PT-2024-8531

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a use-after-free vulnerability in the btrfs file system. It can be triggered when mounting btrfs from two images with the same fsid and different dev uuids in a...

IBM Concert 安全漏洞

IBM Concert is an enterprise collaboration platform from IBM. IBM Concert suffers from a cross-site request forgery vulnerability vulnerability due to a failure to set the SameSite attribute for cookies. An attacker could exploit this vulnerability to conduct a cross-site request forgery CSRF...

SUSE CVE-2024-47741

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race setting file private on concurrent lseek using same fd When doing concurrent lseek2 system calls against the same file descriptor, using multiple threads belonging to the same process, we have a short time window...

AZL-50853 CVE-2024-47741 affecting package kernel for versions less than 6.6.56.1-5

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race setting file private on concurrent lseek using same fd When doing concurrent lseek2 system calls against the same file descriptor, using multiple threads belonging to the same process, we have a short time window...

UBUNTU-CVE-2024-47741

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race setting file private on concurrent lseek using same fd When doing concurrent lseek2 system calls against the same file descriptor, using multiple threads belonging to the same process, we have a short time window...

CVE-2024-47741

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race setting file private on concurrent lseek using same fd When doing concurrent lseek2 system calls against the same file descriptor, using multiple threads belonging to the same process, we have a short time window...

PT-2024-31735 · Solarwinds · Serv-U

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a Cross Site Scripting XSS vulnerability. An authenticated attacker, with the same permissions as the users, can modify a variable wi...

BIT-MLFLOW-2024-3099

A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service DoS as an authenticated user might not be able to use the intended model, as it will open a different model each time...

CVE-2024-44946

...

SUSE CVE-2023-29547

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for...

firefox: thunderbird: Cross-origin access to JSON contents through multipart responses

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...

CentOS 7 : firefox (RHSA-2022:7069)

The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:7069 advisory. - A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via performance.getEntries...

firefox: thunderbird: Cross-origin access to JSON contents through multipart responses

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...

PT-2024-19854 · Fastrpc · Fastrpc

Name of the Vulnerable Software and Affected Versions: Fastrpc affected versions not specified Description: The issue is related to memory corruption that occurs when two threads attempt to free the same map in a concurrent scenario while unmapping the fastrpc map. Recommendations: At the moment,...

CVE-2024-8149

There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...

firefox: thunderbird: Cross-origin access to JSON contents through multipart responses

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...

firefox: thunderbird: Cross-origin access to JSON contents through multipart responses

A flaw was found in Mozilla. The Mozilla Foundation's Security Advisory describes the issue as follows: An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the resource://devtools origin. This could allow them to access cross-origin JSON content. This...

undertow: Improper State Management in Proxy Protocol parsing causes information leakage

A vulnerability was found in Undertow where the ProxyProtocolReadListener reuses the same StringBuilder instance across multiple requests. This issue occurs when the parseProxyProtocolV1 method processes multiple requests on the same HTTP connection. As a result, different requests may share the...

CVE-2024-28948

Advantech ADAM-5630 contains a cross-site request forgery CSRF vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other...

CVE-2024-28948

Advantech ADAM-5630 contains a cross-site request forgery CSRF vulnerability. It allows an attacker to partly circumvent the same origin policy, which is designed to prevent different websites from interfering with each other...