681 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from mipscpcdefaultphysbase not releasing the reference count of offindcompatiblenode...
[SECURITY] Fedora 40 Update: vaultwarden-1.33.2-1.fc40
Unofficial Bitwarden compatible server...
[SECURITY] Fedora 41 Update: vaultwarden-1.33.0-1.fc41
Unofficial Bitwarden compatible server...
[SECURITY] Fedora 40 Update: vaultwarden-1.32.7-4.fc40
Unofficial Bitwarden compatible server...
Moderate: mariadb:10.11 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mysql: Client: mysqldump unspecified vulnerability CPU Apr 2024 CVE-2024-21096 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and oth...
CVE-2025-24547 WordPress Caching Compatible Cookie Opt-In plugin <= 0.0.10 - Stored Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in matthias.wagner Caching Compatible Cookie Opt-In and JavaScript caching-compatible-cookie-optin-and-javascript allows Stored XSS.This issue affects Caching Compatible Cookie Opt-In and JavaScript:...
OpenFGA Authorization Bypass
Overview OpenFGA v1.3.8 to v1.8.2 Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2 are vulnerable to authorization bypass when certain Check and ListObject calls are executed. Am I Affected? You are affected by this authorization bypass vulnerability if you are using OpenFGA...
x86/ioapic: Handle allocation failures gracefully
...
How to Update Location Profile Endpoint Details and Preserve Access to an Existing Kopia Storage Repository
Purpose This article documents the correct procedure to update the Endpoint details in the Location Profile for an existing Kopia storage repository in S3-compatible stores and ensure the existing associated repositories remain accessible. Customers may wish to update the Endpoint details e.g.,...
Moderate: Red Hat Security Advisory: RHOSP 17.1.4 (python-zipp) security update
An update for python-zipp is now available for Red Hat OpenStack Platform RHOSP 17.1 Wallaby. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...
SUSE CVE-2024-53046
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: imx8ulp: correct the flexspi compatible string The flexspi on imx8ulp only has 16 LUTs, and imx8mm flexspi has 32 LUTs, so correct the compatible string here, otherwise will meet below error: 1.119072 ------------ cut...
AZL-53858 CVE-2024-53046 affecting package kernel for versions less than 6.6.64.2-1
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: imx8ulp: correct the flexspi compatible string The flexspi on imx8ulp only has 16 LUTs, and imx8mm flexspi has 32 LUTs, so correct the compatible string here, otherwise will meet below error: 1.119072 ------------ cut...
RHEL 8 : Red Hat OpenShift Container Storage 4.7 RPM (RHSA-2021:2042)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:2042 advisory. Red Hat OpenShift Container Storage is software-defined storage integrated with and optimized for the Red Hat OpenShift Container Platform...
CVE-2024-51744
golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors returned by...
CVE-2024-50347
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior to 1.4.0, there is an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in scenarios such as broadcasting a message...
GHSA-PFRR-XVRF-PXJX Laravel Reverb Missing API Signature Verification
Impact A community member disclosed an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in scenarios such as broadcasting a message from a backend service or for obtaining statistical information such as number of...
Laravel Reverb Missing API Signature Verification
Impact A community member disclosed an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in scenarios such as broadcasting a message from a backend service or for obtaining statistical information such as number of...
CVE-2024-50347 Laravel Reverb has Missing API Signature Verification
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior to 1.4.0, there is an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in scenarios such as broadcasting a message...
CVE-2024-50347 Laravel Reverb has Missing API Signature Verification
Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior to 1.4.0, there is an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in scenarios such as broadcasting a message...
CVE-2024-50347
Laravel Reverb prior to 1.4.0 has a verification signature issue affecting the Pusher-compatible API endpoints (not the WebSocket connections). The vulnerability allows an attacker to submit requests with forged/unverified signatures, potentially influencing endpoints such as POST /events, GET /c...