp_aux_cmd_fifo_tx() function in the Linux kernel component allows for a denial-of-service attack to be triggered.

The vulnerability of the dpauxcmdfifotx function in the Linux kernel component is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause a service failure...

OPENSUSE-SU-2024:0319-1 Security update for coredns

This update for coredns fixes the following issues: Update to version 1.11.3: optimize the performance for high qps 6767 bump deps Fix zone parser error handling 6680 Add alternate option to forward plugin 6681 fix: plugin/file: return error when parsing the file fails 6699 fix:documentation...

CVE-2024-46847 mm: vmalloc: ensure vmap_block is initialised before adding to queue

In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmapblock is initialised before adding to queue Commit 8c61291fd850 "mm: fix incorrect vbq reference in purgefragmentedblock" extended the 'vmapblock' structure to contain a 'cpu' field which is set at...

CVE-2024-46847 mm: vmalloc: ensure vmap_block is initialised before adding to queue

In the Linux kernel, the following vulnerability has been resolved: mm: vmalloc: ensure vmapblock is initialised before adding to queue Commit 8c61291fd850 "mm: fix incorrect vbq reference in purgefragmentedblock" extended the 'vmapblock' structure to contain a 'cpu' field which is set at...

TestLink 安全漏洞

TestLink is a suite of open source software from the TestLink team for managing the software testing process and providing statistical analysis. A security vulnerability exists in TestLink version 1.9.20 that stems from the application not checking user permissions, resulting in an access control...

The vulnerability of the SAE H2E authentication protocol implementation in the embedded operating system OpenWrt allows a hacker to downgrade the version of the authentication protocol used.

The vulnerability of the SAE H2E authentication protocol implementation in the embedded operating system OpenWrt is related to errors in processing input data. Exploiting this vulnerability can allow a malicious actor to downgrade the version of the authentication protocol used...

kernel: usb-storage: alauda: Check whether the media is initialized

In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alaudainfo will remain 0 if alaudainitmedia fails, potentially causing divide errors in alaudareaddata and alaudawritelba. - Add a membe...

kernel: nvme-tcp: fix UAF when detecting digest errors

A use-after-free vulnerability was found in the Linux kernel in drivers/nvme/host/tcp.c in nvmetcpiowork. This issue can occur when a local user continues to read data after the connection finishes. This flaw allows a malicious user to cause a use-after-free problem...

kernel: usb-storage: alauda: Check whether the media is initialized

In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Check whether the media is initialized The member "uzonesize" of struct alaudainfo will remain 0 if alaudainitmedia fails, potentially causing divide errors in alaudareaddata and alaudawritelba. - Add a membe...

kernel: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create

A flaw was found in the Linux kernel in which a system crash can occur if there are certain errors establishing RPC-over-RDMA connections...

The vulnerability of the `rpmsg_ctrldev_release_device` function in the `lib/debugobjects.c` file of the Linux kernel allows a hacker to trigger a service failure.

The vulnerability of the rpmsgctrldevreleasedevice function in the lib/debugobjects.c file of the Linux kernel is caused by synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to trigger a service failure...

ROS-20240924-04

A vulnerability in the fastrpc component of the Linux operating system kernel is related to race conditions after a memory release. Exploitation of the vulnerability could allow an attacker to affect the confidentiality, integrity, and availability A vulnerability in the usbsubmiturb function of...

The vulnerability of the io_uring component in the Linux operating system’s kernel, related to memory release errors, allows for a malfunction that can lead to service failure.

The vulnerability of the iouring component in the Linux operating system’s kernel is related to memory release errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Microsoft SQL Server database management system, related to numerical truncation errors, allows an attacker to gain unauthorized access to protected information or cause service failures.

The vulnerability of the Microsoft SQL Server database management system is related to numerical truncation errors. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information or cause service failures...