197 matches found
[slackware-security] rsync
New rsync packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/rsync-3.4.0-i586-1slack15.0.txz: Upgraded. This is a security release, fixing several important security vulnerabilities: Heap Buffer...
CVE-2024-12086 Rsync: rsync server leaks arbitrary client files
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...
rsync -- Multiple security fixes
rsync reports: This update includes multiple security fixes: CVE-2024-12084: Heap Buffer Overflow in Checksum Parsing CVE-2024-12085: Info Leak via uninitialized Stack contents defeats ASLR CVE-2024-12086: Server leaks arbitrary client files CVE-2024-12087: Server can make client write files...
Rsync contains six vulnerabilities
Overview Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. Rsync can be used to sync files between remote and local computers, as well as storage devices. The discovered vulnerabilities include heap-buffer overflow, information leak,...
CVE-2024-53991 Potential Backup file leaked via Nginx in Discourse
Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use FileStore::LocalStore which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick...
Internet Bug Bounty: netrc and redirect credential leak
The netrc file in curl could lead to the unintentional leakage of a password to a different host when following HTTP redirects, if the netrc file had an entry matching the redirect target hostname but omitting either just the password or both login and password...
SUSE CVE-2024-47868
Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...
PYSEC-2024-217
Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...
PYSEC-2024-217
Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...
CVE-2024-47868 Several components’ post-process steps may allow arbitrary file leaks in Gradio
Gradio is an open-source Python package designed for quick prototyping. This is a data validation vulnerability affecting several Gradio components, which allows arbitrary file leaks through the post-processing step. Attackers can exploit these components by crafting requests that bypass expected...
SUSE CVE-2023-52909
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix handling of cached open files in nfsd4open codepath Commit fb70bf124b05 "NFSD: Instantiate a struct file when creating a regular NFSv4 file" added the ability to cache an open fd over a compound. There are a couple of...
CVE-2024-45190
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...
CVE-2024-45189
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request...
CVE-2024-45190 Mage AI pipeline interaction request remote arbitrary file leak
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Pipeline Interaction" request...
CVE-2024-45189 Mage AI git content request remote arbitrary file leak
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "Git Content" request...
CVE-2024-45189
Mage AI is affected by a path traversal vulnerability in the Git Content request that allows remote users with the Viewer role to leak arbitrary files from the Mage server. The issue is documented across multiple sources (CVE-2024-45189, related advisories) and is characterized by improper input ...
CVE-2024-45188 Mage AI file content request remote arbitrary file leak
Mage AI allows remote users with the "Viewer" role to leak arbitrary files from the Mage server due to a path traversal in the "File Content" request...
GHSA-R49H-6QXQ-624F Weave server API vulnerable to arbitrary file leak
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...
CVE-2024-7340 W&B Weave server remote arbitrary file leak and privilege escalation
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...
CVE-2024-7340 W&B Weave server remote arbitrary file leak and privilege escalation
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin...