JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. JetBrains YouTrack suffers from a securit...

CVE-2023-43551 Improper Authentication in Multi-Mode Call Processor

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command...

SQL Injection

Meshery is vulnerable to SQL Injection. The vulnerability is due to improper handling of the sort query parameter in the GetAllEvents function, allowing for SQL injection through stacked queries and the ATTACH DATABASE command...

SQL Injection

Meshery is vulnerable to SQL Injection. The vulnerability is due to improper handling of the order query parameter in the GetMeshSyncResourcesKinds function, allowing for SQL injection through stacked queries and the ATTACH DATABASE command...

SUSE CVE-2023-52880

In the Linux kernel, the following vulnerability has been resolved: tty: ngsm: require CAPNETADMIN to attach NGSM0710 ldisc Any unprivileged user can attach NGSM0710 ldisc, but it requires CAPNETADMIN to create a GSM network anyway. Require initial namespace CAPNETADMIN to do that...

CVE-2024-35182 GHSL-2024-014 Meshery SQL Injection vulnerability

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.22 may lead to arbitrary file write by using a SQL injection stacked queries payload, and the...

Meshery 安全漏洞

Meshery is a software application. A multi-service grid management plane that provides lifecycle, configuration and performance management of service grids and their workloads. A security vulnerability exists in Meshery versions prior to 0.7.22, which stems from the presence of a SQL injection...

Meshery 安全漏洞

Meshery is a software application. A multi-service grid management plane that provides lifecycle, configuration and performance management of service grids and their workloads. A security vulnerability exists in Meshery versions prior to 0.7.22, which stems from the presence of a SQL injection...

SUSE CVE-2023-52702

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible memory leak in ovsmetercmdset oldmeter needs to be free after it is detached regardless of whether the new meter is successfully attached...

UBUNTU-CVE-2023-52702

In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix possible memory leak in ovsmetercmdset oldmeter needs to be free after it is detached regardless of whether the new meter is successfully attached...

PT-2024-29763

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability has been resolved in the Linux kernel related to the virtio-pci module. The issue involves the vp dev-is avq function being empty in certain installations, specifically...

CVE-2024-25512

RuvarOA v6.01 and v12.01 were discovered to contain a SQL injection vulnerability via the attachid parameter at /Bulletin/AttachDownLoad.aspx...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the attachid parameter in the /Bulletin/AttachDownLoad.aspx file against external SQL input. An attacker can exploit this...

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which is caused by the lack of validation of the emailattachid parameter in the /LHMail/AttachDown.aspx file against external SQL input. An attacker can exploit this...

PT-2024-20969 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the email attach id parameter at the "/LHMail/AttachDown.aspx" API endpoint. Recommendations: For...

SUSE CVE-2024-27073

In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budgetavattach When saa7146registerdevice and saa7146vvinit fails, budgetavattach should free the resources it allocates, like the error-handling of ttpcibudgetinit does. Besides, there are two...

DEBIAN-CVE-2022-48671

In the Linux kernel, the following vulnerability has been resolved: cgroup: Add missing cpusreadlock to cgroupattachtaskall syzbot is hitting percpurwsemassertheld&cpuhotpluglock warning at cpusetattach 1, for commit 4f7e7236435ca0ab "cgroup: Fix threadgrouprwsem cpusreadlock deadlock" missed tha...

SUSE CVE-2024-27079

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix NULL domain on device release In the kdump kernel, the IOMMU operates in deferredattach mode. In this mode, info-domain may not yet be assigned by the time the releasedevice function is called. It leads to the...

AZL-57758 CVE-2024-27079 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix NULL domain on device release In the kdump kernel, the IOMMU operates in deferredattach mode. In this mode, info-domain may not yet be assigned by the time the releasedevice function is called. It leads to the...

DEBIAN-CVE-2024-27073

In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budgetavattach When saa7146registerdevice and saa7146vvinit fails, budgetavattach should free the resources it allocates, like the error-handling of ttpcibudgetinit does. Besides, there are two...