Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Debian_linux
(Debian)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-06-09 | CVE-2022-2000 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | Macos, Debian_linux, Fedora, Vim | 7.8 | ||
2022-06-09 | CVE-2022-31214 | A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through... | Debian_linux, Fedora, Firejail | 7.8 | ||
2022-06-09 | CVE-2022-26362 | x86 pv: Race condition in typeref acquisition Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, the logic for acquiring a type reference has a race condition, whereby a safely TLB flush is issued too early and creates a window where the guest can re-establish the read/write... | Debian_linux, Fedora, Xen | 6.4 | ||
2022-06-09 | CVE-2022-26363 | x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for... | Debian_linux, Fedora, Xen | 6.7 | ||
2022-06-09 | CVE-2022-26364 | x86 pv: Insufficient care with non-coherent mappings T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Xen maintains a type reference count for pages, in addition to a regular reference count. This scheme is used to maintain invariants required for Xen's safety, e.g. PV guests may not have direct writeable access to pagetables; updates need auditing by Xen. Unfortunately, Xen's safety logic doesn't account for... | Debian_linux, Fedora, Xen | 6.7 | ||
2022-06-15 | CVE-2022-21123 | Incomplete cleanup of multi-core shared buffers for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | Debian_linux, Fedora, Sgx_dcap, Sgx_psw, Sgx_sdk, Esxi, Xen | 5.5 | ||
2022-06-15 | CVE-2022-21125 | Incomplete cleanup of microarchitectural fill buffers on some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | Debian_linux, Fedora, Sgx_dcap, Sgx_psw, Sgx_sdk, Esxi, Xen | 5.5 | ||
2022-06-15 | CVE-2022-21166 | Incomplete cleanup in specific special register write operations for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | Debian_linux, Fedora, Sgx_dcap, Sgx_psw, Sgx_sdk, Esxi, Xen | 5.5 | ||
2022-06-16 | CVE-2022-31625 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when using Postgres database extension, supplying invalid parameters to the parametrized query may lead to PHP attempting to free memory using uninitialized data as pointers. This could lead to RCE vulnerability or denial of service. | Debian_linux, Php | 8.1 | ||
2022-06-16 | CVE-2022-31626 | In PHP versions 7.4.x below 7.4.30, 8.0.x below 8.0.20, and 8.1.x below 8.1.7, when pdo_mysql extension with mysqlnd driver, if the third party is allowed to supply host to connect to and the password for the connection, password of excessive length can trigger a buffer overflow in PHP, which can lead to a remote code execution vulnerability. | Debian_linux, Php | 8.8 |