Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-04-19 | CVE-2022-21476 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can... | Zulu, Debian_linux, Active_iq_unified_manager, Bootstrap_os, Cloud_insights_acquisition_unit, Cloud_secure_agent, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Element_software, Hci_management_node, Oncommand_insight, Santricity_unified_manager, Solidfire, Graalvm, Jdk, Openjdk | N/A | ||
| 2022-04-19 | CVE-2022-21496 | Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JNDI). Supported versions that are affected are Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18; Oracle GraalVM Enterprise Edition: 20.3.5, 21.3.1 and 22.0.0.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result... | Zulu, Debian_linux, Active_iq_unified_manager, Bootstrap_os, Cloud_insights_acquisition_unit, Cloud_secure_agent, E\-Series_santricity_os_controller, E\-Series_santricity_storage_manager, E\-Series_santricity_web_services, Element_software, Hci_management_node, Oncommand_insight, Santricity_unified_manager, Solidfire, Graalvm, Java_se | 5.3 | ||
| 2022-04-20 | CVE-2022-29536 | In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten in the UI process) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered. | Debian_linux, Fedora, Epiphany | 7.5 | ||
| 2022-04-22 | CVE-2022-29582 | In the Linux kernel before 5.17.3, fs/io_uring.c has a use-after-free due to a race condition in io_uring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently. | Debian_linux, Linux_kernel | 7.0 | ||
| 2022-04-25 | CVE-2022-24792 | PJSIP is a free and open source multimedia communication library written in C. A denial-of-service vulnerability affects applications on a 32-bit systems that use PJSIP versions 2.12 and prior to play/read invalid WAV files. The vulnerability occurs when reading WAV file data chunks with length greater than 31-bit integers. The vulnerability does not affect 64-bit apps and should not affect apps that only plays trusted WAV files. A patch is available on the `master` branch of the... | Debian_linux, Pjsip | 7.5 | ||
| 2022-04-25 | CVE-2022-1441 | MP4Box is a component of GPAC-2.0.0, which is a widely-used third-party package on RPM Fusion. When MP4Box tries to parse a MP4 file, it calls the function `diST_box_read()` to read from video. In this function, it allocates a buffer `str` with fixed length. However, content read from `bs` is controllable by user, so is the length, which causes a buffer overflow. | Debian_linux, Gpac | 7.8 | ||
| 2022-04-27 | CVE-2022-27239 | In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges. | Debian_linux, Fedora, Helion_openstack, Cifs\-Utils, Caas_platform, Enterprise_storage, Linux_enterprise_desktop, Linux_enterprise_high_performance_computing, Linux_enterprise_micro, Linux_enterprise_point_of_service, Linux_enterprise_real_time, Linux_enterprise_server, Linux_enterprise_software_development_kit, Linux_enterprise_storage, Manager_proxy, Manager_retail_branch_server, Manager_server, Openstack_cloud, Openstack_cloud_crowbar | 7.8 | ||
| 2022-04-28 | CVE-2022-29869 | cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file. | Debian_linux, Fedora, Cifs\-Utils | 5.3 | ||
| 2022-04-29 | CVE-2022-1048 | A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system. | Debian_linux, Linux_kernel, H300e_firmware, H300s_firmware, H410c_firmware, H410s_firmware, H500e_firmware, H500s_firmware, H700e_firmware, H700s_firmware, Enterprise_linux | 7.0 | ||
| 2022-04-29 | CVE-2022-1195 | A use-after-free vulnerability was found in the Linux kernel in drivers/net/hamradio. This flaw allows a local attacker with a user privilege to cause a denial of service (DOS) when the mkiss or sixpack device is detached and reclaim resources early. | Debian_linux, Linux_kernel | 5.5 |