CVE-2021-47272

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Bail from dwc3gadgetexit if dwc-gadget is NULL There exists a possible scenario in which dwc3gadgetinit can fail: during during host - peripheral mode switch in dwc3setmode, and a pending gadget driver fails to...

CVE-2021-47281 ALSA: seq: Fix race of snd_seq_timer_open()

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of sndseqtimeropen The timer instance per queue is exclusive, and sndseqtimeropen should have managed the concurrent accesses. It looks as if it's checking the already existing timer instance at the beginning,...

CVE-2021-47281 ALSA: seq: Fix race of snd_seq_timer_open()

In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of sndseqtimeropen The timer instance per queue is exclusive, and sndseqtimeropen should have managed the concurrent accesses. It looks as if it's checking the already existing timer instance at the beginning,...

CVE-2024-35921 media: mediatek: vcodec: Fix oops when HEVC init fails

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the context regardless if the initialization worked or not. This caused a use after free, when the pointer is freed i...

CVE-2024-35921 media: mediatek: vcodec: Fix oops when HEVC init fails

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix oops when HEVC init fails The stateless HEVC decoder saves the instance pointer in the context regardless if the initialization worked or not. This caused a use after free, when the pointer is freed i...

Cross-Site Scripting (XSS)

apache airflow is vulnerable to Cross-site Scripting XSS. The vulnerability is caused by improper handling of user input, which allows an authenticated attacker to inject malicious JavaScript into the task instance logs...

SQLLocalDB event ID 512

The Delivery Controller event logs show numerous error Event ID: 512 Source: SQLLocalDB 14.0 The "DataDirectory" registry value is missing in the LocalDB instance registry key: 44A9EE4E-9BD8-4715-AD84-84FC18033127 The "DataDirectory" registry value is missing in the LocalDB instance registry key:...

Apache Airflow: XSS vulnerability in Task Instance Log/Log Details

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue...

GHSA-52GM-QMG3-R4QP Apache Airflow: XSS vulnerability in Task Instance Log/Log Details

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue...

CVE-2024-32077

CVE-2024-32077 concerns Apache Airflow 2.9.0 with a cross-site scripting (XSS) vulnerability in Task Instance Log/Log Details. An authenticated attacker can inject malicious data into task instance logs due to insufficient input handling, leading to XSS when logs are viewed. The affected product ...

CVE-2024-32077 Apache Airflow: XSS vulnerability in Task Instance Log/Log Details

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue...

CVE-2024-32077 Apache Airflow: XSS vulnerability in Task Instance Log/Log Details

Apache Airflow version 2.9.0 has a vulnerability that allows an authenticated attacker to inject malicious data into the task instance logs. Users are recommended to upgrade to version 2.9.1, which fixes this issue...

PT-2024-24381 · Apache · Apache Airflow

Name of the Vulnerable Software and Affected Versions: Apache Airflow version 2.9.0 Description: The issue allows an authenticated attacker to inject malicious data into the task instance logs. This is a critical security vulnerability that enables attackers to inject data into the task instance...

Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service

Important: Exploiting this vulnerability requires the attacker to have access to your Frigate instance, which means they could also just delete all of your recordings or perform any other action. If you have configured authentication in front of Frigate via a reverse proxy, then this vulnerabilit...

CVE-2024-33612

An improper certificate validation vulnerability exists in BIG-IP Next Central Manager and may allow an attacker to impersonate an Instance Provider system. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-32049

BIG-IP Next Central Manager CM may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2024-32049 BIG-IP Next Central Manager vulnerability

BIG-IP Next Central Manager CM may allow an unauthenticated, remote attacker to obtain the BIG-IP Next LTM/WAF instance credentials. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000138634: BIG-IP Next Central Manager vulnerability CVE-2024-32049

Security Advisory Description BIG-IP Next Central Manager may allow an unauthenticated, remote attacker to obtain BIG-IP Next LTM/WAF instance credentials. CVE-2024-32049 Impact This vulnerability may allow an unauthenticated attacker in a man-in-the-middle MITM position between a BIG-IP Next...

F5 BIG-IP Next Central Manager 信任管理问题漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. A man-in-the-middle attack vulnerability exists in F5 BIG-IP Next Central Manager, which can be exploited by an attacker to...

Oracle Linux 9 : bind (ELSA-2024-2551)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2551 advisory. - Prevent crashing at masterformat system test CVE-2023-6516 - Add downstream change complementing CVE-2023-50387 - Prevent increased CPU load on large...