13682 matches found
OESA-2024-2573 grpc security update
gRPC is a modern open source high performance RPC framework that can run in any environment. It can efficiently connect services in and across data centers with pluggable support for load balancing, tracing, health checking and authentication. It is also applicable in last mile of distributed...
SUSE CVE-2024-55949
MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit 580d9db85e04f1b63cc2909af50f0ed08afa965f. This issue has been addressed in commit...
RUSTSEC-2024-0424 Unsound usages of `core::slice::from_raw_parts_mut`
The library breaks the safety assumptions when using unsafe API slice::fromrawpartsmut. The pointer passed to fromrawpartsmut is misaligned by casting u8 to u16 raw pointer directly, which is unsound. The bug is patched by using alignoffset, which could make sure the memory address is aligned to ...
CVE-2024-11614
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using...
CVE-2024-8233
An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request...
CVE-2024-8233
CVE-2024-8233 affects GitLab CE/EE: all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. The issue allows an attacker to cause a denial of service by sending requests for diff files on a commit or merge request. Root cause details are not fully enumerated in the provid...
CVE-2024-55652
PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab that stems from requesting a diff fi...
CVE-2024-47602
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gstmatroskademuxaddwvpkheader function within matroska-demux.c. This function does not properly check the validity of the stream-codecpriv pointer in th...
BIT-SUBVERSION-2024-46901 Apache Subversion: mod_dav_svn denial-of-service via control characters in paths
Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including...
EUVD-2024-42181
Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including...
CVE-2024-46901
Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including...
DEBIAN-CVE-2024-46901
Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including...
CVE-2024-46901
Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including...
CVE-2024-46901
CVE-2024-46901 affects Apache Subversion when serving repositories via mod_dav_svn. It arises from insufficient validation of filenames against control characters, allowing authenticated users with commit access to commit a corrupted revision and disrupt repository usage. All Subversion versions ...
CVE-2024-46901
Insufficient validation of filenames against control characters in Apache Subversion repositories served via moddavsvn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including...
CVE-2024-53127
In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dwmmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf "mmc: dwmmc: Fix IDMAC operation with pages bigger than 4K" increased the maxreqsize, even for 4K pages, causing various issues: - Panic...
CVE-2024-53127
In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dwmmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf "mmc: dwmmc: Fix IDMAC operation with pages bigger than 4K" increased the maxreqsize, even for 4K pages, causing various issues: - Panic...
AZL-54120 CVE-2024-53127 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dwmmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf "mmc: dwmmc: Fix IDMAC operation with pages bigger than 4K" increased the maxreqsize, even for 4K pages, causing various issues: - Panic...
CVE-2024-53127
CVE-2024-53127 involves the Linux kernel where the fix was to revert the change that raised max_req_size for IDMAC operations with pages bigger than 4K. Affected behavior includes panics booting kernel/rootfs from SD on Rockchip RK3566 and StarFive JH7100, and swiotlb buffer/full data corruption ...