206 matches found
GHSA-MG8J-W93W-XJGC Drupal Full Path Disclosure
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...
Drupal Full Path Disclosure
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...
CVE-2024-45440
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...
CVE-2024-45440
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist...
CVE-2024-45440
Summary: CVE-2024-45440 affects Drupal 11.x-dev, where core/authorize.php can disclose full file paths when hash_salt is set to file_get_contents of a non-existent file. Affected components: Drupal 11.x-dev, core/authorize.php. Root cause (as stated): hash_salt evaluated via file_get_contents of ...
kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not check the return value of fcrportcreate which can return NULL and would cause a NULL pointer dereference. Address this issue by checki...
kernel: scsi: libfc: Fix potential NULL pointer dereference in fc_lport_ptp_setup()
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix potential NULL pointer dereference in fclportptpsetup fclportptpsetup did not check the return value of fcrportcreate which can return NULL and would cause a NULL pointer dereference. Address this issue by checki...
Error: "Could Not Logon. Verify your credentials and network connectivity" and "Service unavailable"
Application enumeration fails when the StoreFront server is connected through Access Gateway Enterprise Edition and iOS Receiver 5.7.x for iPad/iPhone. The following error messages are displayed: “Could Not Logon. Verify your credentials and network connectivity.” "Could Not Logon. Service...
SUSE CVE-2024-38552
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer...
DEBIAN-CVE-2024-38552
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the number of transfer...
SUSE-SU-2024:1525-1 Security update for SUSE Manager Salt Bundle
This update fixes the following issues: venv-salt-minion: - CVE-2024-22231: Prevent directory traversal when creating syndic cache directory on the master bsc1219430 - CVE-2024-22232: Prevent directory traversal attacks in the master's servefile method bsc1219431 - Convert oscap output to UTF-8 -...
CVE-2023-52532
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...
CVE-2023-52532
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...
CVE-2023-52532
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...
CVE-2023-52532 net: mana: Fix TX CQE error handling
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...
CVE-2023-52532 net: mana: Fix TX CQE error handling
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type probably from a newer hardware, still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors can be triggered by...
CVE-2024-23448
APM Server vulnerability CVE-2024-23448: when Elasticsearch returns a failure while indexing a document, the response may be logged at ERROR level and could include parts of the original document, potentially exposing sensitive data in APM Server logs. Affected product: APM Server (Elastic). Root...
Log Injection
pyload-ng is vulnerable to Log Injection. The vulnerability is caused due to a lack of validation while logging an error in apiblueprint.py and appblueprint.py. An attacker can corrupt log files exploiting this vulnerability...
Duplicate Advisory: Race Condition leading to logging errors
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hjp3-5g2q-7jww. This link is maintained to preserve external references. Original Description A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries...
CVE-2023-52267
ehttp 1.0.6 before 17405b9 has a simplelog.cpp log out-of-bounds-read during error logging for long strings...