13 matches found
Argo CD GitOps Engine does not scrub secret values from patch errors
Impact A vulnerability was discovered in Argo CD that exposed secret values in error messages and the diff view when an invalid Kubernetes Secret resource was synced from a repository. The vulnerability assumes the user has write access to the repository and can exploit it, either intentionally o...
Vulnerabilities fixed in MISP
The developers of MISP have fixed vulnerabilities in MISP. The vulnerabilities allow a malicious person to to bypass security measures. The MISP community has released updates to fix the vulnerabilities fixes in MISP. For more information, see: https://github.com/MISP/MISP/commit...
GSD-2023-1000250 net: phy: fix null-ptr-deref while probe() failed
net: phy: fix null-ptr-deref while probe failed This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.158 by commit...
GSD-2022-1007362 KVM: arm64: vgic: Fix exit condition in scan_its_table()
KVM: arm64: vgic: Fix exit condition in scanitstable This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.221 by commit...
GSD-2022-1006493 gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully
gpiolib: cdev: Set lineeventstate::irq after IRQ register successfully This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0 by commit...
GSD-2022-1003962 net: mdio: unexport __init-annotated mdio_bus_init()
net: mdio: unexport init-annotated mdiobusinit This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.283 by commit...
GSD-2022-1003884 eth: tg3: silence the GCC 12 array-bounds warning
eth: tg3: silence the GCC 12 array-bounds warning This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.247 by commit...
GSD-2022-1001555 bpf: Fix UAF due to race between btf_try_get_module and load_module
bpf: Fix UAF due to race between btftrygetmodule and loadmodule This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.16.19 by commit...
UVI-2021-1002109 powerpc/idle: Don't corrupt back chain when going idle
powerpc/idle: Don't corrupt back chain when going idle This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.15 by commit...
UVI-2021-1001875 powerpc/idle: Don't corrupt back chain when going idle
powerpc/idle: Don't corrupt back chain when going idle This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.14.15 by commit...
UVI-2021-1000557 NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce()
NFS: Don't corrupt the value of pgbyteswritten in nfsdorecoalesce This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.9 by commit...
UVI-2021-1000408 hfsplus: prevent corruption in shrinking truncate
hfsplus: prevent corruption in shrinking truncate This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.120 by commit...
GSD-2021-1000029 dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback
dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.32 by commit...