GSD-2022-1008234 bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb()

bpf, testrun: Fix alignment problem in bpfprogtestrunskb This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.267 by commit...

GSD-2022-1008046 mISDN: fix misuse of put_device() in mISDN_register_device()

mISDN: fix misuse of putdevice in mISDNregisterdevice This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.156 by commit...

GSD-2022-1007799 capabilities: fix undefined behavior in bit shift for CAP_TO_MASK

capabilities: fix undefined behavior in bit shift for CAPTOMASK This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.9 by commit...

GSD-2022-1007633 mm,hugetlb: take hugetlb_lock before decrementing h->resv_huge_pages

mm,hugetlb: take hugetlblock before decrementing h-resvhugepages This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.332 by commit...

GSD-2022-1007623 ALSA: aoa: i2sbus: fix possible memory leak in i2sbus_add_dev()

ALSA: aoa: i2sbus: fix possible memory leak in i2sbusadddev This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.332 by commit...

GSD-2022-1007597 memory: of: Fix refcount leak bug in of_get_ddr_timings()

memory: of: Fix refcount leak bug in ofgetddrtimings This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.296 by commit...

GSD-2022-1006788 crypto: qat - fix DMA transfer direction

crypto: qat - fix DMA transfer direction This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.3 by commit...

Exploit for Open Redirect in Git-Scm Git

CVE-2017-1000117 借鉴使用github平台的AnonymKing/CVE-2017-1000117仓库 项目简介 + CVE-2017-1000117 漏洞的复现（PoC+Exp） + Git2.12.1 + SSH 漏洞简介： + 漏洞名称： Git命令注入漏洞 + CNNVD编号：CNNVD-201708-670 + 危害等级：中危 + CVE编号：CVE-2017-1000117 + 漏洞类型：命令注入 + 发布时间：2017-08-16...

GHSA-8G2P-5PQH-5JMC .NET Information Disclosure Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET, .NET Core and .NET Framework's System.Data.SqlClient and Microsoft.Data.SqlClient NuGet Packages. A vulnerability exists in System.Data.SqlClient and Microsoft.Data.SqlClient libraries where a...

GitLab 15.0 < 15.3.5 / 15.4 < 15.4.4 / 15.5 < 15.5.2 (CVE-2022-3819)

The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal note...

Design/Logic Flaw

Git is an open source, scalable, distributed revision control system. Versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 are subject to exposure of sensitive information to a malicious actor. When performing a local clone where the source and target of the clone...

CVE-2022-39253

Summary (facts grounded to provided docs): CVE-2022-39253 affects Git versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, exposing sensitive data via local clones where source and target are on the same volume. The vulnerability arises when cloning a repository l...

Cisco Touch 10 Devices Downgrade Vulnerability

A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device. This vulnerability is due to insufficient version control. An attacker could...

Bytebase licensing issue vulnerability

Bytebase is Bytebase's open source web-based, zero-configuration, dependency-free database schema change and version control management tool for DevOps teams. projects", which can be exploited by an attacker to view "projects" created by "Admin"...

The vulnerability of the centralized Subversion version control system, related to improper authorization, allows a violator to gain access to confidential data.

The vulnerability of the centralized version control system Subversion is related to improper authorization. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain access to confidential data...

GSD-2022-1005573 tty: n_gsm: fix wrong queuing behavior in gsm_dlci_data_output()

tty: ngsm: fix wrong queuing behavior in gsmdlcidataoutput This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.61 by commit...

GSD-2022-1005496 stmmac: intel: Add a missing clk_disable_unprepare() call in intel_eth_pci_remove()

stmmac: intel: Add a missing clkdisableunprepare call in intelethpciremove This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.63 by commit...

PYSEC-2022-266

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoid...

CVE-2022-36010 Arbitrary code execution via function parsing in react-editable-json-tree

This library allows strings to be parsed as functions and stored as a specialized component, JsonFunctionValue. To do this, Javascript's eval function is used to execute strings that begin with "function" as Javascript. This unfortunately could allow arbitrary code to be executed if it exists as ...

GSD-2022-1004532 tcp: Fix a data-race around sysctl_tcp_probe_threshold.

tcp: Fix a data-race around sysctltcpprobethreshold. This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.134 by commit...