Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-07-26 | CVE-2022-33745 | insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. | Debian_linux, Fedora, Xen | 8.8 | ||
2022-07-28 | CVE-2022-2553 | The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. | Booth, Debian_linux, Fedora | 6.5 | ||
2022-07-28 | CVE-2022-30287 | Horde Groupware Webmail Edition through 5.2.22 allows a reflection injection attack through which an attacker can instantiate a driver class. This then leads to arbitrary deserialization of PHP objects. | Debian_linux, Groupware | 8.0 | ||
2022-07-29 | CVE-2022-34526 | A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities. | Debian_linux, Fedora, Libtiff, Active_iq_unified_manager, Ontap_select_deploy_administration_utility | 6.5 | ||
2022-08-01 | CVE-2022-2509 | A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. | Debian_linux, Fedora, Gnutls, Enterprise_linux | 7.5 | ||
2022-08-01 | CVE-2022-2598 | Out-of-bounds Write to API in GitHub repository vim/vim prior to 9.0.0100. | Debian_linux, Vim | 5.5 | ||
2022-08-03 | CVE-2022-32292 | In ConnMan through 1.41, remote attackers able to send HTTP requests to the gweb component are able to exploit a heap-based buffer overflow in received_data to execute code. | Debian_linux, Connman | 9.8 | ||
2022-08-03 | CVE-2022-32293 | In ConnMan through 1.41, a man-in-the-middle attack against a WISPR HTTP query could be used to trigger a use-after-free in WISPR handling, leading to crashes or code execution. | Debian_linux, Connman | 8.1 | ||
2022-08-03 | CVE-2022-36359 | An issue was discovered in the HTTP FileResponse class in Django 3.2 before 3.2.15 and 4.0 before 4.0.7. An application is vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename is derived from user-supplied input. | Debian_linux, Django | 8.8 | ||
2022-08-03 | CVE-2022-31197 | PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using standard, database independent Java code. The PGJDBC implementation of the `java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to executing additional SQL commands as the application's JDBC user. User applications that do not invoke the... | Debian_linux, Fedora, Postgresql_jdbc_driver | 8.0 |