GHSA-PP84-V3MW-GG4W Taipy 3.1.1 affected by CVEs on flask-core and pymongo

Summary Indirect CVEs affect Taipy 3.1.1 Details Taipy 3.1.1 is affected by two existing CVEs: CVE-2024-1681 affects flask-core =3.1.2 and on major releases: =4.0.0 Impact pre-commit breaks when using dependency Taipy 3.1.1...

Taipy 3.1.1 affected by CVEs on flask-core and pymongo

Summary Indirect CVEs affect Taipy 3.1.1 Details Taipy 3.1.1 is affected by two existing CVEs: CVE-2024-1681 affects flask-core =3.1.2 and on major releases: =4.0.0 Impact pre-commit breaks when using dependency Taipy 3.1.1...

CVE-2024-44793

A cross-site scripting XSS vulnerability in the component /managers/multiplefreeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the torrents parameter...

CVE-2024-44795

A cross-site scripting XSS vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2024-44797

A cross-site scripting XSS vulnerability in the component /managers/enablerequests.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the view parameter...

CVE-2024-43895

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2024-44795

Gazelle (commit 63b3370) contains a cross-site scripting (XSS) vulnerability in the /login/disabled.php component, allowing an attacker to inject script/HTML via the username parameter. Affected file/component is clearly identified, with exploitation described as arbitrary web script execution. M...

CVE-2024-44795

A cross-site scripting XSS vulnerability in the component /login/disabled.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter...

CVE-2024-44793

A cross-site scripting XSS vulnerability in the component /managers/multiplefreeleech.php of Gazelle commit 63b3370 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the torrents parameter...

CVE-2024-8158

A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user. This is due to lib9p not properly verifying that the uname given in the Tauth and Tattach 9p messages matches...

CVE-2024-8158

CVE-2024-8158 involves a bug in the lib9p 9p authentication implementation that can allow an attacker with a valid user to impersonate another filesystem user. The issue stems from lib9p not consistently verifying that the uname in Tauth/Tattach messages matches the client UID returned by the fac...

CVE-2024-8158 User impersonation for lib9p based 9p fileservers

A bug in the 9p authentication implementation within lib9p allows an attacker with an existing valid user within the configured auth server to impersonate any other valid filesystem user. This is due to lib9p not properly verifying that the uname given in the Tauth and Tattach 9p messages matches...

OESA-2024-2053 flatpak security update

flatpak is a system for building, distributing and running sandboxed desktop applications on Linux. See https://wiki.gnome.org/Projects/SandboxedApps for more information. Security Fixes: Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a...

SUSE CVE-2022-48903

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix relocation crash due to premature return from btrfscommittransaction We are seeing crashes similar to the following trace: 38.969182 WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070...

SUSE CVE-2022-48920

In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transaction commit we trigger a warning from writebackinodessbnr: $ cat fs/fs-writeback.c:...

CVE-2022-48920

In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transaction commit we trigger a warning from writebackinodessbnr: $ cat fs/fs-writeback.c:...

DEBIAN-CVE-2022-48920

In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transaction commit we trigger a warning from writebackinodessbnr: $ cat fs/fs-writeback.c:...

DEBIAN-CVE-2022-48903

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix relocation crash due to premature return from btrfscommittransaction We are seeing crashes similar to the following trace: 38.969182 WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070...

UBUNTU-CVE-2022-48902

In the Linux kernel, the following vulnerability has been resolved: btrfs: do not WARNON if we have PageError set Whenever we do any extent buffer operations we call assertebpageuptodate to complain loudly if we're operating on an non-uptodate page. Our overnight tests caught this warning earlier...

UBUNTU-CVE-2022-48903

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix relocation crash due to premature return from btrfscommittransaction We are seeing crashes similar to the following trace: 38.969182 WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070...