176 matches found
CVE-2023-23076
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules...
CVE-2025-46544
In Sherpa Orchestrator 141851, a low-privileged user can elevate their privileges by creating new users and roles...
DEBIAN-CVE-2022-49655
In the Linux kernel, the following vulnerability has been resolved: fscache: Fix invalidation/lookup race If an NFS file is opened for writing and closed, fscacheinvalidate will be asked to invalidate the file - however, if the cookie is in the LOOKINGUP state or the CREATING state, then request ...
UBUNTU-CVE-2022-49655
In the Linux kernel, the following vulnerability has been resolved: fscache: Fix invalidation/lookup race If an NFS file is opened for writing and closed, fscacheinvalidate will be asked to invalidate the file - however, if the cookie is in the LOOKINGUP state or the CREATING state, then request ...
netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
...
SUSE CVE-2024-56755
In the Linux kernel, the following vulnerability has been resolved: netfs/fscache: Add a memory barrier for FSCACHEVOLUMECREATING In fscachecreatevolume, there is a missing memory barrier between the bit-clearing operation and the wake-up operation. This may cause a situation where, after a...
CVE-2024-56755 netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING
In the Linux kernel, the following vulnerability has been resolved: netfs/fscache: Add a memory barrier for FSCACHEVOLUMECREATING In fscachecreatevolume, there is a missing memory barrier between the bit-clearing operation and the wake-up operation. This may cause a situation where, after a...
GHSA-HH33-46Q4-HWM2 Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
Impact Existing lakeFS users who have issued credentials to users who have been deleted. Creating a new user with the same username, that user will inherit all of the previous user's credentials lakeFS needs to delete user credentials upon user deletion. Patches Has the problem been patched? What...
MCS Machines on Microsoft Azure show as 'Creating' on the Azure Portal
When using Microsoft Azure and Citrix Machine Creation Services MCS, the Virtual Machine Object shows as 'Creating' instead of 'Running,' but otherwise registers and can be connected to until it forcibly shuts down...
The vulnerability of the Jenkins automation server, related to access control deficiencies, allows a hacker to bypass restrictions and create temporary elements.
The vulnerability of the Jenkins automation server is related to lack of access control. Exploiting this vulnerability allows a malicious actor to bypass restrictions and create temporary elements...
VulnCheck KEV: CVE-2021-4444
The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes it possible for unauthenticated attackers to perform unauthorized actions such as creating new...
X2CRM 安全漏洞
X2CRM is a next generation open source social selling application for small and medium sized businesses. A cross-site scripting vulnerability exists in X2CRM. The vulnerability stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited to...
GitStack Unauthenticated REST API Requests
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitStack Unauthenticated REST API Requests', 'Description' = %q This modules exploits unauthenticated REST API requests in GitStack through...
The Bug Report - August 2024 Edition
The Bug Report - August 2024 Edition By Jonathan Omakun · August 26, 2024 Why am I Here August isn’t just about heat waves and summer getaways for the Northern Hemisphere; it’s also when things get serious for students and cybersecurity pros. As organizations prep for the end of the fiscal year,...
CVE-2024-6428 Limited DoS due to permitting creating users with user-defined IDs
Mattermost versions 9.8.0, 9.7.x = 9.7.4, 9.6.x = 9.6.2, 9.5.x = 9.5.5 fail to prevent specifying a RemoteId when creating a new user which allows an attacker to specify both a remoteId and the user ID, resulting in creating a user with a user-defined user ID. This can cause some broken...
CVE-2024-37282
CVE-2024-37282 affects Elastic Cloud Enterprise (ECE) where, under certain preconditions, an API key created with limited privileges could be used to create new API keys with elevated privileges. Affected versions are ECE after 3.0.0 and before 3.7.2. The mitigation is to upgrade to version 3.7.2...
[SECURITY] Fedora 40 Update: rust-uu_mkdir-0.0.23-3.fc40
mkdir uutils create DIRECTORY...
CVE-2021-47481
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize the ODP xarray when creating an ODP MR Normally the zero fill would hide the missing initialization, but an errant set to descsize in regcreate causes a crash: BUG: unable to handle page fault for address:...
CVE-2024-34241
A cross-site scripting XSS vulnerability in Rocketsoft Rocket LMS 1.9 allows an administrator to store a JavaScript payload using the admin web interface when creating new courses and new course notifications...
CVE-2024-34701 CreateWiki vulnerable to impersonation of wiki requester
CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users to be considered as the requester of a specific wiki request if their local user ID on any wiki in a wiki farm matches the local ID of the requester at the wiki where the wiki request was made...