Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-05-19 | CVE-2022-1785 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. | Debian_linux, Vim | 7.8 | ||
| 2022-05-23 | CVE-2022-29599 | In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | Maven_shared_utils, Debian_linux | 9.8 | ||
| 2022-05-24 | CVE-2022-29221 | Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.1, template authors could inject php code by choosing a malicious {block} name or {include} file name. Sites that cannot fully trust template authors should upgrade to versions 3.1.45 or 4.1.1 to receive a patch for this issue. There are currently no known workarounds. | Debian_linux, Fedora, Smarty | 8.8 | ||
| 2022-05-25 | CVE-2022-1851 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | Macos, Debian_linux, Fedora, Vim | 7.8 | ||
| 2022-05-25 | CVE-2022-29248 | Guzzle is a PHP HTTP client. Guzzle prior to versions 6.5.6 and 7.4.3 contains a vulnerability with the cookie middleware. The vulnerability is that it is not checked if the cookie domain equals the domain of the server which sets the cookie via the Set-Cookie header, allowing a malicious server to set cookies for unrelated domains. The cookie middleware is disabled by default, so most library consumers will not be affected by this issue. Only those who manually add the cookie middleware to... | Debian_linux, Drupal, Guzzle | 8.1 | ||
| 2022-05-26 | CVE-2022-1664 | Dpkg::Source::Archive in dpkg, the Debian package management system, before version 1.21.8, 1.20.10, 1.19.8, 1.18.26 is prone to a directory traversal vulnerability. When extracting untrusted source packages in v2 and v3 source package formats that include a debian.tar, the in-place extraction can lead to directory traversal situations on specially crafted orig.tar and debian.tar tarballs. | Debian_linux, Dpkg, Ontap_select_deploy_administration_utility | 9.8 | ||
| 2022-05-26 | CVE-2022-30783 | An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite. | Debian_linux, Fedora, Ntfs\-3g | 6.7 | ||
| 2022-05-26 | CVE-2022-30784 | A crafted NTFS image can cause heap exhaustion in ntfs_get_attribute_value in NTFS-3G through 2021.8.22. | Debian_linux, Fedora, Ntfs\-3g | 7.8 | ||
| 2022-05-26 | CVE-2022-30785 | A file handle created in fuse_lib_opendir, and later used in fuse_lib_readdir, enables arbitrary memory read and write operations in NTFS-3G through 2021.8.22 when using libfuse-lite. | Debian_linux, Fedora, Ntfs\-3g | 6.7 | ||
| 2022-05-26 | CVE-2022-30786 | A crafted NTFS image can cause a heap-based buffer overflow in ntfs_names_full_collate in NTFS-3G through 2021.8.22. | Debian_linux, Fedora, Ntfs\-3g | 7.8 |