Todo Lists - Arch Linux
Issue
Severity
Remote
Type
Description
CVE-2022-29824
Medium
Unknown
Arbitrary code execution
Integer overflow in xmlBuf (buf.c) and xmlBuffer (tree.c) can lead to out-of-bounds memory...CVE-2022-28388 High Unknown Unknown
usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1...CVE-2022-28288 Medium Unknown Arbitrary code execution
Mozilla developers and community members Randell Jesup, Sebastian Hengst, and the Mozilla...CVE-2022-28287 Low Unknown Unknown
In unusual circumstances, selecting text could cause text selection caching to behave...CVE-2022-28285 Medium Unknown Unknown
When generating the assembly code for MLoadTypedArrayElementHole, an incorrect AliasSet was...CVE-2022-28284 Medium Unknown Unknown
SVG's <use> element could have been used to load unexpected content that could have...CVE-2022-28283 Medium Unknown Unknown
The sourceMapURL feature in devtools was missing security checks that would have allowed a...CVE-2022-28282 Medium Unknown Unknown
By using a link with rel="localization" a use-after-free could have been triggered by...CVE-2022-28209 Critical Unknown Unknown
An issue was discovered in Mediawiki through 1.37.1. The check for the override-antispoof...CVE-2022-28206 Critical Unknown Unknown
An issue was discovered in MediaWiki through 1.37.1. ImportPlanValidator.php in the...CVE-2022-28205 Critical Unknown Unknown
An issue was discovered in MediaWiki through 1.37.1. The CentralAuth extension mishandles a...CVE-2022-28144 Medium Yes Unknown
Jenkins Proxmox Plugin 0.7.0 and earlier does not perform a permission check in several...CVE-2022-28142 High Yes Unknown
Jenkins Proxmox Plugin 0.6.0 and earlier disables SSL/TLS certificate validation globally...CVE-2022-28139 Medium Yes Unknown
A missing permission check in Jenkins RocketChat Notifier Plugin 1.4.10 and earlier allows...CVE-2022-28137 Medium Yes Unknown
A missing permission check in Jenkins JiraTestResultReporter Plugin 165.v817928553942 and...CVE-2022-28134 Medium Yes Unknown
Jenkins Bitbucket Server Integration Plugin 3.1.0 and earlier does not perform permission...CVE-2022-27942 Unknown Unknown Unknown
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.cCVE-2022-27941 Unknown Unknown Unknown
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in...CVE-2022-27940 Unknown Unknown Unknown
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.cCVE-2022-27939 Unknown Unknown Unknown
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.cCVE-2022-27782 Medium Unknown Unknown
libcurl would reuse a previously created connection even when a TLS or SSH related option...CVE-2022-27781 Low Unknown Unknown
libcurl provides the `CURLOPT_CERTINFO` option to allow applications to request details to...CVE-2022-27780 Medium Unknown Unknown
The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding...CVE-2022-27779 Medium Unknown Unknown
libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name...CVE-2022-27778 Medium Unknown Unknown
If curl adds a number to not "clobber" the output and an error occurs during transfer, the...CVE-2022-27666 High Unknown Unknown
A heap buffer overflow flaw was found in IPsec ESP transformation code in net/ipv4/esp4.c...CVE-2022-27223 High Unknown Unknown
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint...CVE-2022-26966 Medium Unknown Unknown
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows...CVE-2022-26878 Medium Unknown Unknown
drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket...CVE-2022-26490 High Unknown Unknown
st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel...CVE-2022-26387 High Unknown Unknown
When installing an add-on, Thunderbird verified the signature before prompting the user;...CVE-2022-26386 Low No Unknown
Previously Thunderbird for macOS and Linux would download temporary files to a...CVE-2022-26384 High Yes Unknown
If an attacker could control the contents of an iframe sandboxed with allow-popups but not...CVE-2022-26383 High Yes Unknown
When resizing a popup after requesting fullscreen access, the popup would not display the...CVE-2022-25310 Unknown No Unknown
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the...CVE-2022-25309 Unknown No Unknown
A heap-based buffer overflow flaw was found in the Fribidi package and affects the...CVE-2022-24959 Medium Unknown Unknown
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in...CVE-2022-24958 High Unknown Unknown
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.CVE-2022-24761 High Yes Unknown
waitress behind a proxy that does not properly validate the incoming HTTP request matches...CVE-2022-24713 Low Unknown Unknown
The rust regex crate did not properly prevent crafted regular expressions from taking an...CVE-2022-24303 Unknown Unknown Unknown
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames...CVE-2022-23901 Unknown Unknown Unknown
A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc.CVE-2022-23648 Unknown Unknown Information disclosure
containers launched through containerd’s CRI implementation with a specially-crafted image...CVE-2022-23308 High Unknown Arbitrary code execution
Use-after-free of ID and IDREF attributes in valid.cCVE-2022-22817 Unknown Unknown Unknown
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such...CVE-2022-22816 Unknown Unknown Unknown
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization...CVE-2022-22815 Unknown Unknown Unknown
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.PathCVE-2022-22637 High Yes Unknown
A logic issue was addressed with improved state management. A malicious website may cause...CVE-2022-21496 Medium Yes Unknown
CVE-2022-21476 High Yes Unknown
CVE-2022-21443 Low Yes Unknown
CVE-2022-21434 Medium Yes Unknown
CVE-2022-21426 Medium Yes Unknown
CVE-2022-20803 Unknown Yes Arbitrary code execution
possible double-free vulnerability in the OLE2 file parserCVE-2022-20796 Medium Unknown Unknown
possible NULL-pointer dereference crash in the scan verdict cache checkCVE-2022-20792 Unknown Yes Arbitrary code execution
possible multi-byte heap buffer overflow write vulnerability in the signature database load moduleCVE-2022-1652 Unknown Unknown Unknown
A concurrency use-after-free was found in the Linux kernel.CVE-2022-1641 Medium Unknown Unknown
Use after free in Web UI Diagnostics.CVE-2022-1640 High Unknown Unknown
Use after free in Sharing.CVE-2022-1639 High Unknown Unknown
Use after free in ANGLE.CVE-2022-1638 High Unknown Unknown
Heap buffer overflow in V8 Internationalization.CVE-2022-1637 High Unknown Unknown
Inappropriate implementation in Web Contents.CVE-2022-1636 High Unknown Unknown
Use after free in Performance APIs.CVE-2022-1635 High Unknown Unknown
Use after free in Permission Prompts.CVE-2022-1634 High Unknown Unknown
Use after free in Browser UI.CVE-2022-1633 High Unknown Unknown
Use after free in Sharesheet.CVE-2022-1516 Unknown Unknown Unknown
A NULL pointer dereference flaw in the implementation of the X.25 set of standardized...CVE-2022-1510 Medium Unknown Denial of service
GitLab all versions starting from 13.9 before 14.8.6, all versions starting from 14.9...CVE-2022-1460 Medium Unknown Access restriction bypass
GitLab all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before...CVE-2022-1433 Low Unknown Unknown
Missing invalidation of Markdown caching causes potential payloads from a previously...CVE-2022-1431 Medium Unknown Denial of service
GitLab all versions starting from 12.10 before 14.8.6, all versions starting from 14.9...CVE-2022-1428 Medium Unknown Denial of service
GitLab all versions before 14.8.6, all versions starting from 14.9 before 14.9.4, all...CVE-2022-1426 Low Unknown Authentication bypass
GitLab from 12.6 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions...CVE-2022-1423 High Unknown Arbitrary code execution
Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions...CVE-2022-1417 Medium Unknown Authentication bypass
Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before...CVE-2022-1416 Medium Unknown Unknown
Missing sanitization of data in Pipeline error messages in GitLab CE/EE affecting all...CVE-2022-1413 Medium Unknown Information disclosure
Missing input masking in GitLab CE/EE affecting all versions starting from 1.0.2 before...CVE-2022-1406 Medium Unknown Insufficient validation
Improper input validation in GitLab CE/EE affecting all versions from 8.12 prior to 14.8.6,...CVE-2022-1353 Unknown Unknown Unknown
A vulnerability was found in the pfkey_register function in net/key/af_key.c in the Linux...CVE-2022-1352 Medium Unknown Information disclosure
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all...CVE-2022-1328 Unknown Unknown Unknown
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before...CVE-2022-1292 Medium Unknown Unknown
The c_rehash script does not properly sanitise shell metacharacters to prevent command...CVE-2022-1205 Unknown Unknown Unknown
There are NPD and use-after-free vulnerabilities in net/ax25/ax25_timer.c of linux that...CVE-2022-1204 Unknown Unknown Unknown
There are use-after-free vulnerabilities in net/ax25/af_ax25.c of linux that allow attacker...CVE-2022-1199 Unknown Unknown Unknown
There are null-ptr-deref vulnerability and use-after-free vulnerabilities in...CVE-2022-1198 Unknown Unknown Unknown
There are use-after-free vulnerabilities in drivers/net/hamradio/6pack.c of linux that...CVE-2022-1197 Medium Unknown Unknown
When importing a revoked key that specified key compromise as the revocation reason,...CVE-2022-1196 Medium Unknown Unknown
After a VR Process is destroyed, a reference to it may have been retained and used, leading...CVE-2022-1195 Unknown Unknown Unknown
A use-after-free vulnerability was found in drivers/net/hamradio in the Linux kernel. In...CVE-2022-1172 Medium Unknown Unknown
Null Pointer Dereference Caused Segmentation Fault in gpac prior to 2.1.0-DEVCVE-2022-1158 Unknown Unknown Unknown
Linux Kernel v5.2+: x86/kvm: cmpxchg_gpte can write to pfns outside the userspace regionCVE-2022-1124 Medium Unknown Information disclosure
An improper authorization issue has been discovered in GitLab CE/EE affecting all versions...CVE-2022-1106 Unknown Unknown Unknown
use after free in mrb_vm_exec in mruby prior to 3.2CVE-2022-1096 High Yes Unknown
It is a type confusion weakness in the Chrome V8 JavaScript engine. Google is aware that an...CVE-2022-1048 Unknown Unknown Unknown
race condition in snd_pcm_hw_free leading to use-after-freeCVE-2022-1016 Unknown Unknown Unknown
CVE-2022-1016 pertains to uninitialized stack data in the nft_do_chain routine....CVE-2022-1015 Unknown Unknown Unknown
CVE-2022-1015 pertains to an out of bounds access in nf_tables expression evaluation due to...CVE-2022-0854 Medium Unknown Unknown
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls...CVE-2022-0843 Medium Unknown Arbitrary code execution
Mozilla developers Kershaw Chang, Ryan VanderMeulen, and Randell Jesup reported memory...CVE-2022-0617 Medium Unknown Unknown
A NULL pointer dereference was found in the Linux kernel’s UDF file system functionality in...CVE-2022-0494 Medium Unknown Unknown
A kernel information leak flaw was identified in the scsi_ioctl function in...CVE-2022-0358 High No Unknown
In the QEMU virtio-fs shared file system daemon (virtiofsd) a local guest user can create...CVE-2022-0168 Unknown Unknown Unknown
A denial of service (DOS) issue was found in the Linux kernel’s smb2_ioctl_query_info...CVE-2021-4207 High Unknown Unknown
In the QXL display device emulation in QEMU. A double fetch of guest controlled values...CVE-2021-4197 High Unknown Unknown
An unprivileged write to the file handler flaw in the Linux kernel's control groups and...CVE-2021-4156 High Unknown Unknown
An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker...
Issue
Severity
Remote
Type
Description
CVE-2021-4206
High
No
Arbitrary code execution
An integer overflow in the cursor_alloc() function of the QXL display device emulation can...CVE-2021-4207 High Unknown Unknown
In the QXL display device emulation in QEMU. A double fetch of guest controlled values...CVE-2021-45046 Medium Yes Denial of service
It was found that the fix to address CVE-2021-44228 in Apache Log4j 2.15.0 was incomplete...CVE-2022-0358 High No Unknown
In the QEMU virtio-fs shared file system daemon (virtiofsd) a local guest user can create...CVE-2022-0494 Medium Unknown Unknown
A kernel information leak flaw was identified in the scsi_ioctl function in...CVE-2022-0617 Medium Unknown Unknown
A NULL pointer dereference was found in the Linux kernel’s UDF file system functionality in...CVE-2022-0854 Medium Unknown Unknown
A memory leak flaw was found in the Linux kernel’s DMA subsystem, in the way a user calls...CVE-2022-0987 Low No Information disclosure
A vulnerability was found in PackageKit in the way some of the methods exposed by the...CVE-2022-1011 High No Privilege escalation
A use-after-free flaw was found in the Linux kernel’s FUSE filesystem in the way a user...CVE-2022-1106 Unknown Unknown Unknown
use after free in mrb_vm_exec in mruby prior to 3.2CVE-2022-1172 Medium Unknown Unknown
Null Pointer Dereference Caused Segmentation Fault in gpac prior to 2.1.0-DEVCVE-2022-1215 High No Privilege escalation
Format string vulnerability in evdev device handlingCVE-2022-1328 Unknown Unknown Unknown
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before...CVE-2022-1652 Unknown Unknown Unknown
A concurrency use-after-free was found in the Linux kernel.CVE-2022-22815 Unknown Unknown Unknown
path_getbbox in path.c in Pillow before 9.0.0 improperly initializes ImagePath.PathCVE-2022-22816 Unknown Unknown Unknown
path_getbbox in path.c in Pillow before 9.0.0 has a buffer over-read during initialization...CVE-2022-22817 Unknown Unknown Unknown
PIL.ImageMath.eval in Pillow before 9.0.0 allows evaluation of arbitrary expressions, such...CVE-2022-23901 Unknown Unknown Unknown
A stack overflow re2c 2.2 exists due to infinite recursion issues in src/dfa/dead_rules.cc.CVE-2022-24303 Unknown Unknown Unknown
Pillow before 9.0.1 allows attackers to delete files because spaces in temporary pathnames...CVE-2022-24448 Low No Information disclosure
A flaw was found in the Linux kernel. When an application tries to open a directory (using...CVE-2022-24903 High Yes Arbitrary code execution
A flaw was found in rsyslog's reception TCP modules. This flaw allows an attacker to craft...CVE-2022-24958 High Unknown Unknown
drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev->buf release.CVE-2022-24959 Medium Unknown Unknown
An issue was discovered in the Linux kernel before 5.16.5. There is a memory leak in...CVE-2022-25308 Medium No Denial of service
A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an...CVE-2022-25309 Unknown No Unknown
A heap-based buffer overflow flaw was found in the Fribidi package and affects the...CVE-2022-25310 Unknown No Unknown
A segmentation fault (SEGV) flaw was found in the Fribidi package and affects the...CVE-2022-26353 High No Arbitrary code execution
the fix for CVE-2021-3748 forgot to unmap the cached virtqueue elements on error, leading...CVE-2022-26354 Low No Denial of service
In case of error in the vhost-vsock device, an invalid element was not detached from the...CVE-2022-26878 Medium Unknown Unknown
drivers/bluetooth/virtio_bt.c in the Linux kernel before 5.16.3 has a memory leak (socket...CVE-2022-26966 Medium Unknown Unknown
An issue was discovered in the Linux kernel before 5.16.12. drivers/net/usb/sr9700.c allows...CVE-2022-27223 High Unknown Unknown
In drivers/usb/gadget/udc/udc-xilinx.c in the Linux kernel before 5.16.12, the endpoint...CVE-2022-27939 Unknown Unknown Unknown
tcprewrite in Tcpreplay 4.4.1 has a reachable assertion in get_layer4_v6 in common/get.cCVE-2022-27940 Unknown Unknown Unknown
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_ipv6_next in common/get.cCVE-2022-27941 Unknown Unknown Unknown
tcprewrite in Tcpreplay 4.4.1 has a heap-based buffer over-read in get_l2len_protocol in...CVE-2022-27942 Unknown Unknown Unknown
tcpprep in Tcpreplay 4.4.1 has a heap-based buffer over-read in parse_mpls in common/get.c