58 matches found
CVE-2025-54430 dedupe is vulnerable to secret exfiltration via `issue_comment`
dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerability has been identified within the .github/workflows/benchmark-bot.yml workflow, where a issuecomme...
CVE-2025-54430 dedupe is vulnerable to secret exfiltration via `issue_comment`
dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerability has been identified within the .github/workflows/benchmark-bot.yml workflow, where a issuecomme...
CVE-2025-54430 dedupe is vulnerable to secret exfiltration via `issue_comment`
dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerability has been identified within the .github/workflows/benchmark-bot.yml workflow, where a issuecomme...
CVE-2025-54430
CVE-2025-54430 affects the Deduplicate (dedupe) Python library. The issue resides in the GitHub Actions workflow .github/workflows/benchmark-bot.yml, where an issue_comment can trigger and cause untrusted code to run because the workflow checks out the PR branch via ${{ github.event.issue.number ...
Dedupe Python Library 操作系统命令注入漏洞
Dedupe Python Library is an open source Python library for accurate and scalable fuzzy matching, de-duplication from Dedupe.io. Dedupe Python Library suffers from an operating system command injection vulnerability that stems from issuecomment triggering the execution of untrusted code in the...
SUSE CVE-2024-50091
In the Linux kernel, the following vulnerability has been resolved: dm vdo: don't refer to dedupecontext after releasing it Clear the dedupecontext pointer in a datavio whenever ownership of the context is lost, so that vdo can't examine it accidentally...
AZL-52749 CVE-2024-50091 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: dm vdo: don't refer to dedupecontext after releasing it Clear the dedupecontext pointer in a datavio whenever ownership of the context is lost, so that vdo can't examine it accidentally...
DEBIAN-CVE-2024-50091
In the Linux kernel, the following vulnerability has been resolved: dm vdo: don't refer to dedupecontext after releasing it Clear the dedupecontext pointer in a datavio whenever ownership of the context is lost, so that vdo can't examine it accidentally...
AZL-52616 CVE-2024-50091 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: dm vdo: don't refer to dedupecontext after releasing it Clear the dedupecontext pointer in a datavio whenever ownership of the context is lost, so that vdo can't examine it accidentally...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the dm vdo module failing to clear the pointer to the dedupecontext after releasing it, which could lead to...
PT-2024-33923
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel related to the dm vdo, where the dedupe context pointer was not cleared in a data vio after releasing it. This could lead to...
CVE-2024-39897 Cache driver GetBlob() allows read access to any blob without access control check
zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...
CVE-2024-39897 Cache driver GetBlob() allows read access to any blob without access control check
zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...
CVE-2024-39897 Cache driver GetBlob() allows read access to any blob without access control check
zot is an OCI image registry. Prior to 2.1.0, the cache driver GetBlob allows read access to any blob without access control check. If a Zot accessControl policy allows users read access to some repositories but restricts read access to other repositories and dedupe is enabled it is enabled by...
PT-2024-28715 · Zot · Zot
Name of the Vulnerable Software and Affected Versions: zot versions prior to 2.1.0 Description: The cache driver GetBlob in zot, an OCI image registry, allows read access to any blob without an access control check. If a Zot accessControl policy allows users read access to some repositories but...
SUSE CVE-2016-6516
Race condition in the ioctlfilededuperange function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service heap-based buffer overflow or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability...
DEBIAN-CVE-2016-6516
Race condition in the ioctlfilededuperange function in fs/ioctl.c in the Linux kernel through 4.7 allows local users to cause a denial of service heap-based buffer overflow or possibly gain privileges by changing a certain count value, aka a "double fetch" vulnerability...
SureBackup Performance Considerations
Purpose This article provides advice and information on understanding and improving SureBackup performance. Solution SureBackup Performance Considerations The Repository where the backup files are stored, and the Mount Server used by that Repository, should be in the same data center as the ESXi...