CVE-2023-31101 Apache InLong: Users who joined later can see the data of deleted users

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

CVE-2023-31101

CVE-2023-31101 affects Apache InLong 1.5.0–1.6.0 and allows users registered later to see data from deleted users due to insecure default initialization of resources. The vulnerability is categorized as an information disclosure issue; the publicly available fix is to upgrade to InLong 1.7.0 or c...

CVE-2023-31101 Apache InLong: Users who joined later can see the data of deleted users

Insecure Default Initialization of Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.5.0 through 1.6.0. Users registered in InLong who joined later can see deleted users' data. Users are advised to upgrade to Apache InLong's 1.7.0 or...

PT-2023-23156 · Apache · Apache Inlong

Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.5.0 through 1.6.0 Description: This issue allows users registered in InLong who joined later to see deleted users' data. The problem is related to insecure default initialization of resources. Recommendations: For...

USN-6084-1 linux-gcp-4.15, linux-oracle vulnerabilities

Jordy Zomer and Alexandra Sandulescu discovered that the Linux kernel did not properly implement speculative execution barriers in usercopy functions in certain situations. A local attacker could use this to expose sensitive information kernel memory. CVE-2023-0459 Xingyuan Mo discovered that the...

USN-6080-1 linux, linux-aws, linux-aws-5.15, linux-azure, linux-azure-5.15, linux-azure-fde, linux-azure-fde-5.15, linux-hwe-5.15, linux-ibm, linux-kvm, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-oracle vulnerabilities

It was discovered that some AMD x86-64 processors with SMT enabled could speculatively execute instructions using a return address from a sibling thread. A local attacker could possibly use this to expose sensitive information. CVE-2022-27672 Zheng Wang discovered that the Intel i915 graphics...

kernel: drm/amd/pm: Fix a potential gpu_metrics_table memory leak

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix a potential gpumetricstable memory leak Memory is allocated for gpumetricstable in smuv1304initsmctables, but not freed in smuv1304finismctables. This may cause memory leaks, fix it...

kernel: sctp: handle the error returned from sctp_auth_asoc_init_active_key

In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctpauthasocinitactivekey When it returns an error from sctpauthasocinitactivekey, the activekey is actually not updated. The old shkey will be freeed while it's still used as active key in...

kernel: scsi: sd: Fix potential NULL pointer dereference

A flaw was found in the Linux kernel's SCSI subsystem. A NULL pointer dereference can be triggered when an error occurs before the sdkp-device object is fully initialized, causing a system crash and a denial of service...

kernel: staging: fbtft: core: set smem_len before fb_deferred_io_init call

A flaw was found in the fbtft module in the Linux kernel. An incorrect order of operations can cause an improper initialization of framebuffer devices, potentially impacting system stability and resulting in a denial of service...

kernel: RDMA/rxe: Fix error unwind in rxe_create_qp()

In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix error unwind in rxecreateqp In the function rxecreateqp, rxeqpfrominit is called to initialize qp, internally things like the spin locks are not setup until rxeqpinitreq. If an error occures before this point then t...

kernel: fbdev: defio: fix the pagelist corruption

In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: fix the pagelist corruption Easily hit the below list corruption: == listadd corruption. prev-next should be next ffffffffc0ceb090, but was ffffec604507edc8. prev=ffffec604507edc8. WARNING: CPU: 65 PID: 3959 at...

kernel: drm/virtio: improper return value check in virtio_gpu_object_shmem_init()

In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpuobject.c misinterprets the drmgemshmemgetsgtable return value expects it to be NULL in the error case, whereas it is actually an error pointer...

In Qt before 5.15.14 6.0.x through 6.2.x before 6.2.9 and 6.3.x through 6.5.x before 6.5.1 QtSvg QSvgFont m_unitsPerEm initialization is mishandled.

...

Design/Logic Flaw

Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization...

CVE-2023-2514

CVE-2023-2514 concerns Mattermost Server. According to the connected sources, during server initialization the application logs may reveal the database username and password because redaction is not performed before emission. The issue is described across multiple feeds (NVD, Red Hat, Veracode, C...

CVE-2023-2514 DB username/password revealed in application logs

Mattermost Sever fails to redact the DB username and password before emitting an application log during server initialization...

Autodesk 3DS Max USD File Parsing Uninitialized Pointer Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Autodesk 3DS Max. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

Adobe Dimension SKP File Parsing Uninitialized Variable Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

Mattermost 日志信息泄露漏洞

Mattermost is an open source collaboration platform from US-based Mattermost. A log information disclosure vulnerability exists in Mattermost Sever, which stems from the inability to edit database usernames and passwords before issuing application logs during server initialization...