Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-05-25 | CVE-2022-29248 | Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to... | Debian_linux, Drupal, Guzzle | 8.1 | ||
| 2022-05-26 | CVE-2022-1664 | Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. | Debian_linux, Dpkg, Ontap_select_deploy_administration_utility | 9.8 | ||
| 2022-05-26 | CVE-2022-30783 | An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. | Debian_linux, Fedora, Ntfs\-3g | 6.7 | ||
| 2022-05-26 | CVE-2022-30784 | A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. | Debian_linux, Fedora, Ntfs\-3g | 7.8 | ||
| 2022-05-26 | CVE-2022-30785 | A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | Debian_linux, Fedora, Ntfs\-3g | 6.7 | ||
| 2022-05-26 | CVE-2022-30786 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. | Debian_linux, Fedora, Ntfs\-3g | 7.8 | ||
| 2022-05-26 | CVE-2022-30787 | An integer underflow in fuse_lib_readdir enables arbitrary memory read operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | Debian_linux, Fedora, Ntfs\-3g | 6.7 | ||
| 2022-05-26 | CVE-2022-30788 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_mft_rec_alloc in NTFS-3G through 2021.8.22. | Debian_linux, Fedora, Ntfs\-3g | 7.8 | ||
| 2022-05-26 | CVE-2022-30789 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_check_log_client_array in NTFS-3G through 2021.8.22. | Debian_linux, Fedora, Ntfs\-3g | 7.8 | ||
| 2022-05-26 | CVE-2022-22576 | An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only). | Fabric_operating_system, Debian_linux, Curl, Bootstrap_os, Clustered_data_ontap, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Solidfire_\&_hci_management_node, Solidfire_\&_hci_storage_node, Universal_forwarder | 8.1 |