23 matches found
SUSE CVE-2026-32759
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions on the 2.x branch prior to 2.33.8, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating th...
CVE-2026-32759
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions on the 2.x branch prior to 2.33.8, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating th...
CVE-2026-32759
File Browser CVE-2026-32759 affects versions 2.61.2 and earlier with a faulty TUS upload handler: Upload-Length is parsed as signed 64-bit without non-negative validation, allowing an authenticated user to supply a negative value that completes uploads on the first PATCH. This can trigger after_u...
CVE-2026-32759 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions on the 2.x branch prior to 2.33.8, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating th...
CVE-2026-32759
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating that the value is...
CVE-2026-32759 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions on the 2.x branch prior to 2.33.8, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating th...
CVE-2026-32759 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating that the value is...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to update the dentry cache after a failed rename operation when the directory depth value is...
CVE-2021-25837
Cosmos Network Ethermint = v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cach...
SUSE CVE-2022-40957
Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.This bug only affects Firefox on ARM64 platforms.. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
CVE-2022-40957
Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.This bug only affects Firefox on ARM64 platforms.. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
UBUNTU-CVE-2022-40957
Inconsistent data in instruction and data cache when creating wasm code could lead to a potentially exploitable crash.This bug only affects Firefox on ARM64 platforms.. This vulnerability affects Firefox ESR 102.3, Thunderbird 102.3, and Firefox 105...
AZL-9891 CVE-2022-30115 affecting package curl for versions less than 7.83.1-1
Using its HSTS support, curl can be instructed to use HTTPS directly insteadof using an insecure clear-text HTTP step even when HTTP is provided in theURL. This mechanism could be bypassed if the host name in the given URL used atrailing dot while not using one when it built the HSTS cache. Or th...
NestedFactory does not track operators properly
Lines of code Vulnerability details NestedFactory extends the MixinOperatorResolver contract which comes from the synthetix/MixinResolver.sol code base where the expectation is that isResolverCached returns false until rebuildCache is called and the cache is fully up to date. Due to a medium issu...
Other vulnerabilities exist in Ethermint
Due to the inconsistency between the storage cache cycle and the transaction processing cycle, storage changes caused by failed transactions are improperly retained in memory. Although dirty storage data is discarded at the EndBlock stage, it is still valid in the current block, which can lead to...
CVE-2021-25837
Cosmos Network Ethermint = v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cach...
CVE-2021-25836
Cosmos Network Ethermint = v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memorystateObject.code and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contrac...
Code injection
Cosmos Network Ethermint = v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cach...
CVE-2021-25837
Cosmos Network Ethermint = v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. Due to the inconsistency between the Storage caching cycle and the Tx processing cycle, Storage changes caused by a failed transaction are improperly reserved in memory. Although the bad storage cach...
CVE-2021-25836
Cosmos Network Ethermint = v0.4.0 is affected by cache lifecycle inconsistency in the EVM module. The bytecode set in a FAILED transaction wrongfully remains in memorystateObject.code and is further written to persistent store at the Endblock stage, which may be utilized to build honeypot contrac...