Güncel Güvenlik Açıkları

An issue was discovered in the Linux kernel before 5.8.10. virt/kvm/kvm_main.c has a kvm_io_bus_unregister_dev memory leak upon a kmalloc failure, aka CID-f65886606c2d. Devamını Oku

An issue was discovered in the Linux kernel before 5.9. arch/x86/kvm/svm/sev.c allows attackers to cause a denial of service (soft lockup) by triggering destruction of a large SEV VM (which requires unregistering many encrypted regions), aka CID-7be74942f184. Devamını Oku

An issue was discovered in the Linux kernel before 5.8. arch/x86/kvm/svm/svm.c allows a set_memory_region_test infinite loop for certain nested page faults, aka CID-e72436bc3a52. Devamını Oku

ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. Devamını Oku

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. Devamını Oku

Redmine before 4.0.7 and 4.1.x before 4.1.1 allows attackers to discover the subject of a non-visible issue by performing a CSV export and reading time entries. Devamını Oku

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. Devamını Oku

Redmine before 4.0.7 and 4.1.x before 4.1.1 has stored XSS via textile inline links. Devamını Oku

Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. Devamını Oku

Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. Devamını Oku

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and from version 8.14.0 before 8.15.1. Devamını Oku