praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}

Summary Type: Authorization bypass enabling destructive action. The DELETE /workspaces/workspaceid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member of the workspace can issue a single DELETE to wipe the entire workspace, including every project,...

GHSA-G8RR-7RJ2-F627 praisonai-platform: Any workspace member can delete the entire workspace via DELETE /workspaces/{id}

Summary Type: Authorization bypass enabling destructive action. The DELETE /workspaces/workspaceid endpoint is gated only by requireworkspacememberworkspaceid default minrole="member". Any member of the workspace can issue a single DELETE to wipe the entire workspace, including every project,...

UBUNTU-CVE-2023-53299

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix leak of 'r10bio-remaining' for recovery raid10syncrequest will add 'r10bio-remaining' for both rdev and replacement rdev. However, if the read io fails, recoveryrequestwrite returns without issuing the write io, in...

CVE-2023-53299 md/raid10: fix leak of 'r10bio->remaining' for recovery

In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix leak of 'r10bio-remaining' for recovery raid10syncrequest will add 'r10bio-remaining' for both rdev and replacement rdev. However, if the read io fails, recoveryrequestwrite returns without issuing the write io, in...

UBUNTU-CVE-2024-26762

In the Linux kernel, the following vulnerability has been resolved: cxl/pci: Skip to handle RAS errors if CXL.mem device is detached The PCI AER model is an awkward fit for CXL error handling. While the expectation is that a PCI device can escalate to link reset to recover from an AER event, the...