Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-07-05 | CVE-2022-33741 | Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being... | Debian_linux, Fedora, Linux_kernel, Xen | 7.1 | ||
| 2022-07-05 | CVE-2022-33742 | Linux disk/nic frontends data leaks T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Linux Block and Network PV device frontends don't zero memory regions before sharing them with the backend (CVE-2022-26365, CVE-2022-33740). Additionally the granularity of the grant table doesn't allow sharing less than a 4K page, leading to unrelated data residing in the same 4K page as data shared with a backend being... | Debian_linux, Fedora, Linux_kernel, Xen | 7.1 | ||
| 2022-07-05 | CVE-2022-33743 | network backend may cause Linux netfront to use freed SKBs While adding logic to support XDP (eXpress Data Path), a code label was moved in a way allowing for SKBs having references (pointers) retained for further processing to nevertheless be freed. | Debian_linux, Linux_kernel, Xen | 7.8 | ||
| 2022-07-05 | CVE-2022-33744 | Arm guests can cause Dom0 DoS via PV devices When mapping pages of guests on Arm, dom0 is using an rbtree to keep track of the foreign mappings. Updating of that rbtree is not always done completely with the related lock held, resulting in a small race window, which can be used by unprivileged guests via PV devices to cause inconsistencies of the rbtree. These inconsistencies can lead to Denial of Service (DoS) of dom0, e.g. by causing crashes or the inability to perform further mappings of... | Debian_linux, Linux_kernel | 4.7 | ||
| 2022-07-06 | CVE-2022-33980 | Apache Commons Configuration performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.configuration2.interpol.Lookup that performs the interpolation. Starting with version 2.4 and continuing through 2.7, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote... | Commons_configuration, Debian_linux, Snapcenter | 9.8 | ||
| 2022-07-06 | CVE-2022-2318 | There are use-after-free vulnerabilities caused by timer handler in net/rose/rose_timer.c of linux that allow attackers to crash linux kernel without any privileges. | Debian_linux, Linux_kernel, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware | 5.5 | ||
| 2022-07-06 | CVE-2022-31129 | moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to... | Debian_linux, Fedora, Moment | 7.5 | ||
| 2022-07-07 | CVE-2022-32207 | When curl < 7.84.0 saves cookies, alt-svc and hsts data to local files, it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation, it might accidentally *widen* the permissions for the target file, leaving the updated file accessible to more users than intended. | Macos, Debian_linux, Fedora, Curl, Bootstrap_os, Clustered_data_ontap, Element_software, H300s_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Hci_management_node, Solidfire, Universal_forwarder | 9.8 | ||
| 2022-07-07 | CVE-2022-2048 | In Eclipse Jetty HTTP/2 server implementation, when encountering an invalid HTTP/2 request, the error handling has a bug that can wind up not properly cleaning up the active connections and associated resources. This can lead to a Denial of Service scenario where there are no enough resources left to process good requests. | Debian_linux, Jetty, Jenkins, Element_plug\-In_for_vcenter_server, Hci_compute_node, Management_services_for_element_software_and_netapp_hci, Snapcenter, Solidfire_\&_hci_storage_node | 7.5 | ||
| 2022-07-07 | CVE-2022-2047 | In Eclipse Jetty versions 9.4.0 thru 9.4.46, and 10.0.0 thru 10.0.9, and 11.0.0 thru 11.0.9 versions, the parsing of the authority segment of an http scheme URI, the Jetty HttpURI class improperly detects an invalid input as a hostname. This can lead to failures in a Proxy scenario. | Debian_linux, Jetty, Element_plug\-In_for_vcenter_server, Hci_compute_node, Management_services_for_element_software_and_netapp_hci, Snapcenter, Solidfire_\&_hci_storage_node | 2.7 |