Jinja 安全漏洞

Jinja is a fast, expressive and extensible template engine open-sourced by Pallets. A security vulnerability exists in Jinja versions prior to 3.1.6, which stems from an attribute filter bypassing the sandbox and leading to the execution of arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2024-26933

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in port disable sysfs attribute The show and store callback routines...

Linux Distros Unpatched Vulnerability : CVE-2023-28708

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When using the RemoteIpFilter with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to https, session cookies creat...

WordPress WP Shortcodes Ultimate plugin <= 7.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via src Parameter vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via src Parameter vulnerability discovered by stealthcopter in WordPress Plugin Shortcodes Ultimate versions = 7.3.3...

ROS-20250303-06

The vulnerability of the ntfsreadmft function in the fs/ntfs3/inode.c module of the Linux kernel is related to the following issues lack of validation of allowed attribute sizes. Exploitation of the vulnerability could allow an attacker to cause a denial of service Vulnerability of mienumattr...

ROS-20250303-07

The vulnerability of the ntfsreadmft function in the fs/ntfs3/inode.c module of the Linux kernel is related to the following issues lack of validation of allowed attribute sizes. Exploitation of the vulnerability could allow an attacker to affect confidentiality, integrity and availability of...

CVE-2022-49374

In the Linux kernel, the following vulnerability has been resolved: tipc: check attribute length for bearer name syzbot reported uninit-value: ===================================================== BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:644 inline BUG: KMSAN: uninit-value in...

SUSE CVE-2024-52560

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Mark inode as bad as soon as error detected in mienumattr Extended the mienumattr function interface with an additional parameter, struct ntfsinode ni, to allow marking the inode as bad as soon as an error is detected...

DEBIAN-CVE-2024-52560

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Mark inode as bad as soon as error detected in mienumattr Extended the mienumattr function interface with an additional parameter, struct ntfsinode ni, to allow marking the inode as bad as soon as an error is detected...

SUSE CVE-2022-49259

In the Linux kernel, the following vulnerability has been resolved: block: don't delete queue kobject before its children kobjects aren't supposed to be deleted before their child kobjects are deleted. Apparently this is usually benign; however, a WARN will be triggered if one of the child kobjec...

SUSE CVE-2022-49329

In the Linux kernel, the following vulnerability has been resolved: vduse: Fix NULL pointer dereference on sysfs access The control device has no drvdata. So we will get a NULL pointer dereference when accessing control device's msgtimeout attribute via sysfs: 132.841881 T3644 BUG: kernel NULL...

SUSE CVE-2022-49374

In the Linux kernel, the following vulnerability has been resolved: tipc: check attribute length for bearer name syzbot reported uninit-value: ===================================================== BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:644 inline BUG: KMSAN: uninit-value in...

PT-2025-16804

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. This can result in such tags being marked as self-closing when...

CVE-2022-49406

In the Linux kernel, the following vulnerability has been resolved: block: Fix potential deadlock in blkiarangesysfsshow When being read, a sysfs attribute is already protected against removal with the kobject node active reference counter. As a result, in blkiarangesysfsshow, there is no need to...

DEBIAN-CVE-2022-49329

In the Linux kernel, the following vulnerability has been resolved: vduse: Fix NULL pointer dereference on sysfs access The control device has no drvdata. So we will get a NULL pointer dereference when accessing control device's msgtimeout attribute via sysfs: 132.841881 T3644 BUG: kernel NULL...

UBUNTU-CVE-2022-49418

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix free of uninitialized nfs4label on referral lookup. Send along the already-allocated fattr along with nfs4fslocations, and drop the memcpy of fattr. We end up growing two more allocations, but this fixes up a crash as:...

UBUNTU-CVE-2022-49339

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport init-annotated seg6hmacinit EXPORTSYMBOL and init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated init. The access to a fre...

UBUNTU-CVE-2022-49374

In the Linux kernel, the following vulnerability has been resolved: tipc: check attribute length for bearer name syzbot reported uninit-value: ===================================================== BUG: KMSAN: uninit-value in stringnocheck lib/vsprintf.c:644 inline BUG: KMSAN: uninit-value in...

DEBIAN-CVE-2021-47632

In the Linux kernel, the following vulnerability has been resolved: powerpc/setmemory: Avoid spinlock recursion in changepageattr Commit 1f9ad21c3b38 "powerpc/mm: Implement setmemory routines" included a spinlock to changepageattr in order to safely perform the three step operations. But then...

CVE-2021-47632

In the Linux kernel, the following vulnerability has been resolved: powerpc/setmemory: Avoid spinlock recursion in changepageattr Commit 1f9ad21c3b38 "powerpc/mm: Implement setmemory routines" included a spinlock to changepageattr in order to safely perform the three step operations. But then...