CVE-2022-49296 ceph: fix possible deadlock when holding Fwb to get inline_data

In the Linux kernel, the following vulnerability has been resolved: ceph: fix possible deadlock when holding Fwb to get inlinedata 1, mount with wsync. 2, create a file with ORDWR, and the request was sent to mds.0: cephatomicopen-- cephmdscdorequestopenc finishopenfile, dentry, cephopen--...

CVE-2022-49296 ceph: fix possible deadlock when holding Fwb to get inline_data

In the Linux kernel, the following vulnerability has been resolved: ceph: fix possible deadlock when holding Fwb to get inlinedata 1, mount with wsync. 2, create a file with ORDWR, and the request was sent to mds.0: cephatomicopen-- cephmdscdorequestopenc finishopenfile, dentry, cephopen--...

CVE-2022-49296

CVE-2022-49296: Linux kernel Ceph deadlock when holding Fwb to get inline_data. The vulnerability arises during cephfs/cephmds inline data handling (inline_version logic) causing a deadlock involving Fwb/Fsr caps during the getattr sequence, potentially locking the system. Connected docs indicate...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from insufficient integrity checking of inlinedots inode in f2fs...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a possible race condition in ext4 between ext4write and ext4convertinlinedata...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the f2fs module not performing integrity checks on inline inodes, which could lead to a kernel crash...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the ceph filesystem acquiring inlinedata while holding a Fwb lock could result in a deadlock...

HTTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an ARMLE payload from an HTTP server. Connect to target and spawn a command shell Module Options msf use payload/cmd/linux/http/armle/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show a...

HTTPS Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an MIPSBE payload from an HTTPS server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/https/mipsbe/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp...

SUSE CVE-2024-23794

An incorrect privilege assignment vulnerability in the inline editing functionality of OTRS can lead to privilege escalation. This flaw allows an agent with read-only permissions to gain full access to a ticket. This issue arises in very rare instances when an admin has previously enabled the...

CVE-2024-53851

Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This...

CVE-2021-39183

Owncast is an open source, self-hosted live video streaming and chat server. In affected versions inline scripts are executed when Javascript is parsed via a paste action. This issue is patched in 0.0.9 by blocking unsafe-inline Content Security Policy and specifying the script-src. The worker-sr...

CVE-2025-22570

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mdjekic Inline Tweets inline-tweets allows Stored XSS.This issue affects Inline Tweets: from n/a through = 2.0...

CVE-2024-53851

Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This...

CVE-2024-53851 Partial denial of service via inline oneboxes in Discourse

Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This...

CVE-2024-53851 Partial denial of service via inline oneboxes in Discourse

Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This...

CVE-2024-53851 Partial denial of service via inline oneboxes in Discourse

Discourse is an open source platform for community discussion. In affected versions the endpoint for generating inline oneboxes for URLs wasn't enforcing limits on the number of URLs that it accepted, allowing a malicious user to inflict denial of service on some parts of the app. This...

CVE-2024-56328 HTMLi(XSS without CSP) via Onebox urls in Discourse

Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by posting a maliciously crafted onebox url. This issue only affects sites with CSP disabled. This problem has been patched in the latest version of Discourse. Users are...

Discourse 资源管理错误漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from a resource management error vulnerability that stems from a URL endpoint that generates an inline onebox without limiting th...

PT-2025-2994 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed versions Description: The issue is related to the endpoint for generating inline oneboxes for URLs, which did not enforce limits on the number of URLs accepted, allowing a...