Differences

This shows you the differences between two versions of the page.

Link to this comparison view

mailing-lists:distros:stats:2022 [2022/08/31 17:56]
aliguori
mailing-lists:distros:stats:2022 [2023/11/06 17:45] (current)
solar update page heading, reduce indentation level of page content
Line 1: Line 1:
-==== Data ==== +====== ​Distros list data for 2022 ====== 
-^Project^Subject^Reported^Public^Time of oss-security posting^CVE(s)^Days embargoed (scheduled)^Days embargoed (oss-security)^ + 
-^   August ​  ^^^^^^^^^ +The data here is unfortunately incomplete and unreliable, resulting from automated processing of input that wasn't meant to be fully machine-readable. 
-|[[https://​dpdk.org|DPDK]]|CVE-2022-2132 public disclosure date notice [vs-plain]|2022-08-25T08:​44:​16+00:​00|2022-09-01T08:44:16+00:​00|[[https://​marc.info/?​i=1705193.jNaZZp9DzI%40thomas|2022-08-29T18:​12:​18+00:​00]]|CVE-2022-2132|7.00|4.38| + 
-|[[https://​github.com/​vmware/​open-vm-tools|open-vm-tools]]|[SECURITY EMBARGOED] CVE-2022-31676:​ Local privilege escalation vulnerability in open-vm-tools|2022-08-11T15:​33:​18+00:​00|2022-08-18T15:33:18+00:​00|[[https://​marc.info/?​i=BYAPR05MB63436604DE6E9F49EAAAD1B1B9709%40BYAPR05MB6343.namprd05.prod.outlook.com|2022-08-23T20:​10:​48+00:​00]]|CVE-2022-31676|7.00|12.17| +^Project^Subject^Reported^Coordinated Release Date^Time of oss-security posting^CVE(s)^Days embargoed (scheduled)^Days embargoed (oss-security)^ 
-|[[https://​kernel.org|Linux]]|Linux NAT issue|2022-08-03T01:​55:​09+00:​00|2022-08-10T01:​55:​09+00:​00|[[https://​marc.info/?​i=CAP9KPhDskZ1W_wnJ_Z8sNY9nqwLGyL0k3pjYwrhJ_TQnXcC-HA%40mail.gmail.com|2022-08-30T02:​27:​44+00:​00]]|CVE-2022-2663|7.00|27.00| +^   December ​  ^^^^^^^^ 
-|[[https://​kernel.org|Linux]]|Re:​ CVE-2022-2586|2022-08-03T00:​23:​10+00:​00|2022-08-10T00:23:10+00:​00|[[https://​marc.info/?​i=YvKVC%2FO%2BtGfNNm35%40quatroqueijos|2022-08-09T17:​10:​35+00:​00]]|CVE-2022-2586|7.00|6.67| +| |Re: Preview of X.Org Security Advisory for 2022-12-14|2022-12-05T23:​28:​51+00:​00|2022-12-12T23:​28:​51+00:​00|[[https://​marc.info/?​i=e7573ba8-846b-b91a-5655-e4f5db2cdf88%40redhat.com|2022-12-14T01:​23:​51+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-4283|CVE-2022-4283]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-46283|CVE-2022-46283]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-46340|CVE-2022-46340]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-46341|CVE-2022-46341]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-46342|CVE-2022-46342]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-46343|CVE-2022-46343]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-46344|CVE-2022-46344]]|7.00|8.04| 
-|[[https://​kernel.org|Linux]]|CVE-2022-2585|2022-08-03T00:​15:​25+00:​00|2022-08-10T00:15:25+00:​00|[[https://​marc.info/?​i=YvKVxLtBs86r6Dmh%40quatroqueijos|2022-08-09T17:​13:​40+00:​00]]|CVE-2022-2585|7.00|6.67| +  November ​  ​^^^^^^^^ 
-|[[https://​kernel.org|Linux]]|class_route UAF report (was Re: CVE-2022-2588)|2022-08-02T19:​58:​24+00:​00|2022-08-09T19:58:24+00:​00|[[https://​marc.info/?​i=YvKVWuPyQ%2FYXBT%2Bo%40quatroqueijos|2022-08-09T17:​11:​54+00:​00]]|CVE-2011-1019\\ CVE-2022-2588|7.00|6.88| +| |rxvt-unicode RCE|2022-11-28T00:​51:​42+00:​00|2022-12-05T00:​51:​42+00:​00|[[https://​marc.info/?​i=CAP9KPhDh6PJu-0mD12wYUraf1Ya1MSUPwz1PsPO5omi39-OYLw%40mail.gmail.com|2022-12-05T11:​22:​33+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-4170|CVE-2022-4170]]|7.00|7.42| 
-^   ​July ​  ^^^^^^^^^ +| |Re: Security sensitive bug in the i915 kernel driver|2022-11-23T15:​31:​14+00:​00|2022-11-30T15:​31:​14+00:​00|[[https://​marc.info/?​i=c9089e54-bc0d-773c-233e-d63980ad49d4%40intel.com|2022-11-30T10:​22:​16+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-0330|CVE-2022-0330]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-4139|CVE-2022-4139]]|7.00|6.75| 
-| |Re: ...|2022-07-31T18:​16:​32+00:​00|2022-08-07T18:​16:​32+00:​00|[[https://​marc.info/?​i=1973d16e-bb3e-c5b2-74e0-cc2faf9db2bd%40redhat.com|2022-08-08T07:​18:​27+00:​00]]|CVE-2016-5195\\ CVE-2022-2590|7.00|7.54| +| |Fwd: [Security]Use after free in staging|2022-11-16T17:​16:​46+00:​00|2022-11-23T17:​16:​46+00:​00|[[https://​marc.info/?​i=CAJedcCyz-uNq%2BtyK%2BBqG0xCD9_WOOC8nta77Up7gaOBs%2BpfwyA%40mail.gmail.com|2022-11-18T03:​58:​55+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2015-0571|CVE-2015-0571]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2021-28660|CVE-2021-28660]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-4095|CVE-2022-4095]]|7.00|1.42| 
-| |...|2022-07-25T08:​42:​15+00:​00|2022-08-01T08:​42:​15+00:​00|[[https://​marc.info/?​i=adf7f4c9-f388-a882-562a-f2b424f16a09%40prodaft.com|2022-08-02T08:​53:​25+00:​00]]|CVE-2019-6111\\ CVE-2022-29154|7.00|8.00| +^   ​October ​  ​^^^^^^^^ 
-| |CVE-2022-21505:​ Kernel lockdown bypass bug.|2022-07-12T17:​54:​51+00:​00|2022-07-19T17:​54:​51+00:​00|[[https://​marc.info/?​i=84A9FE84-665A-4750-9C36-07FBD9222C9F%40oracle.com|2022-07-19T17:​02:​12+00:​00]]|CVE-2022-21505|7.00|6.96| +| |Upcoming Git security fix release|2022-10-12T17:​47:​38+00:​00|2022-10-19T17:​47:​38+00:​00|[[https://​marc.info/?​i=Y07hdTCQHoSZjN2Q%40nand.local|2022-10-18T17:​25:​09+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-39253|CVE-2022-39253]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-39260|CVE-2022-39260]]|7.00|5.96| 
-| |Preview of X.Org Security Advisory for 2022-07-12|2022-07-05T18:​40:​01+00:​00|2022-07-12T18:​40:​01+00:​00|[[https://​marc.info/?​i=c8c9ce86-d45d-51e5-cf4a-b33ad24c88f2%40radix.lt|2022-07-12T12:​58:​15+00:​00]]|CVE-2022-2319\\ CVE-2022-2320|7.00|6.75| +| |Re: CVE-2022-2602 - Linux kernel UAF|2022-10-11T14:​38:​03+00:​00|2022-10-18T14:​38:​03+00:​00|[[https://​marc.info/?​i=Y07bhw5Um02VYKvl%40quatroqueijos.cascardo.eti.br|2022-10-18T16:​59:​51+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2602|CVE-2022-2602]]|7.00|7.08| 
-| |Upcoming Git security fix release|2022-07-04T21:​34:​29+00:​00|2022-07-11T21:​34:​29+00:​00|[[https://​marc.info/?​i=xmqqh73k8sbl.fsf%40gitster.g|2022-07-14T00:​13:​18+00:​00]]|CVE-2022-24765\\ CVE-2022-29187|7.00|9.08| +| |...|2022-10-03T16:​57:​49+00:​00|2022-10-10T16:​57:​49+00:​00|[[https://​marc.info/?​i=c1168996-ea72-ad04-027f-2f3b190eabd5%40isc.org|2022-10-05T16:​29:​06+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2928|CVE-2022-2928]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2929|CVE-2022-2929]]|7.00|1.96| 
-^   ​June ​  ^^^^^^^^^ +^   ​September ​  ​^^^^^^^^ 
-| |(4/4) curl: FTP-KRB bad message verification|2022-06-20T06:​31:​22+00:​00|2022-06-27T06:​31:​22+00:​00|[[https://​marc.info/?​i=76n529n8-qppo-10o7-4s28-1s26009n30%40unkk.fr|2022-06-27T06:​21:​14+00:​00]]|CVE-2022-32208|7.00|6.96| +| |...|2022-09-20T06:​51:​45+00:​00|2022-09-27T06:​51:​45+00:​00|[[https://​marc.info/?​i=YyrddDfDHLntRmJk%40larwa.hq.kempniu.pl|2022-09-21T09:​46:​28+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2795|CVE-2022-2795]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2881|CVE-2022-2881]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2906|CVE-2022-2906]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-3080|CVE-2022-3080]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-38177|CVE-2022-38177]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-38178|CVE-2022-38178]]|7.00|1.08| 
-| |(3/4) curl: Unpreserved file permissions|2022-06-20T06:​31:​16+00:​00|2022-06-27T06:​31:​16+00:​00|[[https://​marc.info/?​i=67qo8418-68q7-q8r1-732s-r46o6s81q7rp%40unkk.fr|2022-06-27T06:​20:​42+00:​00]]|CVE-2022-32207|7.00|6.96| +^   ​August ​  ​^^^^^^^^ 
-| |(2/4) curl: HTTP compression denial of service|2022-06-20T06:​31:​12+00:​00|2022-06-27T06:​31:​12+00:​00|[[https://​marc.info/?​i=573s840-9q6o-7q70-5n1o-p0134rro2p88%40unkk.fr|2022-06-27T06:​20:​10+00:​00]]|CVE-2022-32206|7.00|6.96| +| |[report 2/?] Report vmalloc UAF in dvb-core/​dmxdev|2022-08-29T15:​58:​58+00:​00|2022-09-05T15:​58:​58+00:​00|[[https://​marc.info/?​i=20220923190601.GA364453%40ubuntu|2022-09-23T19:​06:​01+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-41218|CVE-2022-41218]]|7.00|25.12| 
-| |(1/4) curl: Set-Cookie denial of service|2022-06-20T06:​31:​08+00:​00|2022-06-27T06:​31:​08+00:​00|[[https://​marc.info/?​i=3qq3rs9r-4so8-332o-193n-rq8p259257%40unkk.fr|2022-06-27T06:​19:​23+00:​00]]|CVE-2022-32205|7.00|6.96| +|[[https://​github.com/​ClusterLabs/​pcs|pcs]]|PCS Security Issue|2022-08-25T14:​44:​38+00:​00|2022-09-01T14:​00:​00+00:​00|[[https://​marc.info/?​i=CAFqpC6zUc9DYKnBv3OBAsjOE9bgfGVqvoCW3B3f%3DCY43WfDVQA%40mail.gmail.com|2022-09-01T14:​00:​58+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2735|CVE-2022-2735]]|6.96|6.96| 
-| |GRUB vulnerabilities disclosure on June 7th 10AM PDT|2022-06-03T16:​39:​33+00:​00|2022-06-10T16:​39:​33+00:​00|[[https://​marc.info/?​i=190D2985-BF59-4CF2-BBC4-305C8F192A55%40oracle.com|2022-06-07T19:​04:​13+00:​00]]|CVE-2021-3695\\ CVE-2021-3696\\ CVE-2021-3697\\ CVE-2022-21499\\ CVE-2022-28733\\ CVE-2022-28734\\ CVE-2022-28735\\ CVE-2022-28736\\ CVE-2022-28737|7.00|4.08| +|[[https://​dpdk.org|DPDK]]|CVE-2022-2132 public disclosure date notice [vs-plain]|2022-08-25T08:​44:​16+00:​00|2022-08-29T15:00:00+00:​00|[[https://​marc.info/?​i=1705193.jNaZZp9DzI%40thomas|2022-08-29T18:​12:​18+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2132|CVE-2022-2132]]|4.25|4.38
-| |containerd GHSA-5ffw-gxpp-mxpf|2022-06-01T21:​14:​13+00:​00|2022-06-08T21:​14:​13+00:​00|[[https://​marc.info/?​i=CAHxebFYNPzz1q2GzCdCm%3Dx9LytoqaoMkFhVNbDCRv7eZOj3LKQ%40mail.gmail.com|2022-06-06T19:​45:​34+00:​00]]|CVE-2022-31030|7.00|4.92| +|[[https://​curl.se|curl]]|curl:​ control code in cookie denial of service|2022-08-22T06:​45:​35+00:​00|2022-08-31T23:​59:​58+00:​00|[[https://​marc.info/?​i=8r186sn8-2orp-3n38-nno4-9o8n23n6s069%40unkk.fr|2022-08-31T06:​31:​44+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-35252|CVE-2022-35252]]|9.71|8.96
-^   ​May ​  ^^^^^^^^^ +|[[https://​github.com/​vmware/​open-vm-tools|open-vm-tools]]|[SECURITY EMBARGOED] CVE-2022-31676:​ Local privilege escalation vulnerability in open-vm-tools|2022-08-11T15:​33:​18+00:​00|2022-08-23T23:59:59+00:​00|[[https://​marc.info/?​i=BYAPR05MB63436604DE6E9F49EAAAD1B1B9709%40BYAPR05MB6343.namprd05.prod.outlook.com|2022-08-23T20:​10:​48+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-31676|CVE-2022-31676]]|12.33|12.17| 
-| |linux-kernel:​ A use-after-free in __lock_acquire|2022-05-31T03:​08:​52+00:​00|2022-06-07T03:​08:​52+00:​00|[[https://​marc.info/?​i=CAO3qeMXKb7vad9opV7B1oSsHbJ8D4jTpQaF2CwF%3DJ1vVdcSe8g%40mail.gmail.com|2022-06-14T01:​07:​55+00:​00]]|CVE-2022-1976|7.00|13.88| +|[[https://​kernel.org|Linux]]|Linux NAT issue|2022-08-03T01:​55:​09+00:​00|2022-08-10T01:​55:​09+00:​00|[[https://​marc.info/?​i=CAP9KPhDskZ1W_wnJ_Z8sNY9nqwLGyL0k3pjYwrhJ_TQnXcC-HA%40mail.gmail.com|2022-08-30T02:​27:​44+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2663|CVE-2022-2663]]|7.00|27.00| 
-| |Out-of-bounds write vulnerability in nftable can lead to privilege escalation|2022-05-27T19:​16:​39+00:​00|2022-06-03T19:​16:​39+00:​00|[[https://​marc.info/?​i=adc61777-4814-4426-9d6d-2a2af6d09426.zhangziming.zzm%40antgroup.com|2022-06-02T02:​21:​36+00:​00]]|CVE-2022-1972|7.00|5.29| +|[[https://​kernel.org|Linux]]|Re:​ CVE-2022-2586|2022-08-03T00:​23:​10+00:​00|2022-08-09T17:00:00+00:​00|[[https://​marc.info/?​i=YvKVC%2FO%2BtGfNNm35%40quatroqueijos|2022-08-09T17:​10:​35+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2586|CVE-2022-2586]]|6.67|6.67| 
-| |linux-kernel:​ A double-free in ntfs3 log_replay|2022-05-27T14:​26:​57+00:​00|2022-06-03T14:​26:​57+00:​00|[[https://​marc.info/?​i=CAO3qeMWAZYXsKtVOnAQMDDq8wvQA%3DB6ZYDZjvfoe62muQPgALg%40mail.gmail.com|2022-06-08T02:​17:​36+00:​00]]|CVE-2022-1973|7.00|11.46| +|[[https://​kernel.org|Linux]]|CVE-2022-2585|2022-08-03T00:​15:​25+00:​00|2022-08-09T17:00:00+00:​00|[[https://​marc.info/?​i=YvKVxLtBs86r6Dmh%40quatroqueijos|2022-08-09T17:​13:​40+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2585|CVE-2022-2585]]|6.67|6.67| 
-| |A race condition vulnerability in drivers/​tty/​tty_buffers.c|2022-05-26T21:​37:​00+00:​00|2022-06-02T21:​37:​00+00:​00|[[https://​marc.info/?​i=CAHP5YvJS6SjwTxCzsnhMbwxqmhj08xqgv-k6AfpiwBheCpJBAw%40mail.gmail.com|2022-05-27T14:​47:​05+00:​00]]|CVE-2022-1462|7.00|0.71| +|[[https://​kernel.org|Linux]]|class_route UAF report (was Re: CVE-2022-2588)|2022-08-02T19:​58:​24+00:​00|2022-08-09T17:00:00+00:​00|[[https://​marc.info/?​i=YvKVWuPyQ%2FYXBT%2Bo%40quatroqueijos|2022-08-09T17:​11:​54+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2011-1019|CVE-2011-1019]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2588|CVE-2022-2588]]|6.88|6.88| 
-| |EXTERNAL: Re: [vs-plain] Linux Kernel Vulnerability|2022-05-26T08:​46:​48+00:​00|2022-06-02T08:​46:​48+00:​00|[[https://​marc.info/?​i=CAF73F%3D1%2B-eOEqUsuqG%3DuUdD1o2oa%2BiYQoPxkygqG%2BfoMNwSo6Q%40mail.gmail.com|2022-06-03T06:​31:​41+00:​00]]|CVE-2022-1966|7.00|7.88| +^   ​July ​  ​^^^^^^^^ 
-| |Re: ...|2022-05-25T13:​19:​31+00:​00|2022-06-01T13:​19:​31+00:​00|[[https://​marc.info/?​i=c41c3628-6132-9893-55ce-d86ff251e4fd%40canonical.com|2022-05-25T13:​37:​24+00:​00]]|CVE-2022-1348|7.00|0.00| +|[[https://​kernel.org|Linux]]|Re: ...|2022-07-31T18:​16:​32+00:​00|2022-08-07T18:​16:​32+00:​00|[[https://​marc.info/?​i=1973d16e-bb3e-c5b2-74e0-cc2faf9db2bd%40redhat.com|2022-08-08T07:​18:​27+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2016-5195|CVE-2016-5195]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2590|CVE-2022-2590]]|7.00|7.54| 
-^   ​March ​  ^^^^^^^^^ +|[[https://​rsync.samba.org/​|rsync]]|...|2022-07-25T08:​42:​15+00:​00|2022-08-01T08:​42:​15+00:​00|[[https://​marc.info/?​i=adf7f4c9-f388-a882-562a-f2b424f16a09%40prodaft.com|2022-08-02T08:​53:​25+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2019-6111|CVE-2019-6111]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-29154|CVE-2022-29154]]|7.00|8.00| 
-| |Vulnerability in nf_tables can cause privilege escalation|2022-03-17T02:​08:​11+00:​00|2022-03-24T02:​08:​11+00:​00|[[https://​marc.info/?​i=20220825132856.GA29197%40openwall.com|2022-08-25T13:​28:​56+00:​00]]|CVE-2022-1015\\ CVE-2022-1016|7.00|161.46| +|[[https://​kernel.org|Linux]]|CVE-2022-21505:​ Kernel lockdown bypass bug.|2022-07-12T17:​54:​51+00:​00|2022-07-19T17:​54:​51+00:​00|[[https://​marc.info/?​i=84A9FE84-665A-4750-9C36-07FBD9222C9F%40oracle.com|2022-07-19T17:​02:​12+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-21505|CVE-2022-21505]]|7.00|6.96| 
-| |CVE-2022-0847:​ overwriting read-only files on Linux|2022-03-07T12:​01:​19+00:​00|2022-03-14T12:​01:​19+00:​00|[[https://​marc.info/?​i=1973d16e-bb3e-c5b2-74e0-cc2faf9db2bd%40redhat.com|2022-08-08T07:​18:​27+00:​00]]|CVE-2016-5195\\ CVE-2022-0847|7.00|153.79| +|[[https://​x.org|xorg]]|Preview of X.Org Security Advisory for 2022-07-12|2022-07-05T18:​40:​01+00:​00|2022-07-12T18:​40:​01+00:​00|[[https://​marc.info/?​i=c8c9ce86-d45d-51e5-cf4a-b33ad24c88f2%40radix.lt|2022-07-12T12:​58:​15+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2319|CVE-2022-2319]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-2320|CVE-2022-2320]]|7.00|6.75| 
-^   ​February ​  ^^^^^^^^^ +|[[https://​git-scm.org|git]]|Upcoming Git security fix release|2022-07-04T21:​34:​29+00:​00|2022-07-11T21:​34:​29+00:​00|[[https://​marc.info/?​i=xmqqh73k8sbl.fsf%40gitster.g|2022-07-14T00:​13:​18+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-24765|CVE-2022-24765]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-29187|CVE-2022-29187]]|7.00|9.08| 
-| |Vulnerability in Linux kernels until 5.6.11|2022-02-28T08:​20:​32+00:​00|2022-03-07T08:​20:​32+00:​00|[[https://​marc.info/?​i=CAKPOu%2B8WtknWoUeY-CTK5ejo0hOQDsPOsbO12pFK6ifJwmVo4Q%40mail.gmail.com|2022-03-07T12:​01:​19+00:​00]]|CVE-2022-0847|7.00|7.12| +^   ​June ​  ​^^^^^^^^ 
-^   ​January ​  ^^^^^^^^^ +|[[https://​curl.se|curl]]|(4/4) curl: FTP-KRB bad message verification|2022-06-20T06:​31:​22+00:​00|2022-06-27T06:​31:​22+00:​00|[[https://​marc.info/?​i=76n529n8-qppo-10o7-4s28-1s26009n30%40unkk.fr|2022-06-27T06:​21:​14+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-32208|CVE-2022-32208]]|7.00|6.96| 
-| |Re: Vulnerability in the vmwgfx driver|2022-01-21T12:​07:​12+00:​00|2022-01-28T12:​07:​12+00:​00|[[https://​marc.info/?​i=0f115734-5e21-8fa9-7e96-f8636788a0bc%40grsecurity.net|2022-01-27T20:​00:​19+00:​00]]|CVE-2022-22942|7.00|6.29| +|[[https://​curl.se|curl]]|(3/4) curl: Unpreserved file permissions|2022-06-20T06:​31:​16+00:​00|2022-06-27T06:​31:​16+00:​00|[[https://​marc.info/?​i=67qo8418-68q7-q8r1-732s-r46o6s81q7rp%40unkk.fr|2022-06-27T06:​20:​42+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-32207|CVE-2022-32207]]|7.00|6.96| 
-| |Re: Security sensitive bug in the i915 kernel driver|2022-01-18T14:​32:​16+00:​00|2022-01-25T14:​32:​16+00:​00|[[https://​marc.info/?​i=7460e2a7-4323-3914-bcd6-1d07c859abe5%40linux.intel.com|2022-01-25T17:​55:​25+00:​00]]|CVE-2022-0330|7.00|7.12| +|[[https://​curl.se|curl]]|(2/4) curl: HTTP compression denial of service|2022-06-20T06:​31:​12+00:​00|2022-06-27T06:​31:​12+00:​00|[[https://​marc.info/?​i=573s840-9q6o-7q70-5n1o-p0134rro2p88%40unkk.fr|2022-06-27T06:​20:​10+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-32206|CVE-2022-32206]]|7.00|6.96| 
-| |Re: CVE-2022-21658:​ TOCTOU in Rust's std::​fs::​remove_dir_all|2022-01-17T11:​29:​52+00:​00|2022-01-24T11:​29:​52+00:​00|[[https://​marc.info/?​i=7a65d359-c698-a308-e6e8-3c0c44cff037%40pietroalbini.org|2022-01-20T11:​02:​55+00:​00]]|CVE-2021-3997\\ CVE-2022-21658|7.00|2.96| +|[[https://​curl.se|curl]]|(1/4) curl: Set-Cookie denial of service|2022-06-20T06:​31:​08+00:​00|2022-06-27T06:​31:​08+00:​00|[[https://​marc.info/?​i=3qq3rs9r-4so8-332o-193n-rq8p259257%40unkk.fr|2022-06-27T06:​19:​23+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-32205|CVE-2022-32205]]|7.00|6.96| 
-| |Re: ***UNCHECKED*** CVE-2021-45417 - aide: heap-based buffer overflow vulnerability in base64 functions|2022-01-16T13:​00:​34+00:​00|2022-01-23T13:​00:​34+00:​00|[[https://​marc.info/?​i=YemPSkQtnUCflmaH%40sulfur.vonhaugwitz.com|2022-01-20T16:​35:​22+00:​00]]|CVE-2021-45417|7.00|4.12| +|[[https://​www.gnu.org/​software/​grub/​|grub]]|GRUB vulnerabilities disclosure on June 7th 10AM PDT|2022-06-03T16:​39:​33+00:​00|2022-06-10T16:​39:​33+00:​00|[[https://​marc.info/?​i=190D2985-BF59-4CF2-BBC4-305C8F192A55%40oracle.com|2022-06-07T19:​04:​13+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2021-3695|CVE-2021-3695]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2021-3696|CVE-2021-3696]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2021-3697|CVE-2021-3697]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-21499|CVE-2022-21499]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-28733|CVE-2022-28733]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-28734|CVE-2022-28734]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-28735|CVE-2022-28735]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-28736|CVE-2022-28736]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-28737|CVE-2022-28737]]|7.00|4.08| 
-| |usbview polkit policy local root exploit (CVE-2022-23220)|2022-01-13T13:​30:​52+00:​00|2022-01-20T13:​30:​52+00:​00|[[https://​marc.info/?​i=YerETqS%2BHCN4qz%2FZ%40f195.suse.de|2022-01-21T14:​33:​50+00:​00]]|CVE-2022-23220|7.00|8.04| +|[[https://​pkg.go.dev/​github.com/​containerd/​containerd|github.com/​containerd/​containerd]]|containerd GHSA-5ffw-gxpp-mxpf|2022-06-01T21:​14:​13+00:​00|2022-06-08T21:​14:​13+00:​00|[[https://​marc.info/?​i=CAHxebFYNPzz1q2GzCdCm%3Dx9LytoqaoMkFhVNbDCRv7eZOj3LKQ%40mail.gmail.com|2022-06-06T19:​45:​34+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-31030|CVE-2022-31030]]|7.00|4.92| 
-| |Re: Prosody XMPP Server 0.11.x Unauthenticated Remote Denial of Service / Resource Exhaustion|2022-01-12T07:​58:​16+00:​00|2022-01-19T07:​58:​16+00:​00|[[https://​marc.info/?​i=2193597.LkMCQtBBq3%40sinistra|2022-01-13T17:​07:​44+00:​00]]|CVE-2022-0217|7.00|1.38| +^   ​May ​  ​^^^^^^^^ 
-| |Re: CVE-2021-4034 (patch)|2022-01-12T00:​01:​39+00:​00|2022-01-19T00:​01:​39+00:​00|[[https://​marc.info/?​i=F9283FD4-A0FC-4944-8659-530684BB33F8%40gentoo.org|2022-01-25T18:​04:​49+00:​00]]|CVE-2021-4034|7.00|13.75| +|[[https://​kernel.org|Linux]]|linux-kernel:​ A use-after-free in __lock_acquire|2022-05-31T03:​08:​52+00:​00|2022-06-07T03:​08:​52+00:​00|[[https://​marc.info/?​i=CAO3qeMXKb7vad9opV7B1oSsHbJ8D4jTpQaF2CwF%3DJ1vVdcSe8g%40mail.gmail.com|2022-06-14T01:​07:​55+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-1976|CVE-2022-1976]]|7.00|13.88| 
-| |Out-of-bounds write of heap buffer in fs_context.c leads to LPE and container escape|2022-01-11T09:​01:​05+00:​00|2022-01-18T09:​01:​05+00:​00|[[https://​marc.info/?​i=215FEA11-77C7-42C1-97AB-8B3F637F9C61%40oracle.com|2022-01-18T18:​57:​57+00:​00]]|CVE-2022-0185\\ CVE-2022-0216|7.00|7.38| +|[[https://​kernel.org|Linux]]|Out-of-bounds write vulnerability in nftable can lead to privilege escalation|2022-05-27T19:​16:​39+00:​00|2022-06-03T19:​16:​39+00:​00|[[https://​marc.info/?​i=adc61777-4814-4426-9d6d-2a2af6d09426.zhangziming.zzm%40antgroup.com|2022-06-02T02:​21:​36+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-1972|CVE-2022-1972]]|7.00|5.29| 
-| |Re: LUKS2 / cryptsetup: CVE-2021-4122 disabling encryption via header rewrite|2022-01-07T10:​15:​50+00:​00|2022-01-14T10:​15:​50+00:​00|[[https://​marc.info/?​i=49e8cc07-ff0d-5cd1-ff2e-eee36bf7e46c%40gmail.com|2022-01-13T10:​10:​00+00:​00]]|CVE-2021-4122|7.00|5.96| +|[[https://​kernel.org|Linux]]|linux-kernel:​ A double-free in ntfs3 log_replay|2022-05-27T14:​26:​57+00:​00|2022-06-03T14:​26:​57+00:​00|[[https://​marc.info/?​i=CAO3qeMWAZYXsKtVOnAQMDDq8wvQA%3DB6ZYDZjvfoe62muQPgALg%40mail.gmail.com|2022-06-08T02:​17:​36+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-1973|CVE-2022-1973]]|7.00|11.46| 
-| |Re: CVE-2021-3997 in systemd|2022-01-04T07:​14:​29+00:​00|2022-01-11T07:​14:​29+00:​00|[[https://​marc.info/?​i=F97E792C-1249-4C6C-A1B2-23A2A835A941%40gentoo.org|2022-01-11T00:​01:​34+00:​00]]|CVE-2021-3997|7.00|6.67| +|[[https://​kernel.org|Linux]]|A race condition vulnerability in drivers/​tty/​tty_buffers.c|2022-05-26T21:​37:​00+00:​00|2022-06-02T21:​37:​00+00:​00|[[https://​marc.info/?​i=CAHP5YvJS6SjwTxCzsnhMbwxqmhj08xqgv-k6AfpiwBheCpJBAw%40mail.gmail.com|2022-05-27T14:​47:​05+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-1462|CVE-2022-1462]]|7.00|0.71| 
-| |Linux kernel: CVE-2021-4155|2022-01-03T17:​32:​24+00:​00|2022-01-10T17:​32:​24+00:​00|[[https://​marc.info/?​i=CAKx%2B4-rd1JnV%2BC-0kxq4NWn1N-BPOxZpE29iYsXk8Y6MqbVkAw%40mail.gmail.com|2022-01-10T12:​19:​47+00:​00]]|CVE-2021-4155|7.00|6.75|+|[[https://​kernel.org|Linux]]|EXTERNAL: Re: [vs-plain] Linux Kernel Vulnerability|2022-05-26T08:​46:​48+00:​00|2022-06-02T08:​46:​48+00:​00|[[https://​marc.info/?​i=CAF73F%3D1%2B-eOEqUsuqG%3DuUdD1o2oa%2BiYQoPxkygqG%2BfoMNwSo6Q%40mail.gmail.com|2022-06-03T06:​31:​41+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-1966|CVE-2022-1966]]|7.00|7.88| 
 +|[[https://​github.com/​logrotate/​logrotate|logrotate]]|Re: ...|2022-05-25T13:​19:​31+00:​00|2022-06-01T13:​19:​31+00:​00|[[https://​marc.info/?​i=c41c3628-6132-9893-55ce-d86ff251e4fd%40canonical.com|2022-05-25T13:​37:​24+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-1348|CVE-2022-1348]]|7.00|0.00| 
 +^   ​March ​  ​^^^^^^^^ 
 +|[[https://​kernel.org|Linux]]|Vulnerability in nf_tables can cause privilege escalation|2022-03-17T02:​08:​11+00:​00|2022-03-24T02:​08:​11+00:​00|[[https://​marc.info/?​i=20220825132856.GA29197%40openwall.com|2022-08-25T13:​28:​56+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-1015|CVE-2022-1015]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-1016|CVE-2022-1016]]|7.00|161.46((This is not for real - a much later follow-up oss-security posting was wrongly picked up when automatically generating this data, whereas the original was apparently on March 28))
 +|[[https://​kernel.org|Linux]]|CVE-2022-0847:​ overwriting read-only files on Linux|2022-03-07T12:​01:​19+00:​00|2022-03-14T12:​01:​19+00:​00|[[https://​marc.info/?​i=1973d16e-bb3e-c5b2-74e0-cc2faf9db2bd%40redhat.com|2022-08-08T07:​18:​27+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2016-5195|CVE-2016-5195]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-0847|CVE-2022-0847]]|7.00|153.79((This is not for real - a much earlier linux-distros posting was wrongly picked up when automatically generating this data))
 +^   ​February ​  ​^^^^^^^^ 
 +|[[https://​kernel.org|Linux]]|Vulnerability in Linux kernels until 5.6.11|2022-02-28T08:​20:​32+00:​00|2022-03-07T08:​20:​32+00:​00|[[https://​marc.info/?​i=CAKPOu%2B8WtknWoUeY-CTK5ejo0hOQDsPOsbO12pFK6ifJwmVo4Q%40mail.gmail.com|2022-03-07T12:​01:​19+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-0847|CVE-2022-0847]]|7.00|7.12| 
 +^   ​January ​  ​^^^^^^^^ 
 +|[[https://​kernel.org|Linux]]|Re: Vulnerability in the vmwgfx driver|2022-01-21T12:​07:​12+00:​00|2022-01-28T12:​07:​12+00:​00|[[https://​marc.info/?​i=0f115734-5e21-8fa9-7e96-f8636788a0bc%40grsecurity.net|2022-01-27T20:​00:​19+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-22942|CVE-2022-22942]]|7.00|6.29| 
 +|[[https://​kernel.org|Linux]]|Re: Security sensitive bug in the i915 kernel driver|2022-01-18T14:​32:​16+00:​00|2022-01-25T14:​32:​16+00:​00|[[https://​marc.info/?​i=7460e2a7-4323-3914-bcd6-1d07c859abe5%40linux.intel.com|2022-01-25T17:​55:​25+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-0330|CVE-2022-0330]]|7.00|7.12| 
 +|[[https://​www.rust-lang.org/​|rust]]|Re: CVE-2022-21658:​ TOCTOU in Rust's std::​fs::​remove_dir_all|2022-01-17T11:​29:​52+00:​00|2022-01-24T11:​29:​52+00:​00|[[https://​marc.info/?​i=7a65d359-c698-a308-e6e8-3c0c44cff037%40pietroalbini.org|2022-01-20T11:​02:​55+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2021-3997|CVE-2021-3997]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-21658|CVE-2022-21658]]|7.00|2.96| 
 +|[[https://​aide.github.io/​|aide]]|Re: ***UNCHECKED*** CVE-2021-45417 - aide: heap-based buffer overflow vulnerability in base64 functions|2022-01-16T13:​00:​34+00:​00|2022-01-23T13:​00:​34+00:​00|[[https://​marc.info/?​i=YemPSkQtnUCflmaH%40sulfur.vonhaugwitz.com|2022-01-20T16:​35:​22+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2021-45417|CVE-2021-45417]]|7.00|4.12| 
 +|[[https://​github.com/​gregkh/​usbview|usbview]]|usbview polkit policy local root exploit (CVE-2022-23220)|2022-01-13T13:​30:​52+00:​00|2022-01-20T13:​30:​52+00:​00|[[https://​marc.info/?​i=YerETqS%2BHCN4qz%2FZ%40f195.suse.de|2022-01-21T14:​33:​50+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-23220|CVE-2022-23220]]|7.00|8.04| 
 +|[[https://​prosody.im/​|prosody]]|Re: Prosody XMPP Server 0.11.x Unauthenticated Remote Denial of Service / Resource Exhaustion|2022-01-12T07:​58:​16+00:​00|2022-01-19T07:​58:​16+00:​00|[[https://​marc.info/?​i=2193597.LkMCQtBBq3%40sinistra|2022-01-13T17:​07:​44+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-0217|CVE-2022-0217]]|7.00|1.38| 
 +|[[https://​gitlab.freedesktop.org/​polkit/​polkit|polkit]]|Re: CVE-2021-4034 (patch)|2022-01-12T00:​01:​39+00:​00|2022-01-19T00:​01:​39+00:​00|[[https://​marc.info/?​i=F9283FD4-A0FC-4944-8659-530684BB33F8%40gentoo.org|2022-01-25T18:​04:​49+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2021-4034|CVE-2021-4034]]|7.00|13.75| 
 +|[[https://​kernel.org|Linux]]|Out-of-bounds write of heap buffer in fs_context.c leads to LPE and container escape|2022-01-11T09:​01:​05+00:​00|2022-01-18T09:​01:​05+00:​00|[[https://​marc.info/?​i=215FEA11-77C7-42C1-97AB-8B3F637F9C61%40oracle.com|2022-01-18T18:​57:​57+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-0185|CVE-2022-0185]]\\ [[https://​nvd.nist.gov/​vuln/​detail/​CVE-2022-0216|CVE-2022-0216]]|7.00|7.38| 
 +|[[https://​gitlab.com/​cryptsetup/​cryptsetup|cryptsetup]]|Re: LUKS2 / cryptsetup: CVE-2021-4122 disabling encryption via header rewrite|2022-01-07T10:​15:​50+00:​00|2022-01-14T10:​15:​50+00:​00|[[https://​marc.info/?​i=49e8cc07-ff0d-5cd1-ff2e-eee36bf7e46c%40gmail.com|2022-01-13T10:​10:​00+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2021-4122|CVE-2021-4122]]|7.00|5.96| 
 +|[[https://​systemd.io/​|systemd]]|Re: CVE-2021-3997 in systemd|2022-01-04T07:​14:​29+00:​00|2022-01-11T07:​14:​29+00:​00|[[https://​marc.info/?​i=F97E792C-1249-4C6C-A1B2-23A2A835A941%40gentoo.org|2022-01-11T00:​01:​34+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2021-3997|CVE-2021-3997]]|7.00|6.67| 
 +|[[https://​kernel.org|Linux]]|Linux kernel: CVE-2021-4155|2022-01-03T17:​32:​24+00:​00|2022-01-10T17:​32:​24+00:​00|[[https://​marc.info/?​i=CAKx%2B4-rd1JnV%2BC-0kxq4NWn1N-BPOxZpE29iYsXk8Y6MqbVkAw%40mail.gmail.com|2022-01-10T12:​19:​47+00:​00]]|[[https://​nvd.nist.gov/​vuln/​detail/​CVE-2021-4155|CVE-2021-4155]]|7.00|6.75|
  
mailing-lists/distros/stats/2022.1661961374.txt · Last modified: 2022/08/31 17:56 by aliguori
 
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 3.0 Unported
Recent changes RSS feed Donate to DokuWiki Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki Powered by OpenVZ Powered by Openwall GNU/*/Linux