CVE-2023-54139

In the Linux kernel, the following vulnerability has been resolved: tracing/userevents: Ensure write index cannot be negative The write index indicates which event the data is for and accesses a per-file array. The index is passed by user processes during write calls as the first 4 bytes. Ensure...

CVE-2023-54139 tracing/user_events: Ensure write index cannot be negative

In the Linux kernel, the following vulnerability has been resolved: tracing/userevents: Ensure write index cannot be negative The write index indicates which event the data is for and accesses a per-file array. The index is passed by user processes during write calls as the first 4 bytes. Ensure...

CVE-2023-54139

The CVE-2023-54139 entry concerns the Linux kernel component tracing/user_events. The vulnerability arises from a write() path where the event write index, supplied by user data as the first 4 bytes, can be negative, leading to out-of-bounds access to a per-file event array. The root cause is imp...

PT-2025-53216

In the Linux kernel, the following vulnerability has been resolved: tracing/user events: Ensure write index cannot be negative The write index indicates which event the data is for and accesses a per-file array. The index is passed by user processes during write calls as the first 4 bytes. Ensure...

EUVD-2018-4366

Malware in sbrugna...

Announcing The Wordfence Audit Log: Off-Site Real-Time Security Event Logging for WordPress

Today the Wordfence team is proud to announce an exciting new feature: The Wordfence Audit Log, included in the Wordfence 8.0 release. The audit log captures and stores security-related events on your website as they happen, and sends them securely to an off-site location to protect them from...

DEBIAN-CVE-2024-43891

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENTFILEFLFREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would hav...

AZL-48692 CVE-2024-43891 affecting package kernel for versions less than 6.6.51.1-1

In the Linux kernel, the following vulnerability has been resolved: tracing: Have format file honor EVENTFILEFLFREED When eventfs was introduced, special care had to be done to coordinate the freeing of the file meta data with the files that are exposed to user space. The file meta data would hav...

SUSE CVE-2024-27067

In the Linux kernel, the following vulnerability has been resolved: xen/evtchn: avoid WARN when unbinding an event channel When unbinding a user event channel, the related handler might be called a last time in case the kernel was built with CONFIGDEBUGSHIRQ. This might cause a WARN in the handle...

BIT-MATTERMOST-2023-1775

When running in a High Availability configuration, Mattermost fails to sanitize some of the userupdated and postdeleted events broadcast to all users, leading to disclosure of sensitive information to some of the users with currently connected Websocket clients...

SUSE CVE-2018-12392

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

Access Restriction Bypass

Moodle is vulnerable to access restriction bypass. The calendar:manageentries capability are not restricted from accessing user level events, allowing user with manager role to edit user events...

CVE-2022-0333

A flaw was found in Moodle in versions 3.11 to 3.11.4, 3.10 to 3.10.8, 3.9 to 3.9.11 and earlier unsupported versions. The calendar:manageentries capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events...

Denial Of Service (DoS)

Mozilla Firefox is vulnerable to denial of service DoS attacks. The vulnerability exists in an unknown code of the component Nested Event Handler when manipulating user events in nested loops while opening a document through script resulting an application crash due to poor event handling...

Code injection

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

DEBIAN-CVE-2018-12392

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

CVE-2018-12392

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

Mozilla: Crash with nested event loops

When manipulating user events in nested loops while opening a document through script, it is possible to trigger a potentially exploitable crash due to poor event handling. This vulnerability affects Firefox 63, Firefox ESR 60.3, and Thunderbird 60.3...

Security vulnerabilities fixed in Thunderbird ESR 60.3 — Mozilla

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. Note: this issu...

Mozilla Firefox ESR < 60.3 Multiple Vulnerabilities (macOS)

The version of Mozilla Firefox ESR installed on the remote macOS host is prior to 60.3. It is, therefore, affected by multiple vulnerabilities : - During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the...