Todo Lists
Scheduled advisories
Advisory | Group | Package | Severity | Type |
---|---|---|---|---|
ASA-202410-1 | AVG-2857 | oath-toolkit | High | privilege escalation |
Pending advisories
Group | Package | Severity | Affected | Fixed | Ticket |
---|---|---|---|---|---|
AVG-2833 | glibc, lib32-glibc | Unknown | 2.37-1 | 2.37-2 | |
AVG-2844 | libcue | Critical | 2.2.1-3 | 2.2.1-4 | |
AVG-2845 | curl, libcurl-gnutls, libcurl-compat | High | 8.3.0-1 | 8.4.0-1 | |
AVG-2846 | lib32-curl, lib32-libcurl-gnutls, lib32-libcurl-compat | High | 8.3.0-1 | 8.4.0-1 | |
AVG-2852 | nodejs | High | 21.7.1-1 | 21.7.2-1 | |
AVG-2853 | nodejs-lts-iron | High | 20.11.1-1 | 20.12.1-1 | |
AVG-2854 | nodejs-lts-hydrogen | High | 18.18.2-2 | 18.20.1-1 | |
AVG-1390 | openjpeg2 | Medium | 2.4.0-1 | 2.5.0-1 | |
AVG-2178 | aspell | Medium | 0.60.8-2 | 0.60.8-3 | FS#71554 |
AVG-2396 | libde265 | Medium | 1.0.8-1 | 1.0.10-1 | |
AVG-2702 | openssl | Medium | 1.1.1.n-1 | 1.1.1.o-1 | |
AVG-2841 | web-ext | Medium | 7.6.0-1 | 7.6.1-1 | |
AVG-2848 | openssl | Medium | 3.1.3-1 | 3.1.4-1 | |
AVG-2849 | lib32-openssl | Medium | 1:3.1.3-1 | 1:3.1.4-1 | |
AVG-2856 | krb5 | Medium | 1.21.2-1 | 1.21.3-1 | |
AVG-1742 | avahi | Low | 0.8+22+gfd482a7-3 | 1:0.8+r127+g55d783d-1 |
Bumped packages
Group | Package | Severity | Affected | Current | Ticket |
---|---|---|---|---|---|
AVG-2847 | minizip | Critical | 1:1.3-1 |
1:1.3.1-2 [core] |
|
AVG-2762 | grub | High | 2:2.06-5 |
2:2.12-3 [core] |
|
AVG-2701 | linux-lts | High | 5.15.14-1 |
6.6.56-1 [core-testing] 6.6.54-1 [core] |
|
AVG-2275 | nim | High | 1.4.8-1 |
2.0.8-1 [extra] |
|
AVG-2272 | exim | High | 4.95-2 |
4.98-1 [extra] |
|
AVG-2190 | jre8-openjdk-headless, jdk8-openjdk | High | 8.u292-1 |
8.422.u05-1 [extra] |
|
AVG-2850 | openjpeg2 | Medium | 2.5.0-3 |
2.5.2-1 [extra] |
|
AVG-2765 | openssl | Medium | 1.1.1.o-1 |
3.3.2-1 [core] |
|
AVG-2721 | libtiff | Medium | 4.3.0-2 |
4.7.0-1 [extra] |
FS#74772 |
AVG-2683 | linux-lts | Medium | 5.15.34-1 |
6.6.56-1 [core-testing] 6.6.54-1 [core] |
|
AVG-2663 | python-twisted | Medium | 21.7.0-4 |
24.3.0-2 [extra] |
FS#74362 |
AVG-2646 | teeworlds | Medium | 0.7.5-1 |
0.7.5-3 [extra] |
|
AVG-2631 | cpanminus | Medium | 1.7044-5 |
1.7047-2 [extra] |
|
AVG-2630 | perl | Medium | 5.34.0-3 |
5.40.0-1 [core] |
|
AVG-2616 | privoxy | Medium | 3.0.32-1 |
3.0.34-3 [extra] |
|
AVG-2576 | librecad | Medium | 2.1.3-6 |
2.2.0.2-2 [extra] |
|
AVG-2520 | libheif | Medium | 1.12.0-2 |
1.18.2-2 [extra] |
|
AVG-2493 | gitlab-gitaly | Medium | 14.3.0-3 |
17.4.2-1 [extra] |
|
AVG-2406 | redis | Medium | 6.2.6-1 |
7.2.5-1 [extra] |
|
AVG-2405 | libgig | Medium | 4.3.0-3 |
4.4.1-1 [extra] |
|
AVG-2394 | kube-apiserver | Medium | 1.23.0-1 |
1.31.1-1 [extra] |
|
AVG-2367 | openvpn | Medium | 2.5.5-1 |
2.6.12-1 [extra] |
|
AVG-2345 | linux | Medium | 5.15.8.arch1-1 |
6.11.3.arch1-1 [core-testing] 6.11.2.arch1-1 [core] |
|
AVG-2313 | apr | Medium | 1.7.0-3 |
1.7.5-3 [extra] |
|
AVG-2264 | perl | Medium | 5.34.0-3 |
5.40.0-1 [core] |
|
AVG-2262 | cpio | Medium | 2.13-2 |
2.15-2 [extra] |
|
AVG-2186 | lib32-libsndfile | Medium | 1.0.31-1 |
1.2.2-2 [multilib] |
|
AVG-2142 | prusa-slicer | Medium | 2.3.3-3 |
2.8.1-2 [extra] |
|
AVG-2117 | keystone | Medium | 0.9.2-2 |
0.9.2-6 [extra] |
|
AVG-2114 | tensorflow | Medium | 2.7.0-4 |
2.18rc0-1 [extra] |
|
AVG-2111 | dcraw | Medium | 9.28.0-2 |
9.28.0-5 [extra] |
|
AVG-2102 | nginx | Medium | 1.20.2-1 |
1.26.2-1 [extra] |
|
AVG-2101 | vsftpd | Medium | 3.0.3-7 |
3.0.5-1 [extra] |
|
AVG-2100 | sox | Medium | 14.4.2-7 |
14.4.2+r184+gf3094754-1 [extra] |
|
AVG-2067 | opendmarc | Medium | 1.4.1.1-2 |
1.4.2-4 [extra] |
FS#72812 |
AVG-2048 | ming | Medium | 0.4.8.r68.g04aee523-3 |
0.4.8.r68.g04aee523-6 [extra] |
|
AVG-2014 | lib32-libgcrypt15 | Medium | 1.5.6-5 |
1.5.6-8 [multilib] |
|
AVG-2013 | libgcrypt15 | Medium | 1.5.6-4 |
1.5.6-6 [extra] |
|
AVG-1977 | gocr | Medium | 0.52-2 |
0.52-3 [extra] |
|
AVG-1957 | python-flask-caching | Medium | 1.10.1-3 |
2.3.0-1 [extra] |
|
AVG-1941 | ansible-core | Medium | 2.12.1-1 |
2.17.5-1 [extra] |
|
AVG-1892 | wget | Medium | 1.21.3-1 |
1.24.5-3 [extra] |
|
AVG-1881 | linux-hardened | Medium | 5.15.7.hardened1-1 |
6.10.12.hardened1-1 [extra] |
|
AVG-1880 | linux-zen | Medium | 5.15.8.zen1-1 |
6.11.3.zen1-1 [extra-testing] 6.11.2.zen1-1 [extra] |
|
AVG-1879 | linux | Medium | 5.15.8.arch1-1 |
6.11.3.arch1-1 [core-testing] 6.11.2.arch1-1 [core] |
|
AVG-1855 | giflib | Medium | 5.2.1-2 |
5.2.2-1 [extra] |
|
AVG-1823 | gpac | Medium | 1:1.0.1-1 |
1:2.4.0-1 [extra] |
|
AVG-1782 | gnuchess | Medium | 6.2.9-1 |
6.2.9-3 [extra] |
|
AVG-1676 | upx | Medium | 3.96-2 |
4.2.4-1 [extra] |
|
AVG-1516 | evolution | Medium | 3.42.2-1 |
3.54.0-1 [extra] |
|
AVG-1486 | bitcoin-daemon | Medium | 22.0-1 |
27.1-1 [extra] |
|
AVG-1441 | python-m2crypto | Medium | 0.38.0-3 |
0.41.0-2 [extra] |
|
AVG-1427 | podofo | Medium | 0.9.7-1 |
0.10.3-1 [extra] |
|
AVG-1420 | xdg-utils | Medium | 1.1.3+19+g9816ebb-1 |
1.2.1-1 [extra] |
|
AVG-1360 | edk2-shell | Medium | 202111-4 |
202311-1 [extra] |
|
AVG-1354 | xerces-c | Medium | 3.2.3-5 |
3.2.5-2 [extra] |
|
AVG-1346 | phpldapadmin | Medium | 1.2.6.2-2 |
1.2.6.7-1 [extra] |
|
AVG-1342 | pass | Medium | 1.7.4-1 |
1.7.4-5 [extra] |
|
AVG-2644 | mruby | Low | 3.0.0-1 |
3.3.0-1 [extra] |
|
AVG-2615 | ruby-bundler | Low | 2.2.26-1 |
2.5.16-1 [extra-testing] 2.5.11-2 [extra] |
|
AVG-2569 | go-ethereum | Low | 1.10.13-1 |
1.14.11-1 [extra] |
|
AVG-2537 | lua52 | Low | 5.2.4-5 |
5.2.4-7 [extra] |
|
AVG-2536 | lua53 | Low | 5.3.6-1 |
5.3.6-3 [extra] |
|
AVG-2404 | faust | Low | 2.37.3-1 |
2.75.7-2 [extra] |
|
AVG-2372 | python-rencode | Low | 1.0.6-7 |
1.0.6-9 [extra] |
|
AVG-2325 | nasm | Low | 2.15.05-1 |
2.16.03-1 [extra] |
|
AVG-2254 | libelfin | Low | 0.3-2 |
0.3.r7.ge017276-1 [extra] |
|
AVG-2207 | darkhttpd | Low | 1.13-1 |
1.16-1 [extra] |
|
AVG-2091 | manuskript | Low | 0.12.0-1 |
0.16.1-1 [extra] |
|
AVG-2089 | python-mpmath | Low | 1.2.1-5 |
1.3.0-3 [extra] |
|
AVG-2021 | lib32-libjpeg6-turbo | Low | 1.5.3-2 |
1.5.3-3 [multilib] |
|
AVG-1915 | kube-apiserver, kubelet, kube-proxy, kube-scheduler, kube-controller-manager | Low | 1.23.0-1 |
1.31.1-1 [extra] |
|
AVG-1896 | samurai | Low | 1.2-2 |
1.2-3 [extra] |
|
AVG-1777 | vigra | Low | 1.11.1.r45+g8acd73a5-5 |
1.12.1-1 [extra] |
|
AVG-1733 | p7zip | Low | 1:17.04-3 |
1:17.05-2 [extra] |
|
AVG-1673 | kexec-tools | Low | 2.0.21-1 |
2.0.29-2 [extra] |
|
AVG-1594 | linux | Low | 5.15.8.arch1-1 |
6.11.3.arch1-1 [core-testing] 6.11.2.arch1-1 [core] |
|
AVG-1370 | python-jsonpickle | Low | 1.5.2-3 |
3.0.2-2 [extra] |
|
AVG-1311 | audacity | Low | 1:2.4.1-4 |
1:3.6.4-1 [extra] |
|
AVG-1302 | lua51 | Low | 5.1.5-9 |
5.1.5-12 [extra] |
FS#68703 |
AVG-366 | vorbis-tools | Low | 1.4.2-2 |
1.4.2-5 [extra] |
Undetermined groups
Group | Package | Severity | Affected | Status |
---|---|---|---|---|
AVG-2725 | containerd | Unknown | 1.6.0-2 | Unknown |
AVG-2764 | ruby-puma | High | 5.6.3-1 | Unknown |
AVG-2780 | wpewebkit | Unknown | 2.36.3-1 | Unknown |
AVG-2781 | python-pyjwt | Unknown | 2.3.0-1 | Unknown |
AVG-2787 | grails | Critical | 5.1.8-1 | Unknown |
AVG-2799 | blender | Unknown | 17:3.0.1-6 | Unknown |
AVG-2809 | python-django | Unknown | 4.1-1 | Unknown |
AVG-2816 | squid | Unknown | 5.6-1 | Unknown |
AVG-2818 | connman | Unknown | 1.41-1 | Unknown |
AVG-2820 | wpewebkit | Unknown | 2.36.7-1 | Unknown |
AVG-2827 | grunt-cli | Unknown | 1.5.2-1 | Unknown |
AVG-2834 | linux-lts | High | 5.15.94-1 | Unknown |
AVG-2835 | linux-hardened | High | 6.0.19-1 | Unknown |
AVG-2836 | linux-zen | High | 6.0.12-1 | Unknown |
AVG-2842 | libtiff | Unknown | 4.4.0-1 | Unknown |
AVG-2843 | vim | Unknown | 9.0.1224-1 | Unknown |
Issues missing details
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2023-25139 | Unknown | Unknown | Unknown | buffer overflow in sprintf(3) due to a regression where after the refactor the... |
CVE-2023-25136 | Unknown | Yes | Unknown | pre-authentication double-free in unpriviledged sandboxed client process when the... |
CVE-2023-25012 | Unknown | Unknown | Unknown | Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device... |
CVE-2023-23455 | Unknown | Unknown | Insufficient validation | the return code of of tcf_classify is insufficiently validated before interpreting part of... |
CVE-2023-23454 | Unknown | Unknown | Denial of service | cbq_classify in net/sched/sch_cbq.c allows attackers to cause a denial of service... |
CVE-2023-0433 | Unknown | Unknown | Unknown | |
CVE-2023-0394 | Unknown | Unknown | Unknown | memory corruption with IPV6_CHECKSUM socket option |
CVE-2023-0288 | Unknown | Unknown | Unknown | |
CVE-2023-0266 | Unknown | Unknown | Unknown | |
CVE-2023-0122 | Unknown | Unknown | Unknown | |
CVE-2023-0054 | Unknown | Unknown | Unknown | |
CVE-2023-0049 | Unknown | Unknown | Unknown | |
CVE-2022-48281 | Unknown | Unknown | Unknown | |
CVE-2022-47946 | Unknown | Unknown | Denial of service | use-after-free in io_sqpoll_wait_sq in fs/io_uring.c allows an attacker to crash the... |
CVE-2022-47942 | Unknown | Unknown | Unknown | heap-overflow in set_ntacl_dacl() when setting a malformed file attribute under the label... |
CVE-2022-47941 | Unknown | Unknown | Unknown | memory leak in smb2_handle_negotiate() under error conditions |
CVE-2022-47940 | Unknown | Unknown | Insufficient validation | smb2_write() and smb2_write_pipe do not avlidate the length when no padding is used |
CVE-2022-47939 | Unknown | Unknown | Unknown | use-after-free in smb2_tree_disconnect) when a danging pointer is accessed in compound requests |
CVE-2022-47938 | Unknown | Unknown | Unknown | out of bound read in smb2_tree_connnect |
CVE-2022-47929 | Unknown | Unknown | Unknown | null pointer dereference in net/sched/sch_api.c |
CVE-2022-47629 | Unknown | Unknown | Unknown | |
CVE-2022-47024 | Unknown | Unknown | Unknown | |
CVE-2022-45141 | Unknown | Unknown | Unknown | |
CVE-2022-43945 | Unknown | Unknown | Unknown | send buffer overflow in NFSv2 READDIR |
CVE-2022-4382 | Unknown | Unknown | Unknown | use-after-free in in gadgetfs driver when concurrently mounting and unmounting the gadgetfs... |
CVE-2022-4379 | Unknown | Unknown | Unknown | |
CVE-2022-4378 | Unknown | Unknown | Unknown | integer type confusion in get_proc_long |
CVE-2022-43750 | Unknown | No | Unknown | userspace can cause kernel memory corruption in drivers/usb/mon/mon_bin.c |
CVE-2022-42898 | Unknown | Unknown | Unknown | |
CVE-2022-42703 | Unknown | Unknown | Unknown | |
CVE-2022-42329 | Unknown | Unknown | Unknown | |
CVE-2022-42265 | Unknown | Unknown | Unknown | |
CVE-2022-42264 | Unknown | Unknown | Unknown | |
CVE-2022-42263 | Unknown | Unknown | Unknown | |
CVE-2022-42259 | Unknown | Unknown | Unknown | |
CVE-2022-42258 | Unknown | Unknown | Unknown | |
CVE-2022-42257 | Unknown | Unknown | Unknown | |
CVE-2022-42256 | Unknown | Unknown | Unknown | |
CVE-2022-42255 | Unknown | Unknown | Unknown | |
CVE-2022-42254 | Unknown | Unknown | Unknown | |
CVE-2022-42012 | Unknown | Unknown | Unknown | A message in non-native endianness with out-of-band Unix file descriptors would cause a... |
CVE-2022-42011 | Unknown | Unknown | Unknown | An invalid array of fixed-length elements where the length of the array is not a multiple... |
CVE-2022-42010 | Unknown | Unknown | Unknown | A syntactically invalid type signature with incorrectly nested parentheses and curly... |
CVE-2022-41850 | Unknown | Unknown | Unknown | |
CVE-2022-41849 | Unknown | No | Unknown | use-after-free in ufx_ops_open() due to race condition with ufx_usb_disconnect() when... |
CVE-2022-41767 | Unknown | Unknown | Unknown | |
CVE-2022-41765 | Unknown | Unknown | Unknown | |
CVE-2022-41556 | Unknown | Unknown | Unknown | |
CVE-2022-41323 | Unknown | Unknown | Unknown | |
CVE-2022-41318 | Unknown | Unknown | Unknown | |
CVE-2022-41317 | Unknown | Unknown | Unknown | |
CVE-2022-41218 | Unknown | Unknown | Unknown | use-after-free when dvb_demux_open() is called between the two syncs of dvbdev->users and... |
CVE-2022-40768 | Unknown | Unknown | Unknown | |
CVE-2022-40674 | Unknown | Unknown | Unknown | |
CVE-2022-40617 | Unknown | Unknown | Unknown | |
CVE-2022-40307 | Unknown | Unknown | Unknown | |
CVE-2022-39842 | Unknown | Unknown | Unknown | I pxa3xx_gcu_write defined in drivers/video/fbdev/pxa3xx-gcu.c, a count parameter of type... |
CVE-2022-3977 | Unknown | Unknown | Unknown | |
CVE-2022-3970 | Unknown | Unknown | Unknown | |
CVE-2022-3910 | Unknown | Unknown | Unknown | |
CVE-2022-38784 | Unknown | Unknown | Unknown | |
CVE-2022-38178 | Unknown | Unknown | Unknown | |
CVE-2022-38171 | Unknown | Unknown | Unknown | |
CVE-2022-38023 | Unknown | Unknown | Unknown | |
CVE-2022-37967 | Unknown | Unknown | Unknown | |
CVE-2022-37966 | Unknown | Unknown | Unknown | |
CVE-2022-37797 | Unknown | Unknown | Unknown | |
CVE-2022-37436 | Unknown | Unknown | Unknown | |
CVE-2022-36946 | Unknown | Yes | Denial of service | nfqnl_mangle in net/netfilter/nfnetlink_queue.c allows remote attackers to cause a denial... |
CVE-2022-36879 | Unknown | Unknown | Unknown | double xfrm_pols_put() in xfrm_bundle_lookup() |
CVE-2022-36760 | Unknown | Unknown | Unknown | |
CVE-2022-3649 | Unknown | Unknown | Unknown | use-after-free in nilfs_new_inode in fs/nilfs2/inode.c |
CVE-2022-3646 | Unknown | Unknown | Unknown | memory leak when nilfs_attach_log_writer() fails to create a log writer thread |
CVE-2022-3643 | Unknown | Unknown | Unknown | |
CVE-2022-3636 | Unknown | Unknown | Unknown | |
CVE-2022-36359 | Unknown | Unknown | Unknown | |
CVE-2022-3635 | Unknown | Unknown | Unknown | |
CVE-2022-36280 | Unknown | Unknown | Unknown | |
CVE-2022-3628 | Unknown | Unknown | Unknown | |
CVE-2022-3627 | Unknown | Unknown | Unknown | |
CVE-2022-3623 | Unknown | Unknown | Unknown | |
CVE-2022-3621 | Unknown | Unknown | Unknown | |
CVE-2022-3619 | Unknown | Unknown | Unknown | |
CVE-2022-3606 | Unknown | Unknown | Unknown | |
CVE-2022-3599 | Unknown | Unknown | Unknown | |
CVE-2022-3597 | Unknown | Unknown | Unknown | |
CVE-2022-3594 | Unknown | Unknown | Unknown | |
CVE-2022-3591 | Unknown | Unknown | Unknown | |
CVE-2022-3586 | Unknown | Unknown | Unknown | potential use-after-free in sch_sfb enqueue() |
CVE-2022-3570 | Unknown | Unknown | Unknown | |
CVE-2022-3567 | Unknown | Unknown | Unknown | |
CVE-2022-3566 | Unknown | Unknown | Unknown | |
CVE-2022-3565 | Unknown | Unknown | Unknown | |
CVE-2022-3564 | Unknown | Unknown | Unknown | |
CVE-2022-3545 | Unknown | Unknown | Unknown | use-after-free in nfp6000_area_init in drivers/net/ethernet/netronome/nfp/nfpcore/nfp6000_pcie.c |
CVE-2022-3543 | Unknown | Unknown | Unknown | memory leaks in net/unix/af_unix.c |
CVE-2022-35410 | Unknown | No | Directory traversal | mat2 before 0.13.0 allows ../ directory traversal during the ZIP archive cleaning process.... |
CVE-2022-3541 | Unknown | Unknown | Unknown | use after free in spl2sw_nvmem_get_mac_address |
CVE-2022-3534 | Unknown | Unknown | Unknown | |
CVE-2022-3524 | Unknown | Unknown | Denial of service | memory leak in ipv6_renew_options() when one thread is converting an IPv6 socket into IPv4... |
CVE-2022-3515 | Unknown | Unknown | Unknown | |
CVE-2022-3492 | Unknown | Unknown | Unknown | |
CVE-2022-34912 | Unknown | Unknown | Unknown | |
CVE-2022-34911 | Unknown | Unknown | Unknown | |
CVE-2022-34903 | Unknown | Unknown | Unknown | |
CVE-2022-34684 | Unknown | Unknown | Unknown | |
CVE-2022-34682 | Unknown | Unknown | Unknown | |
CVE-2022-34680 | Unknown | Unknown | Unknown | |
CVE-2022-34679 | Unknown | Unknown | Unknown | |
CVE-2022-34678 | Unknown | Unknown | Unknown | |
CVE-2022-34677 | Unknown | Unknown | Unknown | |
CVE-2022-34676 | Unknown | Unknown | Unknown | |
CVE-2022-34674 | Unknown | Unknown | Unknown | |
CVE-2022-34673 | Unknown | Unknown | Unknown | |
CVE-2022-34670 | Unknown | Unknown | Unknown | |
CVE-2022-34526 | Unknown | Unknown | Unknown | |
CVE-2022-34495 | Unknown | Unknown | Unknown | double-free in rpmsg_probe in drivers/rpmsg/virtio_rpmsg_bus.c |
CVE-2022-34494 | Unknown | Unknown | Unknown | |
CVE-2022-3437 | Unknown | Unknown | Unknown | |
CVE-2022-33981 | Unknown | Unknown | Unknown | |
CVE-2022-3324 | Unknown | Unknown | Unknown | |
CVE-2022-3303 | Unknown | Unknown | Unknown | |
CVE-2022-32893 | Unknown | Unknown | Unknown | |
CVE-2022-32891 | Unknown | Unknown | Unknown | |
CVE-2022-32886 | Unknown | Unknown | Unknown | |
CVE-2022-32745 | Medium | Yes | Unknown | Samba AD users can crash the server process with an LDAP add or modify request. |
CVE-2022-3256 | Unknown | Unknown | Unknown | |
CVE-2022-3239 | Unknown | Unknown | Unknown | |
CVE-2022-32296 | Unknown | Unknown | Unknown | tcp clients could be fingerprinted due to insufficient randomness when selecting the source port |
CVE-2022-32293 | Unknown | Unknown | Unknown | |
CVE-2022-32292 | Unknown | Unknown | Unknown | |
CVE-2022-32208 | Unknown | Unknown | Unknown | |
CVE-2022-32207 | Unknown | Unknown | Unknown | |
CVE-2022-32206 | Unknown | Unknown | Unknown | |
CVE-2022-31813 | Low | Unknown | Authentication bypass | Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin... |
CVE-2022-31748 | High | Yes | Arbitrary code execution | |
CVE-2022-31747 | High | Yes | Arbitrary code execution | |
CVE-2022-31745 | Medium | Unknown | Unknown | If array shift operations are not used, the Garbage Collector may have become confused... |
CVE-2022-31743 | Medium | Yes | Unknown | Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an... |
CVE-2022-31742 | Medium | Unknown | Information disclosure | An attacker could have exploited a timing attack by sending a large number of... |
CVE-2022-31740 | Unknown | Unknown | Unknown | |
CVE-2022-31739 | Unknown | Unknown | Unknown | |
CVE-2022-31626 | Unknown | Unknown | Unknown | |
CVE-2022-31625 | Unknown | Unknown | Unknown | |
CVE-2022-3140 | Unknown | Unknown | Unknown | links using that scheme could be constructed to call internal macros with arbitrary... |
CVE-2022-31091 | Unknown | Unknown | Unknown | |
CVE-2022-31090 | Unknown | Unknown | Unknown | |
CVE-2022-31043 | Unknown | Unknown | Unknown | |
CVE-2022-31042 | Unknown | Unknown | Unknown | |
CVE-2022-31030 | Unknown | No | Denial of service | programs inside a container can cause the containerd daemon to consume memory without bound... |
CVE-2022-3099 | Unknown | Unknown | Unknown | |
CVE-2022-3080 | Unknown | Unknown | Unknown | |
CVE-2022-30789 | Unknown | Unknown | Unknown | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array... |
CVE-2022-30788 | Unknown | Unknown | Unknown | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in... |
CVE-2022-30786 | Unknown | Unknown | Unknown | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in... |
CVE-2022-30784 | Unknown | Unknown | Unknown | A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G... |
CVE-2022-3061 | Unknown | Unknown | Unknown | |
CVE-2022-30594 | Medium | Unknown | Access restriction bypass | The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the... |
CVE-2022-30556 | Low | Unknown | Information disclosure | Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread()... |
CVE-2022-30550 | Unknown | Unknown | Unknown | |
CVE-2022-30522 | Low | Unknown | Denial of service | If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts... |
CVE-2022-3028 | Unknown | Unknown | Unknown | race-condition with xfrm_probe_algs() in net/key/af_key.c |
CVE-2022-29824 | Medium | Unknown | Arbitrary code execution | Integer overflow in xmlBuf (buf.c) and xmlBuffer (tree.c) can lead to out-of-bounds memory... |
CVE-2022-2978 | Unknown | Unknown | Unknown | In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails,... |
CVE-2022-2953 | Unknown | Unknown | Unknown | |
CVE-2022-29404 | Low | Unknown | Denial of service | In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls... |
CVE-2022-29248 | Unknown | Unknown | Unknown | |
CVE-2022-29217 | Unknown | Unknown | Unknown | |
CVE-2022-29187 | Unknown | Unknown | Unknown | |
CVE-2022-29156 | High | Unknown | Unknown | double free related to rtrs_clt_dev_release in drivers/infiniband/ulp/rtrs/rtrs-clt.c |
CVE-2022-28739 | High | Unknown | Information disclosure | out-of-bounds read in string-to-float conversion |
CVE-2022-28738 | Unknown | Unknown | Arbitrary code execution | double-free in Regexp compilation |
CVE-2022-28734 | High | Yes | Unknown | When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data... |
CVE-2022-2873 | Unknown | Unknown | Unknown | |
CVE-2022-2869 | Unknown | Unknown | Unknown | |
CVE-2022-2868 | Unknown | Unknown | Unknown | |
CVE-2022-2867 | Unknown | Unknown | Unknown | |
CVE-2022-28615 | Low | Unknown | Information disclosure | Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read... |
CVE-2022-28614 | Low | Unknown | Unknown | The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended... |
CVE-2022-28388 | High | Unknown | Unknown | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1... |
CVE-2022-28330 | Unknown | Unknown | Unknown | |
CVE-2022-28288 | Medium | Unknown | Arbitrary code execution | Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla... |
CVE-2022-28287 | Low | Unknown | Unknown | In unusual circumstances, selecting text could cause text selection caching to behave... |
CVE-2022-28285 | Medium | Unknown | Unknown | When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was... |
CVE-2022-28284 | Medium | Unknown | Unknown | SVG's <use> element could have been used to load unexpected content that could have... |
CVE-2022-28283 | Medium | Unknown | Unknown | The sourceMapURL feature in devtools was missing security checks that would have allowed a... |
CVE-2022-28282 | Medium | Unknown | Unknown | By using a link with rel="localization" a use-after-free could have been triggered by... |
CVE-2022-28209 | Critical | Unknown | Unknown | An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof... |
CVE-2022-28206 | Critical | Unknown | Unknown | An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the... |
CVE-2022-28205 | Critical | Unknown | Unknown | An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a... |
CVE-2022-28203 | Unknown | Unknown | Unknown | |
CVE-2022-28201 | Unknown | Unknown | Unknown | |
CVE-2022-28192 | Unknown | Unknown | Unknown | |
CVE-2022-28191 | Unknown | Unknown | Unknown | |
CVE-2022-28185 | Unknown | Unknown | Unknown | |
CVE-2022-28184 | Unknown | Unknown | Unknown | |
CVE-2022-28183 | Unknown | Unknown | Unknown | |
CVE-2022-28181 | Unknown | Unknown | Unknown | |
CVE-2022-28144 | Medium | Yes | Unknown | Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several... |
CVE-2022-28142 | High | Yes | Unknown | Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally... |
CVE-2022-28139 | Medium | Yes | Unknown | A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows... |
CVE-2022-28137 | Medium | Yes | Unknown | A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and... |
CVE-2022-28134 | Medium | Yes | Unknown | Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission... |
CVE-2022-2795 | Unknown | Unknown | Unknown | |
CVE-2022-27942 | Unknown | Unknown | Unknown | tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c |
CVE-2022-27941 | Unknown | Unknown | Unknown | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in... |
CVE-2022-27940 | Unknown | Unknown | Unknown | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c |
CVE-2022-27939 | Unknown | Unknown | Unknown | tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c |
CVE-2022-27820 | Medium | Unknown | Unknown | ZAP proxy does not verify the certificate chain of the HTTPS servers it connects to |
CVE-2022-27782 | Medium | Unknown | Unknown | libcurl would reuse a previously created connection even when a TLS or SSH related option... |
CVE-2022-27781 | Low | Unknown | Unknown | libcurl provides the `CURLOPT_CERTINFO` option to allow applications to request details to... |
CVE-2022-27780 | Medium | Unknown | Unknown | The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding... |
CVE-2022-27779 | Medium | Unknown | Unknown | libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name... |
CVE-2022-27778 | Medium | Unknown | Unknown | If curl adds a number to not "clobber" the output and an error occurs during transfer, the... |
CVE-2022-27666 | High | Unknown | Unknown | A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c... |
CVE-2022-27337 | Unknown | Unknown | Unknown | |
CVE-2022-27223 | High | Unknown | Unknown | In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint... |
CVE-2022-26966 | Medium | Unknown | Unknown | An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows... |
CVE-2022-26878 | Medium | Unknown | Unknown | drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket... |
CVE-2022-26710 | Unknown | Unknown | Unknown | |
CVE-2022-2663 | Unknown | Unknown | Unknown | |
CVE-2022-26490 | High | Unknown | Unknown | st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel... |
CVE-2022-26387 | High | Unknown | Unknown | When installing an add-on, Thunderbird verified the signature before prompting the user;... |
CVE-2022-26386 | Low | No | Unknown | Previously Thunderbird for macOS and Linux would download temporary files to a... |
CVE-2022-26384 | High | Yes | Unknown | If an attacker could control the contents of an iframe sandboxed with allow-popups but not... |
CVE-2022-26383 | High | Yes | Unknown | When resizing a popup after requesting fullscreen access, the popup would not display the... |
CVE-2022-26377 | Medium | Yes | Unknown | Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in... |
CVE-2022-26307 | Unknown | Unknown | Unknown | |
CVE-2022-26306 | Unknown | Unknown | Unknown | |
CVE-2022-26305 | Unknown | Unknown | Unknown | |
CVE-2022-2581 | Unknown | Unknown | Unknown | |
CVE-2022-2539 | Medium | Yes | Unknown | Unauthorized users can filter issues by contact and organization |
CVE-2022-25375 | Medium | Unknown | Information disclosure | RNDIS USB gadget in drivers/usb/gadget/function/rndis.c lacks validation of the size of the... |
CVE-2022-2534 | Low | Yes | Unknown | GitLab was returning contributor emails due to improper data handling in the Datadog integration |
CVE-2022-25310 | Unknown | No | Unknown | A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the... |
CVE-2022-25309 | Unknown | No | Unknown | A heap-based buffer overflow flaw was found in the Fribidi package and affects the... |
CVE-2022-2521 | Unknown | Unknown | Unknown | |
CVE-2022-2520 | Unknown | Unknown | Unknown | |
CVE-2022-2519 | Unknown | Unknown | Unknown | |
CVE-2022-2512 | Medium | Yes | Unknown | Membership changes are not reflected in TODO for confidential notes, allowing a former... |
CVE-2022-2503 | Unknown | Unknown | Unknown | |
CVE-2022-2500 | Medium | Yes | Unknown | stored XSS in job error messages allows attackers to perform arbitrary actions on behalf of... |
CVE-2022-2497 | Medium | Yes | Unknown | A malicious maintainer could exfiltrate an integration's access token by modifying the... |
CVE-2022-24959 | Medium | Unknown | Unknown | An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in... |
CVE-2022-24958 | High | Unknown | Unknown | drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. |
CVE-2022-24883 | Unknown | Yes | Authentication bypass | freerpd servers using authentication against a SAM file with an invalid path configured... |
CVE-2022-24790 | Unknown | Yes | Unknown | Puma behind a proxy that does not properly validate that the incoming HTTP request matches... |
CVE-2022-24761 | High | Yes | Unknown | waitress behind a proxy that does not properly validate the incoming HTTP request matches... |
CVE-2022-24713 | Low | Unknown | Unknown | The rust regex crate did not properly prevent crafted regular expressions from taking an... |
CVE-2022-2456 | Medium | Yes | Unknown | It may be possible for malicious group or project maintainers to change their corresponding... |
CVE-2022-24303 | Unknown | Unknown | Unknown | Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames... |
CVE-2022-2417 | Medium | Yes | Unknown | gitlab allows an authenticated and authorised user to import a project that includes branch... |
CVE-2022-24070 | High | Yes | Unknown | While looking up path-based authorization rules, mod_dav_svn servers may attempt to use... |
CVE-2022-23901 | Unknown | Unknown | Unknown | A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. |
CVE-2022-23833 | Unknown | Unknown | Unknown | |
CVE-2022-23648 | Unknown | Unknown | Information disclosure | containers launched through containerd’s CRI implementation with a specially-crafted image... |
CVE-2022-23634 | High | Yes | Unknown | puma may not always call close on the response body. Rails, prior to version 7.0.2.2,... |
CVE-2022-2345 | Unknown | Unknown | Unknown | |
CVE-2022-23308 | High | Unknown | Arbitrary code execution | Use-after-free of ID and IDREF attributes in valid.c |
CVE-2022-2326 | Medium | Yes | Unknown | It may be possible to gain access to a private project through an email invite by using... |
CVE-2022-2318 | Unknown | Unknown | Unknown | |
CVE-2022-23098 | Unknown | Unknown | Unknown | |
CVE-2022-23097 | Unknown | Unknown | Unknown | |
CVE-2022-23096 | Unknown | Unknown | Unknown | |
CVE-2022-2307 | Low | Yes | Unknown | gitlab allows a malicious Group Owner to retain a usable Group Access Token even after the... |
CVE-2022-2303 | Medium | Yes | Unknown | It may be possible for group members to bypass 2FA enforcement enabled at the group level... |
CVE-2022-22818 | Unknown | Unknown | Unknown | |
CVE-2022-22817 | Unknown | Unknown | Unknown | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such... |
CVE-2022-22816 | Unknown | Unknown | Unknown | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization... |
CVE-2022-22815 | Unknown | Unknown | Unknown | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path |
CVE-2022-22677 | Unknown | Unknown | Unknown | |
CVE-2022-22662 | Unknown | Unknown | Unknown | |
CVE-2022-22637 | High | Yes | Unknown | A logic issue was addressed with improved state management. A malicious website may cause... |
CVE-2022-2153 | Unknown | No | Denial of service | NULL pointer dereference in kvm_irq_delivery_to_apic_fast() could cause the the host to crash |
CVE-2022-21499 | Unknown | Unknown | Unknown | KGDB and KDB allow read and write access to kernel memory but were not restricted during lockdown |
CVE-2022-21496 | Medium | Yes | Unknown | |
CVE-2022-21476 | High | Yes | Unknown | |
CVE-2022-21443 | Low | Yes | Unknown | |
CVE-2022-21434 | Medium | Yes | Unknown | |
CVE-2022-21426 | Medium | Yes | Unknown | |
CVE-2022-2095 | Medium | Yes | Unknown | gitlab allows a malicious authenticated user to view a public project's Deploy Key's public... |
CVE-2022-20803 | Unknown | Yes | Arbitrary code execution | possible double-free vulnerability in the OLE2 file parser |
CVE-2022-20796 | Medium | Unknown | Unknown | possible NULL-pointer dereference crash in the scan verdict cache check |
CVE-2022-20792 | Unknown | Yes | Arbitrary code execution | possible multi-byte heap buffer overflow write vulnerability in the signature database load module |
CVE-2022-2058 | Unknown | Unknown | Unknown | |
CVE-2022-2057 | Unknown | Unknown | Unknown | |
CVE-2022-2056 | Unknown | Unknown | Unknown | |
CVE-2022-1975 | Medium | Unknown | Unknown | a sleep called in an atomic context could cause kernel panic during nfc firmware download |
CVE-2022-1919 | Low | Unknown | Unknown | An attacker could have caused an uninitialized variable on the stack to be mistakenly... |
CVE-2022-1876 | Low | Unknown | Unknown | Heap buffer overflow in DevTools |
CVE-2022-1875 | Low | Unknown | Unknown | Inappropriate implementation in PDF |
CVE-2022-1874 | Low | Unknown | Unknown | Insufficient policy enforcement in Safe Browsing |
CVE-2022-1873 | Low | Unknown | Unknown | Insufficient policy enforcement in COOP |
CVE-2022-1872 | Low | Unknown | Unknown | Insufficient policy enforcement in Extensions API |
CVE-2022-1871 | Low | Unknown | Unknown | Insufficient policy enforcement in File System API |
CVE-2022-1870 | Medium | Unknown | Unknown | Use after free in App Service |
CVE-2022-1869 | Medium | Unknown | Unknown | Type Confusion in V8 |
CVE-2022-1868 | Medium | Unknown | Unknown | Inappropriate implementation in Extensions API |
CVE-2022-1867 | Medium | Unknown | Unknown | Insufficient validation of untrusted input in Data Transfer |
CVE-2022-1866 | Medium | Unknown | Unknown | Use after free in Tablet Mode |
CVE-2022-1865 | Medium | Unknown | Unknown | Use after free in Bookmarks |
CVE-2022-1864 | Medium | Unknown | Unknown | Use after free in WebApp Installs |
CVE-2022-1863 | Medium | Unknown | Unknown | Use after free in Tab Groups |
CVE-2022-1862 | Medium | Unknown | Unknown | Inappropriate implementation in Extensions |
CVE-2022-1789 | Unknown | Unknown | Unknown | |
CVE-2022-1736 | Unknown | Unknown | Unknown | |
CVE-2022-1734 | High | No | Unknown | possible use-after-free due to race condition when simulating NFC device from user space |
CVE-2022-1652 | Unknown | Unknown | Unknown | A concurrency use-after-free was found in the Linux kernel. |
CVE-2022-1641 | Medium | Unknown | Unknown | Use after free in Web UI Diagnostics. |
CVE-2022-1640 | High | Unknown | Unknown | Use after free in Sharing. |
CVE-2022-1639 | High | Unknown | Unknown | Use after free in ANGLE. |
CVE-2022-1638 | High | Unknown | Unknown | Heap buffer overflow in V8 Internationalization. |
CVE-2022-1637 | High | Unknown | Unknown | Inappropriate implementation in Web Contents. |
CVE-2022-1636 | High | Unknown | Unknown | Use after free in Performance APIs. |
CVE-2022-1635 | High | Unknown | Unknown | Use after free in Permission Prompts. |
CVE-2022-1634 | High | Unknown | Unknown | Use after free in Browser UI. |
CVE-2022-1633 | High | Unknown | Unknown | Use after free in Sharesheet. |
CVE-2022-1623 | Unknown | Unknown | Unknown | |
CVE-2022-1622 | Unknown | Unknown | Unknown | |
CVE-2022-1537 | Unknown | Unknown | Unknown | file.copy operations in GruntJS are vulnerable to a TOC-TOU race condition leading to... |
CVE-2022-1516 | Unknown | Unknown | Unknown | A NULL pointer dereference flaw in the implementation of the X.25 set of standardized... |
CVE-2022-1510 | Medium | Unknown | Denial of service | GitLab all versions starting from 13.9 before 14.8.6, all versions starting from 14.9... |
CVE-2022-1462 | Medium | No | Unknown | a local user can use a race condition in `drivers/tty/tty_buffers.c` to cause a memory leak... |
CVE-2022-1460 | Medium | Unknown | Access restriction bypass | GitLab all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before... |
CVE-2022-1433 | Low | Unknown | Unknown | Missing invalidation of Markdown caching causes potential payloads from a previously... |
CVE-2022-1431 | Medium | Unknown | Denial of service | GitLab all versions starting from 12.10 before 14.8.6, all versions starting from 14.9... |
CVE-2022-1428 | Medium | Unknown | Denial of service | GitLab all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all... |
CVE-2022-1426 | Low | Unknown | Authentication bypass | GitLab from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions... |
CVE-2022-1423 | High | Unknown | Arbitrary code execution | Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions... |
CVE-2022-1417 | Medium | Unknown | Authentication bypass | Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before... |
CVE-2022-1416 | Medium | Unknown | Unknown | Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all... |
CVE-2022-1413 | Medium | Unknown | Information disclosure | Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before... |
CVE-2022-1406 | Medium | Unknown | Insufficient validation | Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6,... |
CVE-2022-1353 | Unknown | Unknown | Unknown | A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux... |
CVE-2022-1352 | Medium | Unknown | Information disclosure | Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all... |
CVE-2022-1328 | Unknown | Unknown | Unknown | Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before... |
CVE-2022-1292 | Medium | Unknown | Unknown | The c_rehash script does not properly sanitise shell metacharacters to prevent command... |
CVE-2022-1205 | Unknown | Unknown | Unknown | There are NPD and use-after-free vulnerabilities in net/ax25/ax25_timer.c of linux that... |
CVE-2022-1204 | Unknown | Unknown | Unknown | There are use-after-free vulnerabilities in net/ax25/af_ax25.c of linux that allow attacker... |
CVE-2022-1199 | Unknown | Unknown | Unknown | There are null-ptr-deref vulnerability and use-after-free vulnerabilities in... |
CVE-2022-1198 | Unknown | Unknown | Unknown | There are use-after-free vulnerabilities in drivers/net/hamradio/6pack.c of linux that... |
CVE-2022-1197 | Medium | Unknown | Unknown | When importing a revoked key that specified key compromise as the revocation reason,... |
CVE-2022-1196 | Medium | Unknown | Unknown | After a VR Process is destroyed, a reference to it may have been retained and used, leading... |
CVE-2022-1195 | Unknown | Unknown | Unknown | A use-after-free vulnerability was found in drivers/net/hamradio in the Linux kernel. In... |
CVE-2022-1172 | Medium | Unknown | Unknown | Null Pointer Dereference Caused Segmentation Fault in gpac prior to 2.1.0-DEV |
CVE-2022-1158 | Unknown | Unknown | Unknown | Linux Kernel v5.2+: x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region |
CVE-2022-1124 | Medium | Unknown | Information disclosure | An improper authorization issue has been discovered in GitLab CE/EE affecting all versions... |
CVE-2022-1106 | Unknown | Unknown | Unknown | use after free in mrb_vm_exec in mruby prior to 3.2 |
CVE-2022-1096 | High | Yes | Unknown | It is a type confusion weakness in the Chrome V8 JavaScript engine. Google is aware that an... |
CVE-2022-1048 | Unknown | Unknown | Unknown | race condition in snd_pcm_hw_free leading to use-after-free |
CVE-2022-1016 | Unknown | Unknown | Unknown | CVE-2022-1016 pertains to uninitialized stack data in the nft_do_chain routine.... |
CVE-2022-1015 | Unknown | Unknown | Unknown | CVE-2022-1015 pertains to an out of bounds access in nf_tables expression evaluation due to... |
CVE-2022-1012 | Unknown | Unknown | Unknown | |
CVE-2022-0854 | Medium | Unknown | Unknown | A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls... |
CVE-2022-0843 | Medium | Unknown | Arbitrary code execution | Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory... |
CVE-2022-0812 | Unknown | Unknown | Unknown | |
CVE-2022-0617 | Medium | Unknown | Unknown | A NULL pointer dereference was found in the Linux kernel’s UDF file system functionality in... |
CVE-2022-0546 | Unknown | Unknown | Unknown | |
CVE-2022-0545 | Unknown | Unknown | Unknown | |
CVE-2022-0544 | Unknown | Unknown | Unknown | |
CVE-2022-0500 | Unknown | Unknown | Unknown | |
CVE-2022-0494 | Medium | Unknown | Unknown | A kernel information leak flaw was identified in the scsi_ioctl function in... |
CVE-2022-0436 | Unknown | Unknown | Unknown | file.copy operations in GruntJS are not protected against symlink traversal for both source... |
CVE-2022-0419 | Medium | Unknown | Unknown | NULL pointer dereference in load_buffer |
CVE-2022-0417 | Unknown | Unknown | Unknown | |
CVE-2022-0392 | Unknown | Unknown | Unknown | |
CVE-2022-0358 | High | No | Unknown | In the QEMU virtio-fs shared file system daemon (virtiofsd) a local guest user can create... |
CVE-2022-0168 | Unknown | Unknown | Unknown | A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info... |
CVE-2021-46829 | Unknown | Unknown | Arbitrary code execution | heap buffer overflow when composing or clearing frames in GIF files |
CVE-2021-44975 | Unknown | Unknown | Unknown | Buffer Overflow via /libr/core/anal_objc.c mach-o parser |
CVE-2021-44974 | Unknown | Unknown | Unknown | NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser |
CVE-2021-44879 | Medium | Unknown | Unknown | In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not... |
CVE-2021-44856 | Unknown | Unknown | Unknown | |
CVE-2021-44855 | Unknown | Unknown | Unknown | |
CVE-2021-44854 | Unknown | Unknown | Unknown | |
CVE-2021-4207 | High | Unknown | Unknown | In the QXL display device emulation in QEMU. A double fetch of guest controlled values... |
CVE-2021-4197 | High | Unknown | Unknown | An unprivileged write to the file handler flaw in the Linux kernel's control groups and... |
CVE-2021-4192 | High | Unknown | Unknown | use-after-free in win_linetabsize() |
CVE-2021-4156 | High | Unknown | Unknown | An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker... |
CVE-2021-41136 | Low | Yes | Unknown | Using puma with a proxy which forwards LF characters as line endings could allow HTTP... |
CVE-2021-33655 | Unknown | Unknown | Unknown | |
CVE-2021-28544 | Medium | Unknown | Information disclosure | Subversion servers reveal 'copyfrom' paths that should be hidden according to configured... |
CVE-2006-20001 | Unknown | Unknown | Unknown |
Orphan issues
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2020-23904 | Medium | Yes | Arbitrary code execution | A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of... |
CVE-2021-4206 | High | No | Arbitrary code execution | An integer overflow in the cursor_alloc() function of the QXL display device emulation can... |
CVE-2021-4207 | High | Unknown | Unknown | In the QXL display device emulation in QEMU. A double fetch of guest controlled values... |
CVE-2021-45046 | Medium | Yes | Denial of service | It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete... |
CVE-2022-0358 | High | No | Unknown | In the QEMU virtio-fs shared file system daemon (virtiofsd) a local guest user can create... |
CVE-2022-0494 | Medium | Unknown | Unknown | A kernel information leak flaw was identified in the scsi_ioctl function in... |
CVE-2022-0617 | Medium | Unknown | Unknown | A NULL pointer dereference was found in the Linux kernel’s UDF file system functionality in... |
CVE-2022-0854 | Medium | Unknown | Unknown | A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls... |
CVE-2022-0987 | Low | No | Information disclosure | A vulnerability was found in PackageKit in the way some of the methods exposed by the... |
CVE-2022-1011 | High | No | Privilege escalation | A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user... |
CVE-2022-1106 | Unknown | Unknown | Unknown | use after free in mrb_vm_exec in mruby prior to 3.2 |
CVE-2022-1172 | Medium | Unknown | Unknown | Null Pointer Dereference Caused Segmentation Fault in gpac prior to 2.1.0-DEV |
CVE-2022-1215 | High | No | Privilege escalation | Format string vulnerability in evdev device handling |
CVE-2022-1328 | Unknown | Unknown | Unknown | Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before... |
CVE-2022-1348 | Medium | No | Denial of service | The state file is used to prevent parallel executions of multiple instances of logrotate by... |
CVE-2022-1462 | Medium | No | Unknown | a local user can use a race condition in `drivers/tty/tty_buffers.c` to cause a memory leak... |
CVE-2022-1652 | Unknown | Unknown | Unknown | A concurrency use-after-free was found in the Linux kernel. |
CVE-2022-1852 | Medium | No | Denial of service | executing an illegal instruction in a kvm guest on an intel cpu causes a null pointer dereference |
CVE-2022-22815 | Unknown | Unknown | Unknown | path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path |
CVE-2022-22816 | Unknown | Unknown | Unknown | path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization... |
CVE-2022-22817 | Unknown | Unknown | Unknown | PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such... |
CVE-2022-23901 | Unknown | Unknown | Unknown | A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc. |
CVE-2022-24303 | Unknown | Unknown | Unknown | Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames... |
CVE-2022-24448 | Low | No | Information disclosure | A flaw was found in the Linux kernel. When an application tries to open a directory (using... |
CVE-2022-24903 | High | Yes | Arbitrary code execution | A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft... |
CVE-2022-24958 | High | Unknown | Unknown | drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release. |
CVE-2022-24959 | Medium | Unknown | Unknown | An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in... |
CVE-2022-25258 | Medium | No | Denial of service | NULL pointer dereference in the kernel's USB gadget subsystem allows a local user to crash... |
CVE-2022-25308 | Medium | No | Denial of service | A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an... |
CVE-2022-25309 | Unknown | No | Unknown | A heap-based buffer overflow flaw was found in the Fribidi package and affects the... |
CVE-2022-25310 | Unknown | No | Unknown | A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the... |
CVE-2022-25375 | Medium | Unknown | Information disclosure | RNDIS USB gadget in drivers/usb/gadget/function/rndis.c lacks validation of the size of the... |
CVE-2022-26353 | High | No | Arbitrary code execution | the fix for CVE-2021-3748 forgot to unmap the cached virtqueue elements on error, leading... |
CVE-2022-26354 | Low | No | Denial of service | In case of error in the vhost-vsock device, an invalid element was not detached from the... |
CVE-2022-26691 | High | No | Authentication bypass | CUPS requires users to demonstrate root/admin level access to perform various printer... |
CVE-2022-26878 | Medium | Unknown | Unknown | drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket... |
CVE-2022-26966 | Medium | Unknown | Unknown | An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows... |
CVE-2022-27223 | High | Unknown | Unknown | In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint... |
CVE-2022-27820 | Medium | Unknown | Unknown | ZAP proxy does not verify the certificate chain of the HTTPS servers it connects to |
CVE-2022-27939 | Unknown | Unknown | Unknown | tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c |
CVE-2022-27940 | Unknown | Unknown | Unknown | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c |
CVE-2022-27941 | Unknown | Unknown | Unknown | tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in... |
CVE-2022-27942 | Unknown | Unknown | Unknown | tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c |
CVE-2022-28330 | Unknown | Unknown | Unknown | |
CVE-2022-29156 | High | Unknown | Unknown | double free related to rtrs_clt_dev_release in drivers/infiniband/ulp/rtrs/rtrs-clt.c |
CVE-2022-29581 | High | No | Privilege escalation | Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local... |
CVE-2022-30594 | Medium | Unknown | Access restriction bypass | The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the... |
CVE-2022-31739 | Unknown | Unknown | Unknown | |
CVE-2022-31740 | Unknown | Unknown | Unknown |