Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a competitive condition vulnerability that stems from nftables not releasing stream rule objects in a timely manner, which could lead to a memory leak...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP Financial Consolidation, SAP Landscape Transformation, SAP NetWeaver Application Server ABAP, SAP Commerce Cloud, SAP ERP BW, SAP BusinessObjects Business Intelligence Platform, SAP KMC WPC, SAP Solution Manager, SAP S4CORE, and SAP...

"Shifting Access Control Left" Using Asset and Goal Models

Access control needs have broad design implications, but access control specifications may be elicited before, during, or after these needs are captured. Because access control knowledge is distributed, we need to make knowledge asymmetries more transparent, and use expertise already available to...

CVE-2025-46398

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via readobjects function...

DEBIAN-CVE-2025-46398

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via readobjects function...

UBUNTU-CVE-2025-46398

Stack-overflow in fig2dev in version 3.2.9a allows an attacker possible code execution via local input manipulation via readobjects function...

CVE-2025-46398

In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via readobjects function...

[SECURITY] Fedora 40 Update: rpki-client-9.5-1.fc40

The OpenBSD rpki-client is a free, easy-to-use implementation of the Resource Public Key Infrastructure RPKI for Relying Parties RP to facilitate validation of the Route Origin of a BGP announcement. The program queries the RPKI repository system, downloads and validates Route Origin Authorisatio...

CVE-2025-32408

CVE-2025-32408 affects Soffid Console prior to 3.6.32 (specifically 3.6.31 and earlier). The root cause is mishandled authorization to use the PAM service, as described in multiple sources. The base CVSS score is low (2.5, LOCAL access, high attack complexity, no user interaction). Red Hat and ot...

CVE-2025-32408

In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled...

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in Oracle PeopleSoft's Enterprise PeopleTools versions 8.60, 8.61 and 8.62, Talent Acquisition Manager version 9.2 and Enterprise CC Common Application Objects version 9.2. The vulnerabilities in Oracle PeopleSoft's Enterprise PeopleTools, Talent Acquisition Manag...

CVE-2023-32197

A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5...

CVE-2023-32197 Rancher's External RoleTemplates can lead to privilege escalation

A Improper Privilege Management vulnerability in SUSE rancher in RoleTemplateobjects when external=true is set can lead to privilege escalation in specific scenarios.This issue affects rancher: from 2.7.0 before 2.7.14, from 2.8.0 before 2.8.5...

The Windows Registry Adventure #6: Kernel-mode objects

Posted by Mateusz Jurczyk, Google Project Zero Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design...

CVE-2025-30735

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Page and Field Configuration. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

Oracle PeopleSoft 安全漏洞

Oracle PeopleSoft is a suite of enterprise human capital management solutions from Oracle Corporation USA. The product provides human capital management, financial management, vendor relationship management, and other functions. A security vulnerability exists in Oracle PeopleSoft's PeopleSoft...

Enable Azure AD Joined Device Management Functional Limitations

After configuring "Enable Azure AD Joined Device Management" stale machine objects are not automatically removed from AAD. - Made a custom aad role with the following permissions: microsoft.directory/devices/standard/read microsoft.directory/devices/delete - Assigned this role to the spn we use...

Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow...

CVE-2024-52981

CVE-2024-52981 affects Elasticsearch: a recursive parser for Well-Known Text (WKT) with nested GeometryCollection objects can trigger a stack overflow, leading to DoS. Affected: Elasticsearch 7.17.0–7.17.23 and 8.0–8.15.0. Fixed in 7.17.24 and 8.15.1 or newer. CVSS/NVD indicates high impact on av...

CVE-2024-52981

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow...