CVE-2024-45289 Unbounded allocation in ctl(4) CAM Target Layer

The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a...

CVE-2024-39654

CVE-2024-39654 concerns WordPress Sign-up Sheets plugin (versions

CVE-2024-39654 WordPress Sign-up Sheets plugin <= 2.2.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in Fetch Designs Sign-up Sheets sign-up-sheets.This issue affects Sign-up Sheets: from n/a through = 2.2.12...

PT-2024-31541 · Fetch +1 · Fetch +1

Name of the Vulnerable Software and Affected Versions: fetch versions affected versions not specified Description: The issue arises from the fetch3 library's use of environment variables to pass information, including the revocation file pathname. However, the environment variable name used by...

FreeBSD -- Certificate revocation list fetch(1) option fails

Problem Description: The fetch3 library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch1 to pass the filename to the library was incorrect, in effect ignoring the option. Impact: Fetch would still...

SUSE CVE-2024-50067

In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context problem. Sometimes user-space strings, arrays can be very large,...

UBUNTU-CVE-2024-50067

In the Linux kernel, the following vulnerability has been resolved: uprobe: avoid out-of-bounds memory access of fetching args Uprobe needs to fetch args into a percpu buffer, and then copy to ring buffer to avoid non-atomic context problem. Sometimes user-space strings, arrays can be very large,...

Security Bulletin: IBM Cognos Analytics Mobile (iOS) is affected by multiple vulnerabilities

Summary There are vulnerabilities in Open Source Software OSS libraries consumed by IBM Cognos Analytics Mobile. These issues have been addressed by upgrading or removing the vulnerable libraries. Additionally, vulnerabilites related to CORS misconfiguration and Certificate Pinning have been...

PT-2024-33901

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.0-rc3+ Description: The issue is related to the uprobe functionality in the Linux kernel, which can lead to out-of-bounds memory access when fetching arguments. This occurs because the percpu buffer used by...

CVE-2024-7417 Royal Elementor Addons and Templates <= 1.3.986 - Authenticated (Subscriber+) Private Post Disclosure

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.986 via the datafetch. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract data from password protected...

MAL-2024-9729 Malicious code in noblox.ts-fetch (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in noblox.ts-fetch (npm)

--- -= Per source details. Do not edit below this line.=-...

PT-2024-38333 · WordPress · The Royal Elementor Addons/Templates

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons and Templates plugin for WordPress versions up to, and including, 1.3.986 Description: The issue allows authenticated attackers with subscriber-level access and above to extract data from password protected posts vi...

PT-2024-32841 · Plane · Plane

Name of the Vulnerable Software and Affected Versions: Plane versions prior to 0.23.0 Description: The issue concerns an open-source project management tool that uses wildcard support to retrieve images from any hostname, potentially allowing an attacker to induce the server into performing...

Gradio 安全漏洞

Gradio, an open-source Python library open-sourced by Hugging Face, is a method for demonstrating machine learning models through a friendly web interface. A security vulnerability exists in Gradio that stems from Gradio's asyncsaveurltocache function that allows an attacker to force the Gradio...

PT-2024-30658 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest version Description: Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the...

CLSA-2024-1728056367 Fix CVE(s): CVE-2024-32465

SECURITY UPDATE: Bypass of protections in untrusted repositories - debian/patches/CVE-2024-32465.patch: Disable lazy-fetching by default in upload-pack to prevent arbitrary command execution during clone/fetch - CVE-2024-32465...

SUSE CVE-2024-47516

A vulnerability was found in Pagure. An argument injection in Git during retrieval of the repository history leads to remote code execution on the Pagure instance...

OESA-2024-2172 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to t...

OESA-2024-2171 nodejs security update

Node.js is an open-source, cross-platform, JavaScript runtime environment, it executes JavaScript code outside of a browser. Security Fixes: Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to t...