Fluent Bit 安全漏洞

Fluent Bit is an open source log processing and analysis system written in C by Fluent Open Source. A security vulnerability exists in Fluent Bit that stems from not properly cleaning up tagged values, which could lead to a path traversal attack that allows files to be written to unintended...

UBUNTU-CVE-2022-49694

In the Linux kernel, the following vulnerability has been resolved: block: disable the elevator int delgendisk The elevator is only used for file system requests, which are stopped in delgendisk. Move disabling the elevator and freeing the scheduler tags to the end of delgendisk instead of doing...

CodiMD Security Vulnerabilities

CodiMD is a real-time collaborative note-taking application open-sourced by HackMD. A security vulnerability exists in CodiMD version 2.5.3, which stems from a vulnerability that allows rendering of HTML tags with improperly cleaned up tags, which enables an attacker to perform cross-site scripti...

DEBIAN-CVE-2022-48650

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qlt24xxhandleabts Commit 8f394da36a36 "scsi: qla2xxx: Drop TARGETSCFLOOKUPLUNFROMTAG" made the qlt24xxhandleabts function return early if tcmqla2xxxfindcmdbytag didn't find a command, but it miss...

Nextcloud 跨站脚本漏洞

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A cross-site scripting vulnerability exists in Nextcloud Desktop Client versions prior to 3.6.3, which stems from a lack of cleanup of qml tags, leading to...

GROWI 及更早跨站脚本漏洞

Weseek Growi is an open source wiki system that can be written in Markdown by Weseek Japan. A security vulnerability in GROWI v4.2.19 and earlier versions, which stems from insufficient tag cleanup, allows remote attackers to execute arbitrary scripts on the web browsers of users accessing...