32 matches found
PT-2025-37290
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.0 through 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions 18.3 through 18.3.1 Description: An issue exists in GitLab CE/EE that could allow an authenticated user to disrupt background job...
CVE-2020-4059
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab CE/EE versions prior to 17.0 to...
CVE-2024-42081
In the Linux kernel, the following vulnerability has been resolved: drm/xe/xedevcoredump: Check NULL before assignments Assign 'xedevcoredumpsnapshot ' and 'xedevice ' only if 'coredump' is not NULL. v2 - Fix commit messages. v3 - Define variables before code.Ashutosh/Jose v4 - Drop return check...
CVE-2024-42081
In the Linux kernel, the following vulnerability has been resolved: drm/xe/xedevcoredump: Check NULL before assignments Assign 'xedevcoredumpsnapshot ' and 'xedevice ' only if 'coredump' is not NULL. v2 - Fix commit messages. v3 - Define variables before code.Ashutosh/Jose v4 - Drop return check...
CVE-2024-42081
CVE-2024-42081 affects the Linux kernel component drm/ xe/ xe_devcoredump. The root cause was assigning xe_devcoredump_snapshot* and xe_device* unconditionally; the fix adds a NULL check and only assigns these pointers when coredump is not NULL. CVSS: Low-Privilege Local access with Medium overal...
CVE-2020-4059
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
CVE-2020-4059
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
Command injection
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
CVE-2020-4059
CVE-2020-4059 affects the mversion library (pre-2.0.0). The vulnerability is a command injection in the library’s internal workflow, which could lead to remote code execution when a client calls the vulnerable method with untrusted input. The issue is fixed in version 2.0.0; older releases are de...
CVE-2020-4059 Command Injection in mversion
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround,...
wpa_supplicant/hostapd EAP-pwd Denial of Service Vulnerability
wpasupplicant is a WiFi enabled component for Android that supports wireless connection authentication. Multiple security vulnerabilities exist in wpasupplicant and hostapd, which can be exploited by an attacker to cause out-of-bounds memory read access and denial of service via constructed...