Design/Logic Flaw

Discourse is an open-source messaging platform. In versions 3.0.1 and prior on the stable branch and versions 3.1.0.beta2 and prior on the beta and tests-passed branches, the count of personal messages displayed for a tag is a count of all personal messages regardless of whether the personal...

Debian: Security Advisory (DLA-207-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DLA-293-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-26054

BuildKit's CVE-2023-26054 vulnerability occurs when a build request includes a Git URL containing credentials and BuildKit creates a provenance attestation; the credentials could be exposed to anyone with access to the attestation. This affects builds using provenance attestations and VCS hints i...

CVE-2023-26054 Credentials inlined to Git URLs could end up in provenance attestation in BuildKit

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build,...

segmentation fault in regexp.c:1788

Description SIGSEGV raised on regtilde function at regexp.c. As the function processes the tainted string inside the poc file, constant calls to the alloc function with ever-increasing size actually exhausts memory and the process terminates. At last negative size value is assigned. Version $ git...

SUSE CVE-2004-0180

The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405...

SUSE CVE-2004-0396

Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines...

SUSE CVE-2005-0753

Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code...

SUSE CVE-2008-1290

ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion SVN commits, which allows remote attackers to obtain sensitive information...

SUSE CVE-2010-3846

Array index error in the applyrcschange function in rcs.c in CVS 1.11.23 allows local users to gain privileges via an RCS file containing crafted delta fragment changes that trigger a heap-based buffer overflow...

CVE-2022-4379 affecting package hyperv-daemons for versions less than 5.15.92.1-1

CVE-2022-4379 affecting package hyperv-daemons for versions less than 5.15.92.1-1. This CVE either no longer is or was never applicable...

GSD-2023-1002286 wifi: rndis_wlan: Prevent buffer overflow in rndis_query_oid

wifi: rndiswlan: Prevent buffer overflow in rndisqueryoid This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.14.305 by commit...

GSD-2023-1002046 ALSA: hda/via: Avoid potential array out-of-bound in add_secret_dac_path()

ALSA: hda/via: Avoid potential array out-of-bound in addsecretdacpath This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.93 by commit...

GSD-2023-1001961 USB: gadgetfs: Fix race between mounting and unmounting

USB: gadgetfs: Fix race between mounting and unmounting This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.1.8 by commit...

GSD-2023-1001290 media: s5p-mfc: Clear workbit to handle error condition

media: s5p-mfc: Clear workbit to handle error condition This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.10.163 by commit...

GSD-2023-1000704 f2fs: fix the assign logic of iocb

f2fs: fix the assign logic of iocb This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit d555aa37566c5c3728f2e52047a9722eae2aed93, i...

GSD-2023-1000636 iommu/mediatek: Check return value after calling platform_get_resource()

iommu/mediatek: Check return value after calling platformgetresource This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

GSD-2023-1000624 nfc: pn533: Clear nfc_target before being used

nfc: pn533: Clear nfctarget before being used This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.16 by commit...

Debian dla-3266 : viewvc - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3266 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3266-1 [email protected]...