Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from nfsd not properly handling the getclientlocked return value, which could lead to reuse after release...

GHSA-W92J-C6GR-HJ8R Mattermost Confluence Plugin has Improper Check for Unusual or Exceptional Conditions

Mattermost Confluence Plugin versions 1.5.0 fail to handle unexpected request bodies, allow\ing attackers to crash the plugin via constant hits to the server webhook endpoint with an invalid request body...

CVE-2023-30450

rpk in Redpanda before 23.1.2 mishandles the redpanda.rpcservertls field, leading to for example situations in which there is a data type mismatch that cannot be automatically fixed by rpk, and instead a user must reconfigure while a cluster is turned off in order to have TLS on broker RPC ports...

CVE-2017-18587

An issue was discovered in the hyper crate before 0.9.18 for Rust. It mishandles newlines in headers...

USN-7486-1 libfcgi vulnerability

It was discovered that FastCGI incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash or execute arbitrary code...

pnpm no-script global cache poisoning via overrides / `ignore-scripts` evasion

Summary pnpm seems to mishandle overrides and global cache: 1. Overrides from one workspace leak into npm metadata saved in global cache 2. npm metadata from global cache affects other workspaces 3. installs by default don't revalidate the data including on first lockfile generation This can make...

CVE-2024-47191

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink...

CVE-2024-47191

pamoath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink...

GHSA-WWCP-26WC-3FXM JSON-lib mishandles an unbalanced comment string

util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string...

JSON-lib mishandles an unbalanced comment string

util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string...

CVE-2024-41592

DrayTek Vigor3910 devices through 4.3.2.6 have a stack-based overflow when processing query string parameters because GetCGI mishandles extraneous ampersand characters and long key-value pairs...

Fedora: Security Advisory (FEDORA-2024-c94f884440)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

K000141088: SQLite vulnerability CVE-2017-10989

Security Advisory Description The getNodeSize function in ext/rtree/rtree.c in SQLite through 3.19.3, as used in GDAL and other products, mishandles undersized RTree blobs in a crafted database, leading to a heap-based buffer over-read or possibly unspecified other impact. CVE-2017-10989 Impact...

CVE-2024-37391

ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant'autopf\Proton\Drive' + '"' in Setup/setup.iss...

CVE-2024-39340

The authentication system of Securepoint UTM mishandles OTP keys. This allows the bypassing of second-factor verification when OTP is enabled in both the administration web interface and the user portal. Affected versions include UTM 11.5 through 12.6.4 and Reseller Preview 12.7.0. The issue has...

CVE-2024-24791

A flaw was found in Go. The net/http module mishandles specific server responses from HTTP/1.1 client requests. This issue may render a connection invalid and cause a denial of service. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the...

BIT-GOLANG-2024-24791 Denial of service due to improper 100-continue handling in net/http

The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational 200 or higher status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail...

CVE-2019-25211

CVE-2019-25211 affects golang-gin-contrib/cors (Gin Gonic CORS middleware). The issue: parseWildcardRules mishandles a trailing wildcard in an origin (e.g., https://example.community/, http://localhost.example.com/ ), allowing unintended origins. Affected versions are before 1.6.0; fixed in 1.6.0...

CVE-2019-25211

parseWildcardRules in Gin-Gonic CORS middleware before 1.6.0 mishandles a wildcard at the end of an origin string, e.g., https://example.community/ is allowed when the intention is that only https://example.com/ should be allowed, and http://localhost.example.com/ is allowed when the intention is...

Ollama < 0.1.34 Improper Input Validation

The version of Ollama installed on the remote host is prior to 0.1.34. It is, therefore, affected by an improper input validation vulnerability. Ollama before 0.1.34 does not validate the format of the digest sha256 with 64 hex digits when getting the model path, and thus mishandles the...