1719 matches found
PT-2025-5974 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 17.3 GitLab CE/EE versions 17.4, 17.5, and 17.6 gitlab-web-ide-vscode-fork versions prior to 1.89.1-1.0.0-dev-20241118094343 Description: An issue has been discovered in the gitlab-web-ide-vscode-fork component,...
CVE-2020-13270
Missing permission check on fork relation creation in GitLab CE/EE 11.3 and later through 13.0.1 allows guest users to create a fork relation on restricted public projects via API...
CVE-2024-56200
Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this...
GHSA-8655-XGH5-5VVQ fast-fault has a segmentation fault due to lack of bound check
In this case, the "fastfloat::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...
`root` appended to group listings
Affected versions append root to group listings, unless the correct listing has exactly 1024 groups. This affects both: - The supplementary groups of a user - The group access list of the current process If the caller uses this information for access control, this may lead to privilege escalation...
GHSA-M9C9-MC2H-9WJW Lodestar snappy checksum issue
Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork network partition requiring hard fork Lodestar does not verify checksum in snappy framing uncompressed chunks. Vulnerability Details In Req/Resp protocol the messages are encoded by...
Lodestar snappy checksum issue
Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork network partition requiring hard fork Lodestar does not verify checksum in snappy framing uncompressed chunks. Vulnerability Details In Req/Resp protocol the messages are encoded by...
GHSA-53RV-HCVM-RPP9 Lodestar snappy decompression issue
Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork network partition requiring hard fork Description Lodestar client may fail to decode snappy framing compressed messages. Vulnerability Details In Req/Resp protocol the message are...
Lodestar snappy decompression issue
Impact Unintended permanent chain split affecting greater than or equal to 25% of the network, requiring hard fork network partition requiring hard fork Description Lodestar client may fail to decode snappy framing compressed messages. Vulnerability Details In Req/Resp protocol the message are...
Segmentation fault due to lack of bound check
In this case, the "fastfloat::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...
RUSTSEC-2025-0003 Segmentation fault due to lack of bound check
In this case, the "fastfloat::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...
PT-2024-36975
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.74 Description The issue is related to an invalid access to prog array in perf event detach bpf prog. A crash occurs when a tracepoint perf event with attr.inherit=1 is created, attached to a process, and a b...
Artifact poisoning vulnerability in action-download-artifact v5 and earlier
Summary In versions of dawidd6/action-download-artifact before v6, a repository's forks were also searched by default when attempting to find matching artifacts. This could be exploited by an unprivileged attacker to introduce compromised artifacts such as malicious executables into a privileged...
CVE-2024-50220
In the Linux kernel, the following vulnerability has been resolved: fork: do not invoke uffd on fork if error occurs Patch series "fork: do not expose incomplete mm on fork". During fork we may place the virtual memory address space into an inconsistent state before the fork operation is complete...
GHSA-X8JH-XJ3X-GX3C `fast-float` has multiple soundness issues
fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...
SUSE CVE-2024-50263
In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 "fork: use mtdup to duplicate maple tree in dupmma...
DEBIAN-CVE-2024-50263
In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 "fork: use mtdup to duplicate maple tree in dupmma...
CVE-2024-50263
In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 "fork: use mtdup to duplicate maple tree in dupmma...
UBUNTU-CVE-2024-50263
In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 "fork: use mtdup to duplicate maple tree in dupmma...
CVE-2024-50263
Technical details for CVE-2024-50263 are not publicly provided in the supplied connected documents. Monitor for updates from vendors (Ubuntu/Astra) and follow official advisories for patches.