7668 matches found
CVE-2024-35810
CVE-2024-35810 : In the Linux kernel, a fix addresses a vulnerability in drm/vmwgfx where the lifetime of bo cursor memory could be mishandled during cleanup while an atomic update is active. The kernel previously allowed cleanup to invalidate memory acquired during the atomic update, potentially...
CVE-2024-35810 drm/vmwgfx: Fix the lifetime of the bo cursor memory
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix the lifetime of the bo cursor memory The cleanup can be dispatched while the atomic update is still active, which means that the memory acquired in the atomic update needs to not be invalidated by the cleanup. The...
Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will
...
Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory
...
SUSE CVE-2024-32021
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target reposito...
EulerOS Virtualization 3.0.6.0 : python-cryptography (EulerOS-SA-2024-1700)
According to the versions of the python-cryptography packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected...
PVS export wizard reports "No Devices Found to Export"
Unable to add PVS provisioned machines to Studio Machine Catalogs. When using the Export Devices Wizard, users receive the error "No Devices Found to Export". Issue remains even after deleting and recreating the AD computer objects...
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
This security advisory fixes 4 separate vulnerabilities in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy by itself or via the LegacyBridge. First, it increases the randomness, and thus the security, of the pseudo-random bytes used to generate ...
GHSA-82RV-45PC-V28W eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
This security advisory fixes 4 separate vulnerabilities in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy by itself or via the LegacyBridge. First, it increases the randomness, and thus the security, of the pseudo-random bytes used to generate ...
AZL-42013 CVE-2024-32021 affecting package git for versions less than 2.39.4-1
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target reposito...
AZL-43042 CVE-2024-32021 affecting package git for versions less than 2.45.2-1
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target reposito...
DEBIAN-CVE-2024-32021
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, when cloning a local source repository that contains symlinks via the filesystem, Git may create hardlinks to arbitrary user-readable files on the same filesystem as the target reposito...
CVE-2024-33004
SAP Business Objects Business Intelligence Platform is vulnerable to Insecure Storage as dynamic web pages are getting cached even after logging out. On successful exploitation, the attacker can see the sensitive information through cache and can open the pages causing limited impact on...
CVE-2024-28165
SAP Business Objects Business Intelligence Platform is vulnerable to stored XSS allowing an attacker to manipulate a parameter in the Opendocument URL which could lead to high impact on Confidentiality and Integrity of the application...
PT-2024-25050 · Sap · Sap Businessobjects Business Intelligence Platform
Name of the Vulnerable Software and Affected Versions: SAP Business Objects Business Intelligence Platform affected versions not specified Description: The issue concerns insecure storage where dynamic web pages are cached even after a user logs out. This allows an attacker to potentially view...
SAP Business Objects Business Intelligence Platform 安全漏洞
SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. SAP Business Objects Business Intelligence Platform suffers from a...
SAP Business Objects Business Intelligence Platform 跨站脚本漏洞
SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A cross-site scripting vulnerability exists in SAP Business Objects...
PT-2024-3748 · Git +9 · Git +9
Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4 Description: The issue is related to Git, a revision control system. When cloning a local source repository that contains symlinks via the filesystem, Git may...
PT-2024-22311 · Sap · Sap Businessobjects Business Intelligence Platform
Name of the Vulnerable Software and Affected Versions: SAP Business Objects Business Intelligence Platform affected versions not specified Description: The issue allows an attacker to perform a stored XSS attack by manipulating a parameter in the Opendocument URL, potentially leading to a high...
Remote Code Execution (RCE)
zodb3 is vulnerable to Remote Code Execution RCE. The vulnerability is due to improper handling of certain Zope Enterprise Objects ZEO database sharing, allowing remote attackers to execute arbitrary Python code via vectors involving the ZEO network protocol...