58 matches found
Authentication Bypass
github.com/mattermost/mattermost-server is vulnerable to a Authentication Bypass. The vulnerability is due to inadequate cache management during the user-to-bot conversion process, which allows an attacker to log in to the bot once using the original user credentials by bypassing normal...
Drupal Cache Utility 跨站请求伪造漏洞
Drupal Cache Utility is a tool module for the Drupal community to manage and optimize the Drupal cache. A cross-site request forgery vulnerability exists in Drupal Cache Utility versions prior to 1.2.1 that stems from cross-site request forgery...
Linux Distros Unpatched Vulnerability : CVE-2024-42317
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/hugememory: avoid PMD-size page cache if needed xarray can't support arbitrary page cache size. the largest and supported page cache size is defined as...
CVE-2024-57941 netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix the non-cancellation of copy when cache is temporarily disabled When the caching for a cookie is temporarily disabled e.g. due to a DIO write on that file, future copying to the cache for that file is disabled until al...
Improper Cache Management
github.com/MicahParks/jwkset is vulnerable to Improper Cache Management. The vulnerability is due to the provided HTTP client's local JWK Set cache failing to perform a full replacement during refresh operations. This allows outdated or revoked keys to remain in the cache, posing a security risk...
PT-2025-49591
Name of the Vulnerable Software and Affected Versions pdns-recursor affected versions not specified Description An attacker can cause the software to fail due to an assertion failure. This is triggered by sending specially crafted DNS records, which are then cached, followed by a DNS query with t...
CBL Mariner 2.0 Security Update: kernel (CVE-2024-47737)
The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-47737 advisory. - In the Linux kernel, the following vulnerability has been resolved: nfsd: call cacheput if xdrreservespace...
CVE-2024-47737
In the Linux kernel, the following vulnerability has been resolved: nfsd: call cacheput if xdrreservespace returns NULL If not enough buffer space available, but idmaplookup has triggered lookupfn which calls cacheget and returns successfully. Then we missed to call cacheput here which pairs with...
Linux kernel 代码问题漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to properly free cache in the nfsd subsystem when xdrreservespace returns NULL, which could lead t...
CVE-2023-46837
Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes such as the ones during scrubbing have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the...
SAP NetWeaver AS Java Multiple Vulnerabilities (March 2023)
SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following: - Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directo...
CVE-2023-26460
Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity...
Authentication flaw
Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity...
CVE-2023-26460
The CVE-2023-26460 entry concerns the Cache Management Service of SAP NetWeaver Application Server for Java, version 7.50. The underlying issue is that this component does not perform authentication for functionalities that require user identity, enabling potential unauthorized operations. Affect...
CVE-2023-26460 Improper Access Control in SAP NetWeaver AS Java (Cache Management Service)
Cache Management Service in SAP NetWeaver Application Server for Java - version 7.50, does not perform any authentication checks for functionalities that require user identity...
PT-2023-16915
Name of the Vulnerable Software and Affected Versions RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description The issue is due to missing or incorrect nonce validation on the clear page cache function, making it possible for unauthenticated attacke...
SUSE-SU-2021:1498-1 Security update for samba
This update for samba fixes the following issues: - CVE-2021-20277: Fixed an out of bounds read in ldbhandlerfold bsc1183574. - CVE-2021-20254: Fixed a buffer overrun in sidstounixids bsc1184677. - CVE-2020-27840: Fixed an unauthenticated remote heap corruption via bad DNs bsc1183572. - Avoid...
SUSE-SU-2021:0109-1 Security update for libzypp, zypper
This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file bsc1050625 bsc1177583 - RepoManager: Force refresh if repo url has changed bsc1174016 - RepoManager: Carefully tidy up the...
Unbreakable Enterprise kernel security update
5.4.17-2036.100.6.1.el8uek - powercap: restrict energy meter to root access Kanth Ghatraju Orabug: 32040802 CVE-2020-8694 CVE-2020-8695 - KVM: ioapic: break infinite recursion on lazy EOI Vitaly Kuznetsov Orabug: 32066585 CVE-2020-27152 CVE-2020-27152 - x86/mitigations: Restore paranoid checks fo...
openSUSE Security Update : singularity (openSUSE-2020-1037)
This update for singularity fixes the following issues : - New version 3.6.0. This version introduces a new signature format for SIF images, and changes to the signing / verification code to address the following security problems : - CVE-2020-13845, boo1174150 In Singularity 3.x versions below...