Product:

Debian_linux

(Debian)
Repositories https://github.com/torvalds/linux
https://github.com/ImageMagick/ImageMagick
https://github.com/WordPress/WordPress
https://github.com/krb5/krb5
https://github.com/FFmpeg/FFmpeg
https://github.com/rdesktop/rdesktop
https://github.com/neomutt/neomutt
https://github.com/FasterXML/jackson-databind
https://github.com/php/php-src
https://github.com/the-tcpdump-group/tcpdump
https://github.com/redmine/redmine
https://github.com/dbry/WavPack
https://github.com/rubygems/rubygems
https://github.com/uclouvain/openjpeg
https://github.com/bcgit/bc-java
https://github.com/libgd/libgd
https://github.com/kyz/libmspack
https://github.com/mantisbt/mantisbt
https://github.com/gpac/gpac
https://github.com/newsoft/libvncserver
https://github.com/madler/zlib
https://github.com/mruby/mruby
https://github.com/libgit2/libgit2
https://github.com/uriparser/uriparser
https://github.com/mdadams/jasper
https://github.com/LibRaw/LibRaw
https://github.com/ceph/ceph
https://github.com/FreeRDP/FreeRDP
https://github.com/verdammelt/tnef
https://github.com/openssl/openssl
https://github.com/LibVNC/libvncserver
https://github.com/libevent/libevent
https://github.com/ARMmbed/mbedtls
https://github.com/antirez/redis
https://github.com/ntp-project/ntp
https://github.com/inspircd/inspircd
https://github.com/Perl/perl5
https://github.com/OTRS/otrs
https://github.com/Yeraze/ytnef
https://github.com/python-pillow/Pillow
https://github.com/perl5-dbi/DBD-mysql
https://github.com/file/file
https://github.com/mysql/mysql-server
https://github.com/openbsd/src
https://github.com/memcached/memcached
https://github.com/openvswitch/ovs
https://github.com/mm2/Little-CMS
https://github.com/SpiderLabs/ModSecurity
https://github.com/szukw000/openjpeg
https://github.com/libjpeg-turbo/libjpeg-turbo
https://github.com/kamailio/kamailio
https://github.com/vadz/libtiff
https://github.com/curl/curl
https://github.com/dovecot/core
https://github.com/znc/znc
https://github.com/horde/horde
https://github.com/mono/mono
https://github.com/varnish/Varnish-Cache
https://github.com/varnishcache/varnish-cache
https://github.com/esnet/iperf
https://github.com/sleuthkit/sleuthkit
https://github.com/paramiko/paramiko
https://github.com/resiprocate/resiprocate
https://github.com/nih-at/libzip
https://github.com/twigphp/Twig
https://github.com/lighttpd/lighttpd1.4
https://github.com/vim/vim
https://github.com/jquery/jquery-ui
https://github.com/haproxy/haproxy
https://github.com/smarty-php/smarty
https://github.com/symfony/symfony
https://github.com/dom4j/dom4j
https://github.com/ansible/ansible
https://github.com/mapserver/mapserver
https://github.com/apache/httpd
https://github.com/stoth68000/media-tree
https://github.com/ImageMagick/ImageMagick6
https://github.com/antlarr/audiofile
https://github.com/shadow-maint/shadow
https://github.com/codehaus-plexus/plexus-utils
https://github.com/lxml/lxml
https://github.com/GStreamer/gst-plugins-ugly
https://github.com/erikd/libsndfile
https://github.com/ruby/openssl
https://github.com/python/cpython
https://github.com/akrennmair/newsbeuter
https://github.com/beanshell/beanshell
https://github.com/openssh/openssh-portable
https://github.com/git/git
• git://git.openssl.org/openssl.git
https://github.com/weechat/weechat
https://github.com/cyu/rack-cors
https://github.com/Exim/exim
https://github.com/GNOME/nautilus
https://github.com/inverse-inc/sogo
https://github.com/phusion/passenger
https://github.com/codehaus-plexus/plexus-archiver
https://github.com/karelzak/util-linux
https://git.kernel.org/pub/scm/git/git.git
https://github.com/apple/cups
https://github.com/shadowsocks/shadowsocks-libev
https://github.com/simplesamlphp/simplesamlphp
https://github.com/GNOME/evince
https://github.com/torproject/tor
https://github.com/derickr/timelib
https://github.com/libarchive/libarchive
https://git.savannah.gnu.org/git/patch.git
https://github.com/puppetlabs/puppet
https://github.com/golang/go
https://github.com/zhutougg/c3p0
https://github.com/flori/json
https://github.com/eldy/awstats
https://github.com/jcupitt/libvips
https://github.com/simplesamlphp/saml2
https://github.com/DanBloomberg/leptonica
https://github.com/anymail/django-anymail
https://github.com/mpv-player/mpv
https://github.com/TeX-Live/texlive-source
https://github.com/vim-syntastic/syntastic
https://github.com/gosa-project/gosa-core
https://github.com/Cisco-Talos/clamav-devel
https://github.com/GNOME/librsvg
https://github.com/viewvc/viewvc
https://github.com/moinwiki/moin-1.9
https://github.com/splitbrain/dokuwiki
https://github.com/heimdal/heimdal
https://github.com/openstack/swauth
https://github.com/bottlepy/bottle
https://github.com/charybdis-ircd/charybdis
https://github.com/westes/flex
https://github.com/mjg59/pupnp-code
https://github.com/collectd/collectd
https://github.com/django/django
https://git.videolan.org/git/vlc.git
https://github.com/atheme/atheme
https://github.com/jpirko/libndp
https://github.com/fragglet/lhasa
https://github.com/neovim/neovim
https://github.com/Quagga/quagga
https://github.com/rohe/pysaml2
https://github.com/PHPMailer/PHPMailer
https://github.com/Automattic/Genericons
https://github.com/jmacd/xdelta-devel
https://github.com/ellson/graphviz
https://github.com/axkibe/lsyncd
https://github.com/quassel/quassel
https://github.com/yarolig/didiwiki
#Vulnerabilities 6871
Date Id Summary Products Score Patch Annotated
2022-03-16 CVE-2021-20257 An infinite loop flaw was found in the e1000 NIC emulator of the QEMU. This issue occurs while processing transmits (tx) descriptors in process_tx_desc if various descriptor fields are initialized with invalid values. This flaw allows a guest to consume CPU cycles on the host, resulting in a denial of service. The highest threat from this vulnerability is to system availability. Debian_linux, Fedora, Qemu, Codeready_linux_builder, Enterprise_linux, Enterprise_linux_for_ibm_z_systems, Enterprise_linux_for_power_little_endian, Openstack_platform 6.5
2022-03-17 CVE-2022-24761 Waitress is a Web Server Gateway Interface server for Python 2 and 3. When using Waitress versions 2.1.0 and prior behind a proxy that does not properly validate the incoming HTTP request matches the RFC7230 standard, Waitress and the frontend proxy may disagree on where one request starts and where it ends. This would allow requests to be smuggled via the front-end proxy to waitress and later behavior. There are two classes of vulnerability that may lead to request smuggling that are... Waitress, Debian_linux 7.5
2022-04-29 CVE-2021-4206 A flaw was found in the QXL display device emulation in QEMU. An integer overflow in the cursor_alloc() function can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. This flaw allows a malicious privileged guest user to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. Debian_linux, Qemu, Enterprise_linux 8.2
2022-04-29 CVE-2021-4207 A flaw was found in the QXL display device emulation in QEMU. A double fetch of guest controlled values `cursor->header.width` and `cursor->header.height` can lead to the allocation of a small cursor object followed by a subsequent heap-based buffer overflow. A malicious privileged guest user could use this flaw to crash the QEMU process on the host or potentially execute arbitrary code within the context of the QEMU process. Debian_linux, Qemu, Enterprise_linux 8.8
2022-05-26 CVE-2022-21831 A code injection vulnerability exists in the Active Storage >= v5.2.0 that could allow an attacker to execute code via image_processing arguments. Debian_linux, Active_storage 9.8
2022-05-26 CVE-2022-22577 An XSS Vulnerability in Action Pack >= 5.2.0 and < 5.2.0 that could allow an attacker to bypass CSP for non HTML like responses. Debian_linux, Actionpack 6.1
2022-05-26 CVE-2022-27777 A XSS Vulnerability in Action View tag helpers >= 5.2.0 and < 5.2.0 which would allow an attacker to inject content if able to control input into specific attributes. Debian_linux, Actionpack 6.1
2022-05-31 CVE-2022-31002 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. Version 1.13.8 contains a patch for this issue. Debian_linux, Sofia\-Sip 7.5
2022-05-31 CVE-2022-31001 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, an attacker can send a message with evil sdp to FreeSWITCH, which may cause crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS_NON_WS(s[n])`. Version 1.13.8 contains a patch for this issue. Debian_linux, Sofia\-Sip 7.5
2022-05-31 CVE-2022-31003 Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. Prior to version 1.13.8, when parsing each line of a sdp message, `rest = record + 2` will access the memory behind `\0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. Version 1.13.8 contains a patch for this issue. Debian_linux, Sofia\-Sip 9.8