ROS-20260430-73-0011

Vulnerability in golang related to incorrect reference definition before accessing a file. Exploitation of the vulnerability may allow an attacker to escalate his privileges...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an incorrect reference when adjusting the of the time management mechanism. This could lead to...

GHSA-W87R-VG9Q-CRQM zx Uses Incorrectly-Resolved Name or Reference

When zx is invoked with --prefer-local=, the CLI creates a symlink named ./nodemodules pointing to /nodemodules. Due to a logic error in src/cli.ts linkNodeModules / cleanup, the function returns the target path instead of the alias symlink path. The later cleanup routine removes what it received...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect reduction of reference counts on the wrong path, which could lead to permanent locking of...

NASA Interplanetary Overlay Network 安全漏洞

NASA Interplanetary Overlay Network is a NASA implementation of a Delay/Disruption Tolerant Network DTN. A security vulnerability exists in NASA Interplanetary Overlay Network BPv7 version 4.1.3, which originates when a packet is received with an incorrect reference to the imc scheme that has a...

ROS-20240704-09

Vulnerability of the chronyd daemon implementation of Network Time Protocol NTP Chrony is related to incorrect reference definition before accessing a file in /var/run/chrony directory. Exploitation the vulnerability could allow an attacker to cause a denial of service by using a specially crafte...

CVE-2024-26957

In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects Tests with hot-plugging crytpo cards on KVM guests with debug kernel build revealed an use after free for the load field of the struct zcryptcard. The reason was an...

CVE-2024-26957 s390/zcrypt: fix reference counting on zcrypt card objects

In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects Tests with hot-plugging crytpo cards on KVM guests with debug kernel build revealed an use after free for the load field of the struct zcryptcard. The reason was an...

CVE-2024-26957

CVE-2024-26957 relates to the Linux kernel’s s390/zcrypt subsystem, where reference counting on zcrypt card objects was fixed to prevent a use-after-free of the zcrypt_card during hot-plug/probe/remove cycles. The issue could allow freeing a zcrypt card object while it is still in use, as demonst...

CVE-2024-26957 s390/zcrypt: fix reference counting on zcrypt card objects

In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects Tests with hot-plugging crytpo cards on KVM guests with debug kernel build revealed an use after free for the load field of the struct zcryptcard. The reason was an...

Use-After-Free

Firefox and Thunderbird are vulnerable to a use-after-free vulnerability. The vulnerability is due to incorrect reference counting, where assigning an AlignedBuffer to itself can lead to an incorrect reference count and subsequent use-after-free...

CVE-2024-3861

The Mozilla Foundation Security Advisory describes this flaw as: If an AlignedBuffer were assigned to itself, the subsequent self-move could result in an incorrect reference count and later use-after-free...

PT-2024-3939 · Microsoft · Azure Monitor Agent

Name of the Vulnerable Software and Affected Versions: Azure Monitor Agent affected versions not specified Description: The issue is related to an incorrect reference count before accessing a file, which can be exploited to elevate privileges using a specially crafted link. Recommendations: At th...

PT-2024-2889 · Microsoft · Azure Monitor Agent

Name of the Vulnerable Software and Affected Versions: Azure Monitor Agent affected versions not specified Description: The issue is related to an incorrect reference count before accessing a file, which can be exploited to elevate privileges. Recommendations: At the moment, there is no informati...

The vulnerability of the Microsoft Visual Studio software lies in the use of a name with an incorrect reference. This allows attackers to write arbitrary files into the system.

The vulnerability of the Microsoft Visual Studio software relates to the use of a name with an incorrect reference. Exploiting this vulnerability could allow a malicious actor to write arbitrary files into the system remotely...

The vulnerability of the Red Hat Ansible configuration management system lies in the incorrect handling of references before accessing files. This allows attackers to re-write any files they desire.

The vulnerability of the Red Hat Ansible configuration management system is related to an incorrect definition of the reference before accessing a file. Exploiting this vulnerability could allow an attacker to re-write any files they desire...

The vulnerability in the `libcontainer/rootfs_linux.go` component of the Runc tool for running isolated containers allows a attacker to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the libcontainer/rootfslinux.go component, a tool for running isolated containers in Runc, is related to the use of a name with an incorrect reference. Exploiting this vulnerability allows an attacker to access confidential data, compromise its integrity, and cause service...

The vulnerability of cloud-based software for creating and using Nextcloud data storage allows a hacker to induce a service failure.

The vulnerability of cloud-based software for creating and using Nextcloud storage solutions is related to the use of a name with an incorrect reference. Exploiting this vulnerability could allow a malicious actor to cause service failures...

K42745412: Linux kernel vulnerability CVE-2020-25221

Security Advisory Description getgatepage in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting caused by gate page mishandling of the struct page that backs the vsyscall page. The result is a refcount underflow. This can ...

The vulnerability of the configuration comparison function of the software tool for interacting with servers via CURL, related to the use of a name with an incorrect reference, allows attackers to access confidential data.

The vulnerability of the configuration comparison function of the software tool for interacting with servers via CURL is related to the comparison of paths without considering registrations. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...