CVE-2024-34346 Deno contains a permission escalation via open of privileged files with missing `--deny` flag

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access...

CVE-2024-34346 Deno contains a permission escalation via open of privileged files with missing `--deny` flag

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access...

PT-2024-25803 · Deno · Deno

Name of the Vulnerable Software and Affected Versions: Deno versions prior to 1.43 Description: The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may...

CVE-2024-26932 usb: typec: tcpm: fix double-free issue in tcpm_port_unregister_pd()

In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix double-free issue in tcpmportunregisterpd When unregister pd capabilitie in tcpm, KASAN will capture below double -free issue. The root cause is the same capabilitiy will be kfreed twice, the first time is...

Updated apache-mod_jk packages fix security vulnerability

The modjk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, modjk would use an implicit mapping and map the request to the firs...

MGASA-2024-0130 Updated apache-mod_jk packages fix security vulnerability

The modjk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, modjk would use an implicit mapping and map the request to the firs...

CVE-2024-26671

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blkmqmarktagwait, addwaitqueue may be re-ordered with the following blkmqgetdrivertag in case of getting driver tag failure. Then in sbitmapqueuewakeup, waitqueueactive may not...

UBUNTU-CVE-2024-26671

In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blkmqmarktagwait, addwaitqueue may be re-ordered with the following blkmqgetdrivertag in case of getting driver tag failure. Then in sbitmapqueuewakeup, waitqueueactive may not...

BIT-ELASTICSEARCH-2023-31417 Elasticsearch Insertion of sensitive information in audit logs

Elasticsearch generally filters out sensitive information and credentials before logging to the audit log. It was found that this filtering was not applied when requests to Elasticsearch use certain deprecated URIs for APIs. The impact of this flaw is that sensitive information such as passwords...

CVE-2024-0765 Default user role exporting save state of instance

As a default user on a multi-user instance of AnythingLLM, you could execute a call to the /export-data endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit acce...

GHSA-6XWF-XVF3-V459 Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by...

PYSEC-2024-42

Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by...

DEBIAN-CVE-2021-47003

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix potential null dereference on pointer status There are calls to idxdcmdexec that pass a null status pointer however a recent commit has added an assignment to status that can end up with a null pointer...

CVE-2021-47003

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix potential null dereference on pointer status There are calls to idxdcmdexec that pass a null status pointer however a recent commit has added an assignment to status that can end up with a null pointer...

PT-2024-19875 · Microsoft · Windows Network Drive Connector

Name of the Vulnerable Software and Affected Versions: Windows Network Drive Connector affected versions not specified Description: An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny...

CVE-2023-47883

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity...

CVE-2023-47883

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity...

CVE-2023-47883

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity...

Code injection

The com.altamirano.fabricio.tvbrowser TV browser application through 4.5.1 for Android is vulnerable to JavaScript code execution via an explicit intent due to an exposed MainActivity...

PT-2023-30656 · Unknown · Com.Altamirano.Fabricio.Tvbrowser

Name of the Vulnerable Software and Affected Versions: com.altamirano.fabricio.tvbrowser TV browser application versions through 4.5.1 for Android Description: The issue allows for JavaScript code execution via an explicit intent due to an exposed MainActivity. This could potentially lead to...