65 matches found
UBUNTU-CVE-2024-26750
In the Linux kernel, the following vulnerability has been resolved: afunix: Drop oobskb ref before purging queue in GC. syzbot reported another task hung in unixgc. 0 The current while loop assumes that all of the left candidates have oobskb and calling kfreeskboobskb releases the remaining...
CVE-2024-26780 af_unix: Fix task hung while purging oob_skb in GC.
In the Linux kernel, the following vulnerability has been resolved: afunix: Fix task hung while purging oobskb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in listforeachentrysafe for OOB skb. 0 syzbot demonstrated that the listforeachentrysafe was not actually...
UBUNTU-CVE-2023-38497
Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local...
Poorly Purged Medical Devices Present Security Concerns After Sale on Secondary Market
In a post-pandemic landscape, the interconnectedness of cybersecurity is front and center. Few could say that they were not at least aware of, if not directly affected by, the downstream effects of major breaches that cause impacts felt across economies. One should look at disruptions in the glob...
Fastly VDP: Unauthenticated cache purging
An unauthenticated cache purging vulnerability was found in the website of Fanout.io, allowing unauthenticated users to purge the cache of the website. This could potentially lead to various types of attacks such as website defacement, unauthorized access to sensitive data, or denial of service D...
CVE-2021-37842
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...
CVE-2021-37842
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...
Design/Logic Flaw
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...
CVE-2021-37842
metakv in Couchbase Server 7.0.0 uses Cleartext for Storage of Sensitive Information. Remote Cluster XDCR credentials can get leaked in debug logs. Config key tombstone purging was added in Couchbase Server 7.0.0. This issue happens when a config key, which is being logged, has a tombstone purger...
CVE-2021-37842
CVE-2021-37842 affects Couchbase Server 7.0.0 (metakv). The issue arises from using cleartext storage of sensitive information, enabling potential leakage of Remote Cluster XDCR credentials in debug logs when a config key being logged has an attached tombstone purge timestamp. The Connected docum...
Traefik has an Improper Certificate Handling issue
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging...
CVE-2021-38342
The Nested Pages WordPress plugin = 3.1.15 was vulnerable to Cross-Site Request Forgery via the npBulkActions and npBulkEdit adminpost actions, which allowed attackers to trash or permanently purge arbitrary posts as well as changing their status, reassigning their ownership, and editing other...
Security fix for the ALT Linux 9 package mediawiki version 1.36.1-alt1
1.36.1-alt1 built June 30, 2021 Vitaly Lipatov in task 274917 June 27, 2021 Vitaly Lipatov - new version 1.36.1 with rpmrb script - T280226, CVE-2021-35197: Prevent blocked users from purging pages...
haml 跨站脚本漏洞
haml is an open source HTML abstract markup language from the Haml HAML team. A cross-site scripting vulnerability exists in haml-coffee, which supports overriding a range of HTML helper functions through its configuration options. Control of the escapeHtml parameter through template configuratio...
[SECURITY] [DSA 4806-2] minidlna regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-4806-2 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 05, 2021 https://www.debian.org/security/faq -...
Purgalicious VBA: Macro Obfuscation With VBA Purging
Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in Februa...
System Center 2012 Operations Manager SP1 Update Rollup 5
System Center 2012 Operations Manager SP1 Update Rollup 5 Introduction This article describes the issues that are fixed in Update Rollup 5 for Microsoft System Center 2012 Operations Manager Service Pack 1 SP1. Additionally, this article contains the installation instructions for Update Rollup 5...
CVE-2020-9321
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging...
Code injection
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging...
CVE-2020-9321
configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging...