CVE-2024-50220 fork: do not invoke uffd on fork if error occurs

In the Linux kernel, the following vulnerability has been resolved: fork: do not invoke uffd on fork if error occurs Patch series "fork: do not expose incomplete mm on fork". During fork we may place the virtual memory address space into an inconsistent state before the fork operation is complete...

CVE-2024-52312

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2024-52312

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2024-52312 data.all authenticated users can perform restricted operations against DataSets and Environments

Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments...

CVE-2024-52312

CVE-2024-52312 affects data.all (open source framework). The issue stems from inconsistent authorization permissions that may allow an authenticated external actor to perform restricted operations on DataSets and Environments. Documents provide MEDIUM severity (CVSS 3.1/4.0) and describe the root...

Froala WYSIWYG editor allows cross-site scripting (XSS)

Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier...

PT-2024-35172 · Alldata · Alldata

Name of the Vulnerable Software and Affected Versions: data.all affected versions not specified Description: The issue is related to inconsistent authorization permissions in data.all, which may allow an external actor with an authenticated account to perform restricted operations against DataSet...

CVE-2024-51434

Inconsistent tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier...

curl: Inconsistent URL Parsing in curl Leading to Potential SSRF and Access Control Bypass

0x01 Summary An inconsistency in URL parsing within curl's URL handling leads to potential security risks such as Server-Side Request Forgery SSRF and access control bypasses. Specifically, when parsing URLs containing IPv6 addresses with zone identifiers e.g., http://fe80::1%25eth0/, curl's pars...

CVE-2024-49980

In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. devqueuexmitnit is expected to be called with BH disabled. devqueuexmit has the following: / Disable soft...

CVE-2024-49946

In the Linux kernel, the following vulnerability has been resolved: ppp: do not assume bh is held in pppchannelbridgeinput Networking receive path is usually handled from BH handler. However, some protocols need to acquire the socket lock, and packets might be stored in the socket backlog is the...

CVE-2024-49946 ppp: do not assume bh is held in ppp_channel_bridge_input()

In the Linux kernel, the following vulnerability has been resolved: ppp: do not assume bh is held in pppchannelbridgeinput Networking receive path is usually handled from BH handler. However, some protocols need to acquire the socket lock, and packets might be stored in the socket backlog is the...

CVE-2024-49946 ppp: do not assume bh is held in ppp_channel_bridge_input()

In the Linux kernel, the following vulnerability has been resolved: ppp: do not assume bh is held in pppchannelbridgeinput Networking receive path is usually handled from BH handler. However, some protocols need to acquire the socket lock, and packets might be stored in the socket backlog is the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an inconsistent lock state issue in the pppchannelbridgeinput function in the ppp subsystem...

webkitgtk: Visiting a malicious website may lead to address bar spoofing

A flaw was found in WebKit. This flaw allows a remote attacker to conduct spoofing attacks by exploiting an inconsistent user interface issue. The attacker could perform address bar spoofing by tricking a victim into visiting a specially crafted website...

CVE-2024-47534

CVE-2024-47534 affects the go-tuf Go TUF client. The root cause is incorrect delegation tracing: when targets delegate to A and B, and B delegates to C, the client may traverse B→C→A instead of A→B→C, due to the way GetRolesForTarget maps are handled in metadata.go. This can cause the client to t...

CVE-2024-40866

A flaw was found in WebKit. This flaw allows a remote attacker to conduct spoofing attacks by exploiting an inconsistent user interface issue. The attacker could perform address bar spoofing by tricking a victim into visiting a specially crafted website. Mitigation Mitigation for this issue is...

CVE-2024-42342

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...

CVE-2024-42342 Loway - CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Loway - CWE-444: Inconsistent Interpretation of HTTP Requests 'HTTP Request/Response Smuggling'...

`Endpoint::retry()` calls can lead to panicking

In 0.11.0, we overhauled the server-side Endpoint implementation to enable more careful handling of incoming connection attempts. However, some of the code paths that cleaned up state after connection attempts were processed confused the initial destination connection ID with the destination...