GSD-2022-1008211 ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open()

ALSA: usb-audio: Drop sndBUGON from sndusbmidioutputopen This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.19.267 by commit...

GSD-2022-1007600 bnx2x: fix potential memory leak in bnx2x_tpa_stop()

bnx2x: fix potential memory leak in bnx2xtpastop This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.296 by commit...

GHSA-RM2X-HGR8-W343 LIEF vulnerable to denial of service through segmentation fault

A vulnerability in the LIEF::MachO::SegmentCommand::virtualaddress function of LIEF v0.12.1 allows attackers to cause a denial of service DOS through a segmentation fault via a crafted MachO file. A patch is available at commit number 24935f654f6df700a9a062298258b9485f584502...

Lack of authentication mechanism in Jenkins Git Plugin webhook

Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...

Lack of authentication mechanism in Jenkins Git Plugin webhook

Git Plugin provides a webhook endpoint at /git/notifyCommit that can be used to notify Jenkins of changes to an SCM repository. For its most basic functionality, this endpoint receives a repository URL, and Jenkins will schedule polling for all jobs configured with the specified repository. In Gi...

GSD-2022-1000762 btrfs: fix relocation crash due to premature return from btrfs_commit_transaction()

btrfs: fix relocation crash due to premature return from btrfscommittransaction This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.27 by comm...

UVI-2021-1002047 powerpc/idle: Don't corrupt back chain when going idle

powerpc/idle: Don't corrupt back chain when going idle This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.76 by commit...

GHSA-H6JH-7GV5-28VG Bad alloc in `StringNGrams` caused by integer conversion

Impact The implementation of tf.rawops.StringNGrams is vulnerable to an integer overflow issue caused by converting a signed integer value to an unsigned one and then allocating memory based on this value. python import tensorflow as tf tf.rawops.StringNGrams data='','', datasplits=0,2, separator...

openSUSE Security Update : docker / docker-runc / containerd / etc (openSUSE-2018-152)

This update for docker, docker-runc, containerd, golang-github-docker-libnetwork fixes several issues. These security issues were fixed : - CVE-2017-16539: The DefaultLinuxSpec function in oci/defaults.go docker did not block /proc/scsi pathnames, which allowed attackers to trigger data loss when...

Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability

-------------------------------------------------------- Snorby 2.6.2 - Stored Cross-site Scripting Vulnerability -------------------------------------------------------- Vendor ------ https://www.snorby.org/ Version ------- 2.6.2 Description ----------- During my research and testing of new IDS...