Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2022-07-14 | CVE-2022-32213 | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). | Debian_linux, Fedora, Llhttp, Node\.js, Sinec_ins, Stormshield_management_center | 6.5 | ||
| 2022-07-14 | CVE-2022-32215 | The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). | Debian_linux, Fedora, Llhttp, Node\.js, Sinec_ins, Stormshield_management_center | 6.5 | ||
| 2022-07-20 | CVE-2021-46828 | In libtirpc before 1.3.3rc1, remote attackers could exhaust the file descriptors of a process that uses libtirpc because idle TCP connections are mishandled. This can, in turn, lead to an svc_run infinite loop without accepting new connections. | Debian_linux, Libtirpc | 7.5 | ||
| 2022-07-20 | CVE-2022-31160 | jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13.2 are potentially vulnerable to cross-site scripting. Initializing a checkboxradio widget on an input enclosed within a label makes that parent label contents considered as the input label. Calling `.checkboxradio( "refresh" )` on such a widget and the initial HTML contained encoded HTML entities will make them erroneously get decoded. This can lead to... | Debian_linux, Jquery_ui_checkboxradio, Fedora, Jquery_ui, H300s_firmware, H410c_firmware, H410s_firmware, H500s_firmware, H700s_firmware, Oncommand_insight | 6.1 | ||
| 2022-07-24 | CVE-2021-46829 | GNOME GdkPixbuf (aka GDK-PixBuf) before 2.42.8 allows a heap-based buffer overflow when compositing or clearing frames in GIF files, as demonstrated by io-gif-animation.c composite_frame. This overflow is controllable and could be abused for code execution, especially on 32-bit systems. | Debian_linux, Fedora, Gdk\-Pixbuf | 7.8 | ||
| 2022-07-25 | CVE-2020-7677 | This affects the package thenify before 3.3.1. The name argument provided to the package can be controlled by users without any sanitization, and this is provided to the eval function without any sanitization. | Debian_linux, Fedora, Thenify | 9.8 | ||
| 2022-07-26 | CVE-2022-33745 | insufficient TLB flush for x86 PV guests in shadow mode For migration as well as to work around kernels unaware of L1TF (see XSA-273), PV guests may be run in shadow paging mode. To address XSA-401, code was moved inside a function in Xen. This code movement missed a variable changing meaning / value between old and new code positions. The now wrong use of the variable did lead to a wrong TLB flush condition, omitting flushes where such are necessary. | Debian_linux, Fedora, Xen | 8.8 | ||
| 2022-07-28 | CVE-2022-2553 | The authfile directive in the booth config file is ignored, preventing use of authentication in communications from node to node. As a result, nodes that do not have the correct authentication key are not prevented from communicating with other nodes in the cluster. | Booth, Debian_linux, Fedora | 6.5 | ||
| 2022-07-29 | CVE-2022-34526 | A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit v4.4.0. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted TIFF file parsed by the "tiffsplit" or "tiffcrop" utilities. | Debian_linux, Fedora, Libtiff, Active_iq_unified_manager, Ontap_select_deploy_administration_utility | 6.5 | ||
| 2022-08-01 | CVE-2022-2509 | A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function. | Debian_linux, Fedora, Gnutls, Enterprise_linux | 7.5 |