13601 matches found
CVE-2024-36364
CVE-2024-36364 concerns JetBrains TeamCity where improper access control in the Pull Requests and Commit status publisher build features could be exploited across multiple pre-2022.04.7/2022.10.6/2023.05.6/2023.11.5 branches. The vulnerability results in a potential bypass of security restriction...
CVE-2024-36364
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible...
CVE-2024-36364
In JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5 improper access control in Pull Requests and Commit status publisher build features was possible...
PT-2024-3937 · Jetbrains · Jetbrains Teamcity +1
Name of the Vulnerable Software and Affected Versions: JetBrains TeamCity versions prior to 2022.04.7 JetBrains TeamCity versions prior to 2022.10.6 JetBrains TeamCity versions prior to 2023.05.6 JetBrains TeamCity versions prior to 2023.11.5 Description: The issue is related to insufficient acce...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a cross-site...
The vulnerability of the /view/networkConfig/GRE/gre_edit_commit.php file in the Ruijie RG-UAC router microprogramming software allows a attacker to execute any command they desire.
The vulnerability of the /view/networkConfig/GRE/greeditcommit.php file in the Ruijie RG-UAC router microprogramming software exists due to the failure to address the special elements used in the operating system command. Exploiting this vulnerability allows a remote attacker to execute arbitrary...
PT-2024-3960
Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2023.05.6 JetBrains TeamCity versions prior to 2023.11.5 Description The issue is related to a stored XSS in the Commit status publisher, which can be exploited by a remote attacker to conduct cross-site...
CVE-2024-36107
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...
CVE-2024-36109
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upgrade. There a...
CVE-2024-36107 Information disclosure in minio
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...
CVE-2024-36109 Cross-site Scripting with Markdown rendering in CoCalc
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upgrade. There a...
CVE-2024-36109 Cross-site Scripting with Markdown rendering in CoCalc
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upgrade. There a...
CVE-2024-36109 Cross-site Scripting with Markdown rendering in CoCalc
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upgrade. There a...
SUSE CVE-2021-47533
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Clear the HVS FIFO commit pointer once done Commit 9ec03d7f1ed3 "drm/vc4: kms: Wait on previous FIFO users before a commit" introduced a wait on the previous commit done on a given HVS FIFO. However, we never cleare...
SUSE CVE-2021-47406
In the Linux kernel, the following vulnerability has been resolved: ext4: add error checking to ext4extreplaysetiblocks If the call to ext4mapblocks fails due to an corrupted file system, ext4extreplaysetiblocks can get stuck in an infinite loop. This could be reproduced by running generic/526 wi...
PT-2024-26895 · Cocalc · Cocalc
Name of the Vulnerable Software and Affected Versions: CoCalc versions prior to the version containing commit 419862a9c9879c Description: The issue concerns the markdown parser in CoCalc, which allows tags to be included and executed when published. There are no known workarounds for this issue...
CVE-2021-47535
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: Allocate enough space for GMU registers In commit 142639a52a01 "drm/msm/a6xx: fix crashstate capture for A650" we changed a6xxgetgmuregisters to read 3 sets of registers. Unfortunately, we didn't change the memory...
Fedora: Security Advisory for rust-gimoji (FEDORA-2024-ce2936b568)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2024-26400 · Mit · Mit Identibot
Name of the Vulnerable Software and Affected Versions: MIT IdentiBot versions prior to commit 48e3e5e7ead6777fa75d57c7711c8e55b501c24e Description: A vulnerability in MIT IdentiBot, an open-source Discord bot, allows unauthorized access to sensitive information about Discord users who have verifi...
CVE-2024-4286
Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...