GHSA-P2J4-C4G6-RPF5 Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks

Summary Arc's user-SQL validator internal/api/query.go:ValidateSQLRequest blocked only readparquet and arcpartitionagg via regex denylist. The broader DuckDB I/O function family — readcsvauto, readcsv, readjson, readjsonauto, readtext, readblob, glob, parquetmetadata, parquetschema, readxlsx, etc...

Ubuntu Update for linux vulnerabilities USN-614-1

Ubuntu Update for Linux kernel vulnerabilities USN-614-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6141.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for linux vulnerabilities USN-614-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS. Multiple signedness errors mixed signed and unsigned numbers in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsy...