CVE-2024-26618 arm64/sme: Always exit sme_alloc() early with existing storage

In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit smealloc early with existing storage When smealloc is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fi...

USN-6668-1 python-openstackclient vulnerability

It was discovered that when python-openstackclient attempted to delete a non-existing access rule, it would delete another existing access rule instead, contrary to expectations...

UBUNTU-CVE-2023-6110

A flaw was found in OpenStack. When a user tries to delete a non-existing access rule in it's scope, it deletes other existing access rules which are not associated with any application credentials...

Path Traversal

Whoogle Search is vulnerable to Path Traversal. The vulnerability is caused due to a lack of validation for the name variable in the config function within app/routes.py. This allows an attacker to perform a limited file write, overwriting existing files or creating new ones...

Denial Of Service (DoS)

github.com/cubefs/cubefs is vulnerable to Denial Of Service DoS. The vulnerability is due to improper handling of incoming HTTP requests in a CubeFS HandlerNode that could allow an authenticated users to send maliciously-crafted requests that would crash the ObjectNode. An attacker can send a...

Arbitrary File Upload

dilab/resumable.php is vulnerable to Arbitrary File Upload. The vulnerability arises due to a lack of file upload path validation within Resumable.php. An attacker can arbitrarily upload any non existing file on the filesystem...

Improper Access Control

apacheairflow is vulnerable to Improper Access Control. The vulnerability is due to the variablesimport function within variablecommand.py and the varimport function within views.py. These functions lack permission checks and have inadequate handling of existing variables during imports, allowing...

Modifying the loan term setting can default existing loans

Lines of code Vulnerability details Summary Protocol admins can modify the loan term settings. This action can inadvertently default existing loans created under different terms. Impact Positions in the Particle LAMM protocol are created for a configurable period of time, defined by the LOANTERM...

CVE-2023-45380

In the module "Order Duplicator " Clone and Delete Existing Order" orderduplicate in version = 1.1.7 from Silbersaiten for PrestaShop, a guest can download personal information without restriction. Due to a lack of permissions control, a guest can download personal information from...

The vulnerability of the HTTP2 handler component in the Apache HTTP Server allows a attacker to cause a service failure.

The vulnerability of the HTTP2 handler component in the Apache HTTP Server relates to the ability to generate requests within an already established network connection, without establishing new connections or confirming the receipt of packets. Exploiting this vulnerability allows a malicious acto...

PBM Error "Authentication failed: Invalid credentials" when adding machine to one catalog

When attempting to add machines to an existing catalog the process fails immediately with the below error, in Studio. "Machine Failures: domainname\machinename: Failed to create the virtual machine; domainname\machinename. Inner Error: A general system error occurred: PBM error occurred during...

The vulnerability of the HTTP/2 protocol lies in its ability to create request streams within an already established network connection, without the need to establish new connections or confirm the receipt of packets. This allows attackers to cause service failures.

The vulnerability of the HTTP/2 protocol lies in the ability to create request streams within an already established network connection, without the need to establish new network connections or confirm the receipt of packets. Exploiting this vulnerability allows a malicious actor to cause service...

PT-2023-26833 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.2 through 16.2.8 GitLab versions 16.3 through 16.3.5 GitLab versions 16.4 through 16.4.1 Description: An issue has been discovered in GitLab where a maintainer could create a fork relationship between existing projects...

Oracle Linux 7 : python (ELSA-2019-4876)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2019-4876 advisory. 2.7.5-86.0.3 - Prefix dot in domain for proper subdomain validation CVE-2018-20852Orabug: 30114725 Tenable has extracted the preceding description block directl...

CVE-2023-3266

A non-feature complete authentication mechanism exists in the production application allowing an attacker to bypass all authentication checks if LDAP authentication is selected.An unauthenticated attacker can leverage this vulnerability to log in to the CypberPower PowerPanel Enterprise as an...

Google Wear OS Security Vulnerability

Google Wear OS is a Google-developed operating system from Google, Inc. designed for use in smartwatches, smart bands, and other wearable devices. Google Wear OS suffers from a security vulnerability that stems from a privilege bypass of the onCreate module of LockSettingsActivity.java, with a...

nodejs: DiffieHellman do not generate keys after setting a private key

A vulnerability has been identified in the Node.js, where a generateKeys API function returned from crypto.createDiffieHellman only generates missing or outdated keys, that is, it only generates a private key if none has been set yet...

CVE-2023-38487 HedgeDoc API allows to hide existing notes

HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one...

CVE-2023-37946

A flaw was found in the Jenkins OpenShift Login Plugin. Affected versions of this plugin could allow a remote attacker to bypass security restrictions caused by not invalidating the existing session on login. By persuading a victim to visit a specially crafted Web site, an attacker can gain...

An identical vault can be deployed with existing values, the logic controlling this is missing

Lines of code Vulnerability details VaultFactory. The deployVault function deploys a new vault with 10 arguments, but does not check if there is a vault already deployed with the same arguments This seems to have been preferred as a design, but malicious people with copy safes can direct users to...