Open WebUI 安全漏洞

Open WebUI is an extensible, feature-rich, user-friendly self-hosted WebUI from Open WebUI Open Source. A security vulnerability exists in Open WebUI version v10, which stems from improper path cleanup and could lead to unauthorized directory access...

UBUNTU-CVE-2022-49628

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix leaks in probe These two error paths should clean up before returning...

SUSE CVE-2024-47693

In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix ibcachesetupone error flow cleanup When ibcacheupdate return an error, we exit ibcachesetupone instantly with no proper cleanup, even though before this we had already successfully done gidtablesetupone, that results...

UBUNTU-CVE-2024-47688

In the Linux kernel, the following vulnerability has been resolved: driver core: Fix a potential null-ptr-deref in moduleadddriver Inject fault while probing of-fpga-region, if kasprintf fails in moduleadddriver, the second sysfsremovelink in exit path will cause null-ptr-deref as below because...

OESA-2024-2107 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: ibmvnic: don't release napi in ibmvnicopen If ibmvnicopen encounters an error such as when setting link state, it calls releaseresources which frees the napi...

DEBIAN-CVE-2024-40942

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of meshpreqqueue objects The hwmp code use objects of type meshpreqqueue, added to a list in ieee80211ifmesh, to keep track of mpath we need to resolve. If the mpath gets deleted, ex mesh interface ...

LoLLMs Security Vulnerabilities

LoLLMs is a Web UI for a large language multimodal system by the individual developer Saifeddine ALOUI. A security vulnerability exists in LoLLMs version 9.5, which stems from insufficient path cleanup and vulnerability to local file inclusion attacks...

SUSE CVE-2023-52730

In the Linux kernel, the following vulnerability has been resolved: mmc: sdio: fix possible resource leaks in some error paths If sdioaddfunc or sdioinitfunc fails, sdioremovefunc can not release the resources, because the sdio function is not presented in these two cases, it won't call ofnodeput...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the nfsdrename function incorrectly cleaning up paths...

SUSE CVE-2021-47104

In the Linux kernel, the following vulnerability has been resolved: IB/qib: Fix memory leak in qibusersdmaqueuepkts The wrong goto label was used for the error case and missed cleanup of the pkt allocation. Addresses-Coverity-ID: 1493352 "Resource leak"...

WordPress Plugin Awesome Support Access Control Error Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. An Access Control Error vulnerability exist...

node-static 路径遍历漏洞

node-static is an rfc 2616 compliant HTTP static file server module with built-in caching. A security vulnerability exists in node-static due to improper file path cleanup in the startsWith method of the servePath function...

CVE-2022-33748

lock order inversion in transitive grant copy handling As part of XSA-226 a missing cleanup call was inserted on an error handling path. While doing so, locking requirements were not paid attention to. As a result two cooperating guests granting each other transitive grants can cause locks to be...

Ingress-nginx 安全漏洞

Ingres is a database system at the University of California, Berkeley University. Ingress-nginx has a security vulnerability that stems from the ability to bypass path cleanup using the logformat directive...

vaadin:flow-server 输入验证错误漏洞

Vaadin flow is a software application.The Vaadin platform is a Java framework for building modern websites that look great, perform well and keep you and your users happy. A security vulnerability exists in vaadin:flow-server that stems from improper path cleanup in the default RouteNotFoundError...