pcworld
pcworld
This report assumes that NOVA's protection features are enabled (`nova.metadata_csum=1 nova.data_csum=1 nova.data_parity=1`). When writing to a file and crashing during nova_extend_inode_log, this can result in the file becoming unwritable after...
NOVA's function `memcpy_to_pmem_nocache` is commonly used in NOVA, and is defined as follows: https://github.com/NVSL/linux-nova/blob/587e25223ee415ccd1a7a831d95f7ccfa51b0259/fs/nova/nova.h#L259-L267 The naming seems to imply that this function guarantees the cache to be bypassed and thus...
When creating a file with 2 links, then unlinking it and crashing during `memcpy_to_pmem_nocache` in `nova_update_alter_entry` (
If starttls is used and TLS connection fails, node-ldapauth-fork falls back to plaintext communication, as it does not handle the errors provided by ldapjs properly. This allows an active attacker...
As of Etherpad 1.8.7 (and possibly earlier), the authorize hook did not seem to be called anymore. According to the documentation, it is not called for admin paths, and recent...
Using the Go build from 2023-12-27. I got an invite to a Signal room. As the bridge does not yet support relaying room invites, I joined the room via signal-cli....
I use mautrix-signal as my main client, I do not use an official Signal app. I originally set up my account via signal-cli, and then linked the Signal bridge to...
Using textContent instead of appending to HTML ensures that escaped HTML characters stay escaped. Fixes issue #88
The injector first extracts the DOM *text representation*, then inserts it into _HTML_: https://github.com/davatron5000/Lettering.js/blob/d06bb733823a6fa76e11a09d24849d066a1566aa/jquery.lettering.js#L20 Thus even when the server properly escapes user input, calling lettering on these DOM nodes converts...
Dark chat can be enabled by adding `?darkpopout` to the chat URL ([source](https://discuss.dev.twitch.tv/t/embedding-twitch-chat-in-dark-mode/5883/4)). Would be useful to have this as an option.