916 matches found
CVE-2024-41965
Vim is an open source command line text editor. double-free in dialogchanged in Vim v9.1.0648. When abandoning a buffer, Vim may ask the user what to do with the modified buffer. If the user wants the changed buffer to be saved, Vim may create a new Untitled file, if the buffer did not have a nam...
CVE-2024-41819 Note Mark has a stored XSS in the note link href attribute
Note Mark is a web-based Markdown notes app. A stored cross-site scripting XSS vulnerability in Note Mark allows attackers to execute arbitrary web scripts via a crafted payload injected into the URL value of a link in the markdown content. This vulnerability is fixed in 0.13.1...
CVE-2024-40920
A vulnerability was found in the Linux kernel's bridge subsystem, related to Multiple Spanning Tree MST. The brmstsetstate function was converted to use RCU to prevent a VLAN use-after-free, but fails to update the VLAN group dereference helper. This leads to warnings about improper RCU usage...
CVE-2024-39904 Code Execution Vulnerability via Local File Path Traversal in Vnote
VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example,...
CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature
Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...
CVE-2024-39487
In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bondoptionarpiptargetsset In function bondoptionarpiptargetsset, if newval-string is an empty string, newval-string+1 will point to the byte after the string, causing an out-of-bound read. BUG:...
CVE-2024-6095
A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery SSRF and partial Local File Inclusion LFI. The endpoint supports both https:// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the...
CVE-2023-45196
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in...
CVE-2024-39291
CVE-2024-39291 (Linux kernel) affects the amdgpu path in gfx_v9_4_3.c. The vulnerable code path is gfx_v9_4_3_init_microcode() and related rlc/mec microcode init, where the ucode_prefix buffer was too small, risking truncation when writing strings like amdgpu/%s_rlc.bin or amdgpu/%s_mec.bin with ...
Advisory ROSA-SA-2024-2434
Software: giflib 5.2.1 OS: ROSA-CHROME packageevrstring: giflib-5.2.1-4 CVE-ID: CVE-2023-39742 BDU-ID: 2023-05863 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the getarg.c component of the GIFLIB library for handling GIF files is related to a segmentation error. Exploitation of the vulnerabilit...
CVE-2024-5128
CVE-2024-5128 affects lunary-ai/lunary up to version 1.2.2, with an IDOR in dataset management endpoints that lets unauthorized users view, update, or delete any dataset_prompt or dataset_prompt_variation. Root cause: insufficient access control checks via direct object IDs. Impact is information...
CVE-2024-36930 spi: fix null pointer dereference within spi_sync
In the Linux kernel, the following vulnerability has been resolved: spi: fix null pointer dereference within spisync If spisync is called with the non-empty queue and the same spimessage is then reused, the complete callback for the message remains set while the context is cleared, leading to a...
CVE-2024-3584
qdrant/qdrant version 1.9.0-dev is vulnerable to path traversal due to improper input validation in the /collections/name/snapshots/upload endpoint. By manipulating the name parameter through URL encoding, an attacker can upload a file to an arbitrary location on the system, such as /root/poc.txt...
CVE-2023-52837
In CVE-2023-52837, the Linux kernel fixed a use-after-free in nbd_open triggered when a disk is opened after nbd_put() because disk->private_data could still reference freed memory. The fix adds a dedicated ->free_disk hook that frees the private data as part of disk cleanup (blk_cleanup_di...
CVE-2023-52831
CVE-2023-52831 (Linux kernel) : The issue resides in cpu/hotplug logic when CPUs are isolated with isolcpus=. Offline-ing the last non-isolated (housekeeping) CPU can cause a WARN_ON in build_sched_domains and a subsequent panic due to an empty CPU mask in partition_sched_domains_locked(), leadin...
CVE-2021-47372
In the Linux kernel, the following vulnerability has been resolved: net: macb: fix use after free on rmmod platdev-dev-platformdata is released by platformdeviceunregister, use of pclk and hclk is a use-after-free. Since device unregister won't need a clk device we adjust the function call sequen...
CVE-2021-47373
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Fix potential VPE leak on error In itsvpeirqdomainalloc, when itsvpeinit returns an error, there is an off-by-one in the number of VPEs to be freed. Fix it by simply passing the number of VPEs allocated, which...
CVE-2024-34710 Wiki.js Stored XSS through Client Side Template Injection
Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection ...
CVE-2024-35849
CVE-2024-35849 affects the Linux kernel btrfs_ioctl_logical_to_ino path. The issue is an information leak: a struct btrfs_data_container allocated with kvmalloc() is copied back to user space without zero-filling, exposing uninitialized memory (Bytes 40-65535) to user-space. The root cause is lac...
CVE-2024-32655 Npgsql Vulnerable to SQL Injection via Protocol Message Size Overflow
Npgsql is the .NET data provider for PostgreSQL. The WriteBind method in src/Npgsql/Internal/NpgsqlConnector.FrontendMessages.cs uses int variables to store the message length and the sum of parameter lengths. Both variables overflow when the sum of parameter lengths becomes too large. This cause...