CVE-2024-30808

An issue was discovered in Bento4 v1.6.0-641-2-g1529b83. There is a heap-use-after-free in AP4SubStream::AP4SubStream at Ap4ByteStream.cpp, leading to a Denial of Service DoS, as demonstrated by mp42ts...

Client drive not mapping after reconnection

Client drive mapped via CDM disappeared after reconnecting by session reliability...

PT-2024-23614 · Qdrant · Qdrant

Name of the Vulnerable Software and Affected Versions: Qdrant versions 1.6.1 through 1.8.2 Description: A critical issue affects some unknown processing of the file lib/collection/src/collection/snapshots.rs of the component Full Snapshot REST API, leading to path traversal. The manipulation of...

CVE-2023-6371 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 16.8.5, all versions starting from 16.9 before 16.9.3, all versions starting from 16.10 before 16.10.1. A wiki page with a crafted payload may lead to a Stored XSS, allowing attackers to perform arbitrary actions on behalf...

BELL-CVE-2024-2466

Bulletin has no description...

CVE-2021-47141

In the Linux kernel, the following vulnerability has been resolved: gve: Add NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv-msixvectors. If we failed to allocate priv-msixvectors see abortwithmsixvectors this could lead to a NULL pointer dereference if the...

Citrix HDX サービスが 2 月 29 日にクラッシュします

2月29日にプロセス WebSocketService.exe がクラッシュしています。...

ALPINE-CVE-2023-46841

Recent x86 CPUs offer functionality named Control-flow Enforcement Technology CET. A sub-feature of this are Shadow Stacks CET-SS. CET-SS is a hardware feature designed to protect against Return Oriented Programming attacks. When enabled, traditional stacks holding both data and return addresses...

Unable to delete versions of vdisks after creating a new merged base

Unable to delete previous versions of a vdisk after merging to a new base. No Target devices were using those versions but Delete was greyed out...

BELL-CVE-2024-26611

Bulletin has no description...

BELL-CVE-2023-52583

Bulletin has no description...

Fail to install Probe Agent 2311

2311 Probe Agent can not be installed with the error in following screenshot...

BIT-GITLAB-2022-0151

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. GitLab was not correctly handling requests to delete existing packages which could result in a Denial ...

BIT-GITLAB-2022-3818

An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance...

BIT-TENSORFLOW-2022-36015 Integer overflow in math ops in TensorFlow

TensorFlow is an open source platform for machine learning. When RangeSize receives values that do not fit into an int64t, it crashes. We have patched the issue in GitHub commit 37e64539cd29fcfb814c4451152a60f5d107b0f0. The fix will be included in TensorFlow 2.10.0. We will also cherrypick this...

BIT-MOODLE-2020-25703

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10...

BIT-ODOO-2021-45071

Cross-site scripting XSS issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names...

BIT-LUA-2020-15888

Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free...

BIT-DISCOURSE-2023-48297 Discourse vulnerable to unlimited mentioned users in message serializer

Discourse is a platform for community discussion. The message serializer uses the full list of expanded chat mentions @all and @here which can lead to a very long array of users. This issue was patched in versions 3.1.4 and beta 3.2.0.beta5...

CVE-2021-47086

In the Linux kernel, the following vulnerability has been resolved: phonet/pep: refuse to enable an unbound pipe This ioctl implicitly assumed that the socket was already bound to a valid local socket name, i.e. Phonet object. If the socket was not bound, two separate problems would occur: 1 We'd...