This shows you the differences between two versions of the page.
|
mailing-lists:distros:stats:2022 [2022/08/31 17:56] aliguori |
mailing-lists:distros:stats:2022 [2023/11/06 17:45] (current) solar update page heading, reduce indentation level of page content |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ==== Data ==== | + | ====== Distros list data for 2022 ====== |
| - | ^Project^Subject^Reported^Public^Time of oss-security posting^CVE(s)^Days embargoed (scheduled)^Days embargoed (oss-security)^ | + | |
| - | ^ August ^^^^^^^^^ | + | The data here is unfortunately incomplete and unreliable, resulting from automated processing of input that wasn't meant to be fully machine-readable. |
| - | |[[https://dpdk.org|DPDK]]|CVE-2022-2132 public disclosure date notice [vs-plain]|2022-08-25T08:44:16+00:00|2022-09-01T08:44:16+00:00|[[https://marc.info/?i=1705193.jNaZZp9DzI%40thomas|2022-08-29T18:12:18+00:00]]|CVE-2022-2132|7.00|4.38| | + | |
| - | |[[https://github.com/vmware/open-vm-tools|open-vm-tools]]|[SECURITY EMBARGOED] CVE-2022-31676: Local privilege escalation vulnerability in open-vm-tools|2022-08-11T15:33:18+00:00|2022-08-18T15:33:18+00:00|[[https://marc.info/?i=BYAPR05MB63436604DE6E9F49EAAAD1B1B9709%40BYAPR05MB6343.namprd05.prod.outlook.com|2022-08-23T20:10:48+00:00]]|CVE-2022-31676|7.00|12.17| | + | ^Project^Subject^Reported^Coordinated Release Date^Time of oss-security posting^CVE(s)^Days embargoed (scheduled)^Days embargoed (oss-security)^ |
| - | |[[https://kernel.org|Linux]]|Linux NAT issue|2022-08-03T01:55:09+00:00|2022-08-10T01:55:09+00:00|[[https://marc.info/?i=CAP9KPhDskZ1W_wnJ_Z8sNY9nqwLGyL0k3pjYwrhJ_TQnXcC-HA%40mail.gmail.com|2022-08-30T02:27:44+00:00]]|CVE-2022-2663|7.00|27.00| | + | ^ December ^^^^^^^^ |
| - | |[[https://kernel.org|Linux]]|Re: CVE-2022-2586|2022-08-03T00:23:10+00:00|2022-08-10T00:23:10+00:00|[[https://marc.info/?i=YvKVC%2FO%2BtGfNNm35%40quatroqueijos|2022-08-09T17:10:35+00:00]]|CVE-2022-2586|7.00|6.67| | + | | |Re: Preview of X.Org Security Advisory for 2022-12-14|2022-12-05T23:28:51+00:00|2022-12-12T23:28:51+00:00|[[https://marc.info/?i=e7573ba8-846b-b91a-5655-e4f5db2cdf88%40redhat.com|2022-12-14T01:23:51+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-4283|CVE-2022-4283]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-46283|CVE-2022-46283]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-46340|CVE-2022-46340]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-46341|CVE-2022-46341]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-46342|CVE-2022-46342]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-46343|CVE-2022-46343]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-46344|CVE-2022-46344]]|7.00|8.04| |
| - | |[[https://kernel.org|Linux]]|CVE-2022-2585|2022-08-03T00:15:25+00:00|2022-08-10T00:15:25+00:00|[[https://marc.info/?i=YvKVxLtBs86r6Dmh%40quatroqueijos|2022-08-09T17:13:40+00:00]]|CVE-2022-2585|7.00|6.67| | + | ^ November ^^^^^^^^ |
| - | |[[https://kernel.org|Linux]]|class_route UAF report (was Re: CVE-2022-2588)|2022-08-02T19:58:24+00:00|2022-08-09T19:58:24+00:00|[[https://marc.info/?i=YvKVWuPyQ%2FYXBT%2Bo%40quatroqueijos|2022-08-09T17:11:54+00:00]]|CVE-2011-1019\\ CVE-2022-2588|7.00|6.88| | + | | |rxvt-unicode RCE|2022-11-28T00:51:42+00:00|2022-12-05T00:51:42+00:00|[[https://marc.info/?i=CAP9KPhDh6PJu-0mD12wYUraf1Ya1MSUPwz1PsPO5omi39-OYLw%40mail.gmail.com|2022-12-05T11:22:33+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-4170|CVE-2022-4170]]|7.00|7.42| |
| - | ^ July ^^^^^^^^^ | + | | |Re: Security sensitive bug in the i915 kernel driver|2022-11-23T15:31:14+00:00|2022-11-30T15:31:14+00:00|[[https://marc.info/?i=c9089e54-bc0d-773c-233e-d63980ad49d4%40intel.com|2022-11-30T10:22:16+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-0330|CVE-2022-0330]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-4139|CVE-2022-4139]]|7.00|6.75| |
| - | | |Re: ...|2022-07-31T18:16:32+00:00|2022-08-07T18:16:32+00:00|[[https://marc.info/?i=1973d16e-bb3e-c5b2-74e0-cc2faf9db2bd%40redhat.com|2022-08-08T07:18:27+00:00]]|CVE-2016-5195\\ CVE-2022-2590|7.00|7.54| | + | | |Fwd: [Security]Use after free in staging|2022-11-16T17:16:46+00:00|2022-11-23T17:16:46+00:00|[[https://marc.info/?i=CAJedcCyz-uNq%2BtyK%2BBqG0xCD9_WOOC8nta77Up7gaOBs%2BpfwyA%40mail.gmail.com|2022-11-18T03:58:55+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2015-0571|CVE-2015-0571]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2021-28660|CVE-2021-28660]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-4095|CVE-2022-4095]]|7.00|1.42| |
| - | | |...|2022-07-25T08:42:15+00:00|2022-08-01T08:42:15+00:00|[[https://marc.info/?i=adf7f4c9-f388-a882-562a-f2b424f16a09%40prodaft.com|2022-08-02T08:53:25+00:00]]|CVE-2019-6111\\ CVE-2022-29154|7.00|8.00| | + | ^ October ^^^^^^^^ |
| - | | |CVE-2022-21505: Kernel lockdown bypass bug.|2022-07-12T17:54:51+00:00|2022-07-19T17:54:51+00:00|[[https://marc.info/?i=84A9FE84-665A-4750-9C36-07FBD9222C9F%40oracle.com|2022-07-19T17:02:12+00:00]]|CVE-2022-21505|7.00|6.96| | + | | |Upcoming Git security fix release|2022-10-12T17:47:38+00:00|2022-10-19T17:47:38+00:00|[[https://marc.info/?i=Y07hdTCQHoSZjN2Q%40nand.local|2022-10-18T17:25:09+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-39253|CVE-2022-39253]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-39260|CVE-2022-39260]]|7.00|5.96| |
| - | | |Preview of X.Org Security Advisory for 2022-07-12|2022-07-05T18:40:01+00:00|2022-07-12T18:40:01+00:00|[[https://marc.info/?i=c8c9ce86-d45d-51e5-cf4a-b33ad24c88f2%40radix.lt|2022-07-12T12:58:15+00:00]]|CVE-2022-2319\\ CVE-2022-2320|7.00|6.75| | + | | |Re: CVE-2022-2602 - Linux kernel UAF|2022-10-11T14:38:03+00:00|2022-10-18T14:38:03+00:00|[[https://marc.info/?i=Y07bhw5Um02VYKvl%40quatroqueijos.cascardo.eti.br|2022-10-18T16:59:51+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-2602|CVE-2022-2602]]|7.00|7.08| |
| - | | |Upcoming Git security fix release|2022-07-04T21:34:29+00:00|2022-07-11T21:34:29+00:00|[[https://marc.info/?i=xmqqh73k8sbl.fsf%40gitster.g|2022-07-14T00:13:18+00:00]]|CVE-2022-24765\\ CVE-2022-29187|7.00|9.08| | + | | |...|2022-10-03T16:57:49+00:00|2022-10-10T16:57:49+00:00|[[https://marc.info/?i=c1168996-ea72-ad04-027f-2f3b190eabd5%40isc.org|2022-10-05T16:29:06+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-2928|CVE-2022-2928]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-2929|CVE-2022-2929]]|7.00|1.96| |
| - | ^ June ^^^^^^^^^ | + | ^ September ^^^^^^^^ |
| - | | |(4/4) curl: FTP-KRB bad message verification|2022-06-20T06:31:22+00:00|2022-06-27T06:31:22+00:00|[[https://marc.info/?i=76n529n8-qppo-10o7-4s28-1s26009n30%40unkk.fr|2022-06-27T06:21:14+00:00]]|CVE-2022-32208|7.00|6.96| | + | | |...|2022-09-20T06:51:45+00:00|2022-09-27T06:51:45+00:00|[[https://marc.info/?i=YyrddDfDHLntRmJk%40larwa.hq.kempniu.pl|2022-09-21T09:46:28+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-2795|CVE-2022-2795]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-2881|CVE-2022-2881]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-2906|CVE-2022-2906]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-3080|CVE-2022-3080]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-38177|CVE-2022-38177]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-38178|CVE-2022-38178]]|7.00|1.08| |
| - | | |(3/4) curl: Unpreserved file permissions|2022-06-20T06:31:16+00:00|2022-06-27T06:31:16+00:00|[[https://marc.info/?i=67qo8418-68q7-q8r1-732s-r46o6s81q7rp%40unkk.fr|2022-06-27T06:20:42+00:00]]|CVE-2022-32207|7.00|6.96| | + | ^ August ^^^^^^^^ |
| - | | |(2/4) curl: HTTP compression denial of service|2022-06-20T06:31:12+00:00|2022-06-27T06:31:12+00:00|[[https://marc.info/?i=573s840-9q6o-7q70-5n1o-p0134rro2p88%40unkk.fr|2022-06-27T06:20:10+00:00]]|CVE-2022-32206|7.00|6.96| | + | | |[report 2/?] Report vmalloc UAF in dvb-core/dmxdev|2022-08-29T15:58:58+00:00|2022-09-05T15:58:58+00:00|[[https://marc.info/?i=20220923190601.GA364453%40ubuntu|2022-09-23T19:06:01+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-41218|CVE-2022-41218]]|7.00|25.12| |
| - | | |(1/4) curl: Set-Cookie denial of service|2022-06-20T06:31:08+00:00|2022-06-27T06:31:08+00:00|[[https://marc.info/?i=3qq3rs9r-4so8-332o-193n-rq8p259257%40unkk.fr|2022-06-27T06:19:23+00:00]]|CVE-2022-32205|7.00|6.96| | + | |[[https://github.com/ClusterLabs/pcs|pcs]]|PCS Security Issue|2022-08-25T14:44:38+00:00|2022-09-01T14:00:00+00:00|[[https://marc.info/?i=CAFqpC6zUc9DYKnBv3OBAsjOE9bgfGVqvoCW3B3f%3DCY43WfDVQA%40mail.gmail.com|2022-09-01T14:00:58+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-2735|CVE-2022-2735]]|6.96|6.96| |
| - | | |GRUB vulnerabilities disclosure on June 7th 10AM PDT|2022-06-03T16:39:33+00:00|2022-06-10T16:39:33+00:00|[[https://marc.info/?i=190D2985-BF59-4CF2-BBC4-305C8F192A55%40oracle.com|2022-06-07T19:04:13+00:00]]|CVE-2021-3695\\ CVE-2021-3696\\ CVE-2021-3697\\ CVE-2022-21499\\ CVE-2022-28733\\ CVE-2022-28734\\ CVE-2022-28735\\ CVE-2022-28736\\ CVE-2022-28737|7.00|4.08| | + | |[[https://dpdk.org|DPDK]]|CVE-2022-2132 public disclosure date notice [vs-plain]|2022-08-25T08:44:16+00:00|2022-08-29T15:00:00+00:00|[[https://marc.info/?i=1705193.jNaZZp9DzI%40thomas|2022-08-29T18:12:18+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-2132|CVE-2022-2132]]|4.25|4.38| |
| - | | |containerd GHSA-5ffw-gxpp-mxpf|2022-06-01T21:14:13+00:00|2022-06-08T21:14:13+00:00|[[https://marc.info/?i=CAHxebFYNPzz1q2GzCdCm%3Dx9LytoqaoMkFhVNbDCRv7eZOj3LKQ%40mail.gmail.com|2022-06-06T19:45:34+00:00]]|CVE-2022-31030|7.00|4.92| | + | |[[https://curl.se|curl]]|curl: control code in cookie denial of service|2022-08-22T06:45:35+00:00|2022-08-31T23:59:58+00:00|[[https://marc.info/?i=8r186sn8-2orp-3n38-nno4-9o8n23n6s069%40unkk.fr|2022-08-31T06:31:44+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-35252|CVE-2022-35252]]|9.71|8.96| |
| - | ^ May ^^^^^^^^^ | + | |[[https://github.com/vmware/open-vm-tools|open-vm-tools]]|[SECURITY EMBARGOED] CVE-2022-31676: Local privilege escalation vulnerability in open-vm-tools|2022-08-11T15:33:18+00:00|2022-08-23T23:59:59+00:00|[[https://marc.info/?i=BYAPR05MB63436604DE6E9F49EAAAD1B1B9709%40BYAPR05MB6343.namprd05.prod.outlook.com|2022-08-23T20:10:48+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-31676|CVE-2022-31676]]|12.33|12.17| |
| - | | |linux-kernel: A use-after-free in __lock_acquire|2022-05-31T03:08:52+00:00|2022-06-07T03:08:52+00:00|[[https://marc.info/?i=CAO3qeMXKb7vad9opV7B1oSsHbJ8D4jTpQaF2CwF%3DJ1vVdcSe8g%40mail.gmail.com|2022-06-14T01:07:55+00:00]]|CVE-2022-1976|7.00|13.88| | + | |[[https://kernel.org|Linux]]|Linux NAT issue|2022-08-03T01:55:09+00:00|2022-08-10T01:55:09+00:00|[[https://marc.info/?i=CAP9KPhDskZ1W_wnJ_Z8sNY9nqwLGyL0k3pjYwrhJ_TQnXcC-HA%40mail.gmail.com|2022-08-30T02:27:44+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-2663|CVE-2022-2663]]|7.00|27.00| |
| - | | |Out-of-bounds write vulnerability in nftable can lead to privilege escalation|2022-05-27T19:16:39+00:00|2022-06-03T19:16:39+00:00|[[https://marc.info/?i=adc61777-4814-4426-9d6d-2a2af6d09426.zhangziming.zzm%40antgroup.com|2022-06-02T02:21:36+00:00]]|CVE-2022-1972|7.00|5.29| | + | |[[https://kernel.org|Linux]]|Re: CVE-2022-2586|2022-08-03T00:23:10+00:00|2022-08-09T17:00:00+00:00|[[https://marc.info/?i=YvKVC%2FO%2BtGfNNm35%40quatroqueijos|2022-08-09T17:10:35+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-2586|CVE-2022-2586]]|6.67|6.67| |
| - | | |linux-kernel: A double-free in ntfs3 log_replay|2022-05-27T14:26:57+00:00|2022-06-03T14:26:57+00:00|[[https://marc.info/?i=CAO3qeMWAZYXsKtVOnAQMDDq8wvQA%3DB6ZYDZjvfoe62muQPgALg%40mail.gmail.com|2022-06-08T02:17:36+00:00]]|CVE-2022-1973|7.00|11.46| | + | |[[https://kernel.org|Linux]]|CVE-2022-2585|2022-08-03T00:15:25+00:00|2022-08-09T17:00:00+00:00|[[https://marc.info/?i=YvKVxLtBs86r6Dmh%40quatroqueijos|2022-08-09T17:13:40+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-2585|CVE-2022-2585]]|6.67|6.67| |
| - | | |A race condition vulnerability in drivers/tty/tty_buffers.c|2022-05-26T21:37:00+00:00|2022-06-02T21:37:00+00:00|[[https://marc.info/?i=CAHP5YvJS6SjwTxCzsnhMbwxqmhj08xqgv-k6AfpiwBheCpJBAw%40mail.gmail.com|2022-05-27T14:47:05+00:00]]|CVE-2022-1462|7.00|0.71| | + | |[[https://kernel.org|Linux]]|class_route UAF report (was Re: CVE-2022-2588)|2022-08-02T19:58:24+00:00|2022-08-09T17:00:00+00:00|[[https://marc.info/?i=YvKVWuPyQ%2FYXBT%2Bo%40quatroqueijos|2022-08-09T17:11:54+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2011-1019|CVE-2011-1019]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-2588|CVE-2022-2588]]|6.88|6.88| |
| - | | |EXTERNAL: Re: [vs-plain] Linux Kernel Vulnerability|2022-05-26T08:46:48+00:00|2022-06-02T08:46:48+00:00|[[https://marc.info/?i=CAF73F%3D1%2B-eOEqUsuqG%3DuUdD1o2oa%2BiYQoPxkygqG%2BfoMNwSo6Q%40mail.gmail.com|2022-06-03T06:31:41+00:00]]|CVE-2022-1966|7.00|7.88| | + | ^ July ^^^^^^^^ |
| - | | |Re: ...|2022-05-25T13:19:31+00:00|2022-06-01T13:19:31+00:00|[[https://marc.info/?i=c41c3628-6132-9893-55ce-d86ff251e4fd%40canonical.com|2022-05-25T13:37:24+00:00]]|CVE-2022-1348|7.00|0.00| | + | |[[https://kernel.org|Linux]]|Re: ...|2022-07-31T18:16:32+00:00|2022-08-07T18:16:32+00:00|[[https://marc.info/?i=1973d16e-bb3e-c5b2-74e0-cc2faf9db2bd%40redhat.com|2022-08-08T07:18:27+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2016-5195|CVE-2016-5195]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-2590|CVE-2022-2590]]|7.00|7.54| |
| - | ^ March ^^^^^^^^^ | + | |[[https://rsync.samba.org/|rsync]]|...|2022-07-25T08:42:15+00:00|2022-08-01T08:42:15+00:00|[[https://marc.info/?i=adf7f4c9-f388-a882-562a-f2b424f16a09%40prodaft.com|2022-08-02T08:53:25+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2019-6111|CVE-2019-6111]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-29154|CVE-2022-29154]]|7.00|8.00| |
| - | | |Vulnerability in nf_tables can cause privilege escalation|2022-03-17T02:08:11+00:00|2022-03-24T02:08:11+00:00|[[https://marc.info/?i=20220825132856.GA29197%40openwall.com|2022-08-25T13:28:56+00:00]]|CVE-2022-1015\\ CVE-2022-1016|7.00|161.46| | + | |[[https://kernel.org|Linux]]|CVE-2022-21505: Kernel lockdown bypass bug.|2022-07-12T17:54:51+00:00|2022-07-19T17:54:51+00:00|[[https://marc.info/?i=84A9FE84-665A-4750-9C36-07FBD9222C9F%40oracle.com|2022-07-19T17:02:12+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-21505|CVE-2022-21505]]|7.00|6.96| |
| - | | |CVE-2022-0847: overwriting read-only files on Linux|2022-03-07T12:01:19+00:00|2022-03-14T12:01:19+00:00|[[https://marc.info/?i=1973d16e-bb3e-c5b2-74e0-cc2faf9db2bd%40redhat.com|2022-08-08T07:18:27+00:00]]|CVE-2016-5195\\ CVE-2022-0847|7.00|153.79| | + | |[[https://x.org|xorg]]|Preview of X.Org Security Advisory for 2022-07-12|2022-07-05T18:40:01+00:00|2022-07-12T18:40:01+00:00|[[https://marc.info/?i=c8c9ce86-d45d-51e5-cf4a-b33ad24c88f2%40radix.lt|2022-07-12T12:58:15+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-2319|CVE-2022-2319]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-2320|CVE-2022-2320]]|7.00|6.75| |
| - | ^ February ^^^^^^^^^ | + | |[[https://git-scm.org|git]]|Upcoming Git security fix release|2022-07-04T21:34:29+00:00|2022-07-11T21:34:29+00:00|[[https://marc.info/?i=xmqqh73k8sbl.fsf%40gitster.g|2022-07-14T00:13:18+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-24765|CVE-2022-24765]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-29187|CVE-2022-29187]]|7.00|9.08| |
| - | | |Vulnerability in Linux kernels until 5.6.11|2022-02-28T08:20:32+00:00|2022-03-07T08:20:32+00:00|[[https://marc.info/?i=CAKPOu%2B8WtknWoUeY-CTK5ejo0hOQDsPOsbO12pFK6ifJwmVo4Q%40mail.gmail.com|2022-03-07T12:01:19+00:00]]|CVE-2022-0847|7.00|7.12| | + | ^ June ^^^^^^^^ |
| - | ^ January ^^^^^^^^^ | + | |[[https://curl.se|curl]]|(4/4) curl: FTP-KRB bad message verification|2022-06-20T06:31:22+00:00|2022-06-27T06:31:22+00:00|[[https://marc.info/?i=76n529n8-qppo-10o7-4s28-1s26009n30%40unkk.fr|2022-06-27T06:21:14+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-32208|CVE-2022-32208]]|7.00|6.96| |
| - | | |Re: Vulnerability in the vmwgfx driver|2022-01-21T12:07:12+00:00|2022-01-28T12:07:12+00:00|[[https://marc.info/?i=0f115734-5e21-8fa9-7e96-f8636788a0bc%40grsecurity.net|2022-01-27T20:00:19+00:00]]|CVE-2022-22942|7.00|6.29| | + | |[[https://curl.se|curl]]|(3/4) curl: Unpreserved file permissions|2022-06-20T06:31:16+00:00|2022-06-27T06:31:16+00:00|[[https://marc.info/?i=67qo8418-68q7-q8r1-732s-r46o6s81q7rp%40unkk.fr|2022-06-27T06:20:42+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-32207|CVE-2022-32207]]|7.00|6.96| |
| - | | |Re: Security sensitive bug in the i915 kernel driver|2022-01-18T14:32:16+00:00|2022-01-25T14:32:16+00:00|[[https://marc.info/?i=7460e2a7-4323-3914-bcd6-1d07c859abe5%40linux.intel.com|2022-01-25T17:55:25+00:00]]|CVE-2022-0330|7.00|7.12| | + | |[[https://curl.se|curl]]|(2/4) curl: HTTP compression denial of service|2022-06-20T06:31:12+00:00|2022-06-27T06:31:12+00:00|[[https://marc.info/?i=573s840-9q6o-7q70-5n1o-p0134rro2p88%40unkk.fr|2022-06-27T06:20:10+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-32206|CVE-2022-32206]]|7.00|6.96| |
| - | | |Re: CVE-2022-21658: TOCTOU in Rust's std::fs::remove_dir_all|2022-01-17T11:29:52+00:00|2022-01-24T11:29:52+00:00|[[https://marc.info/?i=7a65d359-c698-a308-e6e8-3c0c44cff037%40pietroalbini.org|2022-01-20T11:02:55+00:00]]|CVE-2021-3997\\ CVE-2022-21658|7.00|2.96| | + | |[[https://curl.se|curl]]|(1/4) curl: Set-Cookie denial of service|2022-06-20T06:31:08+00:00|2022-06-27T06:31:08+00:00|[[https://marc.info/?i=3qq3rs9r-4so8-332o-193n-rq8p259257%40unkk.fr|2022-06-27T06:19:23+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-32205|CVE-2022-32205]]|7.00|6.96| |
| - | | |Re: ***UNCHECKED*** CVE-2021-45417 - aide: heap-based buffer overflow vulnerability in base64 functions|2022-01-16T13:00:34+00:00|2022-01-23T13:00:34+00:00|[[https://marc.info/?i=YemPSkQtnUCflmaH%40sulfur.vonhaugwitz.com|2022-01-20T16:35:22+00:00]]|CVE-2021-45417|7.00|4.12| | + | |[[https://www.gnu.org/software/grub/|grub]]|GRUB vulnerabilities disclosure on June 7th 10AM PDT|2022-06-03T16:39:33+00:00|2022-06-10T16:39:33+00:00|[[https://marc.info/?i=190D2985-BF59-4CF2-BBC4-305C8F192A55%40oracle.com|2022-06-07T19:04:13+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2021-3695|CVE-2021-3695]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2021-3696|CVE-2021-3696]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2021-3697|CVE-2021-3697]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-21499|CVE-2022-21499]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-28733|CVE-2022-28733]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-28734|CVE-2022-28734]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-28735|CVE-2022-28735]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-28736|CVE-2022-28736]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-28737|CVE-2022-28737]]|7.00|4.08| |
| - | | |usbview polkit policy local root exploit (CVE-2022-23220)|2022-01-13T13:30:52+00:00|2022-01-20T13:30:52+00:00|[[https://marc.info/?i=YerETqS%2BHCN4qz%2FZ%40f195.suse.de|2022-01-21T14:33:50+00:00]]|CVE-2022-23220|7.00|8.04| | + | |[[https://pkg.go.dev/github.com/containerd/containerd|github.com/containerd/containerd]]|containerd GHSA-5ffw-gxpp-mxpf|2022-06-01T21:14:13+00:00|2022-06-08T21:14:13+00:00|[[https://marc.info/?i=CAHxebFYNPzz1q2GzCdCm%3Dx9LytoqaoMkFhVNbDCRv7eZOj3LKQ%40mail.gmail.com|2022-06-06T19:45:34+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-31030|CVE-2022-31030]]|7.00|4.92| |
| - | | |Re: Prosody XMPP Server 0.11.x Unauthenticated Remote Denial of Service / Resource Exhaustion|2022-01-12T07:58:16+00:00|2022-01-19T07:58:16+00:00|[[https://marc.info/?i=2193597.LkMCQtBBq3%40sinistra|2022-01-13T17:07:44+00:00]]|CVE-2022-0217|7.00|1.38| | + | ^ May ^^^^^^^^ |
| - | | |Re: CVE-2021-4034 (patch)|2022-01-12T00:01:39+00:00|2022-01-19T00:01:39+00:00|[[https://marc.info/?i=F9283FD4-A0FC-4944-8659-530684BB33F8%40gentoo.org|2022-01-25T18:04:49+00:00]]|CVE-2021-4034|7.00|13.75| | + | |[[https://kernel.org|Linux]]|linux-kernel: A use-after-free in __lock_acquire|2022-05-31T03:08:52+00:00|2022-06-07T03:08:52+00:00|[[https://marc.info/?i=CAO3qeMXKb7vad9opV7B1oSsHbJ8D4jTpQaF2CwF%3DJ1vVdcSe8g%40mail.gmail.com|2022-06-14T01:07:55+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-1976|CVE-2022-1976]]|7.00|13.88| |
| - | | |Out-of-bounds write of heap buffer in fs_context.c leads to LPE and container escape|2022-01-11T09:01:05+00:00|2022-01-18T09:01:05+00:00|[[https://marc.info/?i=215FEA11-77C7-42C1-97AB-8B3F637F9C61%40oracle.com|2022-01-18T18:57:57+00:00]]|CVE-2022-0185\\ CVE-2022-0216|7.00|7.38| | + | |[[https://kernel.org|Linux]]|Out-of-bounds write vulnerability in nftable can lead to privilege escalation|2022-05-27T19:16:39+00:00|2022-06-03T19:16:39+00:00|[[https://marc.info/?i=adc61777-4814-4426-9d6d-2a2af6d09426.zhangziming.zzm%40antgroup.com|2022-06-02T02:21:36+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-1972|CVE-2022-1972]]|7.00|5.29| |
| - | | |Re: LUKS2 / cryptsetup: CVE-2021-4122 disabling encryption via header rewrite|2022-01-07T10:15:50+00:00|2022-01-14T10:15:50+00:00|[[https://marc.info/?i=49e8cc07-ff0d-5cd1-ff2e-eee36bf7e46c%40gmail.com|2022-01-13T10:10:00+00:00]]|CVE-2021-4122|7.00|5.96| | + | |[[https://kernel.org|Linux]]|linux-kernel: A double-free in ntfs3 log_replay|2022-05-27T14:26:57+00:00|2022-06-03T14:26:57+00:00|[[https://marc.info/?i=CAO3qeMWAZYXsKtVOnAQMDDq8wvQA%3DB6ZYDZjvfoe62muQPgALg%40mail.gmail.com|2022-06-08T02:17:36+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-1973|CVE-2022-1973]]|7.00|11.46| |
| - | | |Re: CVE-2021-3997 in systemd|2022-01-04T07:14:29+00:00|2022-01-11T07:14:29+00:00|[[https://marc.info/?i=F97E792C-1249-4C6C-A1B2-23A2A835A941%40gentoo.org|2022-01-11T00:01:34+00:00]]|CVE-2021-3997|7.00|6.67| | + | |[[https://kernel.org|Linux]]|A race condition vulnerability in drivers/tty/tty_buffers.c|2022-05-26T21:37:00+00:00|2022-06-02T21:37:00+00:00|[[https://marc.info/?i=CAHP5YvJS6SjwTxCzsnhMbwxqmhj08xqgv-k6AfpiwBheCpJBAw%40mail.gmail.com|2022-05-27T14:47:05+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-1462|CVE-2022-1462]]|7.00|0.71| |
| - | | |Linux kernel: CVE-2021-4155|2022-01-03T17:32:24+00:00|2022-01-10T17:32:24+00:00|[[https://marc.info/?i=CAKx%2B4-rd1JnV%2BC-0kxq4NWn1N-BPOxZpE29iYsXk8Y6MqbVkAw%40mail.gmail.com|2022-01-10T12:19:47+00:00]]|CVE-2021-4155|7.00|6.75| | + | |[[https://kernel.org|Linux]]|EXTERNAL: Re: [vs-plain] Linux Kernel Vulnerability|2022-05-26T08:46:48+00:00|2022-06-02T08:46:48+00:00|[[https://marc.info/?i=CAF73F%3D1%2B-eOEqUsuqG%3DuUdD1o2oa%2BiYQoPxkygqG%2BfoMNwSo6Q%40mail.gmail.com|2022-06-03T06:31:41+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-1966|CVE-2022-1966]]|7.00|7.88| |
| + | |[[https://github.com/logrotate/logrotate|logrotate]]|Re: ...|2022-05-25T13:19:31+00:00|2022-06-01T13:19:31+00:00|[[https://marc.info/?i=c41c3628-6132-9893-55ce-d86ff251e4fd%40canonical.com|2022-05-25T13:37:24+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-1348|CVE-2022-1348]]|7.00|0.00| | ||
| + | ^ March ^^^^^^^^ | ||
| + | |[[https://kernel.org|Linux]]|Vulnerability in nf_tables can cause privilege escalation|2022-03-17T02:08:11+00:00|2022-03-24T02:08:11+00:00|[[https://marc.info/?i=20220825132856.GA29197%40openwall.com|2022-08-25T13:28:56+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-1015|CVE-2022-1015]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-1016|CVE-2022-1016]]|7.00|161.46((This is not for real - a much later follow-up oss-security posting was wrongly picked up when automatically generating this data, whereas the original was apparently on March 28))| | ||
| + | |[[https://kernel.org|Linux]]|CVE-2022-0847: overwriting read-only files on Linux|2022-03-07T12:01:19+00:00|2022-03-14T12:01:19+00:00|[[https://marc.info/?i=1973d16e-bb3e-c5b2-74e0-cc2faf9db2bd%40redhat.com|2022-08-08T07:18:27+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2016-5195|CVE-2016-5195]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-0847|CVE-2022-0847]]|7.00|153.79((This is not for real - a much earlier linux-distros posting was wrongly picked up when automatically generating this data))| | ||
| + | ^ February ^^^^^^^^ | ||
| + | |[[https://kernel.org|Linux]]|Vulnerability in Linux kernels until 5.6.11|2022-02-28T08:20:32+00:00|2022-03-07T08:20:32+00:00|[[https://marc.info/?i=CAKPOu%2B8WtknWoUeY-CTK5ejo0hOQDsPOsbO12pFK6ifJwmVo4Q%40mail.gmail.com|2022-03-07T12:01:19+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-0847|CVE-2022-0847]]|7.00|7.12| | ||
| + | ^ January ^^^^^^^^ | ||
| + | |[[https://kernel.org|Linux]]|Re: Vulnerability in the vmwgfx driver|2022-01-21T12:07:12+00:00|2022-01-28T12:07:12+00:00|[[https://marc.info/?i=0f115734-5e21-8fa9-7e96-f8636788a0bc%40grsecurity.net|2022-01-27T20:00:19+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-22942|CVE-2022-22942]]|7.00|6.29| | ||
| + | |[[https://kernel.org|Linux]]|Re: Security sensitive bug in the i915 kernel driver|2022-01-18T14:32:16+00:00|2022-01-25T14:32:16+00:00|[[https://marc.info/?i=7460e2a7-4323-3914-bcd6-1d07c859abe5%40linux.intel.com|2022-01-25T17:55:25+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-0330|CVE-2022-0330]]|7.00|7.12| | ||
| + | |[[https://www.rust-lang.org/|rust]]|Re: CVE-2022-21658: TOCTOU in Rust's std::fs::remove_dir_all|2022-01-17T11:29:52+00:00|2022-01-24T11:29:52+00:00|[[https://marc.info/?i=7a65d359-c698-a308-e6e8-3c0c44cff037%40pietroalbini.org|2022-01-20T11:02:55+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2021-3997|CVE-2021-3997]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-21658|CVE-2022-21658]]|7.00|2.96| | ||
| + | |[[https://aide.github.io/|aide]]|Re: ***UNCHECKED*** CVE-2021-45417 - aide: heap-based buffer overflow vulnerability in base64 functions|2022-01-16T13:00:34+00:00|2022-01-23T13:00:34+00:00|[[https://marc.info/?i=YemPSkQtnUCflmaH%40sulfur.vonhaugwitz.com|2022-01-20T16:35:22+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2021-45417|CVE-2021-45417]]|7.00|4.12| | ||
| + | |[[https://github.com/gregkh/usbview|usbview]]|usbview polkit policy local root exploit (CVE-2022-23220)|2022-01-13T13:30:52+00:00|2022-01-20T13:30:52+00:00|[[https://marc.info/?i=YerETqS%2BHCN4qz%2FZ%40f195.suse.de|2022-01-21T14:33:50+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-23220|CVE-2022-23220]]|7.00|8.04| | ||
| + | |[[https://prosody.im/|prosody]]|Re: Prosody XMPP Server 0.11.x Unauthenticated Remote Denial of Service / Resource Exhaustion|2022-01-12T07:58:16+00:00|2022-01-19T07:58:16+00:00|[[https://marc.info/?i=2193597.LkMCQtBBq3%40sinistra|2022-01-13T17:07:44+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-0217|CVE-2022-0217]]|7.00|1.38| | ||
| + | |[[https://gitlab.freedesktop.org/polkit/polkit|polkit]]|Re: CVE-2021-4034 (patch)|2022-01-12T00:01:39+00:00|2022-01-19T00:01:39+00:00|[[https://marc.info/?i=F9283FD4-A0FC-4944-8659-530684BB33F8%40gentoo.org|2022-01-25T18:04:49+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2021-4034|CVE-2021-4034]]|7.00|13.75| | ||
| + | |[[https://kernel.org|Linux]]|Out-of-bounds write of heap buffer in fs_context.c leads to LPE and container escape|2022-01-11T09:01:05+00:00|2022-01-18T09:01:05+00:00|[[https://marc.info/?i=215FEA11-77C7-42C1-97AB-8B3F637F9C61%40oracle.com|2022-01-18T18:57:57+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-0185|CVE-2022-0185]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-0216|CVE-2022-0216]]|7.00|7.38| | ||
| + | |[[https://gitlab.com/cryptsetup/cryptsetup|cryptsetup]]|Re: LUKS2 / cryptsetup: CVE-2021-4122 disabling encryption via header rewrite|2022-01-07T10:15:50+00:00|2022-01-14T10:15:50+00:00|[[https://marc.info/?i=49e8cc07-ff0d-5cd1-ff2e-eee36bf7e46c%40gmail.com|2022-01-13T10:10:00+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2021-4122|CVE-2021-4122]]|7.00|5.96| | ||
| + | |[[https://systemd.io/|systemd]]|Re: CVE-2021-3997 in systemd|2022-01-04T07:14:29+00:00|2022-01-11T07:14:29+00:00|[[https://marc.info/?i=F97E792C-1249-4C6C-A1B2-23A2A835A941%40gentoo.org|2022-01-11T00:01:34+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2021-3997|CVE-2021-3997]]|7.00|6.67| | ||
| + | |[[https://kernel.org|Linux]]|Linux kernel: CVE-2021-4155|2022-01-03T17:32:24+00:00|2022-01-10T17:32:24+00:00|[[https://marc.info/?i=CAKx%2B4-rd1JnV%2BC-0kxq4NWn1N-BPOxZpE29iYsXk8Y6MqbVkAw%40mail.gmail.com|2022-01-10T12:19:47+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2021-4155|CVE-2021-4155]]|7.00|6.75| | ||