Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-07-01 | CVE-2022-32088 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Exec_time_tracker::get_loops/Filesort_tracker::report_use/filesort. | Debian_linux, Mariadb | 7.5 | ||
| 2022-07-01 | CVE-2022-32087 | MariaDB v10.2 to v10.7 was discovered to contain a segmentation fault via the component Item_args::walk_args. | Debian_linux, Mariadb | 7.5 | ||
| 2022-07-01 | CVE-2022-32091 | MariaDB v10.7 was discovered to contain an use-after-poison in in __interceptor_memset at /libsanitizer/sanitizer_common/sanitizer_common_interceptors.inc. | Debian_linux, Fedora, Mariadb | 7.5 | ||
| 2022-07-01 | CVE-2022-34903 | GnuPG through 2.3.6, in unusual situations where an attacker possesses any secret-key information from a victim's keyring and other constraints (e.g., use of GPGME) are met, allows signature forgery via injection into the status line. | Debian_linux, Fedora, Gnupg, Active_iq_unified_manager, Ontap_select_deploy_administration_utility | 6.5 | ||
| 2022-07-02 | CVE-2022-2285 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | Debian_linux, Fedora, Vim | 7.8 | ||
| 2022-07-04 | CVE-2022-34918 | An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c. | Ubuntu_linux, Debian_linux, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware | 7.8 | ||
| 2022-07-05 | CVE-2022-2097 | AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised implementation will not encrypt the entirety of the data under some circumstances. This could reveal sixteen bytes of data that was preexisting in the memory that wasn't written. In the special case of "in place" encryption, sixteen bytes of the plaintext would be revealed. Since OpenSSL does not support OCB based cipher suites for TLS and DTLS, they are both unaffected. Fixed in OpenSSL 3.0.5 (Affected 3.0.0-3.0.4).... | Debian_linux, Fedora, Active_iq_unified_manager, Clustered_data_ontap_antivirus_connector, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Openssl, Sinec_ins | 5.3 | ||
| 2022-07-05 | CVE-2022-26365 | Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being... | Debian_linux, Fedora, Linux_kernel, Xen | 7.1 | ||
| 2022-07-05 | CVE-2022-33740 | Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being... | Debian_linux, Fedora, Linux_kernel, Xen | 7.1 | ||
| 2022-07-05 | CVE-2022-2304 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | Debian_linux, Fedora, Vim | 7.8 |