Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-06-10 | CVE-2022-31042 | Guzzle is an open source PHP HTTP client. In affected versions the `Cookie` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, or on making a request to a server which responds with a redirect to a a URI to a different host, we should not forward the `Cookie` header on. Prior to this fix, only cookies that were managed by our cookie middleware would be safely removed, and any... | Debian_linux, Drupal, Guzzle | 7.5 | ||
| 2022-06-10 | CVE-2022-31043 | Guzzle is an open source PHP HTTP client. In affected versions `Authorization` headers on requests are sensitive information. On making a request using the `https` scheme to a server which responds with a redirect to a URI with the `http` scheme, we should not forward the `Authorization` header on. This is much the same as to how we don't forward on the header if the host changes. Prior to this fix, `https` to `http` downgrades did not result in the `Authorization` header being removed, only... | Debian_linux, Drupal, Guzzle | 7.5 | ||
| 2022-06-13 | CVE-2022-32278 | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | Debian_linux, Exo | 8.8 | ||
| 2022-06-16 | CVE-2022-31625 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. | Debian_linux, Php | 8.1 | ||
| 2022-06-16 | CVE-2022-31626 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. | Debian_linux, Php | 8.8 | ||
| 2022-06-16 | CVE-2022-31291 | An issue in dlt_config_file_parser.c of dlt-daemon v2.18.8 allows attackers to cause a double free via crafted TCP packets. | Debian_linux, Diagnostic_log_and_trace | 7.5 | ||
| 2022-06-19 | CVE-2022-2124 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | Macos, Debian_linux, Fedora, Vim | 7.8 | ||
| 2022-06-19 | CVE-2022-2126 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | Macos, Debian_linux, Fedora, Vim | 7.8 | ||
| 2022-06-19 | CVE-2022-2129 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | Debian_linux, Fedora, Vim | 7.8 | ||
| 2022-06-20 | CVE-2022-1720 | Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. | Macos, Debian_linux, Fedora, Vim | 7.8 |