Todo Lists

Scheduled advisories

Advisory Group Package Severity Type
ASA-202207-4 AVG-2791 webkit2gtk-4.1 Critical multiple issues
ASA-202207-3 AVG-2790 webkit2gtk Critical multiple issues
ASA-202207-2 AVG-2789 wpewebkit Critical multiple issues
ASA-202207-1 AVG-2792 webkit2gtk-5.0 Critical multiple issues
ASA-202205-4 AVG-2709 firefox High multiple issues
ASA-202205-3 AVG-2710 thunderbird High multiple issues
ASA-202205-2 AVG-2679 git Medium arbitrary command execution
ASA-202205-1 AVG-2718 python-httpx Critical access restriction bypass
ASA-202204-14 AVG-2677 mediawiki Medium cross-site scripting
ASA-202204-13 AVG-2662 gvim High arbitrary code execution
ASA-202204-12 AVG-2662 vim High arbitrary code execution
ASA-202204-11 AVG-2655 powerdns Low denial of service
ASA-202204-10 AVG-2656 powerdns-recursor Low denial of service

Pending advisories

Group Package Severity Affected Fixed Ticket
AVG-2732 nvidia Unknown 510.73.04-1 510.73.05-1
AVG-2733 nvidia-dkms Unknown 510.73.04-1 510.73.05-1
AVG-2734 nvidia-lts Unknown 510.73.04-1 510.73.05-1
AVG-2735 nvidia-open, nvidia-open-dkms Unknown 510.73.04-1 510.73.05-1
AVG-2740 linux Unknown 5.17.9.arch1-1 5.17.10.arch1-1
AVG-2741 linux-zen Unknown 5.17.9.zen1-1 5.17.10.zen1-1
AVG-2742 linux-hardened Unknown 5.17.9.hardened1-1 5.17.10.hardened1-1
AVG-2743 linux-lts Unknown 5.15.41-1 5.15.42-1
AVG-2749 ntfs-3g Unknown 2021.8.22-1 2022.5.17-1
AVG-2755 containerd Unknown 1.6.5-1 1.6.6-1
AVG-2767 php7 Unknown 7.4.29-1 7.4.30-1
AVG-2768 php Unknown 8.1.6-2 8.1.7-1
AVG-2626 zaproxy Critical 2.11.1-1 2.11.1-2 FS#72975
AVG-2724 openldap Critical 2.6.1-1 2.6.2-1
AVG-2728 firefox Critical 100.0.1-1 100.0.2-1
AVG-2729 thunderbird Critical 91.9.0-1 91.9.1-1
AVG-2739 chromium Critical 101.0.4951.54-1 102.0.5005.61-1
AVG-2756 freerdp Critical 2:2.6.1-3 2:2.7.0-1
AVG-2649 webkit2gtk High 2.34.5-1 2.34.6-1
AVG-2650 webkit2gtk-4.1 High 2.34.5-1 2.34.6-1
AVG-2651 webkit2gtk-5.0 High 2.34.5-1 2.34.6-1
AVG-2659 lib32-libtiff High 4.3.0-1 4.3.0-2 FS#74229
AVG-2669 linux-hardened High 5.15.14.hardened1-1 5.15.15.hardened1-1
AVG-2672 linux-zen High 5.17.0-1 5.17.1-1
AVG-2673 linux High 5.17.0-1 5.17.1-1
AVG-2684 epiphany High 42.1-1 42.2-1
AVG-2686 jre-openjdk, jre-openjdk-headless, jdk-openjdk High 18-1 18.0.1u10-1
AVG-2687 jdk17-openjdk, jre17-openjdk, jre17-openjdk-headless High 17.0.2-1 17.0.3.u7-2
AVG-2688 jdk11-openjdk, jre11-openjdk, jre11-openjdk-headless High 11.0.14.1-1 11.0.15.u2-1
AVG-2689 jdk8-openjdk, jre8-openjdk, jre8-openjdk-headless High 8.322-1 8.323-1
AVG-2691 linux High 5.17.2.arch3-1 5.17.3.arch1-1
AVG-2692 linux-hardened High 5.17.3.hardened1-1 5.17.5.hardened1-1
AVG-2693 linux-zen High 5.17.2.zen3-1 5.17.3.zen1-1
AVG-2694 linux-lts High 5.15.33-1 5.15.34-1
AVG-2696 gitlab High 14.10-1 14.10.2-1
AVG-2698 linux High 5.17.2.arch3-1 5.17.3.arch1-1
AVG-2699 linux-zen High 5.17.2.zen3-1 5.17.3.zen1-1
AVG-2700 linux-hardened High 5.16.20.hardened1-1 5.17.5.hardened1-1
AVG-2703 webkit2gtk High 2.34.6-1 2.34.7-1
AVG-2719 postgresql High 14.2-1 14.3-1
AVG-2720 chromium High 101.0.4951.54-1 101.0.4951.64-1
AVG-2722 clamav High 0.104.2-1 0.105.0-1
AVG-2744 linux High 5.17.9-1 5.17.10-1
AVG-2745 linux-lts High 5.15.41-1 5.15.42-1
AVG-2746 linux-zen High 5.17.9.zen1-1 5.17.10.zen1-1
AVG-2747 linux-hardened High 5.17.9.hardened1-1 5.17.10.hardened1-1
AVG-2751 linux High 5.18.1-1 5.18.2-1
AVG-2752 linux-hardened High 5.17.12.hardened2-2 5.17.13.hardened1-1
AVG-2753 linux-zen High 5.18.1.zen1-1 5.18.2.zen1-1
AVG-2758 webkit2gtk High 2.36.2-1 2.36.3-1
AVG-2759 wpewebkit High 2.36.2-1 2.36.3-1
AVG-2760 firefox High 100.0.2-1 101.0-1
AVG-2761 thunderbird High 91.9.1-1 91.10-1
AVG-2770 xorg-server High 21.1.3-7 21.1.4-1
AVG-2782 samba High 4.16.3-1 4.16.4-1
AVG-2685 curl Medium 7.82.0-3 7.83.0-1
AVG-2697 dpdk Medium 21.11-1 22.03-1
AVG-2706 curl Medium 7.83.0-1 7.83.1-1
AVG-2716 dnsmasq Medium 2.86-1 2.87-1
AVG-2763 apache Medium 2.4.53-1 2.4.54-1
AVG-2785 gitlab Medium 15.2.0-1 15.2.1-1
AVG-2795 intel-ucode Medium 20220510-1 20220809-1
AVG-2797 python-jwcrypto Medium 1.3.1-1 1.4.0-1

Bumped packages

Group Package Severity Affected Current Ticket
AVG-2762 grub High 2:2.06-5 2:2.06.r322.gd9b4638c5-4 [core]
AVG-2701 linux-lts High 5.15.14-1 5.15.71-1 [core]
AVG-2317 lib32-openssl-1.0 High 1.0.2.u-1 1.0.2.u-2 [multilib]
AVG-2275 nim High 1.4.8-1 1.6.6-1 [community]
AVG-2272 exim High 4.95-2 4.96-1 [community]
AVG-2190 jre8-openjdk-headless, jdk8-openjdk High 8.u292-1 8.345.u01-1 [extra]
AVG-2765 openssl Medium 1.1.1.o-1 1.1.1.q-1 [core]
AVG-2721 libtiff Medium 4.3.0-2 4.4.0-4 [extra]
FS#74772
AVG-2683 linux-lts Medium 5.15.34-1 5.15.71-1 [core]
AVG-2663 python-twisted Medium 21.7.0-4 22.8.0-1 [extra]
FS#74362
AVG-2645 clementine Medium 1.4.0rc1+759+gd033b38c4-1 1.4.0rc2-2 [community]
AVG-2631 cpanminus Medium 1.7044-5 1.7046-1 [community]
AVG-2630 perl Medium 5.34.0-3 5.36.0-1 [core]
AVG-2616 privoxy Medium 3.0.32-1 3.0.33-1 [community]
AVG-2584 gerbv Medium 2.8.1-1 2.8.1-2 [community]
AVG-2544 speex Medium 1.2.0-3 1.2.1-1 [extra]
AVG-2520 libheif Medium 1.12.0-2 1.13.0-2 [extra]
AVG-2493 gitlab-gitaly Medium 14.3.0-3 15.4.0-1 [community]
AVG-2406 redis Medium 6.2.6-1 7.0.5-1 [community]
AVG-2396 libde265 Medium 1.0.8-1 1.0.8-2 [extra]
AVG-2394 kube-apiserver Medium 1.23.0-1 1.25.2-1 [community]
AVG-2367 openvpn Medium 2.5.5-1 2.5.7-1 [extra]
AVG-2345 linux Medium 5.15.8.arch1-1 5.19.12.arch1-1 [core]
AVG-2333 rsync Medium 3.2.3-4 3.2.6-2 [extra]
AVG-2264 perl Medium 5.34.0-3 5.36.0-1 [core]
AVG-2186 lib32-libsndfile Medium 1.0.31-1 1.1.0-2 [multilib]
AVG-2142 prusa-slicer Medium 2.3.3-3 2.4.2-8 [community]
AVG-2117 keystone Medium 0.9.2-2 0.9.2-3 [community]
AVG-2114 tensorflow Medium 2.7.0-4 2.10.0-1 [community]
AVG-2111 dcraw Medium 9.28.0-2 9.28.0-3 [community]
AVG-2102 nginx Medium 1.20.2-1 1.22.0-2 [extra]
AVG-2100 sox Medium 14.4.2-7 14.4.2+r182+g42b3557e-1 [community]
AVG-2067 opendmarc Medium 1.4.1.1-2 1.4.2-2 [community]
FS#72812
AVG-2014 lib32-libgcrypt15 Medium 1.5.6-5 1.5.6-7 [multilib]
AVG-2013 libgcrypt15 Medium 1.5.6-4 1.5.6-6 [community]
AVG-1957 python-flask-caching Medium 1.10.1-3 2.0.1-2 [community]
AVG-1941 ansible-core Medium 2.12.1-1 2.13.4-1 [community]
AVG-1881 linux-hardened Medium 5.15.7.hardened1-1 5.19.12.hardened1-1 [extra]
AVG-1880 linux-zen Medium 5.15.8.zen1-1 5.19.12.zen1-1 [extra]
AVG-1879 linux Medium 5.15.8.arch1-1 5.19.12.arch1-1 [core]
AVG-1823 gpac Medium 1:1.0.1-1 1:2.0.0-1 [community]
AVG-1782 gnuchess Medium 6.2.9-1 6.2.9-2 [community]
AVG-1760 perl-data-validate-ip Medium 0.27-5 0.27-6 [community]
AVG-1676 upx Medium 3.96-2 3.96-3 [community]
AVG-1542 sthttpd Medium 2.27.1-3 2.27.1-4 [community]
AVG-1516 evolution Medium 3.42.2-1 3.44.4-2 [extra]
AVG-1511 golang-golang-x-crypto Medium 0.0.20200303-2 0.0.20220830-1 [community]
FS#70058
AVG-1486 bitcoin-daemon Medium 22.0-1 23.0-1 [community]
AVG-1427 podofo Medium 0.9.7-1 0.9.8-1 [community]
AVG-1420 xdg-utils Medium 1.1.3+19+g9816ebb-1 1.1.3+21+g1a58bc2-2 [extra]
AVG-1390 openjpeg2 Medium 2.4.0-1 2.5.0-1 [extra]
AVG-1360 edk2-shell Medium 202111-4 202208-1 [extra]
AVG-1354 xerces-c Medium 3.2.3-5 3.2.3-6 [extra]
AVG-1346 phpldapadmin Medium 1.2.6.2-2 1.2.6.4-1 [community]
AVG-1342 pass Medium 1.7.4-1 1.7.4-3 [community]
AVG-2644 mruby Low 3.0.0-1 3.1.0-1 [community]
AVG-2615 ruby-bundler Low 2.2.26-1 2.3.22-2 [community-testing]
2.3.22-1 [community]
AVG-2569 go-ethereum Low 1.10.13-1 1.10.25-1 [community]
AVG-2545 nomacs Low 1:3.17.2206-5 1:3.17.2206-8 [community]
AVG-2404 faust Low 2.37.3-1 2.41.1-2 [community]
AVG-2207 darkhttpd Low 1.13-1 1.14-1 [community-testing]
1.13-1 [community]
AVG-2104 imagemagick Low 7.1.0.17-1 7.1.0.49-1 [extra]
AVG-2091 manuskript Low 0.12.0-1 0.14.0-1 [community]
AVG-1974 golang-golang-x-net Low 0.0.20191210-2 0.0.20220826-1 [community]
AVG-1933 golang-golang-x-net Low 0.0.20191210-2 0.0.20220826-1 [community]
AVG-1915 kube-controller-manager, kube-apiserver, kubelet, kube-scheduler, kube-proxy Low 1.23.0-1 1.25.2-1 [community]
AVG-1777 vigra Low 1.11.1.r45+g8acd73a5-5 1.11.1.r67+g093d57d1-4 [community]
AVG-1673 kexec-tools Low 2.0.21-1 2.0.25-1 [extra]
AVG-1594 linux Low 5.15.8.arch1-1 5.19.12.arch1-1 [core]
AVG-1370 python-jsonpickle Low 1.5.2-3 2.2.0-1 [community]
AVG-1311 audacity Low 1:2.4.1-4 1:3.1.3-3 [community]
AVG-366 vorbis-tools Low 1.4.2-2 1.4.2-3 [extra]

Undetermined groups

Group Package Severity Affected Status
AVG-2702 openssl Medium 1.1.1.n-1 Unknown
AVG-2725 containerd Unknown 1.6.0-2 Unknown
AVG-2764 ruby-puma High 5.6.3-1 Unknown
AVG-2779 webkit2gtk Unknown 2.36.3-1 Unknown
AVG-2780 wpewebkit Unknown 2.36.3-1 Unknown
AVG-2781 python-pyjwt Unknown 2.3.0-1 Unknown
AVG-2787 grails Critical 5.1.8-1 Unknown

Issues missing details

Issue Severity Remote Type Description
CVE-2022-34903 Unknown Unknown Unknown
CVE-2022-33981 Unknown Unknown Unknown
CVE-2022-32745 Medium Yes Unknown
Samba AD users can crash the server process with an LDAP add or modify request.
CVE-2022-31813 Low Unknown Authentication bypass
Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin...
CVE-2022-31748 High Yes Arbitrary code execution
CVE-2022-31747 High Yes Arbitrary code execution
CVE-2022-31745 Medium Unknown Unknown
If array shift operations are not used, the Garbage Collector may have become confused...
CVE-2022-31743 Medium Yes Unknown
Firefox's HTML parser did not correctly interpret HTML comment tags, resulting in an...
CVE-2022-31742 Medium Unknown Information disclosure
An attacker could have exploited a timing attack by sending a large number of...
CVE-2022-31740 Unknown Unknown Unknown
CVE-2022-31739 Unknown Unknown Unknown
CVE-2022-31626 Unknown Unknown Unknown
CVE-2022-31625 Unknown Unknown Unknown
CVE-2022-31030 Unknown No Denial of service
programs inside a container can cause the containerd daemon to consume memory without bound...
CVE-2022-30789 Unknown Unknown Unknown
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array...
CVE-2022-30788 Unknown Unknown Unknown
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in...
CVE-2022-30786 Unknown Unknown Unknown
A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in...
CVE-2022-30784 Unknown Unknown Unknown
A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G...
CVE-2022-30594 Medium Unknown Access restriction bypass
The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the...
CVE-2022-30556 Low Unknown Information disclosure
Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread()...
CVE-2022-30550 Unknown Unknown Unknown
CVE-2022-30522 Low Unknown Denial of service
If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts...
CVE-2022-29824 Medium Unknown Arbitrary code execution
Integer overflow in xmlBuf (buf.c) and xmlBuffer (tree.c) can lead to out-of-bounds memory...
CVE-2022-29404 Low Unknown Denial of service
In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls...
CVE-2022-29217 Unknown Unknown Unknown
CVE-2022-29187 Unknown Unknown Unknown
CVE-2022-29156 High Unknown Unknown
double free related to rtrs_clt_dev_release in drivers/infiniband/ulp/rtrs/rtrs-clt.c
CVE-2022-28739 High Unknown Information disclosure
out-of-bounds read in string-to-float conversion
CVE-2022-28738 Unknown Unknown Arbitrary code execution
double-free in Regexp compilation
CVE-2022-28734 High Yes Unknown
When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data...
CVE-2022-28615 Low Unknown Information disclosure
Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read...
CVE-2022-28614 Low Unknown Unknown
The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended...
CVE-2022-28388 High Unknown Unknown
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1...
CVE-2022-28330 Unknown Unknown Unknown
CVE-2022-28288 Medium Unknown Arbitrary code execution
Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla...
CVE-2022-28287 Low Unknown Unknown
In unusual circumstances, selecting text could cause text selection caching to behave...
CVE-2022-28285 Medium Unknown Unknown
When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was...
CVE-2022-28284 Medium Unknown Unknown
SVG's <use> element could have been used to load unexpected content that could have...
CVE-2022-28283 Medium Unknown Unknown
The sourceMapURL feature in devtools was missing security checks that would have allowed a...
CVE-2022-28282 Medium Unknown Unknown
By using a link with rel="localization" a use-after-free could have been triggered by...
CVE-2022-28209 Critical Unknown Unknown
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof...
CVE-2022-28206 Critical Unknown Unknown
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the...
CVE-2022-28205 Critical Unknown Unknown
An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a...
CVE-2022-28192 Unknown Unknown Unknown
CVE-2022-28191 Unknown Unknown Unknown
CVE-2022-28185 Unknown Unknown Unknown
CVE-2022-28184 Unknown Unknown Unknown
CVE-2022-28183 Unknown Unknown Unknown
CVE-2022-28181 Unknown Unknown Unknown
CVE-2022-28144 Medium Yes Unknown
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several...
CVE-2022-28142 High Yes Unknown
Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally...
CVE-2022-28139 Medium Yes Unknown
A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows...
CVE-2022-28137 Medium Yes Unknown
A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and...
CVE-2022-28134 Medium Yes Unknown
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission...
CVE-2022-27942 Unknown Unknown Unknown
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c
CVE-2022-27941 Unknown Unknown Unknown
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in...
CVE-2022-27940 Unknown Unknown Unknown
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c
CVE-2022-27939 Unknown Unknown Unknown
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c
CVE-2022-27820 Medium Unknown Unknown
ZAP proxy does not verify the certificate chain of the HTTPS servers it connects to
CVE-2022-27782 Medium Unknown Unknown
libcurl would reuse a previously created connection even when a TLS or SSH related option...
CVE-2022-27781 Low Unknown Unknown
libcurl provides the `CURLOPT_CERTINFO` option to allow applications to request details to...
CVE-2022-27780 Medium Unknown Unknown
The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding...
CVE-2022-27779 Medium Unknown Unknown
libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name...
CVE-2022-27778 Medium Unknown Unknown
If curl adds a number to not "clobber" the output and an error occurs during transfer, the...
CVE-2022-27666 High Unknown Unknown
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c...
CVE-2022-27223 High Unknown Unknown
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint...
CVE-2022-26966 Medium Unknown Unknown
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows...
CVE-2022-26878 Medium Unknown Unknown
drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket...
CVE-2022-26710 Unknown Unknown Unknown
CVE-2022-26490 High Unknown Unknown
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel...
CVE-2022-26387 High Unknown Unknown
When installing an add-on, Thunderbird verified the signature before prompting the user;...
CVE-2022-26386 Low No Unknown
Previously Thunderbird for macOS and Linux would download temporary files to a...
CVE-2022-26384 High Yes Unknown
If an attacker could control the contents of an iframe sandboxed with allow-popups but not...
CVE-2022-26383 High Yes Unknown
When resizing a popup after requesting fullscreen access, the popup would not display the...
CVE-2022-26377 Medium Yes Unknown
Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in...
CVE-2022-26307 Unknown Unknown Unknown
CVE-2022-26306 Unknown Unknown Unknown
CVE-2022-26305 Unknown Unknown Unknown
CVE-2022-2539 Medium Yes Unknown
Unauthorized users can filter issues by contact and organization
CVE-2022-25375 Medium Unknown Information disclosure
RNDIS USB gadget in drivers/usb/gadget/function/rndis.c lacks validation of the size of the...
CVE-2022-2534 Low Yes Unknown
GitLab was returning contributor emails due to improper data handling in the Datadog integration
CVE-2022-25310 Unknown No Unknown
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the...
CVE-2022-25309 Unknown No Unknown
A heap-based buffer overflow flaw was found in the Fribidi package and affects the...
CVE-2022-2512 Medium Yes Unknown
Membership changes are not reflected in TODO for confidential notes, allowing a former...
CVE-2022-2500 Medium Yes Unknown
stored XSS in job error messages allows attackers to perform arbitrary actions on behalf of...
CVE-2022-2497 Medium Yes Unknown
A malicious maintainer could exfiltrate an integration's access token by modifying the...
CVE-2022-24959 Medium Unknown Unknown
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in...
CVE-2022-24958 High Unknown Unknown
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
CVE-2022-24883 Unknown Yes Authentication bypass
freerpd servers using authentication against a SAM file with an invalid path configured...
CVE-2022-24790 Unknown Yes Unknown
Puma behind a proxy that does not properly validate that the incoming HTTP request matches...
CVE-2022-24761 High Yes Unknown
waitress behind a proxy that does not properly validate the incoming HTTP request matches...
CVE-2022-24713 Low Unknown Unknown
The rust regex crate did not properly prevent crafted regular expressions from taking an...
CVE-2022-2456 Medium Yes Unknown
It may be possible for malicious group or project maintainers to change their corresponding...
CVE-2022-24303 Unknown Unknown Unknown
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames...
CVE-2022-2417 Medium Yes Unknown
gitlab allows an authenticated and authorised user to import a project that includes branch...
CVE-2022-24070 High Yes Unknown
While looking up path-based authorization rules, mod_dav_svn servers may attempt to use...
CVE-2022-23901 Unknown Unknown Unknown
A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc.
CVE-2022-23648 Unknown Unknown Information disclosure
containers launched through containerd’s CRI implementation with a specially-crafted image...
CVE-2022-23634 High Yes Unknown
puma may not always call close on the response body. Rails, prior to version 7.0.2.2,...
CVE-2022-23308 High Unknown Arbitrary code execution
Use-after-free of ID and IDREF attributes in valid.c
CVE-2022-2326 Medium Yes Unknown
It may be possible to gain access to a private project through an email invite by using...
CVE-2022-2318 Unknown Unknown Unknown
CVE-2022-2307 Low Yes Unknown
gitlab allows a malicious Group Owner to retain a usable Group Access Token even after the...
CVE-2022-2303 Medium Yes Unknown
It may be possible for group members to bypass 2FA enforcement enabled at the group level...
CVE-2022-22817 Unknown Unknown Unknown
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such...
CVE-2022-22816 Unknown Unknown Unknown
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization...
CVE-2022-22815 Unknown Unknown Unknown
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path
CVE-2022-22677 Unknown Unknown Unknown
CVE-2022-22662 Unknown Unknown Unknown
CVE-2022-22637 High Yes Unknown
A logic issue was addressed with improved state management. A malicious website may cause...
CVE-2022-21499 Unknown Unknown Unknown
KGDB and KDB allow read and write access to kernel memory but were not restricted during lockdown
CVE-2022-21496 Medium Yes Unknown
CVE-2022-21476 High Yes Unknown
CVE-2022-21443 Low Yes Unknown
CVE-2022-21434 Medium Yes Unknown
CVE-2022-21426 Medium Yes Unknown
CVE-2022-2095 Medium Yes Unknown
gitlab allows a malicious authenticated user to view a public project's Deploy Key's public...
CVE-2022-20803 Unknown Yes Arbitrary code execution
possible double-free vulnerability in the OLE2 file parser
CVE-2022-20796 Medium Unknown Unknown
possible NULL-pointer dereference crash in the scan verdict cache check
CVE-2022-20792 Unknown Yes Arbitrary code execution
possible multi-byte heap buffer overflow write vulnerability in the signature database load module
CVE-2022-1975 Medium Unknown Unknown
a sleep called in an atomic context could cause kernel panic during nfc firmware download
CVE-2022-1919 Low Unknown Unknown
An attacker could have caused an uninitialized variable on the stack to be mistakenly...
CVE-2022-1876 Low Unknown Unknown
Heap buffer overflow in DevTools
CVE-2022-1875 Low Unknown Unknown
Inappropriate implementation in PDF
CVE-2022-1874 Low Unknown Unknown
Insufficient policy enforcement in Safe Browsing
CVE-2022-1873 Low Unknown Unknown
Insufficient policy enforcement in COOP
CVE-2022-1872 Low Unknown Unknown
Insufficient policy enforcement in Extensions API
CVE-2022-1871 Low Unknown Unknown
Insufficient policy enforcement in File System API
CVE-2022-1870 Medium Unknown Unknown
Use after free in App Service
CVE-2022-1869 Medium Unknown Unknown
Type Confusion in V8
CVE-2022-1868 Medium Unknown Unknown
Inappropriate implementation in Extensions API
CVE-2022-1867 Medium Unknown Unknown
Insufficient validation of untrusted input in Data Transfer
CVE-2022-1866 Medium Unknown Unknown
Use after free in Tablet Mode
CVE-2022-1865 Medium Unknown Unknown
Use after free in Bookmarks
CVE-2022-1864 Medium Unknown Unknown
Use after free in WebApp Installs
CVE-2022-1863 Medium Unknown Unknown
Use after free in Tab Groups
CVE-2022-1862 Medium Unknown Unknown
Inappropriate implementation in Extensions
CVE-2022-1789 Unknown Unknown Unknown
CVE-2022-1736 Unknown Unknown Unknown
CVE-2022-1734 High No Unknown
possible use-after-free due to race condition when simulating NFC device from user space
CVE-2022-1652 Unknown Unknown Unknown
A concurrency use-after-free was found in the Linux kernel.
CVE-2022-1641 Medium Unknown Unknown
Use after free in Web UI Diagnostics.
CVE-2022-1640 High Unknown Unknown
Use after free in Sharing.
CVE-2022-1639 High Unknown Unknown
Use after free in ANGLE.
CVE-2022-1638 High Unknown Unknown
Heap buffer overflow in V8 Internationalization.
CVE-2022-1637 High Unknown Unknown
Inappropriate implementation in Web Contents.
CVE-2022-1636 High Unknown Unknown
Use after free in Performance APIs.
CVE-2022-1635 High Unknown Unknown
Use after free in Permission Prompts.
CVE-2022-1634 High Unknown Unknown
Use after free in Browser UI.
CVE-2022-1633 High Unknown Unknown
Use after free in Sharesheet.
CVE-2022-1516 Unknown Unknown Unknown
A NULL pointer dereference flaw in the implementation of the X.25 set of standardized...
CVE-2022-1510 Medium Unknown Denial of service
GitLab all versions starting from 13.9 before 14.8.6, all versions starting from 14.9...
CVE-2022-1462 Medium No Unknown
a local user can use a race condition in `drivers/tty/tty_buffers.c` to cause a memory leak...
CVE-2022-1460 Medium Unknown Access restriction bypass
GitLab all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before...
CVE-2022-1433 Low Unknown Unknown
Missing invalidation of Markdown caching causes potential payloads from a previously...
CVE-2022-1431 Medium Unknown Denial of service
GitLab all versions starting from 12.10 before 14.8.6, all versions starting from 14.9...
CVE-2022-1428 Medium Unknown Denial of service
GitLab all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all...
CVE-2022-1426 Low Unknown Authentication bypass
GitLab from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions...
CVE-2022-1423 High Unknown Arbitrary code execution
Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions...
CVE-2022-1417 Medium Unknown Authentication bypass
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before...
CVE-2022-1416 Medium Unknown Unknown
Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all...
CVE-2022-1413 Medium Unknown Information disclosure
Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before...
CVE-2022-1406 Medium Unknown Insufficient validation
Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6,...
CVE-2022-1353 Unknown Unknown Unknown
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux...
CVE-2022-1352 Medium Unknown Information disclosure
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all...
CVE-2022-1328 Unknown Unknown Unknown
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before...
CVE-2022-1292 Medium Unknown Unknown
The c_rehash script does not properly sanitise shell metacharacters to prevent command...
CVE-2022-1205 Unknown Unknown Unknown
There are NPD and use-after-free vulnerabilities in net/ax25/ax25_timer.c of linux that...
CVE-2022-1204 Unknown Unknown Unknown
There are use-after-free vulnerabilities in net/ax25/af_ax25.c of linux that allow attacker...
CVE-2022-1199 Unknown Unknown Unknown
There are null-ptr-deref vulnerability and use-after-free vulnerabilities in...
CVE-2022-1198 Unknown Unknown Unknown
There are use-after-free vulnerabilities in drivers/net/hamradio/6pack.c of linux that...
CVE-2022-1197 Medium Unknown Unknown
When importing a revoked key that specified key compromise as the revocation reason,...
CVE-2022-1196 Medium Unknown Unknown
After a VR Process is destroyed, a reference to it may have been retained and used, leading...
CVE-2022-1195 Unknown Unknown Unknown
A use-after-free vulnerability was found in drivers/net/hamradio in the Linux kernel. In...
CVE-2022-1172 Medium Unknown Unknown
Null Pointer Dereference Caused Segmentation Fault in gpac prior to 2.1.0-DEV
CVE-2022-1158 Unknown Unknown Unknown
Linux Kernel v5.2+: x86/kvm: cmpxchg_gpte can write to pfns outside the userspace region
CVE-2022-1124 Medium Unknown Information disclosure
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions...
CVE-2022-1106 Unknown Unknown Unknown
use after free in mrb_vm_exec in mruby prior to 3.2
CVE-2022-1096 High Yes Unknown
It is a type confusion weakness in the Chrome V8 JavaScript engine. Google is aware that an...
CVE-2022-1048 Unknown Unknown Unknown
race condition in snd_pcm_hw_free leading to use-after-free
CVE-2022-1016 Unknown Unknown Unknown
CVE-2022-1016 pertains to uninitialized stack data in the nft_do_chain routine....
CVE-2022-1015 Unknown Unknown Unknown
CVE-2022-1015 pertains to an out of bounds access in nf_tables expression evaluation due to...
CVE-2022-0854 Medium Unknown Unknown
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls...
CVE-2022-0843 Medium Unknown Arbitrary code execution
Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory...
CVE-2022-0617 Medium Unknown Unknown
A NULL pointer dereference was found in the Linux kernel’s UDF file system functionality in...
CVE-2022-0500 Unknown Unknown Unknown
CVE-2022-0494 Medium Unknown Unknown
A kernel information leak flaw was identified in the scsi_ioctl function in...
CVE-2022-0419 Medium Unknown Unknown
NULL pointer dereference in load_buffer
CVE-2022-0358 High No Unknown
In the QEMU virtio-fs shared file system daemon (virtiofsd) a local guest user can create...
CVE-2022-0168 Unknown Unknown Unknown
A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info...
CVE-2021-46829 Unknown Unknown Arbitrary code execution
heap buffer overflow when composing or clearing frames in GIF files
CVE-2021-44975 Unknown Unknown Unknown
Buffer Overflow via /libr/core/anal_objc.c mach-o parser
CVE-2021-44974 Unknown Unknown Unknown
NULL Pointer Dereference via libr/bin/p/bin_symbols.c binary symbol parser
CVE-2021-44879 Medium Unknown Unknown
In gc_data_segment in fs/f2fs/gc.c in the Linux kernel before 5.16.3, special files are not...
CVE-2021-4207 High Unknown Unknown
In the QXL display device emulation in QEMU. A double fetch of guest controlled values...
CVE-2021-4197 High Unknown Unknown
An unprivileged write to the file handler flaw in the Linux kernel's control groups and...
CVE-2021-4192 High Unknown Unknown
use-after-free in win_linetabsize()
CVE-2021-4156 High Unknown Unknown
An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker...
CVE-2021-41136 Low Yes Unknown
Using puma with a proxy which forwards LF characters as line endings could allow HTTP...
CVE-2021-33655 Unknown Unknown Unknown
CVE-2021-28544 Medium Unknown Information disclosure
Subversion servers reveal 'copyfrom' paths that should be hidden according to configured...

Orphan issues

Issue Severity Remote Type Description
CVE-2021-4206 High No Arbitrary code execution
An integer overflow in the cursor_alloc() function of the QXL display device emulation can...
CVE-2021-4207 High Unknown Unknown
In the QXL display device emulation in QEMU. A double fetch of guest controlled values...
CVE-2021-45046 Medium Yes Denial of service
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete...
CVE-2022-0358 High No Unknown
In the QEMU virtio-fs shared file system daemon (virtiofsd) a local guest user can create...
CVE-2022-0494 Medium Unknown Unknown
A kernel information leak flaw was identified in the scsi_ioctl function in...
CVE-2022-0617 Medium Unknown Unknown
A NULL pointer dereference was found in the Linux kernel’s UDF file system functionality in...
CVE-2022-0854 Medium Unknown Unknown
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls...
CVE-2022-0987 Low No Information disclosure
A vulnerability was found in PackageKit in the way some of the methods exposed by the...
CVE-2022-1011 High No Privilege escalation
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user...
CVE-2022-1106 Unknown Unknown Unknown
use after free in mrb_vm_exec in mruby prior to 3.2
CVE-2022-1172 Medium Unknown Unknown
Null Pointer Dereference Caused Segmentation Fault in gpac prior to 2.1.0-DEV
CVE-2022-1215 High No Privilege escalation
Format string vulnerability in evdev device handling
CVE-2022-1328 Unknown Unknown Unknown
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before...
CVE-2022-1348 Medium No Denial of service
The state file is used to prevent parallel executions of multiple instances of logrotate by...
CVE-2022-1462 Medium No Unknown
a local user can use a race condition in `drivers/tty/tty_buffers.c` to cause a memory leak...
CVE-2022-1652 Unknown Unknown Unknown
A concurrency use-after-free was found in the Linux kernel.
CVE-2022-1852 Medium No Denial of service
executing an illegal instruction in a kvm guest on an intel cpu causes a null pointer dereference
CVE-2022-22815 Unknown Unknown Unknown
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.Path
CVE-2022-22816 Unknown Unknown Unknown
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization...
CVE-2022-22817 Unknown Unknown Unknown
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such...
CVE-2022-23901 Unknown Unknown Unknown
A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc.
CVE-2022-24303 Unknown Unknown Unknown
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames...
CVE-2022-24448 Low No Information disclosure
A flaw was found in the Linux kernel. When an application tries to open a directory (using...
CVE-2022-24903 High Yes Arbitrary code execution
A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft...
CVE-2022-24958 High Unknown Unknown
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.
CVE-2022-24959 Medium Unknown Unknown
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in...
CVE-2022-25258 Medium No Denial of service
NULL pointer dereference in the kernel's USB gadget subsystem allows a local user to crash...
CVE-2022-25308 Medium No Denial of service
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an...
CVE-2022-25309 Unknown No Unknown
A heap-based buffer overflow flaw was found in the Fribidi package and affects the...
CVE-2022-25310 Unknown No Unknown
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the...
CVE-2022-25375 Medium Unknown Information disclosure
RNDIS USB gadget in drivers/usb/gadget/function/rndis.c lacks validation of the size of the...
CVE-2022-26353 High No Arbitrary code execution
the fix for CVE-2021-3748 forgot to unmap the cached virtqueue elements on error, leading...
CVE-2022-26354 Low No Denial of service
In case of error in the vhost-vsock device, an invalid element was not detached from the...
CVE-2022-26691 High No Authentication bypass
CUPS requires users to demonstrate root/admin level access to perform various printer...
CVE-2022-26878 Medium Unknown Unknown
drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket...
CVE-2022-26966 Medium Unknown Unknown
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows...
CVE-2022-27223 High Unknown Unknown
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint...
CVE-2022-27820 Medium Unknown Unknown
ZAP proxy does not verify the certificate chain of the HTTPS servers it connects to
CVE-2022-27939 Unknown Unknown Unknown
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.c
CVE-2022-27940 Unknown Unknown Unknown
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.c
CVE-2022-27941 Unknown Unknown Unknown
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in...
CVE-2022-27942 Unknown Unknown Unknown
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c
CVE-2022-28330 Unknown Unknown Unknown
CVE-2022-29156 High Unknown Unknown
double free related to rtrs_clt_dev_release in drivers/infiniband/ulp/rtrs/rtrs-clt.c
CVE-2022-29581 High No Privilege escalation
Improper Update of Reference Count vulnerability in net/sched of Linux Kernel allows local...
CVE-2022-30594 Medium Unknown Access restriction bypass
The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the...
CVE-2022-31739 Unknown Unknown Unknown
CVE-2022-31740 Unknown Unknown Unknown