CVE-2023-52774

CVE-2023-52774 : In the Linux kernel (s390/dasd), the device queue could be accessed concurrently in dasd_profile_start(), allowing the queue to change while it is being read; this could trigger a kernel panic due to invalid pointer accesses when I/O is highly parallel (aliases). The root cause i...

CVE-2023-52774

In the Linux kernel, the following vulnerability has been resolved: s390/dasd: protect device queue against concurrent access In dasdprofilestart the amount of requests on the device queue are counted. The access to the device queue is unprotected against concurrent access. With a lot of parallel...

SUSE CVE-2024-35917

In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpfplt pointer arithmetic Kui-Feng Lee reported a crash on s390x triggered by the dummystops/dummyinitptrarg test 1: 0x2 bpfstructopstestrun+0x156/0x250 sysbpf+0xa1a/0xd00 s390xsysbpf+0x44/0x50 dosyscall+0x244/0x300...

DEBIAN-CVE-2024-35917

In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpfplt pointer arithmetic Kui-Feng Lee reported a crash on s390x triggered by the dummystops/dummyinitptrarg test 1: 0x2 bpfstructopstestrun+0x156/0x250 sysbpf+0xa1a/0xd00 s390xsysbpf+0x44/0x50 dosyscall+0x244/0x300...

CVE-2024-35917

In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpfplt pointer arithmetic Kui-Feng Lee reported a crash on s390x triggered by the dummystops/dummyinitptrarg test 1: 0x2 bpfstructopstestrun+0x156/0x250 sysbpf+0xa1a/0xd00 s390xsysbpf+0x44/0x50 dosyscall+0x244/0x300...

CVE-2024-35917 s390/bpf: Fix bpf_plt pointer arithmetic

In the Linux kernel, the following vulnerability has been resolved: s390/bpf: Fix bpfplt pointer arithmetic Kui-Feng Lee reported a crash on s390x triggered by the dummystops/dummyinitptrarg test 1: 0x2 bpfstructopstestrun+0x156/0x250 sysbpf+0xa1a/0xd00 s390xsysbpf+0x44/0x50 dosyscall+0x244/0x300...

GHSA-P8V3-M643-4XQX Directus allows redacted data extraction on the API through "alias"

Summary A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we change the request to ?aliasworkaround=redacted we can instead retrieve the...

Directus allows redacted data extraction on the API through "alias"

Summary A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we change the request to ?aliasworkaround=redacted we can instead retrieve the...

CVE-2024-34708 Directus allows redacted data extraction on the API through "alias"

Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return however if we...

PT-2024-26122 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.11.0 Description: A user with permission to view any collection using redacted hashed fields can access the raw stored version using the alias functionality on the API. Normally, these redacted fields return , bu...

mod_cluster/mod_proxy_cluster: Stored Cross site Scripting

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

DEBIAN-CVE-2023-51791

Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxlparser.c in genaliasmap...

UBUNTU-CVE-2023-51791

Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxlparser.c in genaliasmap...

CVE-2023-51791

Buffer Overflow vulenrability in Ffmpeg v.N113007-g8d24a28d06 allows a local attacker to execute arbitrary code via the libavcodec/jpegxlparser.c in genaliasmap...

FFmpeg 安全漏洞

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A buffer overflow vulnerability exists in FFmpeg version v.N113007-g8d24a28d06, which can be exploited by an attacker to execute arbitrary code via libavcodec/jpegxlparser.c in genaliasmap...

PT-2024-6572

Name of the Vulnerable Software and Affected Versions: Ffmpeg version N113007-g8d24a28d06 Description: The issue is related to a buffer overflow in the libavcodec/jpegxl parser.c file, specifically in the gen alias map function. This can allow a local attacker to execute arbitrary code, potential...

[SECURITY] Fedora 38 Update: podman-4.9.4-1.fc38

podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...

Heap Based Buffer Overflow

gtkwave is vulnerable to Heap Based Buffer Overflow. The vulnerability is due to insufficient bounds checking in the fstReaderIterBlocks2 chaintable parsing functionality using chaintable of FSTBLVCDATA and FSTBLVCDATADYNALIAS , allowing attackers to execute arbitrary code by crafting a specially...

mod_cluster/mod_proxy_cluster: Stored Cross site Scripting

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

mod_cluster/mod_proxy_cluster: Stored Cross site Scripting

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...