4 matches found
CVE-2026-53049 gfs2: add some missing log locking
In the Linux kernel, the following vulnerability has been resolved: gfs2: add some missing log locking Function gfs2logd calls the log flushing functions gfs2ail1start, gfs2ail1wait, and gfs2ail1empty without holding sdp-sdlogflushlock, but these functions require exclusion against concurrent...
CVE-2025-24889 Path traversal in sd-log Qubes virtual machine
The SecureDrop Client is a desktop application for journalists to communicate with sources and work with submissions on the SecureDrop Workstation. Prior to versions 0.14.1 and 1.0.1, an attacker who has already gained code execution in a virtual machine on the SecureDrop Workstation could gain...
SecureDrop 路径遍历漏洞
SecureDrop is an open source whistleblower submission system from the Freedom of the Press Foundation. It can be used by media organizations to securely accept documents from and communicate with anonymous sources. A path traversal vulnerability existed prior to SecureDrop version 0.14.1, which...
PT-2025-7042 · Unknown +1 · Securedrop Client +2
Name of the Vulnerable Software and Affected Versions: SecureDrop Client versions prior to 0.14.1 and 1.0.1 Description: The issue allows an attacker who has already gained code execution in a virtual machine on the SecureDrop Workstation to gain code execution in the sd-log virtual machine by...