Lucene search
K

58 matches found

OSV
OSV
added 2025/07/30 1:41 p.m.3 views

CVE-2025-54430 dedupe is vulnerable to secret exfiltration via `issue_comment`

dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerability has been identified within the .github/workflows/benchmark-bot.yml workflow, where a issuecomme...

9.1CVSS6.9AI score0.00343EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/07/30 1:41 p.m.2 views

CVE-2025-54430 dedupe is vulnerable to secret exfiltration via `issue_comment`

dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerability has been identified within the .github/workflows/benchmark-bot.yml workflow, where a issuecomme...

9.1CVSS7.2AI score0.00343EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/07/30 1:41 p.m.9 views

CVE-2025-54430 dedupe is vulnerable to secret exfiltration via `issue_comment`

dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerability has been identified within the .github/workflows/benchmark-bot.yml workflow, where a issuecomme...

9.1CVSS0.00343EPSS
Exploits0References2
CVE
CVE
added 2025/07/30 1:41 p.m.20 views

CVE-2025-54430

CVE-2025-54430 affects the Deduplicate (dedupe) Python library. The issue resides in the GitHub Actions workflow .github/workflows/benchmark-bot.yml, where an issue_comment can trigger and cause untrusted code to run because the workflow checks out the PR branch via ${{ github.event.issue.number ...

9.1CVSS6.6AI score0.00343EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/07/30 12:0 a.m.3 views

Dedupe Python Library 操作系统命令注入漏洞

Dedupe Python Library is an open source Python library for accurate and scalable fuzzy matching, de-duplication from Dedupe.io. Dedupe Python Library suffers from an operating system command injection vulnerability that stems from issuecomment triggering the execution of untrusted code in the...

9.1CVSS7.5AI score0.00343EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/11/06 3:49 a.m.5 views

SUSE CVE-2024-50091

In the Linux kernel, the following vulnerability has been resolved: dm vdo: don't refer to dedupecontext after releasing it Clear the dedupecontext pointer in a datavio whenever ownership of the context is lost, so that vdo can't examine it accidentally...

5.5CVSS7.6AI score0.002EPSS
Exploits0References5
OSV
OSV
added 2024/11/05 5:15 p.m.7 views

AZL-52749 CVE-2024-50091 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: dm vdo: don't refer to dedupecontext after releasing it Clear the dedupecontext pointer in a datavio whenever ownership of the context is lost, so that vdo can't examine it accidentally...

5.5CVSS5.6AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2024/11/05 5:15 p.m.3 views

DEBIAN-CVE-2024-50091

In the Linux kernel, the following vulnerability has been resolved: dm vdo: don't refer to dedupecontext after releasing it Clear the dedupecontext pointer in a datavio whenever ownership of the context is lost, so that vdo can't examine it accidentally...

5.5CVSS5.4AI score0.002EPSS
Exploits0References1
OSV
OSV
added 2024/11/05 5:15 p.m.15 views

AZL-52616 CVE-2024-50091 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: dm vdo: don't refer to dedupecontext after releasing it Clear the dedupecontext pointer in a datavio whenever ownership of the context is lost, so that vdo can't examine it accidentally...

5.5CVSS5.6AI score0.002EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.5 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the dm vdo module failing to clear the pointer to the dedupecontext after releasing it, which could lead to...

5.5CVSS6.5AI score0.002EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.11 views

PT-2024-33923

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel related to the dm vdo, where the dedupe context pointer was not cleared in a data vio after releasing it. This could lead to...

5.5CVSS5.4AI score0.002EPSS
Exploits0
Cvelist
Cvelist
added 2024/07/09 6:48 p.m.36 views

CVE-2024-39897 Cache driver GetBlob() allows read access to any blob without access control check

zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...

4.3CVSS0.00298EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/07/09 6:48 p.m.16 views

CVE-2024-39897 Cache driver GetBlob() allows read access to any blob without access control check

zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...

4.3CVSS6.4AI score0.00298EPSS
Exploits0References2
OSV
OSV
added 2024/07/09 6:48 p.m.20 views

CVE-2024-39897 Cache driver GetBlob() allows read access to any blob without access control check

zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...

4.3CVSS6.1AI score0.00298EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/09 12:0 a.m.7 views

PT-2024-28715 · Zot · Zot

Name of the Vulnerable Software and Affected Versions: zot versions prior to 2.1.0 Description: The cache driver GetBlob in zot, an OCI image registry, allows read access to any blob without an access control check. If a Zot accessControl policy allows users read access to some repositories but...

5.3CVSS6.5AI score0.00298EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2023/02/15 4:59 a.m.3 views

SUSE CVE-2016-6516

Race condition in the ioctlfilededuperange function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service heap-based buffer overflow or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability...

7.4CVSS9.1AI score0.00949EPSS
Exploits1References4
OSV
OSV
added 2016/08/06 8:59 p.m.4 views

DEBIAN-CVE-2016-6516

Race condition in the ioctlfilededuperange function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service heap-based buffer overflow or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability...

7.4CVSS9AI score0.00949EPSS
Exploits1References1
Veeam
Veeam
added 2011/10/06 12:0 a.m.19 views

SureBackup Performance Considerations

Purpose This article provides advice and information on understanding and improving SureBackup performance. Solution SureBackup Performance Considerations The Repository where the backup files are stored, and the Mount Server used by that Repository, should be in the same data center as the ESXi...

6.5AI score
Exploits0Affected Software1
Rows per page
Query Builder