CVE-2024-56731 - Gogs Remote Command Execution Vulnerability

CVE ID : CVE-2024-56731

Published : June 24, 2025, 4:15 a.m. | 1 hour ago

Description : Gogs is an open source self-hosted Git service. Prior to version 0.13.3, it’s still possible to delete files under the .git directory and achieve remote command execution due to an insufficient patch for CVE-2024-39931. Unprivileged user accounts can execute arbitrary commands on the Gogs instance with the privileges of the account specified by RUN_USER in the configuration. Allowing attackers to access and alter any users’ code hosted on the same instance. This issue has been patched in version 0.13.3.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

CVE-2023-53122 – RISC-V SiFive Errata Patching Mutex Vulnerability

May 2, 2025

CVE ID : CVE-2023-53122

Published : May 2, 2025, 4:15 p.m. | 34 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

RISC-V: fix taking the text_mutex twice during sifive errata patching

Chris pointed out that some bonehead, *cough* me *cough*, added two
mutex_locks() to the SiFive errata patching. The second was meant to
have been a mutex_unlock().

This results in errors such as

Unable to handle kernel NULL pointer dereference at virtual address 0000000000000030
Oops [#1]
Modules linked in:
CPU: 0 PID: 0 Comm: swapper Not tainted
6.2.0-rc1-starlight-00079-g9493e6f3ce02 #229
Hardware name: BeagleV Starlight Beta (DT)
epc : __schedule+0x42/0x500
ra : schedule+0x46/0xce
epc : ffffffff8065957c ra : ffffffff80659a80 sp : ffffffff81203c80
gp : ffffffff812d50a0 tp : ffffffff8120db40 t0 : ffffffff81203d68
t1 : 0000000000000001 t2 : 4c45203a76637369 s0 : ffffffff81203cf0
s1 : ffffffff8120db40 a0 : 0000000000000000 a1 : ffffffff81213958
a2 : ffffffff81213958 a3 : 0000000000000000 a4 : 0000000000000000
a5 : ffffffff80a1bd00 a6 : 0000000000000000 a7 : 0000000052464e43
s2 : ffffffff8120db41 s3 : ffffffff80a1ad00 s4 : 0000000000000000
s5 : 0000000000000002 s6 : ffffffff81213938 s7 : 0000000000000000
s8 : 0000000000000000 s9 : 0000000000000001 s10: ffffffff812d7204
s11: ffffffff80d3c920 t3 : 0000000000000001 t4 : ffffffff812e6dd7
t5 : ffffffff812e6dd8 t6 : ffffffff81203bb8
status: 0000000200000100 badaddr: 0000000000000030 cause: 000000000000000d
[] schedule+0x46/0xce
[] schedule_preempt_disabled+0x16/0x28
[] __mutex_lock.constprop.0+0x3fe/0x652
[] __mutex_lock_slowpath+0xe/0x16
[] mutex_lock+0x42/0x4c
[] sifive_errata_patch_func+0xf6/0x18c
[] _apply_alternatives+0x74/0x76
[] apply_boot_alternatives+0x3c/0xfa
[] setup_arch+0x60c/0x640
[] start_kernel+0x8e/0x99c
—[ end trace 0000000000000000 ]—

[Palmer: pick up Geert’s bug report from the thread]

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2024-56731 – Gogs Remote Command Execution Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Windows Security in 2025: Battling Sophisticated Threats with Advanced Defenses

CVE-2025-0679 – GitLab Email Address Disclosure Vulnerability

New Elden Ring Nightreign update adds ‘Everdark Sovereign’ bosses — I hope you’re ready to get wrecked all over again

CVE-2025-46762 – Apache Parquet Parquet-avro Remote Code Execution Vulnerability

CVE-2023-53122 – RISC-V SiFive Errata Patching Mutex Vulnerability

Microsoft says ‘we have threads at home’ — rolls out feature Slack has had for years

Apple may have bigger fish to fry with OpenAI’s rumored ChatGPT Screenless phone — beyond President Trump’s stringent tariffs on the iPhone

CVE-2025-3644 – Moodle Course Section Deletion Privilege Escalation Vulnerability

CVE-2024-56731 – Gogs Remote Command Execution Vulnerability

Related Posts