This shows you the differences between two versions of the page.
|
mailing-lists:distros:stats:2023 [2023/10/16 18:31] solar add June 2023 |
mailing-lists:distros:stats:2023 [2023/12/28 20:30] (current) solar add December 2023 |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Distros list statistics and data for 2023 ====== | ====== Distros list statistics and data for 2023 ====== | ||
| - | ==== Statistics by month ==== | + | ===== Statistics by month ===== |
| Statistics are grouped by month of the issue being reported to the private list. | Statistics are grouped by month of the issue being reported to the private list. | ||
| - | ^ Month ^ Reports ^ Average ^ Median ^ Min ^ Max embargo days ^ | + | ^ Month ^ All reports ^ Embargoed ^ Average ^ Median ^ Min ^ Max embargo days ^ |
| - | | 2023-06 | 7 | 26.26 | 7.99 | 1.21 | 131.43 | | + | | 2023-01 | 16 | 16 | 43.52 | 6.78 | 1.22 | 307.22 | |
| - | | 2023-07 | 3 | 3.97 | 3.11 | 1.87 | 6.93 | | + | | 2023-02 | 14 | 11 | 29.70 | 6.93 | 5.68 | 256.01 | |
| - | | 2023-08 | 1 | 7.31 | 7.31 | 7.31 | 7.31 | | + | | 2023-03 | 11 | 11 | 28.85 | 6.83 | 4.07 | 237.20 | |
| - | | 2023-09 | 12 | 9.86 | 9.63 | 1.26 | 20.27 | | + | | 2023-04 | 4 | 4 | 7.92 | 6.21 | 4.14 | 15.13 | |
| - | | Total | 23 | 13.97 | 7.31 | 1.21 | 131.43 | | + | | 2023-05 | 12 | 12 | 7.51 | 7.68 | 2.57 | 13.99 | |
| + | | 2023-06 | 7 | 7 | 26.26 | 7.99 | 1.21 | 131.43 | | ||
| + | | 2023-07 | 3 | 3 | 3.97 | 3.11 | 1.87 | 6.93 | | ||
| + | | 2023-08 | 1 | 1 | 7.31 | 7.31 | 7.31 | 7.31 | | ||
| + | | 2023-09 | 12 | 12 | 9.86 | 9.63 | 1.26 | 20.27 | | ||
| + | | 2023-10 | 6 | 6 | 8.89 | 7.96 | 7.58 | 14.01 | | ||
| + | | 2023-11 | 3 | 3 | 6.94 | 8.02 | 4.78 | 8.02 | | ||
| + | | 2023-12 | 4 | 4 | 7.16 | 7.35 | 4.04 | 9.91 | | ||
| + | | Total | 93 | 90 | 20.96 | 7.03 | 1.21 | 307.22 | | ||
| - | ==== Input data ==== | + | The data for January 2023 excludes continued handling of some Linux kernel issues by the same reporter, who started reporting that group of related issues in December 2022. |
| + | |||
| + | Non-embargoed reports (issue already posted to oss-security before being brought to (linux-)distros, which only occurred in February 2023) are excluded from the calculation of average, median, and minimum embargo duration above. | ||
| + | |||
| + | ===== Formatted input data ===== | ||
| + | |||
| + | For the statistics above, we only use the first embargo duration seen in this table, which is the delay between postings to (linux-)distros and oss-security. | ||
| + | |||
| + | For some reports, there's a second embargo duration - that one is the delay (sometimes negative) between a first public posting elsewhere and the posting to (linux-)distros. Such first public posting often does not fully (or at all) reveal security relevance of the issue/fix, making it not-too-unreasonable to allow a little bit (more) of embargo time on the full detail, especially when that's the issue reporter's and/or the upstream project's preference. | ||
| ^ Project ^ Subjects/titles/links ^ Time at distros (UTC) \\ ... oss-security (UTC) \\ Elsewhere (UTC) ^ Embargo days ^ Planned CRD(s) \\ (exact wording) ^ CVE(s) ^ | ^ Project ^ Subjects/titles/links ^ Time at distros (UTC) \\ ... oss-security (UTC) \\ Elsewhere (UTC) ^ Embargo days ^ Planned CRD(s) \\ (exact wording) ^ CVE(s) ^ | ||
| + | | Linux | [vs-plain] Warning in bpf_probe_read_user \\ [[https://www.openwall.com/lists/oss-security/2023/11/05/5|[oss-security] Linux: BPF: issues with copy_from_user_nofault()]] \\ [[https://lore.kernel.org/bpf/20230118051443.78988-1-alexei.starovoitov@gmail.com/]] | Mon Jan 02 17:33:21 2023 \\ Sun Nov 05 22:44:05 2023 \\ Wed Jan 18 05:14:51 2023 | 307.22 \\ 15.49 | 1/9 \\ 1/12 \\ "tomorrow or so" after June 27 | | | ||
| + | | Cargo | [vs-plain] CVE-2022-46176: Cargo does not check SSH host keys \\ [[https://www.openwall.com/lists/oss-security/2023/01/10/3|[oss-security] CVE-2022-46176: Cargo does not check SSH host keys]] | Thu Jan 05 16:48:35 2023 \\ Tue Jan 10 16:58:09 2023 | 5.01 | 2023-01-10 at 16:30 UTC | CVE-2022-46176 | | ||
| + | | libgit2 | [vs-plain] CVE-2022-46176: Cargo does not check SSH host keys \\ [[https://www.openwall.com/lists/oss-security/2023/11/05/6|Re: [oss-security] CVE-2022-46176: Cargo does not check SSH host keys]] | Thu Jan 05 16:48:35 2023 \\ Sun Nov 05 23:08:43 2023 | 304.26 | 2023-01-10 | | | ||
| + | | X.Org libXpm | [vs-plain] Embargoed X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15 \\ [[https://www.openwall.com/lists/oss-security/2023/01/17/2|[oss-security] Fwd: X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15]] | Tue Jan 10 18:12:35 2023 \\ Tue Jan 17 16:48:05 2023 | 6.94 | January 17 | CVE-2022-46285 \\ CVE-2022-44617 \\ CVE-2022-4883 | | ||
| + | | git | [vs-plain] Upcoming Git security fix release \\ [[https://www.openwall.com/lists/oss-security/2023/01/17/4|[oss-security] Git 2.39.1 and friends]] | Tue Jan 10 23:08:20 2023 \\ Tue Jan 17 18:11:20 2023 | 6.79 | 2023-JAN-17 at around 10am Pacific Time | CVE-2022-23521 \\ CVE-2022-41903 | | ||
| + | | OpenStack | [vs] Vulnerability in OpenStack Swift (CVE-2022-47950) \\ [[https://www.openwall.com/lists/oss-security/2023/01/17/1|[oss-security] [OSSA-2023-001] Swift: Arbitrary file access through custom S3 XML entities (CVE-2022-47950)]] | Wed Jan 11 00:35:07 2023 \\ Tue Jan 17 16:01:28 2023 | 6.64 | 2023-01-17, 1500UTC | CVE-2022-47950 | | ||
| + | | Linux | [vs-plain] Netfilter vulnerability disclosure \\ [[https://www.openwall.com/lists/oss-security/2023/01/13/2|[oss-security] CVE-2023-0179: Linux kernel stack buffer overflow in nftables: PoC and writeup]] \\ [[https://groups.google.com/g/syzkaller/c/YRNDJBsJn_s]] | Wed Jan 11 01:26:07 2023 \\ Fri Jan 13 16:16:16 2023 \\ Wed Jan 11 14:13:59 2023 | 2.62 \\ 0.53 | 7-day embargo | CVE-2023-0179 | | ||
| + | | sudo | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2023/01/19/1|[oss-security] CVE-2023-22809: Sudoedit can edit arbitrary files]] | Thu Jan 12 14:17:36 2023 \\ Thu Jan 19 07:30:23 2023 | 6.72 | Wednesday 18th January \\ 15:00 UTC | CVE-2023-22809 | | ||
| + | | PowerDNS Recursor | [vs] PowerDNS pre-notification: EMBARGO: PowerDNS Security Advisory 2023-01: PowerDNS Recursor 4.8.0 unbounded recursion results in program termination \\ [[https://www.openwall.com/lists/oss-security/2023/01/20/1|[oss-security] Security Advisory 2023-01 for PowerDNS Recursor 4.8.0 (CVE-2023-22617)]] | Fri Jan 13 11:17:56 2023 \\ Fri Jan 20 12:34:24 2023 | 7.05 | 20th of January 2023 | CVE-2023-22617 | | ||
| + | | Linux | [vs-plain] null pointer dereference in Linux kernel \\ [[https://www.openwall.com/lists/oss-security/2023/01/18/2|[oss-security] null pointer dereference in Linux kernel]] \\ [[https://lore.kernel.org/netdev/Y7s%2FFofVXLwoVgWt@westworld/]] | Sun Jan 15 05:13:23 2023 \\ Wed Jan 18 08:32:11 2023 \\ Sun Jan 08 22:09:37 2023 | 3.14 \\ -6.29 | in a week (Jan 21st) \\ Tuesday, January 17 | CVE-2023-0394 | | ||
| + | | OpenStack | [vs] Vulnerability in OpenStack Cinder, Glance, Nova (CVE-2022-47951) \\ [[https://www.openwall.com/lists/oss-security/2023/01/24/2|[oss-security] [OSSA-2023-002] Cinder, Glance, Nova: Arbitrary file access through custom VMDK flat descriptor (CVE-2022-47951)]] | Tue Jan 17 21:53:18 2023 \\ Tue Jan 24 16:08:35 2023 | 6.76 | 2023-01-24, 1500UTC | CVE-2022-47951 | | ||
| + | | BIND 9 | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2023/01/25/2|[oss-security] ISC has disclosed three vulnerabilities in BIND 9 (CVE-2022-3094, CVE-2022-3736, CVE-2022-3924)]] | Tue Jan 24 11:59:13 2023 \\ Wed Jan 25 17:17:31 2023 | 1.22 | 25 January 2023 | CVE-2022-3094 \\ CVE-2022-3736 \\ CVE-2022-3924 | | ||
| + | | OpenSSL | [vs-plain] Embargoed OpenSSL security issues \\ [[https://www.openwall.com/lists/oss-security/2023/02/07/8|[oss-security] Fwd: OpenSSL Security Advisory]] | Wed Jan 25 12:02:11 2023 \\ Tue Feb 07 19:29:21 2023 | 13.31 | 7th February 2023 | | | ||
| + | | pesign | [vs-plain] pesign: Local privilege escalation on pesign systemd service \\ [[https://www.openwall.com/lists/oss-security/2023/01/31/6|[oss-security] pesign: Local privilege escalation on pesign systemd service]] | Fri Jan 27 20:45:41 2023 \\ Tue Jan 31 17:40:43 2023 | 3.87 | Jan 31st \\ 15 UTC | CVE-2022-3560 | | ||
| + | | X.Org Server | [vs-plain] Preview of X.Org Security Advisory for 2023-02-07 \\ [[https://www.openwall.com/lists/oss-security/2023/02/07/1|[oss-security] X.Org Security Advisory: Security issue in the X server]] | Mon Jan 30 22:33:46 2023 \\ Tue Feb 07 01:37:48 2023 | 7.13 | 2023-02-07 at 01:00 UTC | CVE-2023-0494 \\ ZDI-CAN-19596 | | ||
| + | | heimdal, samba | [vs-plain] [vc] heimdal: CVE-2022-45142: signature validation failure \\ [[https://www.openwall.com/lists/oss-security/2023/02/08/1|[oss-security] [vs] heimdal: CVE-2022-45142: signature validation failure]] | Tue Jan 31 13:52:38 2023 \\ Wed Feb 08 06:50:02 2023 | 7.71 | 2023-02-08 | CVE-2022-3437 | | ||
| + | | less | [vs-plain] less CVE-2022-46663 \\ [[https://www.openwall.com/lists/oss-security/2023/02/07/7|[oss-security] CVE-2022-46663: less -R filtering bypass]] \\ [[https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c]] | Wed Feb 01 06:35:37 2023 \\ Tue Feb 07 19:26:58 2023 \\ Sat Oct 08 02:25:00 2022 | 6.54 \\ -116.17 | Tuesday; 09:00 UTC, 2023-02-07 | CVE-2022-46663 | | ||
| + | | curl | [vs-plain] curl: CVE-2023-23914: HSTS ignored on multiple requests (1/3) \\ [[https://www.openwall.com/lists/oss-security/2023/02/15/1|[oss-security] curl: CVE-2023-23914: HSTS ignored on multiple requests]] \\ [[https://github.com/curl/curl/pull/10138]] | Tue Feb 07 09:36:32 2023 \\ Wed Feb 15 07:29:04 2023 \\ Thu Dec 22 15:14:00 2022 | 7.91 \\ -46.77 | Febrary 15th | CVE-2023-23914 | | ||
| + | | curl | [vs-plain] curl: CVE-2023-23915: HSTS amnesia with --parallel (2/3) \\ [[https://www.openwall.com/lists/oss-security/2023/02/15/2|[oss-security] curl: CVE-2023-23915: HSTS amnesia with --parallel]] | Tue Feb 07 09:36:35 2023 \\ Wed Feb 15 07:29:08 2023 | 7.91 | Febrary 15th | CVE-2023-23915 | | ||
| + | | curl | [vs-plain] curl: CVE-2023-23916: HTTP multi-header compression denial of service (3/3) \\ [[https://www.openwall.com/lists/oss-security/2023/02/15/3|[oss-security] curl: CVE-2023-23916: HTTP multi-header compression denial of service]] | Tue Feb 07 09:37:31 2023 \\ Wed Feb 15 07:29:11 2023 | 7.91 | Febrary 15th | CVE-2023-23916 | | ||
| + | | git | [vs-plain] Upcoming Git security fix release \\ [[https://www.openwall.com/lists/oss-security/2023/02/14/5|[oss-security] [Announce] Git 2.39.2 and friends]] | Tue Feb 07 16:47:06 2023 \\ Tue Feb 14 18:09:06 2023 | 7.06 | 2023-FEB-14 at 10am Pacific Time | CVE-2023-22490 \\ CVE-2023-23946 | | ||
| + | | Linux | [vs-plain] CVE Request \\ [[https://www.openwall.com/lists/oss-security/2023/01/17/3|[oss-security] Linux Kernel: hid: type confusions on hid report_list entry]] \\ [[https://lore.kernel.org/all/20230114-hid-fix-emmpty-report-list-v1-0-e4d02fad3ba5@diag.uniroma1.it/T/]] | Wed Feb 22 17:24:49 2023 \\ Tue Jan 17 17:13:45 2023 \\ Mon Jan 16 11:12:09 2023 | -36.01 \\ -37.26 | | CVE-2023-1073 | | ||
| + | | Linux | [vs-plain] CVE Request \\ [[https://www.openwall.com/lists/oss-security/2023/01/18/3|[oss-security] Linux Kernel: hid: NULL pointer dereference in hid_betopff_play()]] \\ [[https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=3782c0d6edf658b71354a64d60aa7a296188fc90]] | Wed Feb 22 17:24:49 2023 \\ Wed Jan 18 16:18:17 2023 \\ Wed Jan 18 15:34:35 2023 | -35.05 \\ -35.08 | | CVE-2023-1073 | | ||
| + | | Linux | [vs-plain] CVE Request \\ [[https://www.openwall.com/lists/oss-security/2023/01/23/1|[oss-security] Linux Kernel: sctp: KASLR leak in inet_diag_msg_sctpasoc_fill()]] \\ [[https://lore.kernel.org/linux-sctp/9fcd182f1099f86c6661f3717f63712ddd1c676c.1674496737.git.marcelo.leitner%40gmail.com/T/]] | Wed Feb 22 17:24:49 2023 \\ Mon Jan 23 18:55:36 2023 \\ Mon Jan 23 18:00:06 2023 | -29.94 \\ -29.98 | | CVE-2023-1074 | | ||
| + | | Linux | [vs-plain] CVE Request \\ [[https://www.openwall.com/lists/oss-security/2023/03/01/6|[oss-security] CVE-2023-1075 - Linux Kernel: Type Confusion in tls_is_tx_ready()]] \\ [[https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ffe2a22562444720b05bdfeb999c03e810d84cbb]] | Wed Feb 22 17:24:49 2023 \\ Wed Mar 01 15:48:25 2023 \\ Tue Jan 31 05:06:08 2023 | 6.93 \\ -22.51 | | CVE-2023-1075 | | ||
| + | | Linux | [vs-plain] CVE Request \\ [[https://www.openwall.com/lists/oss-security/2023/03/01/5|[oss-security] CVE-2023-1076: Linux Kernel: Type Confusion hardcodes tuntap socket UID to root]] \\ [[https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=66b2c338adce580dfce2199591e65e2bab889cff]] | Wed Feb 22 17:24:49 2023 \\ Wed Mar 01 15:48:17 2023 \\ Mon Feb 06 10:16:55 2023 | 6.93 \\ -16.30 | | CVE-2023-1076 | | ||
| + | | Linux | [vs-plain] CVE Request \\ [[https://www.openwall.com/lists/oss-security/2023/03/01/7|[oss-security] CVE-2023-1077: Linux kernel: Type confusion in pick_next_rt_entity()]] \\ [[https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=7c4a5b89a0b5a57a64b601775b296abf77a9fe97]] | Wed Feb 22 17:24:49 2023 \\ Wed Mar 01 15:48:27 2023 \\ Sat Feb 11 10:18:10 2023 | 6.93 \\ -11.30 | | CVE-2023-1077 | | ||
| + | | Linux | [vs-plain] CVE Request \\ [[https://www.openwall.com/lists/oss-security/2023/11/05/1|[oss-security] CVE-2023-1078: Linux: rds_rm_zerocopy_callback() bugs]] \\ [[https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d]] | Wed Feb 22 17:24:49 2023 \\ Sun Nov 05 17:32:17 2023 \\ Thu Feb 09 09:37:26 2023 | 256.01 \\ -13.32 | | CVE-2023-1078 | | ||
| + | | Linux | [vs-plain] CVE Request \\ [[https://www.openwall.com/lists/oss-security/2023/03/01/4|[oss-security] CVE-2023-1079: Linux Kernel: Use-After-Free in asus_kbd_backlight_set()]] \\ [[https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df]] | Wed Feb 22 17:24:49 2023 \\ Wed Mar 01 15:48:11 2023 \\ Wed Feb 15 17:20:56 2023 | 6.93 \\ -7.00 | | CVE-2023-1079 | | ||
| + | | sudo | [vs] sudo: double free with per-command chroot sudoers rules \\ [[https://www.openwall.com/lists/oss-security/2023/02/28/1|[oss-security] sudo: double free with per-command chroot sudoers rules]] \\ [[https://www.sudo.ws/pipermail/sudo-announce/2023-February/000206.html]] | Wed Feb 22 22:12:30 2023 \\ Tue Feb 28 14:33:57 2023 \\ Mon Feb 27 16:16:34 2023 | 5.68 \\ 4.75 | maybe Monday next week | | | ||
| + | | Linux | [vs-plain] A double free vulnerability was found in the hci_conn_cleanup function of the Bluetooth subsystem \\ [[https://www.openwall.com/lists/oss-security/2023/03/28/2|[oss-security] CVE-2023-28464: Linux: Bluetooth: hci_conn_cleanup function has double free]] \\ [[https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm@gmail.com/]] | Wed Mar 08 10:06:04 2023 \\ Tue Mar 28 11:18:01 2023 \\ Thu Mar 09 07:49:39 2023 | 20.05 \\ 0.91 | March 28 \\ 2023-03-28T10:05:42+00:00 | CVE-2023-28464 | | ||
| + | | Linux | [vs-plain] Reporting a USB-accessible slab-out-of-bounds read in brcmfmac \\ [[https://www.openwall.com/lists/oss-security/2023/03/13/1|[oss-security] A USB-accessible slab-out-of-bounds read in Linux kernel driver]] \\ [[https://lore.kernel.org/linux-wireless/20230309104457.22628-1-jisoo.jang@yonsei.ac.kr/]] | Thu Mar 09 11:24:15 2023 \\ Mon Mar 13 13:03:07 2023 \\ Thu Mar 09 10:45:59 2023 | 4.07 \\ -0.03 | | CVE-2023-1380 | | ||
| + | | Bluez, Intel wireless devices | [vs-plain] Bluetooth Low Energy stuck in unresponsive state after repeated out of order transmission of packets \\ [[https://www.openwall.com/lists/oss-security/2023/11/02/2|[oss-security] Bluez, Intel wireless devices: Bluetooth Low Energy stuck in unresponsive state after repeated out of order transmission of packets]] | Fri Mar 10 18:08:39 2023 \\ Thu Nov 02 22:55:03 2023 | 237.20 | | | | ||
| + | | curl | [vs-plain] curl: CVE-2023-27533: TELNET option IAC injection (1/6) \\ [[https://www.openwall.com/lists/oss-security/2023/03/20/1|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-27533: TELNET option IAC injection]] \\ [[https://github.com/curl/curl/commit/538b1e79a6e7b]] | Mon Mar 13 11:26:18 2023 \\ Mon Mar 20 07:26:15 2023 \\ Fri Mar 10 16:43:00 2023 | 6.83 \\ -2.78 | March 20 | CVE-2023-27533 | | ||
| + | | curl | [vs-plain] curl: CVE-2023-27534: SFTP path ~ resolving discrepancy (2/6) \\ [[https://www.openwall.com/lists/oss-security/2023/03/20/2|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-27534: SFTP path ~ resolving discrepancy]] \\ [[https://github.com/curl/curl/commit/4e2b52b5f7a3bf50a]] | Mon Mar 13 11:26:19 2023 \\ Mon Mar 20 07:26:20 2023 \\ Fri Mar 10 22:20:00 2023 | 6.83 \\ -2.55 | March 20 | CVE-2023-27534 | | ||
| + | | curl | [vs-plain] curl: CVE-2023-27535: FTP too eager connection reuse (3/6) \\ [[https://www.openwall.com/lists/oss-security/2023/03/20/3|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-27535: FTP too eager connection reuse]] \\ [[https://github.com/curl/curl/commit/8f4608468b890dc]] | Mon Mar 13 11:27:21 2023 \\ Mon Mar 20 07:26:22 2023 \\ Mon Mar 13 08:07:00 2023 | 6.83 \\ -0.14 | March 20 | CVE-2023-27535 | | ||
| + | | curl | [vs-plain] curl: CVE-2023-27536: GSS delegation too eager connection re-use (4/6) \\ [[https://www.openwall.com/lists/oss-security/2023/03/20/4|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-27536: GSS delegation too eager connection re-use]] \\ [[https://github.com/curl/curl/commit/cb49e67303dba]] | Mon Mar 13 11:27:20 2023 \\ Mon Mar 20 07:26:26 2023 \\ Fri Mar 10 22:30:00 2023 | 6.83 \\ -2.54 | March 20 | CVE-2023-27536 | | ||
| + | | curl | [vs-plain] curl: CVE-2023-27537: HSTS double-free (5/6) \\ [[https://www.openwall.com/lists/oss-security/2023/03/20/5|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-27537: HSTS double-free]] \\ [[https://github.com/curl/curl/commit/dca4cdf071be0]] | Mon Mar 13 11:28:21 2023 \\ Mon Mar 20 07:26:32 2023 \\ Fri Mar 10 16:45:00 2023 | 6.83 \\ -2.78 | March 20 | CVE-2023-27537 | | ||
| + | | curl | [vs-plain] curl: CVE-2023-27538: SSH connection too eager reuse still (6/6) \\ [[https://www.openwall.com/lists/oss-security/2023/03/20/6|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-27538: SSH connection too eager reuse still]] \\ [[https://github.com/curl/curl/commit/af369db4d3833272b8ed]] | Mon Mar 13 11:28:23 2023 \\ Mon Mar 20 07:26:36 2023 \\ Fri Mar 10 16:54:00 2023 | 6.83 \\ -2.77 | March 20 | CVE-2023-27538 | | ||
| + | | X.Org Server | [vs-plain] Preview of X.Org Security Advisory for 2023-03-29 \\ [[https://www.openwall.com/lists/oss-security/2023/03/29/1|[oss-security] Fwd: X.Org Security Advisory: CVE-2023-1393: X.Org Server Overlay Window Use-After-Free]] \\ [[https://lists.x.org/archives/xorg-announce/2023-March/003374.html]] | Mon Mar 20 08:03:14 2023 \\ Wed Mar 29 12:36:06 2023 \\ Wed Mar 29 12:15:05 2023 | 9.19 \\ 9.17 | 2023-03-29 at 12:00 UTC | CVE-2023-1393 \\ ZDI-CAN-19866 | | ||
| + | | Open vSwitch | [vs-plain] [ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0 \\ [[https://www.openwall.com/lists/oss-security/2023/04/06/1|[oss-security] [ADVISORY] CVE-2023-1668: Open vSwitch: Remote traffic denial of service via crafted packets with IP proto 0]] | Fri Mar 31 23:06:33 2023 \\ Thu Apr 06 19:18:23 2023 | 5.84 | 06-Apr-2023 | CVE-2023-1668 | | ||
| + | | Linux | [vs-plain] linux-bluetooth: Arbitrary management command execution \\ [[https://www.openwall.com/lists/oss-security/2023/04/16/3|[oss-security] CVE-2023-2002: Linux Bluetooth: Unauthorized management command execution]] | Sun Apr 09 10:57:14 2023 \\ Sun Apr 16 11:22:19 2023 | 7.02 | April 16th | CVE-2023-2002 | | ||
| + | | Linux | [vs-plain] OOB access in the Linux kernel's XFS subsystem \\ [[https://www.openwall.com/lists/oss-security/2023/04/19/2|[oss-security] CVE-2023-2124: OOB access in the Linux kernel's XFS subsystem]] \\ [[https://lore.kernel.org/linux-xfs/20230411233159.GH360895@frogsfrogsfrogs/]] | Sat Apr 15 03:27:54 2023 \\ Wed Apr 19 06:45:22 2023 \\ Tue Apr 11 23:32:04 2023 | 4.14 \\ -3.16 | | CVE-2023-2124 | | ||
| + | | Git | [vs-plain] Upcoming Git security fix releases \\ [[https://www.openwall.com/lists/oss-security/2023/04/25/2|[oss-security] [ANNOUNCE] Git v2.40.1 and friends]] | Thu Apr 20 07:29:59 2023 \\ Tue Apr 25 17:08:44 2023 | 5.40 | 2023-APR-25 at around 10am Pacific Time | CVE-2023-25652 \\ CVE-2023-25815 \\ CVE-2023-29007 | | ||
| + | | distribution/distribution | [vs-plain] Embargoed DoS in distribution/distribution: Catalog Endpoint can lead to OOM by user input \\ [[https://www.openwall.com/lists/oss-security/2023/05/09/1|[oss-security] CVE-2023-2253: distribution/distribution: Catalog API endpoint can lead to OOM via malicious user input]] | Mon Apr 24 12:55:13 2023 \\ Tue May 09 16:04:12 2023 | 15.13 | 2023-05-08 13:00 UTC \\ 2023-05-09 15:00 UTC | CVE-2023-2253 | | ||
| + | | Linux | [vs-plain] Linux kernel LPE due to use-after-free in Netfilter nf_tables \\ [[https://www.openwall.com/lists/oss-security/2023/05/08/4|[oss-security] [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory]] \\ [[https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=c1592a89942e9678f7d9c8030efa777c0d57edab]] | Tue May 02 08:28:08 2023 \\ Mon May 08 15:58:45 2023 \\ Wed May 03 06:24:32 2023 | 6.31 \\ 0.91 | Once the fix becomes public \\ Monday (May 8th) | CVE-2023-32233 | | ||
| + | | Linux | [vs-plain] linux >= 6.3-rc4: OOB physical memory read/write via io_uring \\ [[https://www.openwall.com/lists/oss-security/2023/05/08/3|[oss-security] Linux kernel io_uring out-of-bounds access to physical memory]] \\ [[https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=776617db78c6d208780e7c69d4d68d1fa82913de]] | Tue May 02 16:28:39 2023 \\ Mon May 08 14:34:55 2023 \\ Wed May 03 15:00:22 2023 | 5.92 \\ 0.94 | 2023-05-08 15:00 UTC \\ 12:00 UTC, Sunday 2023-05-07 | CVE-2023-2598 | | ||
| + | | OpenStack | [vs] Vulnerability in OpenStack cinder, glance_store, nova, os-brick (CVE-2023-2088) \\ [[https://www.openwall.com/lists/oss-security/2023/05/10/5|[oss-security] [OSSA-2023-003] cinder, glance_store, nova, os-brick: Unauthorized volume access through deleted volume attachments (CVE-2023-2088)]] | Thu May 04 00:57:23 2023 \\ Wed May 10 17:21:16 2023 | 6.68 | 2023-05-10, 1500UTC | CVE-2023-2088 \\ OSSA-2023-003 | | ||
| + | | libcap | [vs-plain] pre-announcement libcap-2.69 release 2023-05-15 \\ [[https://www.openwall.com/lists/oss-security/2023/05/15/4|[oss-security] libcap-2.69 addresses 2 CVEs]] \\ [[https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe]] | Mon May 08 01:41:19 2023 \\ Mon May 15 16:00:06 2023 \\ Mon May 15 02:10:04 2023 | 7.60 \\ 7.02 | 2023-05-15 | LCAP-CR-23-01 \\ LCAP-CR-23-02 \\ CVE-2023-2602 \\ CVE-2023-2603 | | ||
| + | | curl | [vs-plain] : curl pre-notification: CVE-2023-28319 (1/4) \\ [[https://www.openwall.com/lists/oss-security/2023/05/17/1|[oss-security] curl: CVE-2023-28319: UAF in SSH sha256 fingerprint check]] | Tue May 09 12:16:16 2023 \\ Wed May 17 06:41:12 2023 | 7.77 | 06:00 UTC on May 17th | CVE-2023-28319 | | ||
| + | | curl | [vs-plain] : curl pre-notification: CVE-2023-28320 (2/4) \\ [[https://www.openwall.com/lists/oss-security/2023/05/17/2|[oss-security] curl: CVE-2023-28320: siglongjmp race condition]] | Tue May 09 12:16:30 2023 \\ Wed May 17 06:41:18 2023 | 7.77 | 06:00 UTC on May 17th | CVE-2023-28320 | | ||
| + | | curl | [vs-plain] : curl pre-notification: CVE-2023-28321 (3/4) \\ [[https://www.openwall.com/lists/oss-security/2023/05/17/3|[oss-security] curl: CVE-2023-28321: IDN wildcard match]] | Tue May 09 12:17:16 2023 \\ Wed May 17 06:41:21 2023 | 7.77 | 06:00 UTC on May 17th | CVE-2023-28321 | | ||
| + | | curl | [vs-plain] : curl pre-notification: CVE-2023-28322 (4/4) \\ [[https://www.openwall.com/lists/oss-security/2023/05/17/4|[oss-security] curl: CVE-2023-28322: more POST-after-PUT confusion]] | Tue May 09 12:17:29 2023 \\ Wed May 17 06:41:26 2023 | 7.77 | 06:00 UTC on May 17th | CVE-2023-28322 | | ||
| + | | cups-filters | [vs-plain] CVE-2023-24805: RCE in cups-filters, beh CUPS backend \\ [[https://www.openwall.com/lists/oss-security/2023/05/17/5|[oss-security] CVE-2023-24805: RCE in cups-filters, beh CUPS backend]] | Wed May 10 12:45:42 2023 \\ Wed May 17 12:14:29 2023 | 6.98 | May 17, 2023 | CVE-2023-24805 \\ GHSA-gpxc-v2m8-fr3x | | ||
| + | | OpenSSL | [vs-plain] Embargoed OpenSSL security issue \\ [[https://www.openwall.com/lists/oss-security/2023/05/30/1|[oss-security] OpenSSL Security Advisory]] | Tue May 16 14:13:29 2023 \\ Tue May 30 13:53:09 2023 | 13.99 | 30th May 2023 | CVE-2023-2650 | | ||
| + | | c-ares | [vs-plain] c-ares security vulns \\ [[https://www.openwall.com/lists/oss-security/2023/05/22/2|[oss-security] c-ares multiple vulnerabilities: CVE-2023-32067, CVE-2023-31147, CVE-2023-31130, CVE-2023-31124]] | Fri May 19 23:08:20 2023 \\ Mon May 22 12:53:13 2023 | 2.57 | 5/22/2023 | CVE-2023-32067 \\ CVE-2023-31124 \\ CVE-2023-31130 \\ CVE-2023-31147 | | ||
| + | | CUPS | [vs-plain] EMBARGOED CVE-2023-32324 heap buffer overflow in cupsd \\ [[https://www.openwall.com/lists/oss-security/2023/06/01/1|[oss-security] [vs] CVE-2023-32324 heap buffer overflow in cupsd]] | Tue May 23 10:06:35 2023 \\ Thu Jun 01 10:49:58 2023 | 9.03 | June 1st 2023, 12:00 PM CET | CVE-2023-32324 | | ||
| | open-vm-tools | [vs] [EMBARGOED] CVE-2023-20867 \\ [[https://www.openwall.com/lists/oss-security/2023/10/16/2|[oss-security] CVE-2023-20867: open-vm-tools: Authentication Bypass vulnerability in the vgauth module]] \\ [[https://www.vmware.com/security/advisories/VMSA-2023-0013.html]] | Tue Jun 06 15:31:40 2023 \\ Mon Oct 16 01:49:50 2023 \\ Tue Jun 13 15:31:40 2023 | 131.43 \\ 7.00 | June 13th, 2023 | CVE-2023-20867 \\ VMSA-2023-0013 | | | open-vm-tools | [vs] [EMBARGOED] CVE-2023-20867 \\ [[https://www.openwall.com/lists/oss-security/2023/10/16/2|[oss-security] CVE-2023-20867: open-vm-tools: Authentication Bypass vulnerability in the vgauth module]] \\ [[https://www.vmware.com/security/advisories/VMSA-2023-0013.html]] | Tue Jun 06 15:31:40 2023 \\ Mon Oct 16 01:49:50 2023 \\ Tue Jun 13 15:31:40 2023 | 131.43 \\ 7.00 | June 13th, 2023 | CVE-2023-20867 \\ VMSA-2023-0013 | | ||
| | cpdb-libs | [vs-plain] CVE-2023-34095: Buffer overflows via scanf \\ [[https://www.openwall.com/lists/oss-security/2023/06/14/7|[oss-security] CVE-2023-34095: cpdb-libs: Buffer overflows via scanf]] | Tue Jun 06 17:37:22 2023 \\ Wed Jun 14 17:18:55 2023 | 7.99 | June 14, 2023 | CVE-2023-34095 \\ GHSA-25j7-9gfc-f46x | | | cpdb-libs | [vs-plain] CVE-2023-34095: Buffer overflows via scanf \\ [[https://www.openwall.com/lists/oss-security/2023/06/14/7|[oss-security] CVE-2023-34095: cpdb-libs: Buffer overflows via scanf]] | Tue Jun 06 17:37:22 2023 \\ Wed Jun 14 17:18:55 2023 | 7.99 | June 14, 2023 | CVE-2023-34095 \\ GHSA-25j7-9gfc-f46x | | ||
| Line 38: | Line 111: | ||
| | libcue | [vs] CVE-2023-43641 (GHSL-2023-197) \\ [[https://www.openwall.com/lists/oss-security/2023/10/09/3|[oss-security] CVE-2023-43641: out-of-bounds array access in libcue 2.2.1]] | Tue Sep 26 08:12:41 2023 \\ Mon Oct 09 17:13:07 2023 | 13.38 | 2023-10-09T17+00:00 | CVE-2023-43641 \\ GHSL-2023-197 | | | libcue | [vs] CVE-2023-43641 (GHSL-2023-197) \\ [[https://www.openwall.com/lists/oss-security/2023/10/09/3|[oss-security] CVE-2023-43641: out-of-bounds array access in libcue 2.2.1]] | Tue Sep 26 08:12:41 2023 \\ Mon Oct 09 17:13:07 2023 | 13.38 | 2023-10-09T17+00:00 | CVE-2023-43641 \\ GHSL-2023-197 | | ||
| | libX11 & libXpm | [vs-plain] Embargoed X.Org Security Advisory: Multiple issues in libX11 & libXpm \\ [[https://www.openwall.com/lists/oss-security/2023/10/03/1|[oss-security] Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 & libXpm prior to 3.5.17]] | Tue Sep 26 17:15:59 2023 \\ Tue Oct 03 16:32:00 2023 | 6.97 | October 3, 2023 | CVE-2023-43785 \\ CVE-2023-43786 \\ CVE-2023-43787 \\ CVE-2023-43788 \\ CVE-2023-43789 | | | libX11 & libXpm | [vs-plain] Embargoed X.Org Security Advisory: Multiple issues in libX11 & libXpm \\ [[https://www.openwall.com/lists/oss-security/2023/10/03/1|[oss-security] Fwd: X.Org Security Advisory: Issues in libX11 prior to 1.8.7 & libXpm prior to 3.5.17]] | Tue Sep 26 17:15:59 2023 \\ Tue Oct 03 16:32:00 2023 | 6.97 | October 3, 2023 | CVE-2023-43785 \\ CVE-2023-43786 \\ CVE-2023-43787 \\ CVE-2023-43788 \\ CVE-2023-43789 | | ||
| + | | curl | [vs-plain] : CVE-2023-38545 curl SOCKS5 heap buffer overflow (1/2) \\ [[https://www.openwall.com/lists/oss-security/2023/10/11/1|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-38545: SOCKS5 heap buffer overflow]] | Tue Oct 03 06:57:43 2023 \\ Wed Oct 11 05:58:55 2023 | 7.96 | October 11, around 06:00 UTC | CVE-2023-38545 | | ||
| + | | curl | [vs-plain] : CVE-2023-38546 curl cookie injection with none file (2/2) \\ [[https://www.openwall.com/lists/oss-security/2023/10/11/2|[oss-security] [SECURITY ADVISORY] curl: CVE-2023-38546]] | Tue Oct 03 06:57:52 2023 \\ Wed Oct 11 05:59:15 2023 | 7.96 | October 11 2023 | CVE-2023-38546 | | ||
| + | | OpenSSL | [vs-plain] Embargoed OpenSSL security issue \\ [[https://www.openwall.com/lists/oss-security/2023/10/24/1|[oss-security] OpenSSL Security Advisory]] | Tue Oct 10 14:57:08 2023 \\ Tue Oct 24 15:14:46 2023 | 14.01 | 24th October 2023 | CVE-2023-5363 \\ GHSA-q3f8-53qj-r58x | | ||
| + | | X.Org X server | [vs-plain] Embargoed X.Org Security Advisory: Multiple issues in X.Org X server \\ [[https://www.openwall.com/lists/oss-security/2023/10/25/1|[oss-security] FW: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.9 and Xwayland prior to 23.2.2]] \\ [[https://lists.x.org/archives/xorg-announce/2023-October/003430.html]] | Tue Oct 17 05:13:14 2023 \\ Wed Oct 25 11:06:15 2023 \\ Wed Oct 25 01:53:55 2023 | 8.25 \\ 7.86 | October 25, 2023 | CVE-2023-5367 \\ CVE-2023-5380 \\ CVE-2023-5574 \\ ZDI-CAN-22153 \\ ZDI-CAN-21608 \\ ZDI-CAN-21213 | | ||
| + | | open-vm-tools | [vs-plain] SAML Bypass in VMware Tools CVE-2023-34058 \\ [[https://www.openwall.com/lists/oss-security/2023/10/27/1|[oss-security] CVE-2023-34058 - SAML Token Signature Bypass in open-vm-tools]] | Thu Oct 19 18:43:23 2023 \\ Fri Oct 27 08:36:14 2023 | 7.58 | October 26th, 2023 | CVE-2023-34058 | | ||
| + | | open-vm-tools | [vs-plain] file descriptor hijack in VMware Tools CVE-2023-34059 \\ [[https://www.openwall.com/lists/oss-security/2023/10/27/2|[oss-security] CVE-2023-34059 - File Descriptor Hijack vulnerability in open-vm-tools]] | Thu Oct 19 18:43:46 2023 \\ Fri Oct 27 08:36:17 2023 | 7.58 | October 26th, 2023 | CVE-2023-34059 | | ||
| + | | Intel CPUs | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2023/11/14/4|[oss-security] CVE-2023-23583: Intel - Denial of Service - Privilege Escalation (Reptar)]] | Thu Nov 09 23:51:52 2023 \\ Tue Nov 14 18:36:44 2023 | 4.78 | November 14th, 10 am Pacific Time | CVE-2023-23583 | | ||
| + | | curl | [vs-plain] : curl pre-notification: CVE-2023-46218 (1/2) \\ [[https://www.openwall.com/lists/oss-security/2023/12/06/1|[oss-security] [SECURITY ADVISORY] curl: cookie mixed case PSL bypass]] \\ [[https://github.com/curl/curl/pull/12387]] | Tue Nov 28 07:04:22 2023 \\ Wed Dec 06 07:29:18 2023 \\ Thu Nov 23 07:16:00 2023 | 8.02 \\ -4.99 | 07:00 UTC on December 6 | CVE-2023-46218 | | ||
| + | | curl | [vs-plain] : curl pre-notification: CVE-2023-46219 (2/2) \\ [[https://www.openwall.com/lists/oss-security/2023/12/06/2|[oss-security] [SECURITY ADVISORY] curl: HSTS long file name clears contents]] \\ [[https://github.com/curl/curl/pull/12388]] | Tue Nov 28 07:04:40 2023 \\ Wed Dec 06 07:29:58 2023 \\ Thu Nov 23 07:24:00 2023 | 8.02 \\ -4.99 | 07:00 UTC on December 6 | CVE-2023-46219 | | ||
| + | | X.Org X server and Xwayland | [vs-plain] Embargoed X.Org Security Advisory: Issues in X server and Xwayland \\ [[https://www.openwall.com/lists/oss-security/2023/12/13/1|[oss-security] FW: X.Org Security Advisory: Issues in X.Org X server prior to 21.1.10 and Xwayland prior to 23.2.3]] \\ [[https://lists.x.org/archives/xorg-announce/2023-December/003435.html]] | Tue Dec 05 21:17:38 2023 \\ Wed Dec 13 13:03:51 2023 \\ Wed Dec 13 02:02:10 2023 | 7.66 \\ 7.20 | December 13, 2023 00:00 UTC | CVE-2023-6377 \\ CVE-2023-6478 \\ ZDI-CAN-22412 \\ ZDI-CAN-22413 \\ ZDI-CAN-22561 | | ||
| + | | SSH protocol | [vs] ... \\ [[https://www.openwall.com/lists/oss-security/2023/12/18/3|[oss-security] CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack)]] \\ [[https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ]] | Mon Dec 11 15:40:29 2023 \\ Mon Dec 18 16:47:26 2023 \\ Tue Dec 12 20:56:36 2023 | 7.05 \\ 1.22 | 18th of December 2023 15:00 UTC | CVE-2023-48795 | | ||
| + | | Debian cpio | [vs-plain] Security vulnerability in Debian's cpio 2.13 \\ [[https://www.openwall.com/lists/oss-security/2023/12/21/8|[oss-security] Security vulnerability in Debian's cpio 2.13]] \\ [[https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059163]] | Sun Dec 17 15:50:53 2023 \\ Thu Dec 21 16:50:17 2023 \\ Wed Dec 20 19:03:02 2023 | 4.04 \\ 3.13 | 2023-12-27 | | | ||
| + | | xarchiver | [vs-plain] xarchiver: Path traversal with crafted cpio archives \\ [[https://www.openwall.com/lists/oss-security/2023/12/27/1|[oss-security] xarchiver: Path traversal with crafted cpio archives]] | Sun Dec 17 15:50:53 2023 \\ Wed Dec 27 13:42:05 2023 | 9.91 | 2023-12-27 | | | ||
| - | ==== Extra data for prior months not included in statistics ==== | + | ===== Source input data ===== |
| - | + | ||
| - | The data here is unfortunately incomplete and unreliable, resulting from automated processing of input that wasn't meant to be fully machine-readable. | + | |
| - | ^Project^Subject^Reported^Coordinated Release Date^Time of oss-security posting^CVE(s)^Days embargoed (scheduled)^Days embargoed (oss-security)^ | + | These files were manually created based on review of the e-mail threads and external resources referenced from there. They were processed with {{stats-process.txt|this Perl script}} to produce the tables above. You should be able to reproduce that. |
| - | ^ February ^^^^^^^^ | + | |
| - | | |less CVE-2022-46663|2023-02-01T06:55:51+00:00|2023-02-08T06:55:51+00:00|[[https://marc.info/?i=CAP9KPhB7PqqFt%3DOf8%2B6CKiaV%3D%2Bp%3DWwYOjG3QF3TEBDDop1125g%40mail.gmail.com|2023-02-07T18:49:47+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-46663|CVE-2022-46663]]|7.00|6.46| | + | |
| - | ^ January ^^^^^^^^ | + | |
| - | | |Preview of X.Org Security Advisory for 2023-02-07|2023-01-30T22:33:32+00:00|2023-02-06T22:33:32+00:00|[[https://marc.info/?i=9afca616-11f3-ac36-4d5f-918487e1a756%40redhat.com|2023-02-07T01:36:35+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-0494|CVE-2022-0494]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2023-0494|CVE-2023-0494]]|7.00|7.12| | + | |
| - | | |pesign: Local privilege escalation on pesign systemd service|2023-01-27T20:44:55+00:00|2023-02-03T20:44:55+00:00|[[https://marc.info/?i=CAOGQQ29pYOHP2puP-nAzO%2BQnbc-OouwnVFpQVY_%3DOvVo12%3DMkw%40mail.gmail.com|2023-01-31T15:59:19+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-3560|CVE-2022-3560]]|7.00|3.79| | + | |
| - | | |Embargoed OpenSSL security issues|2023-01-25T12:02:01+00:00|2023-02-07T00:00:00+00:00|[[https://marc.info/?i=CAPCCXc9UR7FmvkEvyy2_H%3Dh4Y8cSMtJC7i8FsypBQye_FXp5GA%40mail.gmail.com|2023-02-07T19:28:51+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-4203|CVE-2022-4203]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-4304|CVE-2022-4304]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-4450|CVE-2022-4450]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2023-0215|CVE-2023-0215]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2023-0216|CVE-2023-0216]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2023-0217|CVE-2023-0217]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2023-0286|CVE-2023-0286]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2023-0401|CVE-2023-0401]]|12.46|13.29| | + | |
| - | | |...|2023-01-24T11:58:47+00:00|2023-01-31T11:58:47+00:00|[[https://marc.info/?i=Y9FhZ0vKzTx4WTCH%40larwa.hq.kempniu.pl|2023-01-25T17:05:43+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-3094|CVE-2022-3094]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-3736|CVE-2022-3736]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-3924|CVE-2022-3924]]|7.00|1.21| | + | |
| - | | |Re: Vulnerability in OpenStack Cinder, Glance, Nova (CVE-2022-47951)|2023-01-17T21:53:09+00:00|2023-01-24T21:53:09+00:00|[[https://marc.info/?i=20230124160818.wlaspet7jsmths2p%40yuggoth.org|2023-01-24T16:08:18+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-47951|CVE-2022-47951]]|7.00|6.75| | + | |
| - | | |null pointer dereference in Linux kernel|2023-01-15T05:12:43+00:00|2023-01-22T05:12:43+00:00|[[https://marc.info/?i=CADW8OBuhuCTq-MvcFuAxOc6pWrkmOd-mwV9yasNRfbnD9s85-g%40mail.gmail.com|2023-01-18T20:26:46+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2023-0394|CVE-2023-0394]]|7.00|3.62| | + | |
| - | | |Re: PowerDNS pre-notification: EMBARGO: PowerDNS Security Advisory 2023-01: PowerDNS Recursor 4.8.0 unbounded recursion results in program termination|2023-01-13T11:17:46+00:00|2023-01-20T11:17:46+00:00|[[https://marc.info/?i=1295588158.7348.1674217183817%40appsuite-guard.open-xchange.com|2023-01-20T12:19:43+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2023-22617|CVE-2023-22617]]|7.00|7.04| | + | |
| - | | |Re: Embargoed X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15|2023-01-12T23:41:22+00:00|2023-01-19T23:41:22+00:00|[[https://marc.info/?i=7b3fdf01-8189-567d-bf15-ba8478eaba79%40oracle.com|2023-01-17T16:47:45+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-4883|CVE-2022-4883]]|7.00|4.71| | + | |
| - | | |...|2023-01-12T14:17:07+00:00|2023-01-19T14:17:07+00:00|[[https://marc.info/?i=CAE-GootkXskaRKTmdPg1KsL3cm2oPq8DtL14MoupwX_CaVDeXw%40mail.gmail.com|2023-01-19T00:33:43+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2023-22809|CVE-2023-22809]]|7.00|6.42| | + | |
| - | | |Netfilter vulnerability disclosure|2023-01-11T01:26:17+00:00|2023-01-18T01:26:17+00:00|[[https://marc.info/?i=CAHH-0UfWddrL_x9n1eG1oJ6iurew7D6Yb%3Dz%3D068BfV7uJGSRGw%40mail.gmail.com|2023-01-13T15:22:47+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-1015|CVE-2022-1015]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2023-0179|CVE-2023-0179]]|7.00|2.54| | + | |
| - | | |Re: Vulnerability in OpenStack Swift (CVE-2022-47950)|2023-01-11T00:35:00+00:00|2023-01-18T00:35:00+00:00|[[https://marc.info/?i=20230117160111.htaewnl2wmuqlgq7%40yuggoth.org|2023-01-17T16:01:11+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-47950|CVE-2022-47950]]|7.00|6.62| | + | |
| - | | |Upcoming Git security fix release|2023-01-10T23:08:02+00:00|2023-01-17T23:08:02+00:00|[[https://marc.info/?i=xmqqfscit2ct.fsf%40gitster.g|2023-01-17T18:06:10+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-23521|CVE-2022-23521]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-41903|CVE-2022-41903]]|7.00|6.75| | + | |
| - | | |Embargoed X.Org Security Advisory: Issues handling XPM files in libXpm prior to 3.5.15|2023-01-10T18:12:18+00:00|2023-01-17T18:12:18+00:00|[[https://marc.info/?i=7b3fdf01-8189-567d-bf15-ba8478eaba79%40oracle.com|2023-01-17T16:47:45+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-44617|CVE-2022-44617]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-46285|CVE-2022-46285]]\\ [[https://nvd.nist.gov/vuln/detail/CVE-2022-4883|CVE-2022-4883]]|7.00|6.92| | + | |
| - | | |Re: CVE-2022-46176: Cargo does not check SSH host keys|2023-01-05T16:48:13+00:00|2023-01-12T16:48:13+00:00|[[https://marc.info/?i=0c602545-dfad-4d49-beaa-b5094b343af8%40app.fastmail.com|2023-01-10T16:45:06+00:00]]|[[https://nvd.nist.gov/vuln/detail/CVE-2022-46176|CVE-2022-46176]]|7.00|4.96| | + | |
| + | * {{stats-202301.txt}} | ||
| + | * {{stats-202302.txt}} | ||
| + | * {{stats-202303.txt}} | ||
| + | * {{stats-202304.txt}} | ||
| + | * {{stats-202305.txt}} | ||
| + | * {{stats-202306.txt}} | ||
| + | * {{stats-202307.txt}} | ||
| + | * {{stats-202308.txt}} | ||
| + | * {{stats-202309.txt}} | ||
| + | * {{stats-202310.txt}} | ||
| + | * {{stats-202311.txt}} | ||
| + | * {{stats-202312.txt}} | ||