ROS-20240924-03

Vulnerability of the ice component of the Linux kernel is related to the NULL pointer dereferencing in the kzalloc. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability of the arm64/mm component of the Linux kernel is related to incorrect handling o...

The vulnerability of the PCI DeviceHandler component in the cross-platform hypervisor Xen allows a perpetrator to influence the confidentiality, integrity, and accessibility of the system.

The vulnerability of the cross-platform hypervisor component PCI DeviceHandler is related to errors in the program code. Exploiting this vulnerability allows a malicious actor to influence the confidentiality, integrity, and accessibility of the system...

The vulnerability of the reweight_entity() function in the sched component of the Linux operating system’s kernel allows for a failure to occur due to synchronization errors when using shared resources, potentially leading to service failures.

The vulnerability of the reweightentity function in the sched component of the Linux operating system’s kernel is related to synchronization errors when using shared resources. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the kernel component of the Linux operating system, related to memory release errors, allows for a malfunction that can lead to service failure.

The vulnerability of the kernel component of the Linux operating system is related to memory release errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit, related to state management errors, allows attackers to access confidential data.

The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit is related to state management errors. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...

The vulnerability of the QEMU hardware emulation software, related to synchronization errors, allows a perpetrator to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the QEMU hardware emulation software is related to synchronization errors. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service failures...

The vulnerability of Microsoft Visio graphic editors, Microsoft Office programs, and 365 Apps for Enterprise, related to access control errors, allows a perpetrator to perform arbitrary actions.

The vulnerability of Microsoft Visio graphic editors, Microsoft Office programs, and 365 Apps for Enterprise is related to access control errors. Exploiting this vulnerability allows an attacker to execute arbitrary code, provided that the user opens a specially crafted file...

The vulnerability of the HTMLDOC document conversion tool, related to pointer assignment errors, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the HTMLDOC document conversion tool is related to pointer assignment errors. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and even cause service failures through a specially created HTML page...

Citrix Director - Troubleshoot Monitor data source errors

Director reports Monitor data source errors...

The vulnerability of the WPE WebKit and WebKitGTK web page rendering modules, related to resource release errors, allows attackers to compromise data integrity.

The vulnerability of the WPE WebKit and WebKitGTK page rendering modules is related to errors during resource release. Exploiting this vulnerability allows a remote attacker to compromise data integrity...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an inability to handle page errors in addresses, resulting in out-of-bounds...

The vulnerability of the add_option() function in the ISC DHCP configuration program allows a attacker to cause a service failure.

The vulnerability of the addoption function in the ISC DHCP configuration program is related to pointer dereferencing errors. Exploiting this vulnerability could allow a remote attacker to cause a service failure...

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2024, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 are related to synchronization errors when using shared resources. These vulnerabilities allow attackers to execute arbitrary code.

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2024, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 are related to synchronization errors when using a shared resource. Exploiting these...

mozilla: Garbage collection could mis-color cross-compartment objects in OOM conditions

The Mozilla Foundation's Security Advisory: The JavaScript garbage collector could mis-color cross-compartment objects if OOM conditions were detected at the right point between two passes. This could have led to memory corruption...

ROS-20240919-02

Vulnerability of the reweightentity function of the sched component of the Linux operating system kernel is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to impact confidentiality, integrity, and availability. A...

ROS-20240919-03

A vulnerability in the nommu component of the Linux operating system kernel is related to memory freeing errors. Exploitation of the vulnerability could allow an attacker to cause a denial of service A vulnerability in the drm component of the Linux kernel is related to NULL pointer dereferencing...

The vulnerability of the SAML library for Ruby SAML and the Git-based software platform, which is used for collaborative code development on GitLab, allows for an increase in privileges.

The vulnerability of the SAML library for Ruby SAML applications and the Git-based software platform for collaborative code development on GitLab is related to errors in verifying the cryptographic signature. Exploiting this vulnerability could allow a malicious actor to increase their privileges...

AZL-67833 CVE-2024-46733 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve leaks in cowfilerange In the buffered write path, the dirty page owns the qgroup reserve until it creates an orderedextent. Therefore, any errors that occur before the orderedextent is created must free...

CVE-2024-46753

In the Linux kernel, the following vulnerability has been resolved: btrfs: handle errors from btrfsdecref properly In walkupproc we BUGONret from btrfsdecref. This is incorrect, we have proper error handling here, return the error...

CVE-2024-46733 btrfs: fix qgroup reserve leaks in cow_file_range

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve leaks in cowfilerange In the buffered write path, the dirty page owns the qgroup reserve until it creates an orderedextent. Therefore, any errors that occur before the orderedextent is created must free...