Archer Platform 安全漏洞

Apache Tomcat is a lightweight Web application server from the American Apache Apache Foundation. It is used to implement support for Servlets and JavaServer Page JSP. A security vulnerability exists in Archer Platform versions 6 through 6.14.00202.10024 that originates from an authenticated user...

Apache HugeGraph 安全漏洞

Apache HugeGraph is a fast and scalable graph database from the Apache USA Foundation. A security vulnerability exists in Apache HugeGraph version 1.0.0 through versions prior to 1.5.0, which stems from the presence of an assumed immutable data vulnerability that could allow an attacker to bypass...

GHSA-3QX8-RV27-J6GP Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`

An issue was identified in the VmFd::createdevice function, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules. The function downcasted a mutable reference to its struct kvmcreatedevice argument to an immutabl...

MAL-2024-11194 Malicious code in com.immutable.marketplace (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3bb0ea7f31fd8a3852b644ba2f2c2fe21351eb754ce4718c5418c06b02bf36c9 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-8357

Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to exploit this...

Malicious code in redux-store-immutable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59b3c7c3c688154e0e3a57a2a85b1e6f27a506c0a4020c324d3d5120a517cad0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10778 Malicious code in redux-store-immutable (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 59b3c7c3c688154e0e3a57a2a85b1e6f27a506c0a4020c324d3d5120a517cad0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-10560 Malicious code in immutable-axelar-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d36818770ca9a97d6b714a041348e2e44a341e8d2f017aff4fb1dc912d185e41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in immutable-axelar-bridge (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d36818770ca9a97d6b714a041348e2e44a341e8d2f017aff4fb1dc912d185e41 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Repository upgrade error: "Some of the data in this repository is incompatible with the immutability settings."

Solution Requires Data Deletion The resolution procedure of this article involves the directed deletion of backup data that should not have been migrated to the immutable repository. Please review all details of the article closely, and contact Veeam Support if you would like assistance. Challeng...

Release Information for Veeam Backup for Microsoft Azure 7 Cumulative Patches

Requirements Please confirm that you are running version Veeam Backup for Microsoft Azure v7 build 7.0.0.467 or later before upgrading. You can find the currently installed build number Product version in the About section under Configuration | Support Information | Updates. After installing Veea...

UBUNTU-CVE-2023-52886

In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev-descriptor in hubportinit Syzbot reported an out-of-bounds read in sysfs.c:readdescriptors: BUG: KASAN: slab-out-of-bounds in readdescriptors+0x263/0x280 drivers/usb/core/sysfs.c:883 Re...

CBL Mariner 2.0 Security Update: python-cryptography (CVE-2023-23931)

The version of python-cryptography installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-23931 advisory. - cryptography is a package designed to expose cryptographic primitives and recipes to Python...

Malicious code in activemodel-immutable-validator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-6463 Malicious code in activemodel-immutable-validator (RubyGems)

--- -= Per source details. Do not edit below this line.=-...

Memory leak while accessing <base-url>label/<labelname> (label search) on objects created in io.micrometer.core.instrument.ImmutableTag

h3. Issue Summary Memory leak while accessing label/ label search on objects created in io.micrometer.core.instrument.ImmutableTag This is reproducible on the Data Center: yes h3. Steps to Reproduce Use the following script to search randomly for labels code:java while : do curl...

CVE-2023-38520 WordPress Pinpoint Booking System plugin <= 2.9.9.3.4 - Parameter Tampering

External Control of Assumed-Immutable Web Parameter vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Functionality Misuse.This issue affects Pinpoint Booking System: from n/a through 2.9.9.3.4...

CVE-2023-24373

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...

CVE-2023-24373 WordPress Booking calendar, Appointment Booking System plugin <= 3.2.3 - Bypass vulnerability

External Control of Assumed-Immutable Web Parameter vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Manipulating Hidden Fields.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3...

python-cryptography: memory corruption via immutable objects

A vulnerability was found in python-cryptography. In affected versions, Cipher.updateinto would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects such as bytes to be mutated, thus violating the fundamental rules of...