Plane 安全漏洞

Plane is an open source, self-hosted project planning tool from Plane Open Source. A security vulnerability exists in versions prior to Plane 0.17-dev, which stems from a vulnerability that allows an attacker to send arbitrary requests to the server hosting the application, resulting in...

CLSA-2024-1712672279 grub2: Fix of CVE-2023-4001

Fix CVE-2023-4001: add --root-dev-only flag to force only search root dev the grub2 configuration file /boot/efi/EFI/almalinux/grub.cfg should be removed manually BEFORE grub2 updating...

Debian dla-3739 : libjwt-dev - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3739 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3739-1 [email protected] https://www.debian.org/lts/security/...

PT-2024-4072 · Qdrant · Qdrant

Name of the Vulnerable Software and Affected Versions: qdrant/qdrant version 1.9.0-dev Description: The issue is related to improper input validation in the "/collections/name/snapshots/upload" endpoint, allowing for path traversal. By manipulating the name parameter through URL encoding, an...

CVE-2024-26791

A vulnerability was found in the Linux kernel's btrfs filesystem related to the dev-replace feature. The issue stems from inadequate validation of device names. This flaw could allow an attacker unauthorized access or manipulation of devices, impacting the system's security. Mitigation Mitigation...

DEBIAN-CVE-2024-26791

In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getnamekerne...

CVE-2024-26791

In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getnamekerne...

UBUNTU-CVE-2024-26791

In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getnamekerne...

CVE-2024-26804

CVE-2024-26804 concerns a Linux kernel vulnerability in the net/ip_tunnel subsystem where headroom could inflate without bound when gre/ipip tunnels route in a cycle. The root cause, as described in the vulnerability report, is that ip_tunnel_xmit can trigger an ever-increasing needed_headroom on...

CVE-2024-26791 btrfs: dev-replace: properly validate device names

In the Linux kernel, the following vulnerability has been resolved: btrfs: dev-replace: properly validate device names There's a syzbot report that device name buffers passed to device replace are not properly checked for string termination which could lead to a read out of bounds in getnamekerne...

CVE-2024-26791

CVE-2024-26791 — Linux kernel: btrfs dev-replace: properly validate device names. A syzbot report indicated device name buffers passed to device replace could read beyond end (getname_kernel) due to insufficient termination checks. The fix adds a helper that validates both source and target devic...

USN-6658-1: libxml2 vulnerability | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 22.04 Description It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from btrfs dev-replace not properly validating device names, which could lead to out-of-bounds reads...

GHSA-8JHW-289H-JH2G Vite's `server.fs.deny` did not deny requests for patterns with directories.

Summary Vite dev server option server.fs.deny did not deny requests for patterns with directories. An example of such a pattern is /foo//. Impact Only apps setting a custom server.fs.deny that includes a pattern with directories, and explicitly exposing the Vite dev server to the network using...

Malicious code in qlik-sense-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 65fd03500a82dc6ac997cdeb7275cc6c67cae34d382b293886407c96166bc357 The OpenSSF Package Analysis project identified 'qlik-sense-dev' @ 5.9.991 npm as malicious. It is considered malicious because: - The package...

MAL-2024-1169 Malicious code in qlik-sense-dev (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 65fd03500a82dc6ac997cdeb7275cc6c67cae34d382b293886407c96166bc357 The OpenSSF Package Analysis project identified 'qlik-sense-dev' @ 5.9.991 npm as malicious. It is considered malicious because: - The package...

Debian: Security Advisory (DSA-5650-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-25341

A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests...

CVE-2023-25341

A Directory Traversal vulnerability in ladle dev server 2.5.1 and earlier allows an attacker on the same network to read files accessible to the user via GET requests...

CVE-2023-25341

The CVE describes a Directory Traversal in Ladle Dev Server (versions 2.5.1 and earlier) that allows an attacker on the same network to read files accessible to the user via GET requests. Red Hat, NVD, CNNVD, and related enrichments corroborate the same impact. No exploit details are provided in ...