passhash: Potential DoS due to PasswordPoliciesNotMet in errors.go

Summary: Possible DoS depending on amount of PasswordPolicyError instances that can be created in a short time type PasswordPoliciesNotMet struct UnMetPasswordPolicies PasswordPolicyError func e PasswordPoliciesNotMet Error string errorStrs := makestring, 0, lene.UnMetPasswordPolicies for , ppe :...

ROS-20240329-24

Vulnerability in Google Chrome browser's JavaScript script handler V8 is related to type mixing errors data types. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code...

ROS-20240329-04

ASP.NET Core software platform vulnerability is due to security configuration errors. Exploitation The exploitation of the vulnerability may allow an intruder to disclose protected information...

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird involve information representation errors in the user interface, allowing attackers to obtain user permissions.

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to information representation errors in the user interface. Exploiting these vulnerabilities can allow a remote attacker to obtain user permissions...

The vulnerability in the implementation of the NFS network file system server for FreeBSD and OpenBSD allows a hacker to execute arbitrary code with root privileges.

The vulnerability of the NFS network file system server implementation for FreeBSD and OpenBSD is related to errors in processing input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code with root privileges...

CVE-2021-47145

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON in linktofixupdir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 1 SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ 305...

UBUNTU-CVE-2021-47177

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in allociommu iommudevicesysfsadd is called before, so is has to be cleaned on subsequent errors...

CVE-2021-47171

CVE-2021-47171 corresponds to a memory-leak fix in the Linux kernel’s USB SMSC75xx driver (net/usb/smsc75xx.c). The vulnerability arises when errors after memory allocation leave non-freed memory in smsc75xx_bind, causing a memory leak in the kernel upon probe/bind. The MiracleLinux advisories co...

CVE-2021-47145

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON in linktofixupdir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 1 SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ 305...

PT-2024-2446 · Microsoft +1 · Azure-C-Shared-Utility +1

Name of the Vulnerable Software and Affected Versions: azure-c-shared-utility affected versions not specified Description: The azure-c-shared-utility library has a vulnerability related to the parameter checking mechanism, which can cause an integer wraparound, under-allocation, or heap buffer...

CVE-2021-47145

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUGON in linktofixupdir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 1 SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ 305...

OESA-2024-1306 golang security update

The Go Programming Language. Security Fixes: When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com...

The vulnerabilities of the modules of the central processor in microprogrammed logic controllers of the MELSEC-Q Series and MELSEC-L Series allow a hacker to execute arbitrary code.

The vulnerability of the modules of the central processor in microprogrammed logic controllers of the MELSEC-Q Series and MELSEC-L Series is related to errors during the scaling of indicators. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by sending a specially...

The vulnerability of the p2putil.c component in the iNet Wireless daemon allows a hacker to induce a service failure.

The vulnerability of the p2putil.c component in iNet Wireless allows for initialization errors to occur. Exploiting this vulnerability could enable a remote attacker to cause service interruptions...

The vulnerability of the Keycloak identity and access management software lies in implementation errors related to authentication procedures, allowing attackers to circumvent security restrictions.

The vulnerability of the Keycloak identity and access management software is related to errors in the implementation of authentication procedures. Exploiting this vulnerability can allow a malicious actor to circumvent security restrictions remotely...

The vulnerability of Windows Telephony operating systems allows attackers to increase their privileges.

The vulnerability of Windows Telephony operating systems involves synchronization errors when using shared resources. Exploiting this vulnerability can allow attackers to increase their privileges...

ROS-20240322-05

Vulnerability of REFRESH MATERIALIZED VIEW CONCURRENTLY function of PostgreSQL database management system is related to privilege management errors in processing and checking command line parameters. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary SQ...

AZL-35926 CVE-2023-6597 affecting package python3 for versions less than 3.12.3-1

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...

CVE-2023-6597

An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged...

CVE-2023-7236 Backup Bolt <= 1.3.0 - Sensitive Data Exposure

The Backup Bolt WordPress plugin through 1.3.0 is vulnerable to Information Exposure via the unprotected access of debug logs. This makes it possible for unauthenticated attackers to retrieve the debug log which may contain information like system errors which could contain sensitive information...