CVE-2024-5273

Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by...

The vulnerability in the execution environment for JavaScript and TypeScript Deno arises from synchronization errors when using a shared resource, allowing an attacker to expose sensitive information.

The vulnerability of the execution environment for JavaScript and TypeScript in Deno arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security measures...

ROS-20240424-01

A vulnerability in the ImageIO component of Oracle GraalVM Enterprise Edition virtual machine exists due to insufficient input validation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service. remotely to cause a denial of service A vulnerability ...

The vulnerability of the Adobe Animate software for creating multimedia and computer animations, related to pointer assignment errors, allows attackers to disclose protected information.

The vulnerability of the Adobe Animate software for creating multimedia and computer animations is related to pointer assignment errors. Exploiting this vulnerability can allow an attacker to disclose protected information...

GHSA-97JM-G33H-F46G silverstripe/framework ReadOnly transformation for formfields exploitable

Form fields returning isReadonly as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeFieldReadonly. Values submitted to through these form fields are not filtered out from the form session data...

python: Path traversal on tempfile.TemporaryDirectory

A flaw was found in the tempfile.TemporaryDirectory class in python3/cpython3. The class may dereference symbolic links during permission-related errors, resulting in users that run privileged programs being able to modify permissions of files referenced by the symbolic link...

RHEL 8 : python3.11 (RHSA-2024:3062)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:3062 advisory. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic dat...

golang: html/template: errors returned from MarshalJSON methods may break template escaping

A flaw was found in Go's html/template standard library package. If errors returned from MarshalJSON methods contain user-controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing subsequent actions to inject unexpected content into...

SUSE-SU-2024:1748-1 Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP5)

This update for the Linux Kernel 5.14.21-1505005512 fixes several issues. The following security issues were fixed: - CVE-2023-6931: Fixed a heap out-of-bounds write vulnerability in perfreadgroup bsc1216644. - CVE-2024-26610: Fixed memory corruption in wifi/iwlwifi bsc1221302. - CVE-2022-48651:...

libssh: Missing checks for return values for digests

A flaw was found in the libssh implements abstract layer for message digest MD operations implemented by different supported crypto backends. The return values from these were not properly checked, which could cause low-memory situations failures, NULL dereferences, crashes, or usage of the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an inability to handle page errors in addresses, which can lead to kernel panics...

ALSA-2024:3062 Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine allows attackers to execute arbitrary code.

The vulnerability of the JavaScript script handler in Google Chrome’s V8 engine is related to type mixing errors. Exploiting this vulnerability allows a malicious actor to execute arbitrary code through a specially created web page...

The vulnerabilities of Microsoft .NET software platforms and Microsoft Visual Studio development tools are caused by synchronization errors when using shared resources, allowing attackers to trigger service failures.

The vulnerabilities of Microsoft .NET software platforms and Microsoft Visual Studio development tools stem from synchronization errors when using shared resources. Exploiting these vulnerabilities can allow a malicious actor to cause service interruptions...

Moderate: python3.11 security update

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...

CVE-2023-52792

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Do not try to cleanup after cxlregionsetuptargets fails Commit 5e42bcbc3fef "cxl/region: decrement -nrtargets on error in cxlregionattach" tried to avoid 'eiw' initialization errors when -nrtargets exceeded 16, by jus...

DEBIAN-CVE-2021-47305

In the Linux kernel, the following vulnerability has been resolved: dma-buf/syncfile: Don't leak fences on merge failure Each addfence call does a dmafenceget on the relevant fence. In the error path, we weren't calling dmafenceput so all those fences got leaked. Also, in the kreallocarray failur...

CVE-2021-47222

In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix vlan tunnel dst refcnt when egressing The egress tunnel code uses dstclone and directly sets the result which is wrong because the entry might have 0 refcnt or be already deleted, causing number of problems. It...

CVE-2021-47268

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: cancel vdm and state machine hrtimer when unregister tcpm port A pending hrtimer may expire after the kthreadworker of tcpm port is destroyed, see below kernel dump when do module unload, fix it by cancel the 2...

CVE-2021-47268 usb: typec: tcpm: cancel vdm and state machine hrtimer when unregister tcpm port

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: cancel vdm and state machine hrtimer when unregister tcpm port A pending hrtimer may expire after the kthreadworker of tcpm port is destroyed, see below kernel dump when do module unload, fix it by cancel the 2...