776 matches found
GSD-2022-1000171 drm/nouveau: fix off by one in BIOS boundary checking
drm/nouveau: fix off by one in BIOS boundary checking This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.178 by commit...
Design/Logic Flaw
Discourse is an open source discussion platform. In versions prior to 2.8.1 in the stable branch, 2.9.0.beta2 in the beta branch, and 2.9.0.beta2 in the tests-passed branch, users can trigger a Denial of Service attack by posting a streaming URL. Parsing Oneboxes in the background job trigger an...
DEBIAN-CVE-2022-23773
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags...
GSD-2021-1002681 xen/netback: don't queue unlimited number of packages
xen/netback: don't queue unlimited number of packages This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.168 by commit...
GitLab Information Disclosure Vulnerability (CNVD-2021-99767)
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, etc. An information disclosure vulnerability exists in GitLab CE/EE, which stems from an informati...
GitLab Access Control Error Vulnerability (CNVD-2021-99768)
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE is vulnerable to an access control error that stems from the...
Microsoft OMI Management Interface Authentication Bypass Exploit
This Metasploit module demonstrates that by removing the authentication exchange, an attacker can issue requests to the local OMI management socket that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September...
python-pip: Incorrect handling of unicode separators in git references
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity...
python-pip: Incorrect handling of unicode separators in git references
A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity...
GitLab Cross-Site Scripting Vulnerability (CNVD-2021-91184)
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features.GitLab CE/EE is vulnerable to a cross-site scripting vulnerability that could b...
UVI-2021-1001579 i40e: Fix freeing of uninitialized misc IRQ vector
i40e: Fix freeing of uninitialized misc IRQ vector This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.153 by commit...
Enalean Tuleap Open Alm SQL注入漏洞
Enalean Tuleap Open Alm is a free and open source tool from Enalean France. for end-to-end traceability of application and system development. An SQL injection vulnerability exists in Enalean Tuleap Open Alm, which stems from the fact that Tuleap does not properly clean up user input when...
Design/Logic Flaw
Teleport before 6.2.12 and 7.x before 7.1.1 allows attackers to control a database connection string, in some situations, via a crafted database name or username...
Central Dogma 安全漏洞
Central Dogma is an open source service configuration version control repository based on Git, ZooKeeper and HTTP/2. A security vulnerability exists in Central Dogma that allows elevation of privilege by mirroring to an internal Dogma repository with files that manage project authorizations...
CVE-2021-37548
In JetBrains TeamCity before 2021.1, passwords in cleartext sometimes could be stored in VCS...
Jetbrains JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a distributed build management and continuous integration tool from JetBrains Jetbrains, a Czech company. The tool provides continuous unit testing, code quality analysis, and build issue analysis reporting.A security vulnerability exists in versions of JetBrains TeamCity...
GSD-2021-1001444 memory: fsl_ifc: fix leak of IO mapping on probe failure
memory: fslifc: fix leak of IO mapping on probe failure This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.276 by commit...
UVI-2021-1001340 x86/signal: Detect and prevent an alternate signal stack overflow
x86/signal: Detect and prevent an alternate signal stack overflow This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.134 by commit...
UVI-2021-1001309 net/sched: act_skbmod: Skip non-Ethernet packets
net/sched: actskbmod: Skip non-Ethernet packets This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.136 by commit...
UVI-2021-1001108 i2c: robotfuzz-osif: fix control-request directions
i2c: robotfuzz-osif: fix control-request directions This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.238 by commit...