kpriv/freebsd-ports
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
freebsd-ports/security/vuxml/vuln-2022.xml
Boris Korzun 4bd697c3b7 security/vuxml: Document new Grafana vulnerabilities 
CVE-2022-31097 - Stored XSS
CVE-2022-31107 - OAuth Account Takeover

PR:		265330
2022-07-23 22:57:43 +01:00

5948 lines
226 KiB
XML
Raw Blame History

<vuln vid="e1387e95-08d0-11ed-be26-001999f8d30b">
<topic>VirtualBox -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>virtualbox-ose</name>
<range><lt>6.1.36</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Oracle reports:</p>
<blockquote cite="https://www.oracle.com/security-alerts/cpujul2022.html">
<p> Easily exploitable vulnerability allows high privileged
attacker with logon to the infrastructure where Oracle
VM VirtualBox executes to compromise Oracle VM VirtualBox.
Successful attacks of this vulnerability can result in
unauthorized ability to cause a hang or frequently
repeatable crash (complete DOS) of Oracle VM VirtualBox.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-21554</cvename>
<cvename>CVE-2022-21571</cvename>
<url>https://www.oracle.com/security-alerts/cpujul2022.html</url>
</references>
<dates>
<discovery>2022-07-20</discovery>
<entry>2022-07-21</entry>
</dates>
</vuln>
<vuln vid="8e150606-08c9-11ed-856e-d4c9ef517024">
<topic>MySQL -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>mysql-server56</name>
<range><lt>5.6.52</lt></range>
</package>
<package>
<name>mysql-server57</name>
<range><lt>5.7.39</lt></range>
</package>
<package>
<name>mysql-client80</name>
<range><lt>8.0.30</lt></range>
</package>
<package>
<name>mysql-server80</name>
<range><lt>8.0.30</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Oracle reports:</p>
<blockquote cite="https://www.oracle.com/security-alerts/cpujul2022.html#AppendixMSQL">
<p>This Critical Patch Update contains 34 new security patches plus
additional third party patches noted below for Oracle MySQL. 10 of
these vulnerabilities may be remotely exploitable without
authentication, i.e., may be exploited over a network without
requiring user credentials.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1292</cvename>
<cvename>CVE-2022-21824</cvename>
<cvename>CVE-2022-27778</cvename>
<cvename>CVE-2018-25032</cvename>
<cvename>CVE-2022-21556</cvename>
<cvename>CVE-2022-21569</cvename>
<cvename>CVE-2022-21550</cvename>
<cvename>CVE-2022-21519</cvename>
<cvename>CVE-2022-21527</cvename>
<cvename>CVE-2022-21528</cvename>
<cvename>CVE-2022-21509</cvename>
<cvename>CVE-2022-21539</cvename>
<cvename>CVE-2022-21517</cvename>
<cvename>CVE-2022-21537</cvename>
<cvename>CVE-2022-21547</cvename>
<cvename>CVE-2022-21525</cvename>
<cvename>CVE-2022-21526</cvename>
<cvename>CVE-2022-21529</cvename>
<cvename>CVE-2022-21530</cvename>
<cvename>CVE-2022-21531</cvename>
<cvename>CVE-2022-21553</cvename>
<cvename>CVE-2022-21515</cvename>
<cvename>CVE-2022-21455</cvename>
<cvename>CVE-2022-21534</cvename>
<cvename>CVE-2022-21522</cvename>
<cvename>CVE-2022-21538</cvename>
<cvename>CVE-2022-21535</cvename>
<url>https://www.oracle.com/security-alerts/cpujul2022.html#AppendixMSQL</url>
</references>
<dates>
<discovery>2022-07-19</discovery>
<entry>2022-07-21</entry>
</dates>
</vuln>
<vuln vid="27cc4258-0805-11ed-8ac1-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>103.0.5060.134</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html">
<p>This release contains 11 security fixes, including:</p>
<ul>
<li>[1336266] High CVE-2022-2477: Use after free in Guest View. Reported by anonymous on 2022-06-14</li>
<li>[1335861] High CVE-2022-2478: Use after free in PDF. Reported by triplepwns on 2022-06-13</li>
<li>[1329987] High CVE-2022-2479: Insufficient validation of untrusted input in File. Reported by anonymous on 2022-05-28</li>
<li>[1339844] High CVE-2022-2480: Use after free in Service Worker API. Reported by Sergei Glazunov of Google Project Zero on 2022-06-27</li>
<li>[1341603] High CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University on 2022-07-04</li>
<li>[1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-2163</cvename>
<cvename>CVE-2022-2477</cvename>
<cvename>CVE-2022-2478</cvename>
<cvename>CVE-2022-2479</cvename>
<cvename>CVE-2022-2480</cvename>
<cvename>CVE-2022-2481</cvename>
<url>https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html</url>
</references>
<dates>
<discovery>2022-07-19</discovery>
<entry>2022-07-20</entry>
</dates>
</vuln>
<vuln vid="871d93f9-06aa-11ed-8d5f-080027f5fec9">
<topic>redis -- Potential remote code execution vulnerability</topic>
<affects>
<package>
<name>redis</name>
<range><ge>7.0.0</ge><lt>7.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Redis core team reports:</p>
<blockquote cite="https://groups.google.com/g/redis-db/c/FWngtg3WpfA">
<p>
A specially crafted XAUTOCLAIM command on a stream key in
a specific state may result with heap overflow, and
potentially remote code execution.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-31144</cvename>
<url>https://groups.google.com/g/redis-db/c/FWngtg3WpfA</url>
</references>
<dates>
<discovery>2022-07-18</discovery>
<entry>2022-07-18</entry>
</dates>
</vuln>
<vuln vid="0c367e98-0415-11ed-a53b-6c3be5272acd">
<topic>Grafana -- Stored XSS</topic>
<affects>
<package>
<name>grafana</name>
<range><ge>8.3.0</ge><lt>8.3.10</lt></range>
<range><ge>8.4.0</ge><lt>8.4.10</lt></range>
<range><ge>8.5.0</ge><lt>8.5.9</lt></range>
<range><ge>9.0.0</ge><lt>9.0.3</lt></range>
</package>
<package>
<name>grafana8</name>
<range><ge>8.3.0</ge><lt>8.3.10</lt></range>
<range><ge>8.4.0</ge><lt>8.4.10</lt></range>
<range><ge>8.5.0</ge><lt>8.5.9</lt></range>
</package>
<package>
<name>grafana9</name>
<range><lt>9.0.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Grafana Labs reports:</p>
<blockquote cite="https://grafana.com/blog/2022/07/14/grafana-v9-0-3-8-5-9-8-4-10-and-8-3-10-released-with-high-severity-security-fix/">
<p>An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. (Note: Grafana Alerting is activated by default in Grafana 9.0.)</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-31097</cvename>
<url>https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f</url>
</references>
<dates>
<discovery>2022-06-19</discovery>
<entry>2022-07-15</entry>
</dates>
</vuln>
<vuln vid="0859e6d5-0415-11ed-a53b-6c3be5272acd">
<topic>Grafana -- OAuth Account Takeover</topic>
<affects>
<package>
<name>grafana</name>
<range><ge>5.3.0</ge><lt>8.3.10</lt></range>
<range><ge>8.4.0</ge><lt>8.4.10</lt></range>
<range><ge>8.5.0</ge><lt>8.5.9</lt></range>
<range><ge>9.0.0</ge><lt>9.0.3</lt></range>
</package>
<package>
<name>grafana7</name>
<range><ge>7.0</ge></range>
</package>
<package>
<name>grafana8</name>
<range><ge>8.3.0</ge><lt>8.3.10</lt></range>
<range><ge>8.4.0</ge><lt>8.4.10</lt></range>
<range><ge>8.5.0</ge><lt>8.5.9</lt></range>
</package>
<package>
<name>grafana9</name>
<range><lt>9.0.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Grafana Labs reports:</p>
<blockquote cite="https://grafana.com/blog/2022/07/14/grafana-v9-0-3-8-5-9-8-4-10-and-8-3-10-released-with-high-severity-security-fix/">
<p>It is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under some conditions.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-31107</cvename>
<url>https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2</url>
</references>
<dates>
<discovery>2022-06-27</discovery>
<entry>2022-07-15</entry>
</dates>
</vuln>
<vuln vid="a4f2416c-02a0-11ed-b817-10c37b4ac2ea">
<topic>go -- multiple vulnerabilities</topic>
<affects>
<package>
<name>go118</name>
<range><lt>1.18.4</lt></range>
</package>
<package>
<name>go117</name>
<range><lt>1.17.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Go project reports:</p>
<blockquote cite="https://go.dev/issue/53188">
<p>net/http: improper sanitization of Transfer-Encoding
header</p>
<p>The HTTP/1 client accepted some invalid
Transfer-Encoding headers as indicating a "chunked"
encoding. This could potentially allow for request
smuggling, but only if combined with an intermediate
server that also improperly failed to reject the header
as invalid.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/53423">
<p>When httputil.ReverseProxy.ServeHTTP was called with a
Request.Header map containing a nil value for the
X-Forwarded-For header, ReverseProxy would set the client
IP as the value of the X-Forwarded-For header, contrary to
its documentation. In the more usual case where a Director
function set the X-Forwarded-For header value to nil,
ReverseProxy would leave the header unmodified as
expected.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/53168">
<p>compress/gzip: stack exhaustion in Reader.Read</p>
<p>Calling Reader.Read on an archive containing a large
number of concatenated 0-length compressed files can
cause a panic due to stack exhaustion.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/53611">
<p>encoding/xml: stack exhaustion in Unmarshal</p>
<p>Calling Unmarshal on a XML document into a Go struct
which has a nested field that uses the any field tag can
cause a panic due to stack exhaustion.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/53614">
<p>encoding/xml: stack exhaustion in Decoder.Skip</p>
<p>Calling Decoder.Skip when parsing a deeply nested XML
document can cause a panic due to stack exhaustion.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/53615">
<p>encoding/gob: stack exhaustion in Decoder.Decode</p>
<p>Calling Decoder.Decode on a message which contains
deeply nested structures can cause a panic due to stack
exhaustion.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/53416">
<p>path/filepath: stack exhaustion in Glob</p>
<p>Calling Glob on a path which contains a large number of
path separators can cause a panic due to stack
exhaustion.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/53415">
<p>io/fs: stack exhaustion in Glob</p>
<p>Calling Glob on a path which contains a large number of
path separators can cause a panic due to stack
exhaustion.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/53616">
<p>go/parser: stack exhaustion in all Parse* functions</p>
<p>Calling any of the Parse functions on Go source code
which contains deeply nested types or declarations can
cause a panic due to stack exhaustion.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1705</cvename>
<cvename>CVE-2022-32148</cvename>
<cvename>CVE-2022-30631</cvename>
<cvename>CVE-2022-30633</cvename>
<cvename>CVE-2022-28131</cvename>
<cvename>CVE-2022-30635</cvename>
<cvename>CVE-2022-30632</cvename>
<cvename>CVE-2022-30630</cvename>
<cvename>CVE-2022-1962</cvename>
<url>https://groups.google.com/g/golang-dev/c/frczlF8OFQ0</url>
</references>
<dates>
<discovery>2022-07-12</discovery>
<entry>2022-07-13</entry>
</dates>
</vuln>
<vuln vid="b99f99f6-021e-11ed-8c6f-000c29ffbb6c">
<topic>git -- privilege escalation</topic>
<affects>
<package>
<name>git</name>
<range><lt>2.37.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The git project reports:</p>
<blockquote cite="https://lkml.org/lkml/2022/7/12/1137">
<p>Git is vulnerable to privilege escalation in all platforms.
An unsuspecting user could still be affected by the issue
reported in CVE-2022-24765, for example when navigating as
root into a shared tmp directory that is owned by them, but
where an attacker could create a git repository.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-29187</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187</url>
</references>
<dates>
<discovery>2022-07-12</discovery>
<entry>2022-07-12</entry>
</dates>
</vuln>
<vuln vid="830855f3-ffcc-11ec-9d41-d05099c8b5a7">
<topic>mat2 -- directory traversal/arbitrary file read during ZIP file processing</topic>
<affects>
<package>
<name>mat2</name>
<range><lt>0.13.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35410">
<p>
mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../
directory traversal during the ZIP archive cleaning process. This
primarily affects mat2 web instances, in which clients could obtain
sensitive information via a crafted archive.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-35410</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35410</url>
</references>
<dates>
<discovery>2022-07-08</discovery>
<entry>2022-07-10</entry>
</dates>
</vuln>
<vuln vid="d1b35142-ff4a-11ec-8be3-001b217b3468">
<topic>Gitlab -- multiple vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<range><ge>15.1.0</ge><lt>15.1.1</lt></range>
<range><ge>15.0.0</ge><lt>15.0.4</lt></range>
<range><ge>0</ge><lt>14.10.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/">
<p>Remote Command Execution via Project Imports</p>
<p>XSS in ZenTao integration affecting self hosted instances without strict CSP</p>
<p>XSS in project settings page</p>
<p>Unallowed users can read unprotected CI variables</p>
<p>IP allow-list bypass to access Container Registries</p>
<p>2FA status is disclosed to unauthenticated users</p>
<p>CI variables provided to runners outside of a group's restricted IP range</p>
<p>IDOR in sentry issues</p>
<p>Reporters can manage issues in error tracking</p>
<p>Regular Expression Denial of Service via malicious web server responses</p>
<p>Unauthorized read for conan repository</p>
<p>Open redirect vulnerability</p>
<p>Group labels are editable through subproject</p>
<p>Release titles visible for any users if group milestones are associated with any project releases</p>
<p>Restrict membership by email domain bypass</p>
<p>Job information is leaked to users who previously were maintainers via the Runner Jobs API endpoint</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-2185</cvename>
<cvename>CVE-2022-2235</cvename>
<cvename>CVE-2022-2230</cvename>
<cvename>CVE-2022-2229</cvename>
<cvename>CVE-2022-1983</cvename>
<cvename>CVE-2022-1963</cvename>
<cvename>CVE-2022-2228</cvename>
<cvename>CVE-2022-2243</cvename>
<cvename>CVE-2022-2244</cvename>
<cvename>CVE-2022-1954</cvename>
<cvename>CVE-2022-2270</cvename>
<cvename>CVE-2022-2250</cvename>
<cvename>CVE-2022-1999</cvename>
<cvename>CVE-2022-2281</cvename>
<cvename>CVE-2022-1981</cvename>
<cvename>CVE-2022-2227</cvename>
<url>https://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/</url>
</references>
<dates>
<discovery>2022-06-30</discovery>
<entry>2022-07-09</entry>
</dates>
</vuln>
<vuln vid="b9210706-feb0-11ec-81fa-1c697a616631">
<topic>Node.js -- July 7th 2022 Security Releases</topic>
<affects>
<package>
<name>node</name>
<range><ge>14.0.0</ge><lt>14.20.0</lt></range>
<range><ge>16.0.0</ge><lt>16.16.0</lt></range>
<range><ge>18.0.0</ge><lt>18.5.0</lt></range>
</package>
<package>
<name>node16</name>
<range><lt>16.16.0</lt></range>
</package>
<package>
<name>node14</name>
<range><lt>14.20.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Node.js reports:</p>
<blockquote cite="https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/">
<h1>HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding
(Medium)(CVE-2022-32213)</h1>
<p>The llhttp parser in the http module does not correctly parse and
validate Transfer-Encoding headers. This can lead to HTTP Request
Smuggling (HRS).</p>
<h1>HTTP Request Smuggling - Improper Delimiting of Header Fields
(Medium)(CVE-2022-32214)</h1>
<p>The llhttp parser in the http module does not strictly use the CRLF
sequence to delimit HTTP requests. This can lead to HTTP Request
Smuggling (HRS).</p>
<h1>HTTP Request Smuggling - Incorrect Parsing of Multi-line
Transfer-Encoding (Medium)(CVE-2022-32215)</h1>
<p>The llhttp parser in the http module does not correctly handle
multi-line Transfer-Encoding headers. This can lead to HTTP Request
Smuggling (HRS).</p>
<h1>DNS rebinding in --inspect via invalid IP addresses
(High)(CVE-2022-32212)</h1>
<p>The IsAllowedHost check can easily be bypassed because IsIPAddress
does not properly check if an IP address is invalid or not. When an
invalid IPv4 address is provided (for instance 10.0.2.555 is
provided), browsers (such as Firefox) will make DNS requests to the
DNS server, providing a vector for an attacker-controlled DNS server
or a MITM who can spoof DNS responses to perform a rebinding attack
and hence connect to the WebSocket debugger, allowing for arbitrary
code execution. This is a bypass of CVE-2021-22884.</p>
<h1>Attempt to read openssl.cnf from /home/iojs/build/ upon startup
(Medium)(CVE-2022-32222)</h1>
<p>When Node.js starts on linux based systems, it attempts to read
/home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf,
which ordinarily doesn't exist. On some shared systems an attacker may
be able create this file and therefore affect the default OpenSSL
configuration for other users.</p>
<h1>OpenSSL - AES OCB fails to encrypt some bytes
(Medium)(CVE-2022-2097)</h1>
<p>AES OCB mode for 32-bit x86 platforms using the AES-NI assembly
optimised implementation will not encrypt the entirety of the data
under some circumstances. This could reveal sixteen bytes of data that
was preexisting in the memory that wasn't written. In the special case
of "in place" encryption, sixteen bytes of the plaintext would be
revealed. Since OpenSSL does not support OCB based cipher suites for
TLS and DTLS, they are both unaffected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-32212</cvename>
<cvename>CVE-2022-32213</cvename>
<cvename>CVE-2022-32214</cvename>
<cvename>CVE-2022-32215</cvename>
<cvename>CVE-2022-32222</cvename>
<cvename>CVE-2022-2097</cvename>
<url>https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/</url>
</references>
<dates>
<discovery>2022-07-05</discovery>
<entry>2022-07-08</entry>
<modified>2022-07-08</modified>
</dates>
</vuln>
<vuln vid="744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>103.0.5060.114</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html">
<p>This release contains 4 security fixes, including:</p>
<ul>
<li>[1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01</li>
<li>[1336869] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16</li>
<li>[1327087] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-2294</cvename>
<cvename>CVE-2022-2295</cvename>
<cvename>CVE-2022-2296</cvename>
<url>https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2022-07-04</discovery>
<entry>2022-07-07</entry>
</dates>
</vuln>
<vuln vid="a28e8b7e-fc70-11ec-856e-d4c9ef517024">
<topic>OpenSSL -- AES OCB fails to encrypt some bytes</topic>
<affects>
<package>
<name>openssl</name>
<range><lt>1.1.1q,1</lt></range>
</package>
<package>
<name>openssl-devel</name>
<range><lt>3.0.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv/20220705.txt">
<p>AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
implementation will not encrypt the entirety of the data under some
circumstances. This could reveal sixteen bytes of data that was
preexisting in the memory that wasn't written. In the special case of
"in place" encryption, sixteen bytes of the plaintext would be revealed.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-2097</cvename>
<url>https://www.openssl.org/news/secadv/20220705.txt</url>
</references>
<dates>
<discovery>2022-07-05</discovery>
<entry>2022-07-05</entry>
</dates>
</vuln>
<vuln vid="5be19b0d-fb85-11ec-95cd-080027b24e86">
<topic>Django -- multiple vulnerabilities</topic>
<affects>
<package>
<name>py37-django32</name>
<name>py38-django32</name>
<name>py39-django32</name>
<name>py310-django32</name>
<range><lt>3.2.14</lt></range>
</package>
<package>
<name>py38-django40</name>
<name>py39-django40</name>
<name>py310-django40</name>
<range><lt>4.0.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>SO-AND-SO reports:</p>
<blockquote cite="https://www.djangoproject.com/weblog/2022/jul/04/security-releases/">
<p>CVE-2022-34265: Potential SQL injection via Trunc(kind) and
Extract(lookup_name) arguments.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-34265</cvename>
<url>https://www.djangoproject.com/weblog/2022/jul/04/security-releases/</url>
</references>
<dates>
<discovery>2022-06-21</discovery>
<entry>2022-07-04</entry>
</dates>
</vuln>
<vuln vid="f0e45968-faff-11ec-856e-d4c9ef517024">
<topic>OpenSSL -- Heap memory corruption with RSA private key operation</topic>
<affects>
<package>
<name>openssl-devel</name>
<range><ge>3.0.4</ge><lt>3.0.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://mta.openssl.org/pipermail/openssl-announce/2022-July/000229.html">
<p>The OpenSSL 3.0.4 release introduced a serious bug in the RSA
implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
This issue makes the RSA implementation with 2048 bit private keys
incorrect on such machines and memory corruption will happen during
the computation. As a consequence of the memory corruption an attacker
may be able to trigger a remote code execution on the machine performing
the computation.</p>
<p>SSL/TLS servers or other servers using 2048 bit RSA private keys running
on machines supporting AVX512IFMA instructions of the X86_64 architecture
are affected by this issue.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-2274</cvename>
<url>https://www.openssl.org/news/secadv/20220705.txt</url>
</references>
<dates>
<discovery>2022-07-01</discovery>
<entry>2022-07-03</entry>
<modified>2022-07-05</modified>
</dates>
</vuln>
<vuln vid="5ab54ea0-fa94-11ec-996c-080027b24e86">
<topic>mediawiki -- multiple vulnerabilities</topic>
<affects>
<package>
<name>mediawiki135</name>
<range><lt>1.35.7</lt></range>
</package>
<package>
<name>mediawiki137</name>
<range><lt>1.37.3</lt></range>
</package>
<package>
<name>mediawiki138</name>
<range><lt>1.38.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mediawiki reports:</p>
<blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/">
<p>(T308471) Username is not escaped in the "welcomeuser" message.</p>
<p>(T308473) Username not escaped in the contributions-title message.</p>
<p>(T309377, CVE-2022-29248) Update "guzzlehttp/guzzle" to version 6.5.6.</p>
<p>(T311384, CVE-2022-27776) Update "guzzlehttp/guzzle" to 6.5.8/7.4.5.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-29248</cvename>
<cvename>CVE-2022-27776</cvename>
<url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/</url>
</references>
<dates>
<discovery>2022-05-16</discovery>
<entry>2022-07-03</entry>
</dates>
</vuln>
<vuln vid="07c0d782-f758-11ec-acaa-901b0e9408dc">
<topic>py-matrix-synapse -- unbounded recursion in urlpreview</topic>
<affects>
<package>
<name>py37-matrix-synapse</name>
<name>py38-matrix-synapse</name>
<name>py39-matrix-synapse</name>
<name>py310-matrix-synapse</name>
<name>py311-matrix-synapse</name>
<range><lt>1.61.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Matrix developers report:</p>
<blockquote cite="https://matrix.org/blog/2022/06/28/security-release-synapse-1-61-1">
<p>This release fixes a vulnerability with Synapse's URL preview feature. URL previews
of some web pages can lead to unbounded recursion, causing the request to either fail,
or in some cases crash the running Synapse process.</p>
<p>Note that:</p>
<ul>
<li>Homeservers with the url_preview_enabled configuration option set to false
(the default value) are unaffected.</li>
<li>Instances with the enable_media_repo configuration option set to false are
also unaffected, as this also disables the URL preview functionality.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-31052</cvename>
<url>https://matrix.org/blog/2022/06/28/security-release-synapse-1-61-1</url>
</references>
<dates>
<discovery>2022-06-28</discovery>
<entry>2022-06-29</entry>
</dates>
</vuln>
<vuln vid="ae5722a6-f5f0-11ec-856e-d4c9ef517024">
<topic>cURL -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>curl</name>
<range><ge>7.16.4</ge><lt>7.84.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The cURL project reports:</p>
<blockquote cite="https://curl.se/docs/security.html">
<ul>
<li>CVE-2022-32205: Set-Cookie denial of service</li>
<li>CVE-2022-32206: HTTP compression denial of service</li>
<li>CVE-2022-32207: Unpreserved file permissions</li>
<li>CVE-2022-32208: FTP-KRB bad message verification</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-32205</cvename>
<cvename>CVE-2022-32206</cvename>
<cvename>CVE-2022-32207</cvename>
<cvename>CVE-2022-32208</cvename>
<url>https://curl.se/docs/security.html</url>
</references>
<dates>
<discovery>2022-06-27</discovery>
<entry>2022-06-27</entry>
</dates>
</vuln>
<vuln vid="25be46f0-f25d-11ec-b62a-00e081b7aa2d">
<topic>jenkins -- multiple vulnerabilities</topic>
<affects>
<package>
<name>jenkins</name>
<range><lt>2.356</lt></range>
</package>
<package>
<name>jenkins-lts</name>
<range><lt>2.346.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jenkins Security Advisory:</p>
<blockquote cite="https://www.jenkins.io/security/advisory/2022-06-22/">
<h1>Description</h1>
<h5>(High) SECURITY-2781 / CVE-2022-34170 (SECURITY-2779), CVE-2022-34171 (SECURITY-2761), CVE-2022-34172 (SECURITY-2776), CVE-2022-34173 (SECURITY-2780)</h5>
<p>Multiple XSS vulnerabilities</p>
<h5>(Medium) SECURITY-2566 / CVE-2022-34174</h5>
<p>Observable timing discrepancy allows determining username validity</p>
<h5>(Medium) Unauthorized view fragment access</h5>
<p>SECURITY-2777 / CVE-2022-34175</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-34170</cvename>
<cvename>CVE-2022-34171</cvename>
<cvename>CVE-2022-34172</cvename>
<cvename>CVE-2022-34173</cvename>
<cvename>CVE-2022-34174</cvename>
<cvename>CVE-2022-34175</cvename>
<url>https://www.jenkins.io/security/advisory/2022-06-22/</url>
</references>
<dates>
<discovery>2022-06-22</discovery>
<entry>2022-06-22</entry>
</dates>
</vuln>
<vuln vid="4eeb93bf-f204-11ec-8fbd-d4c9ef517024">
<topic>OpenSSL -- Command injection vulnerability</topic>
<affects>
<package>
<name>openssl</name>
<range><lt>1.1.1p,1</lt></range>
</package>
<package>
<name>openssl-devel</name>
<range><lt>3.0.4</lt></range>
</package>
<package>
<name>openssl-quictls</name>
<range><lt>3.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv/20220621.txt">
<p>Circumstances where the c_rehash script does not properly
sanitise shell metacharacters to prevent command injection were
found by code review.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-2068</cvename>
<url>https://www.openssl.org/news/secadv/20220621.txt</url>
</references>
<dates>
<discovery>2022-06-21</discovery>
<entry>2022-06-22</entry>
</dates>
</vuln>
<vuln vid="b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>103.0.5060.53</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html">
<p>This release contains 14 security fixes, including:</p>
<ul>
<li>[1335458] Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11</li>
<li>[1327312] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-19</li>
<li>[1321078] High CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29</li>
<li>[1116450] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-08-14</li>
<li>[1330289] Medium CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30</li>
<li>[1307930] Medium CVE-2022-2162: Insufficient policy enforcement in File System API. Reported by Abdelhamid Naceri (halov) on 2022-03-19</li>
<li>[1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21</li>
<li>[1268445] Low CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M on 2021-11-10</li>
<li>[1250993] Low CVE-2022-2165: Insufficient data validation in URL formatting. Reported by Rayyan Bijoora on 2021-09-19</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-2156</cvename>
<cvename>CVE-2022-2157</cvename>
<cvename>CVE-2022-2158</cvename>
<cvename>CVE-2022-2160</cvename>
<cvename>CVE-2022-2161</cvename>
<cvename>CVE-2022-2162</cvename>
<cvename>CVE-2022-2163</cvename>
<cvename>CVE-2022-2164</cvename>
<cvename>CVE-2022-2165</cvename>
<url>https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html</url>
</references>
<dates>
<discovery>2022-06-21</discovery>
<entry>2022-06-22</entry>
</dates>
</vuln>
<vuln vid="482456fb-e9af-11ec-93b6-318d1419ea39">
<topic>Security Vulnerability found in ExifTool leading to RCE</topic>
<affects>
<package>
<name>p5-Image-ExifTool</name>
<range><lt>12.38</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Debian Security tracker reports:</p>
<blockquote cite="https://security-tracker.debian.org/tracker/CVE-2022-23935">
<p>ExifTool.pm in ExifTool before 12.38 mishandles a file special characters check, leading to command injection</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-23935</cvename>
<url>https://www.cvedetails.com/cve/CVE-2022-23935</url>
</references>
<dates>
<discovery>2022-01-25</discovery>
<entry>2022-06-11</entry>
</dates>
</vuln>
<vuln vid="ad37a349-ebb7-11ec-b9f7-21427354249d">
<topic>mitmproxy -- Insufficient Protection against HTTP Request Smuggling</topic>
<affects>
<package>
<name>mitmproxy</name>
<range><lt>8.0.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Zeyu Zhang reports:</p>
<blockquote cite="https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b">
<p>
In mitmproxy 7.0.4 and below, a malicious client or server is able to
perform HTTP request smuggling attacks through mitmproxy. This means
that a malicious client/server could smuggle a request/response through
mitmproxy as part of another request/response's HTTP message body. While
mitmproxy would only see one request, the target server would see
multiple requests. A smuggled request is still captured as part of
another request's body, but it does not appear in the request list and
does not go through the usual mitmproxy event hooks, where users may
have implemented custom access control checks or input sanitization.
</p>
<p>
Unless you use mitmproxy to protect an HTTP/1 service, no action is required.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-24766</cvename>
<url>https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b</url>
</references>
<dates>
<discovery>2022-03-21</discovery>
<entry>2022-06-20</entry>
</dates>
</vuln>
<vuln vid="5d1e4f6a-ee4f-11ec-86c2-485b3931c969">
<topic>Tor - Unspecified high severity vulnerability</topic>
<affects>
<package>
<name>tor</name>
<range><lt>0.4.7.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tor organization reports:</p>
<blockquote cite="https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE">
<p>TROVE-2022-001</p>
</blockquote>
</body>
</description>
<references>
<url>https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE</url>
</references>
<dates>
<discovery>2022-06-14</discovery>
<entry>2022-06-17</entry>
</dates>
</vuln>
<vuln vid="55cff5d2-e95c-11ec-ae20-001999f8d30b">
<topic>XFCE -- Allows executing malicious .desktop files pointing to remote code</topic>
<affects>
<package>
<name>libexo</name>
<range><lt>4.16.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>XFCE Project reports:</p>
<blockquote cite="https://gitlab.xfce.org/xfce/exo/-/commit/cc047717c3b5efded2cc7bd419c41a3d1f1e48b6">
<p>Prevent executing possibly malicious .desktop files
from online sources (ftp://, http:// etc.).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-32278</cvename>
<url>https://gitlab.xfce.org/xfce/exo/-/commit/cc047717c3b5efded2cc7bd419c41a3d1f1e48b6</url>
</references>
<dates>
<discovery>2022-06-11</discovery>
<entry>2022-06-11</entry>
</dates>
</vuln>
<vuln vid="b51cfaea-e919-11ec-9fba-080027240888">
<topic>py-numpy -- Missing return-value validation of the function PyArray_DescrNew</topic>
<affects>
<package>
<name>py38-numpy</name>
<name>py39-numpy</name>
<name>py310-numpy</name>
<range><lt>1.22.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Numpy reports:</p>
<blockquote cite="https://github.com/numpy/numpy/pull/20960">
<p>At most call-sites for PyArray_DescrNew, there are no validations of its return,
but an invalid address may be returned.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-41495</cvename>
<url>https://github.com/numpy/numpy/pull/20960</url>
</references>
<dates>
<discovery>2021-05-19</discovery>
<entry>2022-06-11</entry>
</dates>
</vuln>
<vuln vid="c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>102.0.5005.115</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html">
<p>This release contains 7 security fixes, including:</p>
<ul>
<li>[1326210] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17</li>
<li>[1317673] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19</li>
<li>[1325298] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13</li>
<li>[1330379] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-2007</cvename>
<cvename>CVE-2022-2008</cvename>
<cvename>CVE-2022-2010</cvename>
<cvename>CVE-2022-2011</cvename>
<url>https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2022-06-09</discovery>
<entry>2022-06-09</entry>
</dates>
</vuln>
<vuln vid="49adfbe5-e7d1-11ec-8fbd-d4c9ef517024">
<topic>Apache httpd -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>apache24</name>
<range><lt>2.4.54</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Apache httpd project reports:</p>
<blockquote cite="http://downloads.apache.org/httpd/CHANGES_2.4.54">
<ul>
<li>CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop
mechanism. Apache HTTP Server 2.4.53 and earlier may not send the
X-Forwarded-* headers to the origin server based on client side
Connection header hop-by-hop mechanism. This may be used to bypass
IP based authentication on the origin server/application.</li>
<li>CVE-2022-30556: Information Disclosure in mod_lua with websockets.
Apache HTTP Server 2.4.53 and earlier may return lengths to
applications calling r:wsread() that point past the end of the
storage allocated for the buffer.</li>
<li>CVE-2022-30522: mod_sed denial of service. If Apache HTTP Server
2.4.53 is configured to do transformations with mod_sed in contexts
where the input to mod_sed may be very large, mod_sed may make
excessively large memory allocations and trigger an abort.</li>
<li>CVE-2022-29404: Denial of service in mod_lua r:parsebody. In Apache
HTTP Server 2.4.53 and earlier, a malicious request to a lua script
that calls r:parsebody(0) may cause a denial of service due to no
default limit on possible input size.</li>
<li>CVE-2022-28615: Read beyond bounds in ap_strcmp_match(). Apache
HTTP Server 2.4.53 and earlier may crash or disclose information due
to a read beyond bounds in ap_strcmp_match() when provided with an
extremely large input buffer. While no code distributed with the
server can be coerced into such a call, third-party modules or lua
scripts that use ap_strcmp_match() may hypothetically be affected.
</li>
<li>CVE-2022-28614: read beyond bounds via ap_rwrite(). The ap_rwrite()
function in Apache HTTP Server 2.4.53 and earlier may read unintended
memory if an attacker can cause the server to reflect very large
input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts()
function.</li>
<li>CVE-2022-28330: read beyond bounds in mod_isapi. Apache HTTP Server
2.4.53 and earlier on Windows may read beyond bounds when configured
to process requests with the mod_isapi module.</li>
<li>CVE-2022-26377: mod_proxy_ajp: Possible request smuggling.
Inconsistent Interpretation of HTTP Requests ('HTTP Request
Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
allows an attacker to smuggle requests to the AJP server it forwards
requests to.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-31813</cvename>
<cvename>CVE-2022-30556</cvename>
<cvename>CVE-2022-30522</cvename>
<cvename>CVE-2022-29404</cvename>
<cvename>CVE-2022-28615</cvename>
<cvename>CVE-2022-28614</cvename>
<cvename>CVE-2022-28330</cvename>
<cvename>CVE-2022-26377</cvename>
<url>http://downloads.apache.org/httpd/CHANGES_2.4.54</url>
</references>
<dates>
<discovery>2022-06-08</discovery>
<entry>2022-06-09</entry>
<modified>2022-06-10</modified>
</dates>
</vuln>
<vuln vid="15888c7e-e659-11ec-b7fe-10c37b4ac2ea">
<topic>go -- multiple vulnerabilities</topic>
<affects>
<package>
<name>go118</name>
<range><lt>1.18.3</lt></range>
</package>
<package>
<name>go117</name>
<range><lt>1.17.11</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Go project reports:</p>
<blockquote cite="https://go.dev/issue/52561">
<p>crypto/rand: rand.Read hangs with extremely large buffers</p>
<p>On Windows, rand.Read will hang indefinitely if passed a
buffer larger than 1 &lt;&lt; 32 - 1 bytes.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/52814">
<p>crypto/tls: session tickets lack random ticket_age_add</p>
<p>Session tickets generated by crypto/tls did not contain
a randomly generated ticket_age_add. This allows an
attacker that can observe TLS handshakes to correlate
successive connections by comparing ticket ages during
session resumption.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/52574">
<p>os/exec: empty Cmd.Path can result in running unintended
binary on Windows</p>
<p>If, on Windows, Cmd.Run, cmd.Start, cmd.Output, or
cmd.CombinedOutput are executed when Cmd.Path is unset
and, in the working directory, there are binaries named
either "..com" or "..exe", they will be executed.</p>
</blockquote>
<blockquote cite="https://go.dev/issue/52476">
<p>path/filepath: Clean(`.\c:`) returns `c:` on Windows</p>
<p>On Windows, the filepath.Clean function could convert an
invalid path to a valid, absolute path. For example,
Clean(`.\c:`) returned `c:`.</p>
</blockquote>
</body>
</description>
<references>
<url>https://groups.google.com/g/golang-dev/c/DidEMYAH_n0</url>
<cvename>CVE-2022-30634</cvename>
<url>https://go.dev/issue/52561</url>
<cvename>CVE-2022-30629</cvename>
<url>https://go.dev/issue/52814</url>
<cvename>CVE-2022-30580</cvename>
<url>https://go.dev/issue/52574</url>
<cvename>CVE-2022-29804</cvename>
<url>https://go.dev/issue/52476</url>
</references>
<dates>
<discovery>2022-06-01</discovery>
<entry>2022-06-07</entry>
</dates>
</vuln>
<vuln vid="a58f3fde-e4e0-11ec-8340-2d623369b8b5">
<topic>e2fsprogs -- out-of-bounds read/write vulnerability</topic>
<affects>
<package>
<name>e2fsprogs</name>
<range><lt>1.46.5_1</lt></range>
</package>
<package>
<name>e2fsprogs-nobootfsck</name>
<range><lt>1.46.5_1</lt></range>
</package>
<package>
<name>e2fsprogs-roothardlinks</name>
<range><lt>1.46.5_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Nils Bars reports:</p>
<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=2068113">
<p>
During the processing of [a specially fuzzed disk image], an
out-of-bounds write is triggered and causes a segmentation fault
(SIGSEGV).
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1304</cvename>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=2068113</url>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=2069726</url>
<url>https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczerner@redhat.com/T/#u</url>
</references>
<dates>
<discovery>2022-03-24</discovery>
<entry>2022-06-05</entry>
</dates>
</vuln>
<vuln vid="f414d69f-e43d-11ec-9ea4-001b217b3468">
<topic>Gitlab -- multiple vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<range><ge>15.0.0</ge><lt>15.0.1</lt></range>
<range><ge>14.10.0</ge><lt>14.10.4</lt></range>
<range><ge>11.10.0</ge><lt>14.9.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/">
<p>Account take over via SCIM email change</p>
<p>Stored XSS in Jira integration</p>
<p>Quick action commands susceptible to XSS</p>
<p>IP allowlist bypass when using Trigger tokens</p>
<p>IP allowlist bypass when using Project Deploy Tokens</p>
<p>Improper authorization in the Interactive Web Terminal</p>
<p>Subgroup member can list members of parent group</p>
<p>Group member lock bypass</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1680</cvename>
<cvename>CVE-2022-1940</cvename>
<cvename>CVE-2022-1948</cvename>
<cvename>CVE-2022-1935</cvename>
<cvename>CVE-2022-1936</cvename>
<cvename>CVE-2022-1944</cvename>
<cvename>CVE-2022-1821</cvename>
<cvename>CVE-2022-1783</cvename>
<url>https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/</url>
</references>
<dates>
<discovery>2022-06-01</discovery>
<entry>2022-06-04</entry>
</dates>
</vuln>
<vuln vid="204f1a7a-43df-412f-ad25-7dbe88f54fa4">
<topic>zeek -- potential DoS vulnerabilty</topic>
<affects>
<package>
<name>zeek</name>
<range><lt>4.0.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tim Wojtulewicz of Corelight reports:</p>
<blockquote cite="https://github.com/zeek/zeek/releases/tag/v4.0.7">
<p> Fix potential hang in the DNS analyzer when receiving
a specially-crafted packet. Due to the possibility of
this happening with packets received from the network,
this is a potential DoS vulnerability. </p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/zeek/zeek/releases/tag/v4.0.7</url>
</references>
<dates>
<discovery>2022-06-01</discovery>
<entry>2022-06-03</entry>
</dates>
</vuln>
<vuln vid="40e2c35e-db99-11ec-b0cf-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>102.0.5005.61</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html">
<p>This release contains 32 security fixes, including:</p>
<ul>
<li>[1324864] Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12</li>
<li>[1320024] High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-27</li>
<li>[1228661] High CVE-2022-1855: Use after free in Messaging. Reported by Anonymous on 2021-07-13</li>
<li>[1323239] High CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06</li>
<li>[1227995] High CVE-2022-1857: Insufficient policy enforcement in File System API. Reported by Daniel Rhea on 2021-07-11</li>
<li>[1314310] High CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad on 2022-04-07</li>
<li>[1322744] High CVE-2022-1859: Use after free in Performance Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab on 2022-05-05</li>
<li>[1297209] High CVE-2022-1860: Use after free in UI Foundations. Reported by @ginggilBesel on 2022-02-15</li>
<li>[1316846] High CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani on 2022-04-16</li>
<li>[1236325] Medium CVE-2022-1862: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2021-08-04</li>
<li>[1292870] Medium CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg on 2022-02-01</li>
<li>[1320624] Medium CVE-2022-1864: Use after free in WebApp Installs. Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab on 2022-04-28</li>
<li>[1289192] Medium CVE-2022-1865: Use after free in Bookmarks. Reported by Rong Jian of VRI on 2022-01-20</li>
<li>[1292264] Medium CVE-2022-1866: Use after free in Tablet Mode. Reported by @ginggilBesel on 2022-01-29</li>
<li>[1315563] Medium CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer. Reported by Michal Bentkowski of Securitum on 2022-04-12</li>
<li>[1301203] Medium CVE-2022-1868: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-02-28</li>
<li>[1309467] Medium CVE-2022-1869: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-23</li>
<li>[1323236] Medium CVE-2022-1870: Use after free in App Service. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06</li>
<li>[1308199] Low CVE-2022-1871: Insufficient policy enforcement in File System API. Reported by Thomas Orlita on 2022-03-21</li>
<li>[1310461] Low CVE-2022-1872: Insufficient policy enforcement in Extensions API. Reported by ChaobinZhang on 2022-03-26</li>
<li>[1305394] Low CVE-2022-1873: Insufficient policy enforcement in COOP. Reported by NDevTK on 2022-03-11</li>
<li>[1251588] Low CVE-2022-1874: Insufficient policy enforcement in Safe Browsing. Reported by hjy79425575 on 2021-09-21</li>
<li>[1306443] Low CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK on 2022-03-15</li>
<li>[1313600] Low CVE-2022-1876: Heap buffer overflow in DevTools. Reported by @ginggilBesel on 2022-04-06</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1853</cvename>
<cvename>CVE-2022-1854</cvename>
<cvename>CVE-2022-1855</cvename>
<cvename>CVE-2022-1856</cvename>
<cvename>CVE-2022-1857</cvename>
<cvename>CVE-2022-1858</cvename>
<cvename>CVE-2022-1859</cvename>
<cvename>CVE-2022-1860</cvename>
<cvename>CVE-2022-1861</cvename>
<cvename>CVE-2022-1862</cvename>
<cvename>CVE-2022-1863</cvename>
<cvename>CVE-2022-1864</cvename>
<cvename>CVE-2022-1865</cvename>
<cvename>CVE-2022-1866</cvename>
<cvename>CVE-2022-1867</cvename>
<cvename>CVE-2022-1868</cvename>
<cvename>CVE-2022-1869</cvename>
<cvename>CVE-2022-1870</cvename>
<cvename>CVE-2022-1871</cvename>
<cvename>CVE-2022-1872</cvename>
<cvename>CVE-2022-1873</cvename>
<cvename>CVE-2022-1874</cvename>
<cvename>CVE-2022-1875</cvename>
<cvename>CVE-2022-1876</cvename>
<url>https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html</url>
</references>
<dates>
<discovery>2022-05-24</discovery>
<entry>2022-05-24</entry>
</dates>
</vuln>
<vuln vid="04fecc47-dad2-11ec-8fbd-d4c9ef517024">
<topic>MariaDB -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>mariadb103-client</name>
<range><lt>10.3.35</lt></range>
</package>
<package>
<name>mariadb103-server</name>
<range><lt>10.3.35</lt></range>
</package>
<package>
<name>mariadb104-client</name>
<range><lt>10.4.25</lt></range>
</package>
<package>
<name>mariadb104-server</name>
<range><lt>10.4.25</lt></range>
</package>
<package>
<name>mariadb105-client</name>
<range><lt>10.5.16</lt></range>
</package>
<package>
<name>mariadb105-server</name>
<range><lt>10.5.16</lt></range>
</package>
<package>
<name>mariadb106-client</name>
<range><lt>10.6.8</lt></range>
</package>
<package>
<name>mariadb106-server</name>
<range><lt>10.6.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The MariaDB project reports:</p>
<blockquote cite="https://mariadb.com/kb/en/security/#full-list-of-cves-fixed-in-mariadb">
<p>MariaDB fixed 23 vulnerabilities across all supported versions</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-46669</cvename>
<cvename>CVE-2022-27376</cvename>
<cvename>CVE-2022-27377</cvename>
<cvename>CVE-2022-27378</cvename>
<cvename>CVE-2022-27379</cvename>
<cvename>CVE-2022-27380</cvename>
<cvename>CVE-2022-27381</cvename>
<cvename>CVE-2022-27382</cvename>
<cvename>CVE-2022-27383</cvename>
<cvename>CVE-2022-27384</cvename>
<cvename>CVE-2022-27386</cvename>
<cvename>CVE-2022-27387</cvename>
<cvename>CVE-2022-27444</cvename>
<cvename>CVE-2022-27445</cvename>
<cvename>CVE-2022-27446</cvename>
<cvename>CVE-2022-27447</cvename>
<cvename>CVE-2022-27448</cvename>
<cvename>CVE-2022-27449</cvename>
<cvename>CVE-2022-27451</cvename>
<cvename>CVE-2022-27452</cvename>
<cvename>CVE-2022-27455</cvename>
<cvename>CVE-2022-27456</cvename>
<cvename>CVE-2022-27457</cvename>
<cvename>CVE-2022-27458</cvename>
<url>https://mariadb.com/kb/en/security/#full-list-of-cves-fixed-in-mariadb</url>
</references>
<dates>
<discovery>2022-05-20</discovery>
<entry>2022-05-23</entry>
</dates>
</vuln>
<vuln vid="b2407db1-d79f-11ec-a15f-589cfc0f81b0">
<topic>clamav -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>clamav</name>
<range><lt>0.104.3,1</lt></range>
</package>
<package>
<name>clamav-lts</name>
<range><lt>0.103.6,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The ClamAV project reports:</p>
<blockquote cite="https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html">
<p>Fixed a possible double-free vulnerability in the OLE2 file
parser. Issue affects versions 0.104.0 through 0.104.2. Issue
identified by OSS-Fuzz.</p>
<p>Fixed a possible infinite loop vulnerability in the CHM file
parser. Issue affects versions 0.104.0 through 0.104.2 and LTS
version 0.103.5 and prior versions. Thank you to Michał Dardas
for reporting this issue.</p>
<p>Fixed a possible NULL-pointer dereference crash in the scan
verdict cache check. Issue affects versions 0.103.4, 0.103.5,
0.104.1, and 0.104.2. Thank you to Alexander Patrakov and
Antoine Gatineau for reporting this issue.</p>
<p>Fixed a possible infinite loop vulnerability in the TIFF file
parser. Issue affects versions 0.104.0 through 0.104.2 and LTS
version 0.103.5 and prior versions. The issue only occurs if the
"--alert-broken-media" ClamScan option is enabled. For ClamD,
the affected option is "AlertBrokenMedia yes", and for libclamav
it is the "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. Thank
you to Michał Dardas for reporting this issue.</p>
<p>Fixed a possible memory leak in the HTML file parser /
Javascript normalizer. Issue affects versions 0.104.0 through
0.104.2 and LTS version 0.103.5 and prior versions. Thank you to
Michał Dardas for reporting this issue.</p>
<p>Fixed a possible multi-byte heap buffer overflow write
vulnerability in the signature database load module. The fix was
to update the vendored regex library to the latest version.
Issue affects versions 0.104.0 through 0.104.2 and LTS version
0.103.5 and prior versions. Thank you to Michał Dardas for
reporting this issue.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-20803</cvename>
<cvename>CVE-2022-20770</cvename>
<cvename>CVE-2022-20796</cvename>
<cvename>CVE-2022-20771</cvename>
<cvename>CVE-2022-20785</cvename>
<cvename>CVE-2022-20792</cvename>
<url>https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html#more</url>
</references>
<dates>
<discovery>2022-05-04</discovery>
<entry>2022-05-19</entry>
</dates>
</vuln>
<vuln vid="a1360138-d446-11ec-8ea1-10c37b4ac2ea">
<topic>go -- syscall.Faccessat checks wrong group on Linux</topic>
<affects>
<package>
<name>go</name>
<range><lt>1.18.2,1</lt></range>
</package>
<package>
<name>go117</name>
<range><lt>1.17.10</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Go project reports:</p>
<blockquote cite="https://github.com/golang/go/issues/52313">
<p>When called with a non-zero flags parameter, the
syscall.Faccessat function could incorrectly report that a
file is accessible. This bug only occurs on Linux systems.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-29526</cvename>
<url>https://github.com/golang/go/issues/52313</url>
<url>https://groups.google.com/g/golang-dev/c/CPU3TB6d4oY</url>
</references>
<dates>
<discovery>2022-04-12</discovery>
<entry>2022-05-15</entry>
</dates>
</vuln>
<vuln vid="11e36890-d28c-11ec-a06f-d4c9ef517024">
<topic>curl -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>curl</name>
<range><lt>7.83.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The curl project reports:</p>
<blockquote cite="https://curl.se/docs/security.html">
<p>CVE-2022-27778: curl removes wrong file on error</p>
<p>CVE-2022-27779: cookie for trailing dot TLD</p>
<p>CVE-2022-27780: percent-encoded path separator in URL host</p>
<p>CVE-2022-27781: CERTINFO never-ending busy-loop</p>
<p>CVE-2022-27782: TLS and SSH connection too eager reuse</p>
<p>CVE-2022-30115: HSTS bypass via trailing dot</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-27778</cvename>
<cvename>CVE-2022-27779</cvename>
<cvename>CVE-2022-27780</cvename>
<cvename>CVE-2022-27781</cvename>
<cvename>CVE-2022-27782</cvename>
<cvename>CVE-2022-30115</cvename>
<url>https://curl.se/docs/security.html</url>
</references>
<dates>
<discovery>2022-05-11</discovery>
<entry>2022-05-13</entry>
</dates>
</vuln>
<vuln vid="157ce083-d145-11ec-ab9b-6cc21735f730">
<topic>PostgreSQL Server -- execute arbitrary SQL code as DBA user</topic>
<affects>
<package>
<name>postgresql14-server</name>
<range><lt>14.3</lt></range>
</package>
<package>
<name>postgresql13-server</name>
<range><lt>13.7</lt></range>
</package>
<package>
<name>postgresql12-server</name>
<range><lt>12.11</lt></range>
</package>
<package>
<name>postgresql11-server</name>
<range><lt>11.16</lt></range>
</package>
<package>
<name>postgresql10-server</name>
<range><lt>10.21</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The PostgreSQL project reports:</p>
<blockquote>
<p>
Confine additional operations within "security restricted
operation" sandboxes.
</p>
<p>
Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW,
and pg_amcheck activated the "security restricted operation" protection
mechanism too late, or even not at all in some code paths.
A user having permission to create non-temporary objects within a
database could define an object that would execute arbitrary SQL
code with superuser permissions the next time that autovacuum
processed the object, or that some superuser ran one of the affected
commands against it.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1552</cvename>
</references>
<dates>
<discovery>2022-05-11</discovery>
<entry>2022-05-11</entry>
</dates>
</vuln>
<vuln vid="ac91cf5e-d098-11ec-bead-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>101.0.4951.64</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html">
<p>This release contains 13 security fixes, including:</p>
<ul>
<li>[1316990] High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18</li>
<li>[1314908] High CVE-2022-1634: Use after free in Browser UI. Reported by Khalil Zhani on 2022-04-09</li>
<li>[1319797] High CVE-2022-1635: Use after free in Permission Prompts. Reported by Anonymous on 2022-04-26</li>
<li>[1297283] High CVE-2022-1636: Use after free in Performance APIs. Reported by Seth Brenith, Microsoft on 2022-02-15</li>
<li>[1311820] High CVE-2022-1637: Inappropriate implementation in Web Contents. Reported by Alesandro Ortiz on 2022-03-31</li>
<li>[1316946] High CVE-2022-1638: Heap buffer overflow in V8 Internationalization. Reported by DoHyun Lee (@l33d0hyun) of DNSLab, Korea University on 2022-04-17</li>
<li>[1317650] High CVE-2022-1639: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-19</li>
<li>[1320592] High CVE-2022-1640: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-28</li>
<li>[1305068] Medium CVE-2022-1641: Use after free in Web UI Diagnostics. Reported by Rong Jian of VRI on 2022-03-10</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1633</cvename>
<cvename>CVE-2022-1634</cvename>
<cvename>CVE-2022-1635</cvename>
<cvename>CVE-2022-1636</cvename>
<cvename>CVE-2022-1637</cvename>
<cvename>CVE-2022-1638</cvename>
<cvename>CVE-2022-1639</cvename>
<cvename>CVE-2022-1640</cvename>
<cvename>CVE-2022-1641</cvename>
<url>https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html</url>
</references>
<dates>
<discovery>2022-05-10</discovery>
<entry>2022-05-10</entry>
</dates>
</vuln>
<vuln vid="b9837fa1-cd72-11ec-98f1-6805ca0b3d42">
<topic>rsyslog8 -- heap buffer overflow on receiving TCP syslog</topic>
<affects>
<package>
<name>rsyslog</name>
<range><lt>8.2204.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Rainer Gerhards reports:</p>
<blockquote cite="https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8">
<p>Modules for TCP syslog reception have a heap buffer
overflow when octet-counted framing is used. The attacker
can corrupt heap values, leading to data integrity issues
and availability impact. Remote code execution is unlikely
to happen but not impossible..</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-24903</cvename>
<url>https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8</url>
</references>
<dates>
<discovery>2022-05-05</discovery>
<entry>2022-05-06</entry>
</dates>
</vuln>
<vuln vid="647ac600-cc70-11ec-9cfc-10c37b4ac2ea">
<topic>gogs -- XSS in issue attachments</topic>
<affects>
<package>
<name>gogs</name>
<range><lt>0.12.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The gogs project reports:</p>
<blockquote cite="https://github.com/gogs/gogs/issues/6919">
<p>Repository issues page allows HTML attachments with arbitrary
JS code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1464</cvename>
<url>https://github.com/gogs/gogs/issues/6919</url>
<url>https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d/</url>
</references>
<dates>
<discovery>2022-04-12</discovery>
<entry>2022-05-05</entry>
</dates>
</vuln>
<vuln vid="95ee401d-cc6a-11ec-9cfc-10c37b4ac2ea">
<topic>gitea -- Escape git fetch remote</topic>
<affects>
<package>
<name>gitea</name>
<range><lt>1.16.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Gitea team reports:</p>
<blockquote cite="https://github.com/go-gitea/gitea/pull/19487">
<p>Escape git fetch remote in
services/migrations/gitea_uploader.go</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/go-gitea/gitea/pull/19487</url>
</references>
<dates>
<discovery>2022-04-25</discovery>
<entry>2022-05-05</entry>
</dates>
</vuln>
<vuln vid="fceb2b08-cb76-11ec-a06f-d4c9ef517024">
<topic>OpenSSL -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>openssl</name>
<range><lt>1.1.1o,1</lt></range>
</package>
<package>
<name>openssl-devel</name>
<range><lt>3.0.3</lt></range>
</package>
<package>
<name>openssl-quictls</name>
<range><lt>3.0.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv/20220503.txt">
<ul>
<li>The c_rehash script allows command injection (CVE-2022-1292)
(Moderate) <br/>The c_rehash script does not properly sanitise shell
metacharacters to prevent command injection. This script is distributed
by some operating systems in a manner where it is automatically
executed. On such operating systems, an attacker could execute arbitrary
commands with the privileges of the script.</li>
<li>OCSP_basic_verify may incorrectly verify the response signing
certificate (CVE-2022-1343) (Moderate)<br/>The function
`OCSP_basic_verify` verifies the signer certificate on an OCSP response.
In the case where the (non-default) flag OCSP_NOCHECKS is used then the
response will be positive (meaning a successful verification) even in
the case where the response signing certificate fails to verify.</li>
<li>Incorrect MAC key used in the RC4-MD5 ciphersuite (CVE-2022-1434)
(Low)<br/>The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite
incorrectly uses the AAD data as the MAC key. This makes the MAC key
trivially predictable.</li>
<li>Resource leakage when decoding certificates and keys (CVE-2022-1473)
(Low)<br/>The OPENSSL_LH_flush() function, which empties a hash table,
containsa bug that breaks reuse of the memory occuppied by the removed
hash table entries.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1292</cvename>
<cvename>CVE-2022-1343</cvename>
<cvename>CVE-2022-1434</cvename>
<cvename>CVE-2022-1473</cvename>
<url>https://www.openssl.org/news/secadv/20220503.txt</url>
</references>
<dates>
<discovery>2022-05-03</discovery>
<entry>2022-05-04</entry>
<modified>2022-05-05</modified>
</dates>
</vuln>
<vuln vid="a8118db0-cac2-11ec-9288-0800270512f4">
<topic>rainloop -- cross-site-scripting (XSS) vulnerability</topic>
<affects>
<package>
<name>rainloop-php74</name>
<name>rainloop-php80</name>
<name>rainloop-php81</name>
<name>rainloop-community-php74</name>
<name>rainloop-community-php80</name>
<name>rainloop-community-php81</name>
<range><lt>1.16.0_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Simon Scannell reports:</p>
<blockquote cite="https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw">
<p>
The code vulnerability can be easily exploited by an
attacker by sending a malicious email to a victim that
uses RainLoop as a mail client. When the email is viewed
by the victim, the attacker gains full control over the
session of the victim and can steal any of their emails,
including those that contain highly sensitive information
such as passwords, documents, and password reset links.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-29360</cvename>
<url>https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw</url>
<url>https://github.com/RainLoop/rainloop-webmail/issues/2142</url>
</references>
<dates>
<discovery>2022-04-19</discovery>
<entry>2022-05-03</entry>
</dates>
</vuln>
<vuln vid="61bce714-ca0c-11ec-9cfc-10c37b4ac2ea">
<topic>go -- multiple vulnerabilities</topic>
<affects>
<package>
<name>go</name>
<range><lt>1.18.1,1</lt></range>
</package>
<package>
<name>go117</name>
<range><lt>1.17.9</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Go project reports:</p>
<blockquote cite="https://github.com/golang/go/issues/51853">
<p>encoding/pem: fix stack overflow in Decode.</p>
<p>A large (more than 5 MB) PEM input can cause a stack
overflow in Decode, leading the program to crash.</p>
</blockquote>
<blockquote cite="https://github.com/golang/go/issues/52075">
<p>crypto/elliptic: tolerate all oversized scalars in generic
P-256.</p>
<p>A crafted scalar input longer than 32 bytes can
cause P256().ScalarMult or P256().ScalarBaseMult to panic.
Indirect uses through crypto/ecdsa and crypto/tls are
unaffected. amd64, arm64, ppc64le, and s390x are
unaffected.</p>
</blockquote>
<blockquote cite="https://github.com/golang/go/issues/51759">
<p>crypto/x509: non-compliant certificates can cause a panic
in Verify on macOS in Go 1.18.</p>
<p>Verifying certificate chains containing certificates
which are not compliant with RFC 5280 causes
Certificate.Verify to panic on macOS. These chains can be
delivered through TLS and can cause a crypto/tls or
net/http client to crash.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-24675</cvename>
<url>https://github.com/golang/go/issues/51853</url>
<cvename>CVE-2022-28327</cvename>
<url>https://github.com/golang/go/issues/52075</url>
<cvename>CVE-2022-27536</cvename>
<url>https://github.com/golang/go/issues/51759</url>
</references>
<dates>
<discovery>2022-04-12</discovery>
<entry>2022-05-02</entry>
</dates>
</vuln>
<vuln vid="9db93f3d-c725-11ec-9618-000d3ac47524">
<topic>Rails -- XSS vulnerabilities</topic>
<affects>
<package>
<name>rubygem-actionpack52</name>
<range><lt>5.2.7.1</lt></range>
</package>
<package>
<name>rubygem-actionpack60</name>
<range><lt>6.0.4.8</lt></range>
</package>
<package>
<name>rubygem-actionpack61</name>
<range><lt>6.1.5.1</lt></range>
</package>
<package>
<name>rubygem-actionpack70</name>
<range><lt>7.0.2.4</lt></range>
</package>
<package>
<name>rubygem-actionview52</name>
<range><lt>5.2.7.1</lt></range>
</package>
<package>
<name>rubygem-actionview60</name>
<range><lt>6.0.4.8</lt></range>
</package>
<package>
<name>rubygem-actionview61</name>
<range><lt>6.1.5.1</lt></range>
</package>
<package>
<name>rubygem-actionview70</name>
<range><lt>7.0.2.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Ruby on Rails blog:</p>
<blockquote cite="https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released">
<p>This is an announcement to let you know that Rails 7.0.2.4, 6.1.5.1,
6.0.4.8, and 5.2.7.1 have been released!</p>
<p>These are security releases so please update as soon as you can. Once
again we've made these releases based on the last release tag, so
hopefully upgrading will go smoothly.</p>
<p>The releases address two vulnerabilities, CVE-2022-22577, and
CVS-2022-27777. They are both XSS vulnerabilities, so please take a look
at the forum posts to see how (or if) they might possibly impact your
application.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-22577</cvename>
<cvename>CVE-2022-27777</cvename>
<url>https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released</url>
</references>
<dates>
<discovery>2022-04-26</discovery>
<entry>2022-04-30</entry>
</dates>
</vuln>
<vuln vid="2220827b-c732-11ec-b272-901b0e934d69">
<topic>hiredis -- integer/buffer overflow</topic>
<affects>
<package>
<name>hiredis</name>
<range><lt>1.0.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>hiredis maintainers report:</p>
<blockquote cite="https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2">
<p>
Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted RESP mult-bulk protocol data.
When parsing multi-bulk (array-like) replies, hiredis fails to check if count * sizeof(redisReply*) can be represented in SIZE_MAX. If it can not, and the calloc() call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-32765</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32765</url>
<url>https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2</url>
</references>
<dates>
<discovery>2021-10-04</discovery>
<entry>2022-04-29</entry>
</dates>
</vuln>
<vuln vid="92a4d881-c6cf-11ec-a06f-d4c9ef517024">
<topic>cURL -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>curl</name>
<range><lt>7.83.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The cURL project reports:</p>
<blockquote cite="https://curl.se/docs/vuln-7.82.0.html">
<ul>
<li>OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)</li>
<li>Credential leak on redirect (CVE-2022-27774)</li>
<li>Bad local IPv6 connection reuse (CVE-2022-27775)</li>
<li>Auth/cookie leak on redirect (CVE-2022-27776)</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-22576</cvename>
<cvename>CVE-2022-27774</cvename>
<cvename>CVE-2022-27775</cvename>
<cvename>CVE-2022-27776</cvename>
<url>https://curl.se/docs/vuln-7.82.0.html</url>
</references>
<dates>
<discovery>2022-04-27</discovery>
<entry>2022-04-28</entry>
</dates>
</vuln>
<vuln vid="26f2123b-c6c6-11ec-b66f-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>101.0.4951.41</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html">
<p>This release contains 30 security fixes, including:</p>
<ul>
<li>[1313905] High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06</li>
<li>[1299261] High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20</li>
<li>[1305190] High CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10</li>
<li>[1307223] High CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17</li>
<li>[1302949] High CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04</li>
<li>[1304987] High CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10</li>
<li>[1314754] High CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08</li>
<li>[1297429] Medium CVE-2022-1484: Heap buffer overflow in Web UI Settings. Reported by Chaoyuan Peng (@ret2happy) on 2022-02-15</li>
<li>[1299743] Medium CVE-2022-1485: Use after free in File System API. Reported by Anonymous on 2022-02-22</li>
<li>[1314616] Medium CVE-2022-1486: Type Confusion in V8. Reported by Brendon Tiszka on 2022-04-08</li>
<li>[1304368] Medium CVE-2022-1487: Use after free in Ozone. Reported by Sri on 2022-03-09</li>
<li>[1302959] Medium CVE-2022-1488: Inappropriate implementation in Extensions API. Reported by Thomas Beverley from Wavebox.io on 2022-03-04</li>
<li>[1300561] Medium CVE-2022-1489: Out of bounds memory access in UI Shelf. Reported by Khalil Zhani on 2022-02-25</li>
<li>[1301840] Medium CVE-2022-1490: Use after free in Browser Switcher. Reported by raven at KunLun lab on 2022-03-01</li>
<li>[1305706] Medium CVE-2022-1491: Use after free in Bookmarks. Reported by raven at KunLun lab on 2022-03-12</li>
<li>[1315040] Medium CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Michal Bentkowski of Securitum on 2022-04-11</li>
<li>[1275414] Medium CVE-2022-1493: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-12-01</li>
<li>[1298122] Medium CVE-2022-1494: Insufficient data validation in Trusted Types. Reported by Masato Kinugawa on 2022-02-17</li>
<li>[1301180] Medium CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq on 2022-02-28</li>
<li>[1306391] Medium CVE-2022-1496: Use after free in File Manager. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2022-03-15</li>
<li>[1264543] Medium CVE-2022-1497: Inappropriate implementation in Input. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-10-29</li>
<li>[1297138] Low CVE-2022-1498: Inappropriate implementation in HTML Parser. Reported by SeungJu Oh (@real_as3617) on 2022-02-14</li>
<li>[1000408] Low CVE-2022-1499: Inappropriate implementation in WebAuthentication. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-04</li>
<li>[1223475] Low CVE-2022-1500: Insufficient data validation in Dev Tools. Reported by Hoang Nguyen on 2021-06-25</li>
<li>[1293191] Low CVE-2022-1501: Inappropriate implementation in iframe. Reported by Oriol Brufau on 2022-02-02</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1477</cvename>
<cvename>CVE-2022-1478</cvename>
<cvename>CVE-2022-1479</cvename>
<cvename>CVE-2022-1480</cvename>
<cvename>CVE-2022-1481</cvename>
<cvename>CVE-2022-1482</cvename>
<cvename>CVE-2022-1483</cvename>
<cvename>CVE-2022-1484</cvename>
<cvename>CVE-2022-1485</cvename>
<cvename>CVE-2022-1486</cvename>
<cvename>CVE-2022-1487</cvename>
<cvename>CVE-2022-1488</cvename>
<cvename>CVE-2022-1489</cvename>
<cvename>CVE-2022-1490</cvename>
<cvename>CVE-2022-1491</cvename>
<cvename>CVE-2022-1492</cvename>
<cvename>CVE-2022-1493</cvename>
<cvename>CVE-2022-1494</cvename>
<cvename>CVE-2022-1495</cvename>
<cvename>CVE-2022-1496</cvename>
<cvename>CVE-2022-1497</cvename>
<cvename>CVE-2022-1498</cvename>
<cvename>CVE-2022-1499</cvename>
<cvename>CVE-2022-1500</cvename>
<cvename>CVE-2022-1501</cvename>
<url>https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html</url>
</references>
<dates>
<discovery>2022-04-26</discovery>
<entry>2022-04-28</entry>
</dates>
</vuln>
<vuln vid="cc42db1c-c65f-11ec-ad96-0800270512f4">
<topic>redis -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>redis</name>
<range><lt>6.2.7</lt></range>
</package>
<package>
<name>redis-devel</name>
<range><lt>7.0.0.20220428</lt></range>
</package>
<package>
<name>redis62</name>
<range><lt>6.2.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Aviv Yahav reports:</p>
<blockquote cite="https://groups.google.com/g/redis-db/c/7iWUlwtoDqU">
<dl>
<dt>CVE-2022-24735</dt>
<dd>
By exploiting weaknesses in the Lua script execution
environment, an attacker with access to Redis can inject
Lua code that will execute with the (potentially higher)
privileges of another Redis user.
</dd>
<dt>CVE-2022-24736</dt>
<dd>
An attacker attempting to load a specially crafted Lua
script can cause NULL pointer dereference which will
result with a crash of the redis-server process.
</dd>
</dl>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-24735</cvename>
<cvename>CVE-2022-24736</cvename>
<url>https://groups.google.com/g/redis-db/c/7iWUlwtoDqU</url>
</references>
<dates>
<discovery>2022-04-27</discovery>
<entry>2022-04-27</entry>
</dates>
</vuln>
<vuln vid="17a30a24-c579-11ec-bbbd-0800270512f4">
<topic>eb -- Potential buffer overrun vulnerability</topic>
<affects>
<package>
<name>ja-eb</name>
<range><lt>4.4.3_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Kazuhiro Ito reports:</p>
<blockquote cite="mailto:edict@ring.gr.jp">
<p>Potential buffer overrun vulnerability is found in eb/multiplex.c.</p>
</blockquote>
</body>
</description>
<references>
<url>mailto:edict@ring.gr.jp</url>
</references>
<dates>
<discovery>2022-04-25</discovery>
<entry>2022-04-26</entry>
</dates>
</vuln>
<vuln vid="a00c76d9-0c05-4d99-bef7-ae4521cb2a4d">
<topic>zeek -- potential DoS vulnerabilty</topic>
<affects>
<package>
<name>zeek</name>
<range><lt>4.0.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tim Wojtulewicz of Corelight reports:</p>
<blockquote cite="https://github.com/zeek/zeek/releases/tag/v4.0.6">
<p> Fix potential unbounded state growth in the FTP
analyzer when receiving a specially-crafted stream of
commands. This may lead to a buffer overflow and cause
Zeek to crash. Due to the possibility of this happening
with packets received from the network, this is a potential
DoS vulnerabilty. </p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/zeek/zeek/releases/tag/v4.0.6</url>
</references>
<dates>
<discovery>2022-04-21</discovery>
<entry>2022-04-21</entry>
</dates>
</vuln>
<vuln vid="b019585a-bfea-11ec-b46c-b42e991fc52e">
<topic>zgrep -- arbitrary file write</topic>
<affects>
<package>
<name>gzip</name>
<range><lt>1.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>RedHat reports:</p>
<blockquote cite="https://access.redhat.com/security/cve/cve-2022-1271">
<p>An arbitrary file write vulnerability was found in GNU
gzip's zgrep utility. When zgrep is applied on the
attacker's chosen file name (for example, a crafted
file name), this can overwrite an attacker's content
to an arbitrary attacker-selected file. This flaw
occurs due to insufficient validation when processing
filenames with two or more newlines where selected
content and the target file names are embedded in
crafted multi-line file names. This flaw allows a
remote, low privileged attacker to force zgrep to
write arbitrary files on the system.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1271</cvename>
<url>https://bugzilla.redhat.com/show_bug.cgi?id=2073310</url>
</references>
<dates>
<discovery>2022-04-07</discovery>
<entry>2022-04-19</entry>
</dates>
</vuln>
<vuln vid="2a314635-be46-11ec-a06f-d4c9ef517024">
<topic>Nextcloud Calendar -- SMTP Command Injection</topic>
<affects>
<package>
<name>nextcloud-calendar</name>
<range><lt>3.2.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p> reports:</p>
<blockquote cite="https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8xv5-4855-24qf">
<p>SMTP Command Injection in Appointment Emails via Newlines: as newlines
and special characters are not sanitized in the email value in the JSON
request, a malicious attacker can inject newlines to break out of the
`RCPT TO:&lt;BOOKING USER'S EMAIL&gt;` SMTP command and begin injecting
arbitrary SMTP commands.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-24838</cvename>
<url>https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8xv5-4855-24qf</url>
</references>
<dates>
<discovery>2022-04-11</discovery>
<entry>2022-04-17</entry>
</dates>
</vuln>
<vuln vid="add683be-bd76-11ec-a06f-d4c9ef517024">
<topic>MySQL -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>mysql57-server</name>
<range><lt>5.7.38</lt></range>
</package>
<package>
<name>mysql80-client</name>
<range><lt>8.0.29</lt></range>
</package>
<package>
<name>mysql80-server</name>
<range><lt>8.0.29</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Oracle reports:</p>
<blockquote cite="https://www.oracle.com/security-alerts/cpuapr2022.html">
<p>The 2022 April Critical Patch Update contains 43 new security
patches for Oracle MySQL. 11 of these vulnerabilities may be
remotely exploitable without authentication, i.e., may be
exploited over a network without requiring user credentials.</p>
</blockquote>
</body>
</description>
<references>
<url>https://www.oracle.com/security-alerts/cpuapr2022.html</url>
<cvename>CVE-2022-0778</cvename>
<cvename>CVE-2021-22570</cvename>
<cvename>CVE-2022-0778</cvename>
<cvename>CVE-2022-21454</cvename>
<cvename>CVE-2022-21482</cvename>
<cvename>CVE-2022-21483</cvename>
<cvename>CVE-2022-21489</cvename>
<cvename>CVE-2022-21490</cvename>
<cvename>CVE-2022-21457</cvename>
<cvename>CVE-2022-21425</cvename>
<cvename>CVE-2022-21440</cvename>
<cvename>CVE-2022-21459</cvename>
<cvename>CVE-2022-21478</cvename>
<cvename>CVE-2022-21479</cvename>
<cvename>CVE-2022-21418</cvename>
<cvename>CVE-2022-21417</cvename>
<cvename>CVE-2022-21413</cvename>
<cvename>CVE-2022-21427</cvename>
<cvename>CVE-2022-21412</cvename>
<cvename>CVE-2022-21414</cvename>
<cvename>CVE-2022-21435</cvename>
<cvename>CVE-2022-21436</cvename>
<cvename>CVE-2022-21437</cvename>
<cvename>CVE-2022-21438</cvename>
<cvename>CVE-2022-21452</cvename>
<cvename>CVE-2022-21462</cvename>
<cvename>CVE-2022-21415</cvename>
<cvename>CVE-2022-21451</cvename>
<cvename>CVE-2022-21444</cvename>
<cvename>CVE-2022-21460</cvename>
<cvename>CVE-2022-21484</cvename>
<cvename>CVE-2022-21485</cvename>
<cvename>CVE-2022-21486</cvename>
<cvename>CVE-2022-21423</cvename>
</references>
<dates>
<discovery>2022-04-16</discovery>
<entry>2022-04-16</entry>
<modified>2022-05-23</modified>
</dates>
</vuln>
<vuln vid="a25ea27b-bced-11ec-87b5-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>100.0.4896.127</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html">
<p>This release contains 2 security fixes, including:</p>
<ul>
<li>[1315901] High CVE-2022-1364: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2022-0-13</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1364</cvename>
<url>https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html</url>
</references>
<dates>
<discovery>2022-04-14</discovery>
<entry>2022-04-15</entry>
</dates>
</vuln>
<vuln vid="a5de43ed-bc49-11ec-b516-0897988a1c07">
<topic>Asterisk -- func_odbc: Possible SQL Injection</topic>
<affects>
<package>
<name>asterisk16</name>
<range><lt>16.25.2</lt></range>
</package>
<package>
<name>asterisk18</name>
<range><lt>18.11.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk project reports:</p>
<blockquote cite="https://www.asterisk.org/downloads/security-advisories/">
<p>Some databases can use backslashes to escape certain
characters, such as backticks. If input is provided to
func_odbc which includes backslashes it is possible for
func_odbc to construct a broken SQL query and the SQL
query to fail.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-26651</cvename>
<url>https://downloads.asterisk.org/pub/security/AST-2022-003.html</url>
</references>
<dates>
<discovery>2022-04-14</discovery>
<entry>2022-04-14</entry>
</dates>
</vuln>
<vuln vid="8838abf0-bc47-11ec-b516-0897988a1c07">
<topic>Asterisk -- multiple vulnerabilities</topic>
<affects>
<package>
<name>asterisk16</name>
<range><gt>16.15.0</gt><lt>16.25.2</lt></range>
</package>
<package>
<name>asterisk18</name>
<range><lt>18.11.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk project reports:</p>
<blockquote cite="https://www.asterisk.org/downloads/security-advisories/">
<p>AST-2022-001 - When using STIR/SHAKEN, its possible
to download files that are not certificates. These files
could be much larger than what you would expect to
download.</p>
<p>AST-2022-002 - When using STIR/SHAKEN, its possible
to send arbitrary requests like GET to interfaces such
as localhost using the Identity header.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-26498</cvename>
<url>https://downloads.asterisk.org/pub/security/AST-2022-001.html</url>
<cvename>CVE-2022-26499</cvename>
<url>https://downloads.asterisk.org/pub/security/AST-2022-002.html</url>
</references>
<dates>
<discovery>2022-04-14</discovery>
<entry>2022-04-14</entry>
</dates>
</vuln>
<vuln vid="24a9bd2b-bb43-11ec-af81-0897988a1c07">
<topic>Composer -- Command injection vulnerability</topic>
<affects>
<package>
<name>php74-composer</name>
<name>php80-composer</name>
<name>php81-composer</name>
<range><lt>1.10.26</lt></range>
</package>
<package>
<name>php74-composer2</name>
<name>php80-composer2</name>
<name>php81-composer2</name>
<range><ge>2.0.0</ge><lt>2.2.12</lt></range>
<range><ge>2.3.0</ge><lt>2.3.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Composer developers reports:</p>
<blockquote cite="https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6">
<p>The Composer method VcsDriver::getFileContent() with
user-controlled $file or $identifier arguments is susceptible
to an argument injection vulnerability. It can be leveraged
to gain arbitrary command execution if the Mercurial or
the Git driver are used.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-24828</cvename>
<url>https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6</url>
</references>
<dates>
<discovery>2022-04-13</discovery>
<entry>2022-04-13</entry>
</dates>
</vuln>
<vuln vid="3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2">
<topic>Subversion -- Multiple vulnerabilities in server code</topic>
<affects>
<package>
<name>subversion</name>
<range><ge>1.10.0</ge><lt>1.10.8</lt></range>
<range><ge>1.11.0</ge><lt>1.14.2</lt></range>
</package>
<package>
<name>mod_dav_svn</name>
<range><ge>1.10.0</ge><lt>1.10.8</lt></range>
<range><ge>1.11.0</ge><lt>1.14.2</lt></range>
</package>
<package>
<name>subversion-lts</name>
<range><ge>1.10.0</ge><lt>1.10.8</lt></range>
</package>
<package>
<name>mod_dav_svn-lts</name>
<range><ge>1.10.0</ge><lt>1.10.8</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Subversion project reports:</p>
<blockquote cite="https://subversion.apache.org/security/CVE-2021-28544-advisory.txt">
<p>
Subversion servers reveal 'copyfrom' paths that should be hidden according
to configured path-based authorization (authz) rules. When a node has been
copied from a protected location, users with access to the copy can see the
'copyfrom' path of the original. This also reveals the fact that the node
was copied. Only the 'copyfrom' path is revealed; not its contents. Both
httpd and svnserve servers are vulnerable.
</p>
</blockquote>
<blockquote cite="https://subversion.apache.org/security/CVE-2022-24070-advisory.txt">
<p>
While looking up path-based authorization rules, mod_dav_svn servers
may attempt to use memory which has already been freed.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-28544</cvename>
<cvename>CVE-2022-24070</cvename>
<url>https://subversion.apache.org/security/CVE-2021-28544-advisory.txt</url>
<url>https://subversion.apache.org/security/CVE-2022-24070-advisory.txt</url>
</references>
<dates>
<discovery>2022-04-12</discovery>
<entry>2022-04-13</entry>
</dates>
</vuln>
<vuln vid="06ed6a49-bad4-11ec-9cfe-0800270512f4">
<topic>Ruby -- Buffer overrun in String-to-Float conversion</topic>
<affects>
<package>
<name>ruby</name>
<range><ge>2.7.0,1</ge><lt>2.7.6,1</lt></range>
<range><ge>3.0.0,1</ge><lt>3.0.4,1</lt></range>
<range><ge>3.1.0,1</ge><lt>3.1.2,1</lt></range>
<range><ge>3.2.0.p1,1</ge><lt>3.2.0.p1_1,1</lt></range>
</package>
<package>
<name>ruby27</name>
<range><ge>2.7.0,1</ge><lt>2.7.6,1</lt></range>
</package>
<package>
<name>ruby30</name>
<range><ge>3.0.0,1</ge><lt>3.0.4,1</lt></range>
</package>
<package>
<name>ruby31</name>
<range><ge>3.1.0,1</ge><lt>3.1.2,1</lt></range>
</package>
<package>
<name>ruby32</name>
<range><ge>3.2.0.p1,1</ge><lt>3.2.0.p1_1,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>piao reports:</p>
<blockquote cite="https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/">
<p>
Due to a bug in an internal function that converts a String
to a Float, some convertion methods like <code>Kernel#Float</code>
and <code>String#to_f</code> could cause buffer over-read.
A typical consequence is a process termination due to
segmentation fault, but in a limited circumstances, it may
be exploitable for illegal memory read.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-28739</cvename>
<url>https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/</url>
</references>
<dates>
<discovery>2022-04-12</discovery>
<entry>2022-04-13</entry>
</dates>
</vuln>
<vuln vid="f22144d7-bad1-11ec-9cfe-0800270512f4">
<topic>Ruby -- Double free in Regexp compilation</topic>
<affects>
<package>
<name>ruby</name>
<range><ge>3.0.0,1</ge><lt>3.0.4,1</lt></range>
<range><ge>3.1.0,1</ge><lt>3.1.2,1</lt></range>
<range><ge>3.2.0.p1,1</ge><lt>3.2.0.p1_1,1</lt></range>
</package>
<package>
<name>ruby30</name>
<range><ge>3.0.0,1</ge><lt>3.0.4,1</lt></range>
</package>
<package>
<name>ruby31</name>
<range><ge>3.1.0,1</ge><lt>3.1.2,1</lt></range>
</package>
<package>
<name>ruby32</name>
<range><ge>3.2.0.p1,1</ge><lt>3.2.0.p1_1,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>piao reports:</p>
<blockquote cite="https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/">
<p>
Due to a bug in the Regexp compilation process, creating
a Regexp object with a crafted source string could cause
the same memory to be freed twice. This is known as a
&quot;double free&quot; vulnerability. Note that, in general, it
is considered unsafe to create and use a Regexp object
generated from untrusted input. In this case, however,
following a comprehensive assessment, we treat this issue
as a vulnerability.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-28738</cvename>
<url>https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/</url>
</references>
<dates>
<discovery>2022-04-12</discovery>
<entry>2022-04-13</entry>
</dates>
</vuln>
<vuln vid="6eb9cf14-bab0-11ec-8f59-4437e6ad11c4">
<topic>mutt -- mutt_decode_uuencoded() can read past the of the input line</topic>
<affects>
<package>
<name>mutt</name>
<range><lt>2.2.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Tavis Ormandy reports:</p>
<blockquote cite="https://gitlab.com/muttmua/mutt/-/issues/404">
<p>mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1328</cvename>
<url>https://gitlab.com/muttmua/mutt/-/issues/404</url>
</references>
<dates>
<discovery>2022-04-04</discovery>
<entry>2022-04-12</entry>
</dates>
</vuln>
<vuln vid="b582a85a-ba4a-11ec-8d1e-3065ec8fd3ec">
<topic>Chromium -- mulitple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>100.0.4896.88</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html">
<p>This release contains 11 security fixes, including:</p>
<ul>
<li>[1285234] High CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07</li>
<li>[1299287] High CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21</li>
<li>[1301873] High CVE-2022-1307: Inappropriate implementation in full screen. Reported by Irvan Kurniawan (sourc7) on 2022-03-01</li>
<li>[1283050] High CVE-2022-1308: Use after free in BFCache. Reported by Samet Bekmezci (@sametbekmezci) on 2021-12-28</li>
<li>[1106456] High CVE-2022-1309: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-07-17</li>
<li>[1307610] High CVE-2022-1310: Use after free in regular expressions. Reported by Brendon Tiszka on 2022-03-18</li>
<li>[1310717] High CVE-2022-1311: Use after free in Chrome OS shell. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-03-28</li>
<li>[1311701] High CVE-2022-1312: Use after free in storage. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2022-03-30</li>
<li>[1270539] Medium CVE-2022-1313: Use after free in tab groups. Reported by Thomas Orlita on 2021-11-16</li>
<li>[1304658] Medium CVE-2022-1314: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-03-09</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1305</cvename>
<cvename>CVE-2022-1306</cvename>
<cvename>CVE-2022-1307</cvename>
<cvename>CVE-2022-1308</cvename>
<cvename>CVE-2022-1309</cvename>
<cvename>CVE-2022-1310</cvename>
<cvename>CVE-2022-1311</cvename>
<cvename>CVE-2022-1312</cvename>
<cvename>CVE-2022-1313</cvename>
<cvename>CVE-2022-1314</cvename>
<url>https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html</url>
</references>
<dates>
<discovery>2022-04-11</discovery>
<entry>2022-04-12</entry>
</dates>
</vuln>
<vuln vid="0db46f84-b9fa-11ec-89df-080027240888">
<topic>Django -- multiple vulnerabilities</topic>
<affects>
<package>
<name>py37-django22</name>
<name>py38-django22</name>
<name>py39-django22</name>
<name>py310-django22</name>
<range><lt>2.2.28</lt></range>
</package>
<package>
<name>py37-django32</name>
<name>py38-django32</name>
<name>py39-django32</name>
<name>py310-django32</name>
<range><lt>3.2.13</lt></range>
</package>
<package>
<name>py38-django40</name>
<name>py39-django40</name>
<name>py310-django40</name>
<range><lt>4.0.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Django Release reports:</p>
<blockquote cite="https://www.djangoproject.com/weblog/2022/apr/11/security-releases/">
<p>CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra().</p>
<p>CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-28346</cvename>
<cvename>CVE-2022-28347</cvename>
<url>https://www.djangoproject.com/weblog/2022/apr/11/security-releases/</url>
</references>
<dates>
<discovery>2022-04-02</discovery>
<entry>2022-04-12</entry>
</dates>
</vuln>
<vuln vid="38f2e3a0-b61e-11ec-9ebc-1c697aa5a594">
<topic>FreeBSD -- zlib compression out-of-bounds write</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>13.0</ge><lt>13.0_11</lt></range>
<range><ge>12.3</ge><lt>12.3_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>Certain inputs can cause zlib's compression routine to overwrite an
internal buffer with compressed data. This issue may require the use
of uncommon or non-default compression parameters.</p>
<h1>Impact:</h1>
<p>The out-of-bounds write may result in memory corruption and an
application crash or kernel panic.</p>
</body>
</description>
<references>
<cvename>CVE-2018-25032</cvename>
<freebsdsa>SA-22:08.zlib</freebsdsa>
</references>
<dates>
<discovery>2022-04-06</discovery>
<entry>2022-04-07</entry>
</dates>
</vuln>
<vuln vid="d4cc994f-b61d-11ec-9ebc-1c697aa5a594">
<topic>FreeBSD -- 802.11 heap buffer overflow</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>13.0</ge><lt>13.0_11</lt></range>
<range><ge>12.3</ge><lt>12.3_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>The 802.11 beacon handling routine failed to validate the length of
an IEEE 802.11s Mesh ID before copying it to a heap-allocated
buffer.</p>
<h1>Impact:</h1>
<p>While a FreeBSD Wi-Fi client is in scanning mode (i.e., not
associated with a SSID) a malicious beacon frame may overwrite kernel
memory, leading to remote code execution.</p>
</body>
</description>
<references>
<cvename>CVE-2022-23088</cvename>
<freebsdsa>SA-22:07.wifi_meshid</freebsdsa>
</references>
<dates>
<discovery>2022-04-06</discovery>
<entry>2022-04-07</entry>
</dates>
</vuln>
<vuln vid="703c4761-b61d-11ec-9ebc-1c697aa5a594">
<topic>FreeBSD -- mpr/mps/mpt driver ioctl heap out-of-bounds write</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>13.0</ge><lt>13.0_11</lt></range>
<range><ge>12.3</ge><lt>12.3_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and
mpt drivers allocated a buffer of a caller-specified size, but
copied to it a fixed size header. Other heap content would be
overwritten if the specified size was too small.</p>
<h1>Impact:</h1>
<p>Users with access to the mpr, mps or mpt device node may overwrite
heap data, potentially resulting in privilege escalation. Note that
the device node is only accessible to root and members of the operator
group.</p>
</body>
</description>
<references>
<cvename>CVE-2022-23086</cvename>
<freebsdsa>SA-22:06.ioctl</freebsdsa>
</references>
<dates>
<discovery>2022-04-06</discovery>
<entry>2022-04-07</entry>
</dates>
</vuln>
<vuln vid="ba796b98-b61c-11ec-9ebc-1c697aa5a594">
<topic>FreeBSD -- Bhyve e82545 device emulation out-of-bounds write</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>13.0</ge><lt>13.0_11</lt></range>
<range><ge>12.3</ge><lt>12.3_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>The e1000 network adapters permit a variety of modifications to an
Ethernet packet when it is being transmitted. These include the
insertion of IP and TCP checksums, insertion of an Ethernet VLAN
header, and TCP segmentation offload ("TSO"). The e1000 device model
uses an on-stack buffer to generate the modified packet header when
simulating these modifications on transmitted packets.</p>
<p>When checksum offload is requested for a transmitted packet, the
e1000 device model used a guest-provided value to specify the checksum
offset in the on-stack buffer. The offset was not validated for
certain packet types.</p>
<h1>Impact:</h1>
<p>A misbehaving bhyve guest could overwrite memory in the bhyve
process on the host, possibly leading to code execution in the host
context.</p>
<p>The bhyve process runs in a Capsicum sandbox, which (depending on
the FreeBSD version and bhyve configuration) limits the impact of
exploiting this issue.</p>
</body>
</description>
<references>
<cvename>CVE-2022-23087</cvename>
<freebsdsa>SA-22:05.bhyve</freebsdsa>
</references>
<dates>
<discovery>2022-04-06</discovery>
<entry>2022-04-07</entry>
</dates>
</vuln>
<vuln vid="27d39055-b61b-11ec-9ebc-1c697aa5a594">
<topic>FreeBSD -- Potential jail escape vulnerabilities in netmap</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>13.0</ge><lt>13.0_11</lt></range>
<range><ge>12.3</ge><lt>12.3_5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>The total size of the user-provided nmreq to nmreq_copyin() was
first computed and then trusted during the copyin. This
time-of-check to time-of-use bug could lead to kernel memory
corruption. [CVE-2022-23084]</p>
<p>A user-provided integer option was passed to nmreq_copyin() without
checking if it would overflow. This insufficient bounds checking
could lead to kernel memory corruption. [CVE-2022-23085]</p>
<h1>Impact:</h1>
<p>On systems configured to include netmap in their devfs_ruleset, a
privileged process running in a jail can affect the host
environment.</p>
</body>
</description>
<references>
<cvename>CVE-2022-23084</cvename>
<cvename>CVE-2022-23085</cvename>
<freebsdsa>SA-22:04.netmap</freebsdsa>
</references>
<dates>
<discovery>2022-04-06</discovery>
<entry>2022-04-07</entry>
</dates>
</vuln>
<vuln vid="fe15f30a-b4c9-11ec-94a3-3065ec8fd3ec">
<topic>chromium -- Type confusion in V8</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>100.0.4896.75</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html">
<p>This release includes one security fix:</p>
<ul>
<li>[1311641] High CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1232</cvename>
<url>https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2022-04-04</discovery>
<entry>2022-04-05</entry>
</dates>
</vuln>
<vuln vid="8657eedd-b423-11ec-9559-001b217b3468">
<topic>Gitlab -- multiple vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<range><ge>14.9.0</ge><lt>14.9.2</lt></range>
<range><ge>14.8.0</ge><lt>14.8.5</lt></range>
<range><ge>0</ge><lt>14.7.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/">
<p>Static passwords inadvertently set during OmniAuth-based registration</p>
<p>Stored XSS in notes</p>
<p>Stored XSS on Multi-word milestone reference</p>
<p>Denial of service caused by a specially crafted RDoc file</p>
<p>GitLab Pages access tokens can be reused on multiple domains</p>
<p>GitLab Pages uses default (disabled) server Timeouts and a weak TCP Keep-Alive timeout</p>
<p>Incorrect include in pipeline definition exposes masked CI variables in UI</p>
<p>Regular expression denial of service in release asset link</p>
<p>Latest Commit details from private projects leaked to guest users via Merge Requests</p>
<p>CI/CD analytics are available even when public pipelines are disabled</p>
<p>Absence of limit for the number of tags that can be added to a runner can cause performance issues</p>
<p>Client DoS through rendering crafted comments</p>
<p>Blind SSRF Through Repository Mirroring</p>
<p>Bypass of branch restriction in Asana integration</p>
<p>Readable approval rules by Guest user</p>
<p>Redact InvalidURIError error messages</p>
<p>Project import maps members' created_by_id users based on source user ID</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1162</cvename>
<cvename>CVE-2022-1175</cvename>
<cvename>CVE-2022-1190</cvename>
<cvename>CVE-2022-1185</cvename>
<cvename>CVE-2022-1148</cvename>
<cvename>CVE-2022-1121</cvename>
<cvename>CVE-2022-1120</cvename>
<cvename>CVE-2022-1100</cvename>
<cvename>CVE-2022-1193</cvename>
<cvename>CVE-2022-1105</cvename>
<cvename>CVE-2022-1099</cvename>
<cvename>CVE-2022-1174</cvename>
<cvename>CVE-2022-1188</cvename>
<cvename>CVE-2022-0740</cvename>
<cvename>CVE-2022-1189</cvename>
<cvename>CVE-2022-1157</cvename>
<cvename>CVE-2022-1111</cvename>
<url>https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/</url>
</references>
<dates>
<discovery>2022-03-31</discovery>
<entry>2022-04-04</entry>
</dates>
</vuln>
<vuln vid="79ea6066-b40e-11ec-8b93-080027b24e86">
<topic>mediawiki -- multiple vulnerabilities</topic>
<affects>
<package>
<name>mediawiki135</name>
<range><lt>1.35.6</lt></range>
</package>
<package>
<name>mediawiki136</name>
<range><lt>1.36.4</lt></range>
</package>
<package>
<name>mediawiki137</name>
<range><lt>1.37.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Mediawiki reports:</p>
<blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/">
<p>(T297543, CVE-2022-28202) Messages widthheight/widthheightpage/nbytes not
escaped when used in galleries or Special:RevisionDelete.</p>
<p>(T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite
recursion loop if it points to a local interwiki.</p>
<p>(T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many
file uploads with actor as a condition can result in a DoS.</p>
<p>(T297754, CVE-2022-28204) Special:WhatLinksHere can result in a DoS when
a page is used on a extremely large number of other pages.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-28201</cvename>
<cvename>CVE-2022-28202</cvename>
<cvename>CVE-2022-28203</cvename>
<cvename>CVE-2022-28204</cvename>
<url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/</url>
</references>
<dates>
<discovery>2021-12-12</discovery>
<entry>2022-04-04</entry>
</dates>
</vuln>
<vuln vid="3f321a5a-b33b-11ec-80c2-1bb2c6a00592">
<topic>dnsmasq -- heap use-after-free in dhcp6_no_relay</topic>
<affects>
<package>
<name>dnsmasq</name>
<range><lt>2.86_4,1</lt></range>
</package>
<package>
<name>dnsmasq-devel</name>
<range><lt>2.86_4,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Petr Menšík reports:</p>
<blockquote cite="https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html">
<p>Possible vulnerability [...] found in latest dnsmasq. It [was] found
with help of oss-fuzz Google project by me and short after that
independently also by Richard Johnson of Trellix Threat Labs.</p>
<p>It is affected only by DHCPv6 requests, which could be crafted to
modify already freed memory. [...] We think it might be triggered
remotely, but we do not think it could be used to execute remote
code.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0934</cvename>
<url>https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html</url>
</references>
<dates>
<discovery>2022-03-31</discovery>
<entry>2022-04-03</entry>
</dates>
</vuln>
<vuln vid="83466f76-aefe-11ec-b4b6-d05099c0c059">
<topic>gitea -- Open Redirect on login</topic>
<affects>
<package>
<name>gitea</name>
<range><lt>1.16.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Andrew Thornton reports:</p>
<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1058">
<p>
When a location containing backslashes is presented, the existing
protections against open redirect are bypassed, because browsers
will convert adjacent forward and backslashes within the location
to double forward slashes.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1058</cvename>
<url>https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d/</url>
</references>
<dates>
<discovery>2022-03-23</discovery>
<entry>2022-03-29</entry>
</dates>
</vuln>
<vuln vid="0ff80f41-aefe-11ec-b4b6-d05099c0c059">
<topic>gitea -- Improper/incorrect authorization</topic>
<affects>
<package>
<name>gitea</name>
<range><lt>1.16.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Youssef Rebahi-Gilbert reports:</p>
<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0905">
<p>
When Gitea is built and configured for PAM authentication
it skips checking authorization completely. Therefore expired
accounts and accounts with expired passwords can still login.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0905</cvename>
<url>https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb</url>
</references>
<dates>
<discovery>2022-03-06</discovery>
<entry>2022-03-29</entry>
</dates>
</vuln>
<vuln vid="ab2d7f62-af9d-11ec-a0b8-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>100.0.4896.60</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html">
<p>This release contains 28 security fixes, including:</p>
<ul>
<li>[1292261] High CVE-2022-1125: Use after free in Portals.
Reported by Khalil Zhani on 2022-01-29</li>
<li>[1291891] High CVE-2022-1127: Use after free in QR Code
Generator. Reported by anonymous on 2022-01-28</li>
<li>[1301920] High CVE-2022-1128: Inappropriate implementation in
Web Share API. Reported by Abdel Adim (@smaury92) Oisfi of
Shielder on 2022-03-01</li>
<li>[1300253] High CVE-2022-1129: Inappropriate implementation in
Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on
2022-02-24</li>
<li>[1142269] High CVE-2022-1130: Insufficient validation of
untrusted input in WebOTP. Reported by Sergey Toshin of
Oversecurity Inc. on 2020-10-25</li>
<li>[1297404] High CVE-2022-1131: Use after free in Cast UI.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2022-02-15</li>
<li>[1303410] High CVE-2022-1132: Inappropriate implementation in
Virtual Keyboard. Reported by Andr.Ess on 2022-03-07</li>
<li>[1305776] High CVE-2022-1133: Use after free in WebRTC.
Reported by Anonymous on 2022-03-13</li>
<li>[1308360] High CVE-2022-1134: Type Confusion in V8. Reported by
Man Yue Mo of GitHub Security Lab on 2022-03-21</li>
<li>[1285601] Medium CVE-2022-1135: Use after free in Shopping Cart.
Reported by Wei Yuan of MoyunSec VLab on 2022-01-09</li>
<li>[1280205] Medium CVE-2022-1136: Use after free in Tab Strip.
Reported by Krace on 2021-12-15</li>
<li>[1289846] Medium CVE-2022-1137: Inappropriate implementation in
Extensions. Reported by Thomas Orlita on 2022-01-22</li>
<li>[1246188] Medium CVE-2022-1138: Inappropriate implementation in
Web Cursor. Reported by Alesandro Ortiz on 2021-09-03</li>
<li>[1268541] Medium CVE-2022-1139: Inappropriate implementation in
Background Fetch API. Reported by Maurice Dauer on 2021-11-10</li>
<li>[1303253] Medium CVE-2022-1141: Use after free in File Manager.
Reported by raven at KunLun lab on 2022-03-05</li>
<li>[1303613] Medium CVE-2022-1142: Heap buffer overflow in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-07</li>
<li>[1303615] Medium CVE-2022-1143: Heap buffer overflow in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-07</li>
<li>[1304145] Medium CVE-2022-1144: Use after free in WebUI.
Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2022-03-08</li>
<li>[1304545] Medium CVE-2022-1145: Use after free in Extensions.
Reported by Yakun Zhang of Baidu Security on 2022-03-09</li>
<li>[1290150] Low CVE-2022-1146: Inappropriate implementation in
Resource Timing. Reported by Sohom Datta on 2022-01-23</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1125</cvename>
<cvename>CVE-2022-1127</cvename>
<cvename>CVE-2022-1128</cvename>
<cvename>CVE-2022-1129</cvename>
<cvename>CVE-2022-1130</cvename>
<cvename>CVE-2022-1131</cvename>
<cvename>CVE-2022-1132</cvename>
<cvename>CVE-2022-1133</cvename>
<cvename>CVE-2022-1134</cvename>
<cvename>CVE-2022-1135</cvename>
<cvename>CVE-2022-1136</cvename>
<cvename>CVE-2022-1137</cvename>
<cvename>CVE-2022-1138</cvename>
<cvename>CVE-2022-1139</cvename>
<cvename>CVE-2022-1141</cvename>
<cvename>CVE-2022-1142</cvename>
<cvename>CVE-2022-1143</cvename>
<cvename>CVE-2022-1144</cvename>
<cvename>CVE-2022-1145</cvename>
<cvename>CVE-2022-1146</cvename>
<url>https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html</url>
</references>
<dates>
<discovery>2022-03-29</discovery>
<entry>2022-03-29</entry>
</dates>
</vuln>
<vuln vid="cb84b940-add5-11ec-9bc8-6805ca2fa271">
<topic>powerdns-recursor -- denial of service</topic>
<affects>
<package>
<name>powerdns-recursor</name>
<range><eq>4.6.0</eq></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PowerDNS Team reports:</p>
<blockquote cite="https://www.powerdns.com/news.html#20220325">
<p>PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-27227</cvename>
<url>https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html</url>
</references>
<dates>
<discovery>2022-03-25</discovery>
<entry>2022-03-27</entry>
</dates>
</vuln>
<vuln vid="2cda5c88-add4-11ec-9bc8-6805ca2fa271">
<topic>powerdns -- denial of service</topic>
<affects>
<package>
<name>powerdns</name>
<range><eq>4.6.0</eq></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>PowerDNS Team reports:</p>
<blockquote cite="https://www.powerdns.com/news.html#20220325">
<p>PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-27227</cvename>
<url>https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html</url>
</references>
<dates>
<discovery>2022-03-25</discovery>
<entry>2022-03-27</entry>
</dates>
</vuln>
<vuln vid="323f900d-ac6d-11ec-a0b8-3065ec8fd3ec">
<topic>chromium -- V8 type confusion</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>99.0.4844.84</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html">
<p>This release contains 1 security fix:</p>
<ul>
<li>[1309225] High CVE-2022-1096: Type Confusion in V8. Reported by
anonymous on 2022-03-23</li>
</ul>
<p>Google is aware that an exploit for CVE-2022-1096 exists in the wild.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-1096</cvename>
<url>https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html</url>
</references>
<dates>
<discovery>2022-03-25</discovery>
<entry>2022-03-25</entry>
</dates>
</vuln>
<vuln vid="955f377e-7bc3-11ec-a51c-7533f219d428">
<topic>Security Vulnerability found in ExifTool</topic>
<affects>
<package>
<name>p5-Image-ExifTool</name>
<range><ge>7.44</ge><lt>12.24</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Debian Security Advisory reports:</p>
<blockquote cite="https://www.debian.org/security/2021/dsa-4910">
<p>A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-22204</cvename>
<url>https://www.cvedetails.com/cve/CVE-2021-22204/</url>
</references>
<dates>
<discovery>2021-01-04</discovery>
<entry>2022-03-25</entry>
</dates>
</vuln>
<vuln vid="61f416ff-aa00-11ec-b439-000d3a450398">
<topic>tcpslice -- heap-based use-after-free in extract_slice()</topic>
<affects>
<package>
<name>tcpslice</name>
<range><lt>1.5,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Tcpdump Group reports:</p>
<blockquote cite="https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a">
<p>heap-based use-after-free in extract_slice()</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-41043</cvename>
<url>https://github.com/the-tcpdump-group/tcpslice/issues/11</url>
</references>
<dates>
<discovery>2021-09-13</discovery>
<entry>2022-03-22</entry>
</dates>
</vuln>
<vuln vid="e2af876f-a7c8-11ec-9a2a-002324b2fba8">
<topic>go -- multiple vulnerabilities</topic>
<affects>
<package>
<name>go</name>
<range><lt>1.17.8,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Go project reports:</p>
<blockquote cite="https://github.com/golang/go/issues/51112">
<p>regexp: stack exhaustion compiling deeply nested expressions</p>
<p>On 64-bit platforms, an extremely deeply nested expression can
cause regexp.Compile to cause goroutine stack exhaustion, forcing
the program to exit. Note this applies to very large expressions, on
the order of 2MB.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-24921</cvename>
<url>https://github.com/golang/go/issues/51112</url>
</references>
<dates>
<discovery>2022-02-09</discovery>
<entry>2022-03-19</entry>
</dates>
</vuln>
<vuln vid="45a72180-a640-11ec-a08b-85298243e224">
<topic>openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins</topic>
<affects>
<package>
<name>openvpn</name>
<range><lt>2.5.6</lt></range>
</package>
<package>
<name>openvpn-mbedtls</name>
<range><lt>2.5.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>David Sommerseth reports:</p>
<blockquote cite="https://community.openvpn.net/openvpn/wiki/CVE-2022-0547">
<p>OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials. This issue is resolved in OpenVPN 2.4.12 and v2.5.6.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0547</cvename>
<url>https://community.openvpn.net/openvpn/wiki/CVE-2022-0547</url>
<url>https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256</url>
</references>
<dates>
<discovery>2022-03-10</discovery>
<entry>2022-03-17</entry>
</dates>
</vuln>
<vuln vid="5df757ef-a564-11ec-85fa-a0369f7f7be0">
<topic>wordpress -- multiple issues</topic>
<affects>
<package>
<name>wordpress</name>
<name>fr-wordpress</name>
<range><lt>5.9.2,1</lt></range>
</package>
<package>
<name>de-wordpress</name>
<name>zh_CN-wordpress</name>
<name>th_TW-wordpress</name>
<name>ja-wordpress</name>
<name>ru-wordpress</name>
<range><lt>5.9.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>wordpress developers reports:</p>
<blockquote cite="https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/">
<p>This security and maintenance release features 1 bug fix in addition to 3 security fixes.
Because this is a security release, it is recommended that you update your sites immediately.
All versions since WordPress 3.7 have also been updated.
The security team would like to thank the following people for responsively reporting
vulnerabilities, allowing them to be fixed in this release:
-Melar Dev, for finding a Prototype Pollution Vulnerability in a jQuery dependency
-Ben Bidner of the WordPress security team, for finding a Stored Cross Site Scripting Vulnerability
-Researchers from Johns Hopkins University, for finding a Prototype Pollution Vulnerability in the block editor</p>
</blockquote>
</body>
</description>
<references>
<url>https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/</url>
</references>
<dates>
<discovery>2022-03-11</discovery>
<entry>2022-03-16</entry>
</dates>
</vuln>
<vuln vid="3ba1ca94-a563-11ec-8be6-d4c9ef517024">
<topic>Weechat -- Possible man-in-the-middle attack in TLS connection to servers</topic>
<affects>
<package>
<name>weechat</name>
<range><lt>3.4.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Weechat project reports:</p>
<blockquote cite="https://weechat.org/doc/security/WSA-2022-1/">
<p>After changing the options weechat.network.gnutls_ca_system or
weechat.network.gnutls_ca_user, the TLS verification function is lost.
Consequently, any connection to a server with TLS is made without
verifying the certificate, which could lead to a man-in-the-middle
attack. Connection to IRC servers with TLS is affected, as well as any
connection a server made by a plugin or a script using the function
hook_connect.</p>
</blockquote>
</body>
</description>
<references>
<url>https://weechat.org/doc/security/WSA-2022-1/</url>
</references>
<dates>
<discovery>2022-03-13</discovery>
<entry>2022-03-16</entry>
</dates>
</vuln>
<vuln vid="ea05c456-a4fd-11ec-90de-1c697aa5a594">
<topic>OpenSSL -- Infinite loop in BN_mod_sqrt parsing certificates</topic>
<affects>
<package>
<name>openssl</name>
<range><lt>1.1.1n,1</lt></range>
</package>
<package>
<name>openssl-devel</name>
<range><lt>3.0.2</lt></range>
</package>
<package>
<name>openssl-quictls</name>
<range><lt>3.0.2</lt></range>
</package>
<package>
<name>libressl</name>
<range><lt>3.4.3</lt></range>
</package>
<package>
<name>libressl-devel</name>
<range><lt>3.5.1</lt></range>
</package>
<package>
<name>FreeBSD</name>
<range><ge>13.0</ge><lt>13.0_8</lt></range>
<range><ge>12.3</ge><lt>12.3_3</lt></range>
<range><ge>12.2</ge><lt>12.2_14</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv/20220315.txt">
<p>Infinite loop in BN_mod_sqrt() reachable when parsing certificates
(High)</p>
<p>The BN_mod_sqrt() function, which computes a modular square root,
contains a bug that can cause it to loop forever for non-prime
moduli.</p>
<p>Internally this function is used when parsing certificates that
contain elliptic curve public keys in compressed form or explicit
elliptic curve parameters with a base point encoded in compressed
form.</p>
<p>It is possible to trigger the infinite loop by crafting a
certificate that has invalid explicit curve parameters.</p>
<p>Since certificate parsing happens prior to verification of the
certificate signature, any process that parses an externally
supplied certificate may thus be subject to a denial of service
attack. The infinite loop can also be reached when parsing crafted
private keys as they can contain explicit elliptic curve
parameters.</p>
<p>Thus vulnerable situations include:</p>
<ul>
<li>TLS clients consuming server certificates</li>
<li>TLS servers consuming client certificates</li>
<li>Hosting providers taking certificates or private keys from
customers</li>
<li>Certificate authorities parsing certification requests from
subscribers</li>
<li>Anything else which parses ASN.1 elliptic curve parameters</li>
</ul>
<p>Also any other applications that use the BN_mod_sqrt() where the
attacker can control the parameter values are vulnerable to this DoS
issue.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0778</cvename>
<url>https://www.openssl.org/news/secadv/20220315.txt</url>
<freebsdsa>SA-22:03.openssl</freebsdsa>
</references>
<dates>
<discovery>2022-03-15</discovery>
<entry>2022-03-16</entry>
<modified>2022-03-16</modified>
</dates>
</vuln>
<vuln vid="8d20bd48-a4f3-11ec-90de-1c697aa5a594">
<topic>FreeBSD-kernel -- Multiple WiFi issues</topic>
<affects>
<package>
<name>FreeBSD-kernel</name>
<range><ge>13.0</ge><lt>13.0_8</lt></range>
<range><ge>12.3</ge><lt>12.3_3</lt></range>
<range><ge>12.2</ge><lt>12.2_14</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>The paper "Fragment and Forge: Breaking Wi-Fi Through Frame
Aggregation and Fragmentation" reported a number of security
vulnerabilities in the 802.11 specification related to frame
aggregation and fragmentation.</p>
<p>Additionally, FreeBSD 12.x missed length validation of SSIDs and
Information Elements (IEs).</p>
<h1>Impact:</h1>
<p>As reported on the FragAttacks website, the "design flaws are hard
to abuse because doing so requires user interaction or is only
possible when using uncommon network settings." Under suitable
conditions an attacker may be able to extract sensitive data or inject
data.</p>
</body>
</description>
<references>
<cvename>CVE-2020-26147</cvename>
<cvename>CVE-2020-24588</cvename>
<cvename>CVE-2020-26144</cvename>
<freebsdsa>SA-22:02.wifi</freebsdsa>
</references>
<dates>
<discovery>2022-03-15</discovery>
<entry>2022-03-16</entry>
</dates>
</vuln>
<vuln vid="857be71a-a4b0-11ec-95fc-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>98.0.4844.74</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html">
<p>This release contains 11 security fixes, including:</p>
<ul>
<li>[1299422] Critical CVE-2022-0971: Use after free in Blink
Layout. Reported by Sergei Glazunov of Google Project Zero on
2022-02-21</li>
<li>[1301320] High CVE-2022-0972: Use after free in Extensions.
Reported by Sergei Glazunov of Google Project Zero on
2022-02-28</li>
<li>[1297498] High CVE-2022-0973: Use after free in Safe Browsing.
Reported by avaue and Buff3tts at S.S.L. on 2022-02-15</li>
<li>[1291986] High CVE-2022-0974: Use after free in Splitscreen.
Reported by @ginggilBesel on 2022-01-28</li>
<li>[1295411] High CVE-2022-0975: Use after free in ANGLE. Reported
by SeongHwan Park (SeHwa) on 2022-02-09</li>
<li>[1296866] High CVE-2022-0976: Heap buffer overflow in GPU.
Reported by Omair on 2022-02-13</li>
<li>[1299225] High CVE-2022-0977: Use after free in Browser UI.
Reported by Khalil Zhani on 2022-02-20</li>
<li>[1299264] High CVE-2022-0978: Use after free in ANGLE. Reported
by Cassidy Kim of Amber Security Lab, OPPO Mobile
Telecommunications Corp. Ltd. on 2022-02-20</li>
<li>[1302644] High CVE-2022-0979: Use after free in Safe Browsing.
Reported by anonymous on 2022-03-03</li>
<li>[1302157] Medium CVE-2022-0980: Use after free in New Tab Page.
Reported by Krace on 2022-03-02</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0971</cvename>
<cvename>CVE-2022-0972</cvename>
<cvename>CVE-2022-0973</cvename>
<cvename>CVE-2022-0974</cvename>
<cvename>CVE-2022-0975</cvename>
<cvename>CVE-2022-0976</cvename>
<cvename>CVE-2022-0977</cvename>
<cvename>CVE-2022-0978</cvename>
<cvename>CVE-2022-0979</cvename>
<cvename>CVE-2022-0980</cvename>
<url>https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html</url>
</references>
<dates>
<discovery>2022-03-15</discovery>
<entry>2022-03-15</entry>
</dates>
</vuln>
<vuln vid="6601c08d-a46c-11ec-8be6-d4c9ef517024">
<topic>Apache httpd -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>apache24</name>
<range><lt>2.4.53</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Apache httpd project reports:</p>
<blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html">
<ul>
<li><p>mod_lua: Use of uninitialized value of in r:parsebody (moderate)
(CVE-2022-22719)</p><p>A carefully crafted request body can cause a
read to a random memory area which could cause the process to crash.
</p></li>
<li><p>HTTP request smuggling vulnerability (important) (CVE-2022-22720)
</p><p>httpd fails to close inbound connection when errors are
encountered discarding the request body, exposing the server to HTTP
Request Smuggling</p></li>
<li><p>core: Possible buffer overflow with very large or unlimited
LimitXMLRequestBody (low) (CVE-2022-22721)</p><p>If LimitXMLRequestBody
is set to allow request bodies larger than 350MB (defaults to 1M) on 32
bit systems an integer overflow happens which later causes out of
bounds writes.</p></li>
<li><p>mod_sed: Read/write beyond bounds (important) (CVE-2022-23924)</p>
<p>Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server
allows an attacker to overwrite heap memory with possibly attacker
provided data.</p></li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-22719</cvename>
<cvename>CVE-2022-22720</cvename>
<cvename>CVE-2022-22721</cvename>
<cvename>CVE-2022-23943</cvename>
<url>https://httpd.apache.org/security/vulnerabilities_24.html</url>
</references>
<dates>
<discovery>2022-03-14</discovery>
<entry>2022-03-15</entry>
</dates>
</vuln>
<vuln vid="5aaf534c-a069-11ec-acdc-14dae9d5a9d2">
<topic>Teeworlds -- Buffer Overflow</topic>
<affects>
<package>
<name>teeworlds</name>
<range><lt>0.7.5_2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>NVD reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2021-43518">
<p>Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-43518</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2021-43518</url>
</references>
<dates>
<discovery>2021-10-23</discovery>
<entry>2022-03-10</entry>
</dates>
</vuln>
<vuln vid="2823048d-9f8f-11ec-8c9c-001b217b3468">
<topic>Gitlab -- multiple vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<range><ge>14.8.0</ge><lt>14.8.2</lt></range>
<range><ge>14.7.0</ge><lt>14.7.4</lt></range>
<range><ge>0</ge><lt>14.6.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/">
<p>Runner registration token disclosure through Quick Actions</p>
<p>Unprivileged users can add other users to groups through an API endpoint</p>
<p>Inaccurate display of Snippet contents can be potentially misleading to users</p>
<p>Environment variables can be leaked via the sendmail delivery method</p>
<p>Unauthenticated user enumeration on GraphQL API</p>
<p>Adding a mirror with SSH credentials can leak password</p>
<p>Denial of Service via user comments</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0735</cvename>
<cvename>CVE-2022-0549</cvename>
<cvename>CVE-2022-0751</cvename>
<cvename>CVE-2022-0741</cvename>
<cvename>CVE-2021-4191</cvename>
<cvename>CVE-2022-0738</cvename>
<cvename>CVE-2022-0489</cvename>
<url>https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/</url>
</references>
<dates>
<discovery>2022-02-25</discovery>
<entry>2022-03-09</entry>
</dates>
</vuln>
<vuln vid="964c5460-9c66-11ec-ad3a-001999f8d30b">
<topic>asterisk -- multiple vulnerabilities</topic>
<affects>
<package>
<name>asterisk16</name>
<range><lt>16.24.1</lt></range>
</package>
<package>
<name>asterisk18</name>
<range><lt>18.10.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Asterisk project reports:</p>
<blockquote cite="https://www.asterisk.org/downloads/security-advisories/">
<p>AST-2022-004 - The header length on incoming STUN
messages that contain an ERROR-CODE attribute is not
properly checked. This can result in an integer underflow.
Note, this requires ICE or WebRTC support to be in use
with a malicious remote party.</p>
<p>AST-2022-005 - When acting as a UAC, and when placing
an outgoing call to a target that then forks Asterisk may
experience undefined behavior (crashes, hangs, etc) after
a dialog set is prematurely freed.</p>
<p>AST-2022-006 - If an incoming SIP message contains a
malformed multi-part body an out of bounds read access
may occur, which can result in undefined behavior. Note,
its currently uncertain if there is any externally
exploitable vector within Asterisk for this issue, but
providing this as a security issue out of caution.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-37706</cvename>
<cvename>CVE-2022-23608</cvename>
<cvename>CVE-2022-21723</cvename>
<url>https://downloads.asterisk.org/pub/security/AST-2022-004.html</url>
<url>https://downloads.asterisk.org/pub/security/AST-2022-005.html</url>
<url>https://downloads.asterisk.org/pub/security/AST-2022-006.html</url>
</references>
<dates>
<discovery>2022-03-03</discovery>
<entry>2022-03-05</entry>
</dates>
</vuln>
<vuln vid="e0914087-9a09-11ec-9e61-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>99.0.4844.51</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html">
<p>This release contains 28 security fixes, including:</p>
<ul>
<li>[1289383] High CVE-2022-0789: Heap buffer overflow in ANGLE.
Reported by SeongHwan Park (SeHwa) on 2022-01-21</li>
<li>[1274077] High CVE-2022-0790: Use after free in Cast UI.
Reported by Anonymous on 2021-11-26</li>
<li>[1278322] High CVE-2022-0791: Use after free in Omnibox.
Reported by Zhihua Yao of KunLun Lab on 2021-12-09</li>
<li>[1285885] High CVE-2022-0792: Out of bounds read in ANGLE.
Reported by Jaehun Jeong (@n3sk) of Theori on 2022-01-11</li>
<li>[1291728] High CVE-2022-0793: Use after free in Views. Reported
by Thomas Orlita on 2022-01-28</li>
<li>[1294097] High CVE-2022-0794: Use after free in WebShare.
Reported by Khalil Zhani on 2022-02-04</li>
<li>[1282782] High CVE-2022-0795: Type Confusion in Blink Layout.
Reported by 0x74960 on 2021-12-27</li>
<li>[1295786] High CVE-2022-0796: Use after free in Media. Reported
by Cassidy Kim of Amber Security Lab, OPPO Mobile
Telecommunications Corp. Ltd. on 2022-02-10</li>
<li>[1281908] High CVE-2022-0797: Out of bounds memory access in
Mojo. Reported by Sergei Glazunov of Google Project Zero on
2021-12-21</li>
<li>[1283402] Medium CVE-2022-0798: Use after free in MediaStream.
Reported by Samet Bekmezci @sametbekmezci on 2021-12-30</li>
<li>[1279188] Medium CVE-2022-0799: Insufficient policy enforcement
in Installer. Reported by Abdelhamid Naceri (halov) on
2021-12-12</li>
<li>[1242962] Medium CVE-2022-0800: Heap buffer overflow in Cast UI.
Reported by Khalil Zhani on 2021-08-24</li>
<li>[1231037] Medium CVE-2022-0801: Inappropriate implementation in
HTML parser. Reported by Michal Bentkowski of Securitum on
2021-07-20</li>
<li>[1270052] Medium CVE-2022-0802: Inappropriate implementation in
Full screen mode. Reported by Irvan Kurniawan (sourc7) on
2021-11-14</li>
<li>[1280233] Medium CVE-2022-0803: Inappropriate implementation in
Permissions. Reported by Abdulla Aldoseri on 2021-12-15</li>
<li>[1264561] Medium CVE-2022-0804: Inappropriate implementation in
Full screen mode. Reported by Irvan Kurniawan (sourc7) on
2021-10-29</li>
<li>[1290700] Medium CVE-2022-0805: Use after free in Browser
Switcher. Reported by raven at KunLun Lab on 2022-01-25</li>
<li>[1283434] Medium CVE-2022-0806: Data leak in Canvas. Reported by
Paril on 2021-12-31</li>
<li>[1287364] Medium CVE-2022-0807: Inappropriate implementation in
Autofill. Reported by Alesandro Ortiz on 2022-01-14</li>
<li>[1292271] Medium CVE-2022-0808: Use after free in Chrome OS
Shell. Reported by @ginggilBesel on 2022-01-29</li>
<li>[1293428] Medium CVE-2022-0809: Out of bounds memory access in
WebXR. Reported by @uwu7586 on 2022-02-03</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0789</cvename>
<cvename>CVE-2022-0790</cvename>
<cvename>CVE-2022-0791</cvename>
<cvename>CVE-2022-0792</cvename>
<cvename>CVE-2022-0793</cvename>
<cvename>CVE-2022-0794</cvename>
<cvename>CVE-2022-0795</cvename>
<cvename>CVE-2022-0796</cvename>
<cvename>CVE-2022-0797</cvename>
<cvename>CVE-2022-0798</cvename>
<cvename>CVE-2022-0799</cvename>
<cvename>CVE-2022-0800</cvename>
<cvename>CVE-2022-0801</cvename>
<cvename>CVE-2022-0802</cvename>
<cvename>CVE-2022-0803</cvename>
<cvename>CVE-2022-0804</cvename>
<cvename>CVE-2022-0805</cvename>
<cvename>CVE-2022-0806</cvename>
<cvename>CVE-2022-0807</cvename>
<cvename>CVE-2022-0808</cvename>
<cvename>CVE-2022-0809</cvename>
<url>https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2022-03-01</discovery>
<entry>2022-03-02</entry>
</dates>
</vuln>
<vuln vid="a80c6273-988c-11ec-83ac-080027415d17">
<topic>cyrus-sasl -- Fix off by one error</topic>
<affects>
<package>
<name>cyrus-sasl</name>
<range><ge>2.1.27</ge><lt>2.1.28</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Cyrus SASL 2.1.x Release Notes New in 2.1.28 reports:</p>
<blockquote cite="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">
<p>Fix off by one error</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2019-19906</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906</url>
</references>
<dates>
<discovery>2019-12-19</discovery>
<entry>2022-02-28</entry>
</dates>
</vuln>
<vuln vid="0eab001a-9708-11ec-96c9-589cfc0f81b0">
<topic>typo3 -- XSS vulnerability in svg-sanitize</topic>
<affects>
<package>
<name>typo3-10-php74</name>
<range><lt>10.4.25</lt></range>
</package>
<package>
<name>typo3-11-php74</name>
<name>typo3-11-php80</name>
<name>typo3-11-php81</name>
<range><lt>11.5.7</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The TYPO3 project reports:</p>
<blockquote cite="https://typo3.org/article/typo3-psa-2022-001">
<p>The SVG sanitizer library enshrined/svg-sanitize before version
0.15.0 did not remove HTML elements wrapped in a CDATA section.
As a result, SVG content embedded in HTML (fetched as text/html)
was susceptible to cross-site scripting. Plain SVG files
(fetched as image/svg+xml) were not affected.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-23638</cvename>
<url>https://github.com/typo3/typo3/commit/9940defb21</url>
<url>https://typo3.org/article/typo3-psa-2022-001</url>
</references>
<dates>
<discovery>2022-02-22</discovery>
<entry>2022-02-27</entry>
</dates>
</vuln>
<vuln vid="d71d154a-8b83-11ec-b369-6c3be5272acd">
<topic>Grafana -- Teams API IDOR</topic>
<affects>
<package>
<name>grafana6</name>
<range><ge>6.0.0</ge></range>
</package>
<package>
<name>grafana7</name>
<range><lt>7.5.15</lt></range>
</package>
<package>
<name>grafana8</name>
<range><lt>8.3.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Grafana Labs reports:</p>
<blockquote cite="https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/">
<p>On Jan. 18, an external security researcher, Kürşad ALSAN from <a href="https://www.nspect.io/">NSPECT.IO</a> (<a href="https://twitter.com/nspectio">@nspectio</a> on Twitter), contacted Grafana to disclose an IDOR (Insecure Direct Object Reference) vulnerability on Grafana Teams APIs. This vulnerability only impacts the following API endpoints:</p>
<ul>
<li><strong>/teams/:teamId</strong> - an authenticated attacker can view unintended data by querying for the specific team ID.</li>
<li><strong>/teams/:search</strong> - an authenticated attacker can search for teams and see the total number of available teams, including for those teams that the user does not have access to.</li>
<li><strong>/teams/:teamId/members</strong> - when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.</li>
</ul>
<p>We believe that this vulnerability is rated at CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-21713</cvename>
<url>https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/</url>
</references>
<dates>
<discovery>2022-01-18</discovery>
<entry>2022-02-12</entry>
</dates>
</vuln>
<vuln vid="d4284c2e-8b83-11ec-b369-6c3be5272acd">
<topic>Grafana -- CSRF</topic>
<affects>
<package>
<name>grafana6</name>
<range><ge>6.0.0</ge></range>
</package>
<package>
<name>grafana7</name>
<range><lt>7.5.15</lt></range>
</package>
<package>
<name>grafana8</name>
<range><lt>8.3.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Grafana Labs reports:</p>
<blockquote cite="https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/">
<p>On Jan. 18, security researchers <a href="https://twitter.com/jub0bs">@jub0bs</a> and <a href="https://twitter.com/theabrahack">@abrahack</a> contacted Grafana to <a href="https://jub0bs.com/posts/2022-02-08-cve-2022-21703-writeup/">disclose a CSRF vulnerability</a> which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-21703</cvename>
<url>https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/</url>
</references>
<dates>
<discovery>2022-01-18</discovery>
<entry>2022-02-12</entry>
</dates>
</vuln>
<vuln vid="cecbc674-8b83-11ec-b369-6c3be5272acd">
<topic>Grafana -- XSS</topic>
<affects>
<package>
<name>grafana6</name>
<range><ge>6.0.0</ge></range>
</package>
<package>
<name>grafana7</name>
<range><lt>7.5.15</lt></range>
</package>
<package>
<name>grafana8</name>
<range><lt>8.3.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Grafana Labs reports:</p>
<blockquote cite="https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/">
<p>On Jan. 16, an external security researcher, Jasu Viding contacted Grafana to disclose an XSS vulnerability in the way that Grafana handles data sources. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org. We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-21702</cvename>
<url>https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/</url>
</references>
<dates>
<discovery>2022-01-16</discovery>
<entry>2022-02-12</entry>
</dates>
</vuln>
<vuln vid="7695b0af-958f-11ec-9aa3-4ccc6adda413">
<topic>cryptopp -- ElGamal implementation allows plaintext recovery</topic>
<affects>
<package>
<name>cryptopp</name>
<range><lt>8.6.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Crypto++ 8.6 release notes reports:</p>
<blockquote cite="https://www.cryptopp.com/release860.html">
<p>The ElGamal implementation in Crypto++ through 8.5 allows plaintext
recovery because, during interaction between two cryptographic
libraries, a certain dangerous combination of the prime defined by
the receiver's public key, the generator defined by the receiver's
public key, and the sender's ephemeral exponents can lead to a
cross-configuration attack against OpenPGP.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-40530</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2021-40530</url>
</references>
<dates>
<discovery>2021-09-06</discovery>
<entry>2022-02-24</entry>
</dates>
</vuln>
<vuln vid="5e1440c6-95af-11ec-b320-f8b156b6dcc8">
<topic>flac -- fix encoder bug</topic>
<affects>
<package>
<name>flac</name>
<range><lt>1.3.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The FLAC 1.3.4 release reports:</p>
<blockquote cite="https://xiph.org/flac/changelog.html">
<p>Fix 12 decoder bugs found by oss-fuzz.</p>
<p>Fix encoder bug CVE-2021-0561.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-0561</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0561</url>
</references>
<dates>
<discovery>2022-02-20</discovery>
<entry>2022-02-24</entry>
</dates>
</vuln>
<vuln vid="022dde12-8f4a-11ec-83ac-080027415d17">
<topic>cyrus-sasl -- Escape password for SQL insert/update commands</topic>
<affects>
<package>
<name>cyrus-sasl-sql</name>
<range><ge>2.1.27</ge><lt>2.1.27_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Cyrus SASL 2.1.x Release Notes New in 2.1.28 reports:</p>
<blockquote cite="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">
<p>Escape password for SQL insert/update commands.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-24407</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</url>
</references>
<dates>
<discovery>2022-02-04</discovery>
<entry>2022-02-23</entry>
</dates>
</vuln>
<vuln vid="85d976be-93e3-11ec-aaad-14dae9d5a9d2">
<topic>The Update Framwork -- path traversal vulnerability</topic>
<affects>
<package>
<name>py37-tuf</name>
<name>py38-tuf</name>
<name>py39-tuf</name>
<name>py310-tuf</name>
<name>py311-tuf</name>
<range><le>0.18.1</le></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>NVD reports:</p>
<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2021-41131">
<p>python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to `get_one_valid_targetinfo()`. It occurs because the rolename is used to form the filename, and may contain path traversal characters (ie `../../name.json`). The impact is mitigated by a few facts: It only affects implementations that allow arbitrary rolename selection for delegated targets metadata, The attack requires the ability to A) insert new metadata for the path-traversing role and B) get the role delegated by an existing targets metadata, The written file content is heavily restricted since it needs to be a valid, signed targets file. The file extension is always .json. A fix is available in version 0.19 or newer. There are no workarounds that do not require code changes. Clients can restrict the allowed character set for rolenames, or they can store metadata in files named in a way that is not vulnerable: neither of these approaches is possible without modifying python-tuf.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-41131</cvename>
<url>https://nvd.nist.gov/vuln/detail/CVE-2021-41131</url>
</references>
<dates>
<discovery>2021-10-22</discovery>
<entry>2022-02-22</entry>
</dates>
</vuln>
<vuln vid="1cd565da-455e-41b7-a5b9-86ad8e81e33e">
<topic>seatd-launch -- remove files with escalated privileges with SUID</topic>
<affects>
<package>
<name>seatd</name>
<range><ge>0.6.0</ge><lt>0.6.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Kenny Levinsen reports:</p>
<blockquote cite="https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E">
<p>seatd-launch could use a user-specified socket path instead of the
internally generated socket path, and would unlink the socket path
before use to guard against collision with leftover sockets. This
meant that a caller could freely control what file path would be
unlinked and replaced with a user-owned seatd socket for the duration
of the session.</p>
<p>If seatd-launch had the SUID bit set, this could be used by a
malicious user to remove files with the privileges of the owner of
seatd-launch, which is likely root, and replace it with a user-owned
domain socket.</p>
<p>This does not directly allow retrieving the contents of existing
files, and the user-owned socket file is at the current time not
believed to be directly useful for further exploitation.</p>
</blockquote>
</body>
</description>
<references>
<url>https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E</url>
<cvename>CVE-2022-25643</cvename>
</references>
<dates>
<discovery>2022-02-21</discovery>
<entry>2022-02-21</entry>
<modified>2022-02-22</modified>
</dates>
</vuln>
<vuln vid="43ae57f6-92ab-11ec-81b4-2cf05d620ecc">
<topic>Qt5 -- QProcess unexpected search path</topic>
<affects>
<package>
<name>qt5-core</name>
<range><lt>5.15.2p263_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Qt Company reports:</p>
<blockquote cite="https://lists.qt-project.org/pipermail/announce/2022-February/000333.html">
<p>Recently, the Qt Project's security team was made aware of an issue regarding QProcess and determined it to be a security issue on Unix-based platforms only. We do not believe this to be a considerable risk for applications as the likelihood of it being triggered is minimal.
</p>
<p>Specifically, the problem is around using QProcess to start an application without having an absolute path, and as a result, it depends on it finding it in the PATH environment variable. As a result, it may be possible for an attacker to place their copy of the executable in question inside the working/current directory for the QProcess and have it invoked that instead.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-25255</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25255</url>
</references>
<dates>
<discovery>2022-02-17</discovery>
<entry>2022-02-21</entry>
</dates>
</vuln>
<vuln vid="4d763c65-9246-11ec-9aa3-4ccc6adda413">
<topic>libmysoft -- Heap-based buffer overflow vulnerability</topic>
<affects>
<package>
<name>libmysofa</name>
<range><lt>1.2.1.13</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Zhengjie Du reports:</p>
<blockquote cite="https://huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/">
<p>There are some heap-buffer-overflows in mysofa2json of
libmysofa. They are in function loudness, mysofa_check and
readOHDRHeaderMessageDataLayout.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-3756</cvename>
<url>https://www.huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/</url>
</references>
<dates>
<discovery>2021-09-27</discovery>
<entry>2022-02-20</entry>
</dates>
</vuln>
<vuln vid="27bf9378-8ffd-11ec-8be6-d4c9ef517024">
<topic>MariaDB -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>mariadb103-client</name>
<range><lt>10.3.34</lt></range>
</package>
<package>
<name>mariadb103-server</name>
<range><lt>10.3.34</lt></range>
</package>
<package>
<name>mariadb104-client</name>
<range><lt>10.4.24</lt></range>
</package>
<package>
<name>mariadb104-server</name>
<range><lt>10.4.24</lt></range>
</package>
<package>
<name>mariadb105-client</name>
<range><lt>10.5.15</lt></range>
</package>
<package>
<name>mariadb105-server</name>
<range><lt>10.5.15</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MariaDB reports:</p>
<blockquote cite="https://mariadb.com/kb/en/cve/">
<p>MariaDB reports 5 vulnerabilities in supported versions
resulting from fuzzing tests</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-46661</cvename>
<cvename>CVE-2021-46663</cvename>
<cvename>CVE-2021-46664</cvename>
<cvename>CVE-2021-46665</cvename>
<cvename>CVE-2021-46668</cvename>
<url>https://mariadb.com/kb/en/cve/</url>
<url>https://mariadb.com/kb/en/mdb-10334-rn/</url>
<url>https://mariadb.com/kb/en/mdb-10424-rn/</url>
<url>https://mariadb.com/kb/en/mdb-10515-rn/</url>
</references>
<dates>
<discovery>2022-02-12</discovery>
<entry>2022-02-18</entry>
</dates>
</vuln>
<vuln vid="096ab080-907c-11ec-bb14-002324b2fba8">
<topic>go -- multiple vulnerabilities</topic>
<affects>
<package>
<name>go</name>
<range><lt>1.17.7,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Go project reports:</p>
<blockquote cite="https://github.com/golang/go/issues/50974">
<p>crypto/elliptic: fix IsOnCurve for big.Int values that are not
valid coordinates</p>
<p>Some big.Int values that are not valid field elements (negative or
overflowing) might cause Curve.IsOnCurve to incorrectly return true.
Operating on those values may cause a panic or an invalid curve
operation. Note that Unmarshal will never return such values.</p>
</blockquote>
<blockquote cite="https://github.com/golang/go/issues/50699">
<p>math/big: prevent large memory consumption in Rat.SetString</p>
<p>An attacker can cause unbounded memory growth in a program using
(*Rat).SetString due to an unhandled overflow.</p>
</blockquote>
<blockquote cite="https://github.com/golang/go/issues/35671">
<p>cmd/go: prevent branches from materializing into versions</p>
<p>A branch whose name resembles a version tag (such as "v1.0.0" or
"subdir/v2.0.0-dev") can be considered a valid version by the go
command. Materializing versions from branches might be unexpected
and bypass ACLs that limit the creation of tags but not branches.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-23806</cvename>
<url>https://github.com/golang/go/issues/50974</url>
<cvename>CVE-2022-23772</cvename>
<url>https://github.com/golang/go/issues/50699</url>
<cvename>CVE-2022-23773</cvename>
<url>https://github.com/golang/go/issues/35671</url>
</references>
<dates>
<discovery>2022-02-10</discovery>
<entry>2022-02-18</entry>
</dates>
</vuln>
<vuln vid="e12432af-8e73-11ec-8bc4-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>98.0.4758.102</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html">
<p>This release contains 11 security fixes, including:</p>
<ul>
<li>[1290008] High CVE-2022-0603: Use after free in File Manager.
Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22</li>
<li>[1273397] High CVE-2022-0604: Heap buffer overflow in Tab
Groups. Reported by Krace on 2021-11-24</li>
<li>[1286940] High CVE-2022-0605: Use after free in Webstore API.
Reported by Thomas Orlita on 2022-01-13</li>
<li>[1288020] High CVE-2022-0606: Use after free in ANGLE. Reported
by Cassidy Kim of Amber Security Lab, OPPO Mobile
Telecommunications Corp. Ltd. on 2022-01-17</li>
<li>[1250655] High CVE-2022-0607: Use after free in GPU. Reported by
0x74960 on 2021-09-17</li>
<li>[1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported
by Sergei Glazunov of Google Project Zero on 2021-11-16</li>
<li>[1296150] High CVE-2022-0609: Use after free in Animation.
Reported by Adam Weidemann and Clément Lecigne of Google'
Threat Analysis Group on 2022-02-10</li>
<li>[1285449] Medium CVE-2022-0610: Inappropriate implementation in
Gamepad API. Reported by Anonymous on 2022-01-08</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0603</cvename>
<cvename>CVE-2022-0604</cvename>
<cvename>CVE-2022-0605</cvename>
<cvename>CVE-2022-0606</cvename>
<cvename>CVE-2022-0607</cvename>
<cvename>CVE-2022-0608</cvename>
<cvename>CVE-2022-0609</cvename>
<cvename>CVE-2022-0610</cvename>
<url>https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html</url>
</references>
<dates>
<discovery>2022-02-14</discovery>
<entry>2022-02-15</entry>
</dates>
</vuln>
<vuln vid="24049967-88ec-11ec-88f5-901b0e934d69">
<topic>py-twisted -- cookie and authorization headers are leaked when following cross-origin redirects</topic>
<affects>
<package>
<name>py37-twisted</name>
<name>py38-twisted</name>
<name>py39-twisted</name>
<name>py310-twisted</name>
<range><lt>22.1.0</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Twisted developers report:</p>
<blockquote cite="https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx">
<p> Cookie and Authorization headers are leaked when following cross-origin redirects in <code>twited.web.client.RedirectAgent</code> and <code>twisted.web.client.BrowserLikeRedirectAgent</code>.</p>
</blockquote>
</body>
</description>
<references>
<url>https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx</url>
</references>
<dates>
<discovery>2022-02-07</discovery>
<entry>2022-02-13</entry>
</dates>
</vuln>
<vuln vid="d923fb0c-8c2f-11ec-aa85-0800270512f4">
<topic>zsh -- Arbitrary command execution vulnerability</topic>
<affects>
<package>
<name>zsh</name>
<range><lt>5.8.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p> Marc Cornellà reports:</p>
<blockquote cite="https://zsh.sourceforge.io/releases.html">
<p>
Some prompt expansion sequences, such as %F, support 'arguments'
which are themselves expanded in case they contain colour values,
etc. This additional expansion would trigger PROMPT_SUBST evaluation,
if enabled. This could be abused to execute code the user didn't
expect. e.g., given a certain prompt configuration, an attacker
could trick a user into executing arbitrary code by having them
check out a Git branch with a specially crafted name.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-45444</cvename>
<url>https://zsh.sourceforge.io/releases.html</url>
</references>
<dates>
<discovery>2022-02-12</discovery>
<entry>2022-02-12</entry>
</dates>
</vuln>
<vuln vid="972ba0e8-8b8a-11ec-b369-6c3be5272acd">
<topic>Node.js -- January 2022 Security Releases</topic>
<affects>
<package>
<name>node</name>
<range><ge>12.0.0</ge><lt>12.22.9</lt></range>
<range><ge>14.0.0</ge><lt>14.18.3</lt></range>
<range><ge>16.0.0</ge><lt>16.13.2</lt></range>
<range><ge>17.0.0</ge><lt>17.3.1</lt></range>
</package>
<package>
<name>node16</name>
<range><lt>16.13.2</lt></range>
</package>
<package>
<name>node14</name>
<range><lt>14.18.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Node.js reports:</p>
<blockquote cite="https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/">
<h1>Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)</h1>
<p>Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.</p>
<h1>Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)</h1>
<p>Node.js converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.</p>
<h1>Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)</h1>
<p>Node.js did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.</p>
<h1>Prototype pollution via <code>console.table</code> properties (Low)(CVE-2022-21824)</h1>
<p>Due to the formatting logic of the <code>console.table()</code> function it was not safe to allow user controlled input to be passed to the <code>properties</code> parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be <code>__proto__</code>. The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-44531</cvename>
<cvename>CVE-2021-44532</cvename>
<cvename>CVE-2021-44533</cvename>
<cvename>CVE-2022-21824</cvename>
<url>https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/</url>
</references>
<dates>
<discovery>2022-01-10</discovery>
<entry>2022-02-12</entry>
</dates>
</vuln>
<vuln vid="0b0ad196-1ee8-4a98-89b1-4d5d82af49a9">
<topic>jenkins -- DoS vulnerability in bundled XStream library</topic>
<affects>
<package>
<name>jenkins</name>
<range><lt>2.334</lt></range>
</package>
<package>
<name>jenkins-lts</name>
<range><lt>2.319.3</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jenkins Security Advisory:</p>
<blockquote cite="https://www.jenkins.io/security/advisory/2022-02-09/">
<h1>Description</h1>
<h5>(Medium) SECURITY-2602 / CVE-2021-43859 (upstream issue), CVE-2022-0538 (Jenkins-specific converters)</h5>
<p>DoS vulnerability in bundled XStream library</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-43859</cvename>
<cvename>CVE-2022-0538</cvename>
<url>https://www.jenkins.io/security/advisory/2022-02-09/</url>
</references>
<dates>
<discovery>2022-02-09</discovery>
<entry>2022-02-10</entry>
</dates>
</vuln>
<vuln vid="ff5606f7-8a45-11ec-8be6-d4c9ef517024">
<topic>MariaDB -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>mariadb103-client</name>
<range><lt>10.3.33</lt></range>
</package>
<package>
<name>mariadb103-server</name>
<range><lt>10.3.33</lt></range>
</package>
<package>
<name>mariadb104-client</name>
<range><lt>10.4.23</lt></range>
</package>
<package>
<name>mariadb104-server</name>
<range><lt>10.4.23</lt></range>
</package>
<package>
<name>mariadb105-client</name>
<range><lt>10.5.14</lt></range>
</package>
<package>
<name>mariadb105-server</name>
<range><lt>10.5.14</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>MariaDB reports:</p>
<blockquote cite="https://mariadb.com/kb/en/cve/">
<p>MariaDB reports 5 vulnerabilities in supported versions
without further detailed information.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-24052</cvename>
<cvename>CVE-2022-24051</cvename>
<cvename>CVE-2022-24050</cvename>
<cvename>CVE-2022-24048</cvename>
<cvename>CVE-2021-46659</cvename>
<url>https://mariadb.com/kb/en/cve/</url>
<url>https://mariadb.com/kb/en/mdb-10333-rn/</url>
<url>https://mariadb.com/kb/en/mdb-10423-rn/</url>
<url>https://mariadb.com/kb/en/mdb-10514-rn/</url>
</references>
<dates>
<discovery>2022-02-10</discovery>
<entry>2022-02-10</entry>
<modified>2022-02-17</modified>
</dates>
</vuln>
<vuln vid="fc2a9541-8893-11ec-9d01-80ee73419af3">
<topic>xrdp -- privilege escalation</topic>
<affects>
<package>
<name>xrdp</name>
<range><ge>0.9.17,1</ge><lt>0.9.18.1,1</lt></range>
</package>
<package>
<name>xrdp-devel</name>
<range><ge>0.9.17,1</ge><lt>0.9.18.1,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>xrdp project reports:</p>
<blockquote cite="https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32">
<p>An integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is accessible to a sesman server (listens by default on localhost when installing xrdp, but can be remote if configured otherwise) to execute code as root.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-23613</cvename>
<url>https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32</url>
</references>
<dates>
<discovery>2022-01-23</discovery>
<entry>2022-02-08</entry>
<modified>2022-02-15</modified>
</dates>
</vuln>
<vuln vid="3507bfb3-85d5-11ec-8c9c-001b217b3468">
<topic>Gitlab -- multiple vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<range><ge>14.7.0</ge><lt>14.7.1</lt></range>
<range><ge>14.6.0</ge><lt>14.6.4</lt></range>
<range><ge>0</ge><lt>14.5.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2022/02/03/security-release-gitlab-14-7-1-released/">
<p>Arbitrary POST requests via special HTML attributes in Jupyter Notebooks</p>
<p>DNS Rebinding vulnerability in Irker IRC Gateway integration</p>
<p>Missing certificate validation for external CI services</p>
<p>Blind SSRF Through Project Import</p>
<p>Open redirect vulnerability in Jira Integration</p>
<p>Issue link was disclosing the linked issue</p>
<p>Service desk email accessible by project non-members</p>
<p>Authenticated users can search other users by their private email</p>
<p>"External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request</p>
<p>Deleting packages in bulk from package registries may cause table locks</p>
<p>Autocomplete enabled on specific pages</p>
<p>Possible SSRF due to not blocking shared address space</p>
<p>System notes reveals private project path when Issue is moved to a public project</p>
<p>Timeout for pages using Markdown</p>
<p>Certain branch names could not be protected</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0427</cvename>
<cvename>CVE-2022-0425</cvename>
<cvename>CVE-2022-0123</cvename>
<cvename>CVE-2022-0136</cvename>
<cvename>CVE-2022-0283</cvename>
<cvename>CVE-2022-0390</cvename>
<cvename>CVE-2022-0373</cvename>
<cvename>CVE-2022-0371</cvename>
<cvename>CVE-2021-39943</cvename>
<cvename>CVE-2022-0477</cvename>
<cvename>CVE-2022-0167</cvename>
<cvename>CVE-2022-0249</cvename>
<cvename>CVE-2022-0344</cvename>
<cvename>CVE-2022-0488</cvename>
<cvename>CVE-2021-39931</cvename>
<url>https://about.gitlab.com/releases/2022/02/03/security-release-gitlab-14-7-1-released/</url>
</references>
<dates>
<discovery>2022-02-03</discovery>
<entry>2022-02-04</entry>
</dates>
</vuln>
<vuln vid="e852f43c-846e-11ec-b043-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>98.0.4758.80</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html">
<p>This release contains 27 security fixes, including:</p>
<ul>
<li>[1284584] High CVE-2022-0452: Use after free in Safe Browsing.
Reported by avaue at S.S.L. on 2022-01-05</li>
<li>[1284916] High CVE-2022-0453: Use after free in Reader Mode.
Reported by Rong Jian of VRI on 2022-01-06</li>
<li>[1287962] High CVE-2022-0454: Heap buffer overflow in ANGLE.
Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on
2022-01-17</li>
<li>[1270593] High CVE-2022-0455: Inappropriate implementation in
Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on
2021-11-16</li>
<li>[1289523] High CVE-2022-0456: Use after free in Web Search.
Reported by Zhihua Yao of KunLun Lab on 2022-01-21</li>
<li>[1274445] High CVE-2022-0457: Type Confusion in V8. Reported by
rax of the Group0x58 on 2021-11-29</li>
<li>[1267060] High CVE-2022-0458: Use after free in Thumbnail Tab
Strip. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
2021-11-05</li>
<li>[1244205] High CVE-2022-0459: Use after free in Screen Capture.
Reported by raven (@raid_akame) on 2021-08-28</li>
<li>[1250227] Medium CVE-2022-0460: Use after free in Window Dialog.
Reported by 0x74960 on 2021-09-16</li>
<li>[1256823] Medium CVE-2022-0461: Policy bypass in COOP. Reported
by NDevTK on 2021-10-05</li>
<li>[1270470] Medium CVE-2022-0462: Inappropriate implementation in
Scroll. Reported by Youssef Sammouda on 2021-11-16</li>
<li>[1268240] Medium CVE-2022-0463: Use after free in Accessibility.
Reported by Zhihua Yao of KunLun Lab on 2021-11-09</li>
<li>[1270095] Medium CVE-2022-0464: Use after free in Accessibility.
Reported by Zhihua Yao of KunLun Lab on 2021-11-14</li>
<li>[1281941] Medium CVE-2022-0465: Use after free in Extensions.
Reported by Samet Bekmezci @sametbekmezci on 2021-12-22</li>
<li>[1115460] Medium CVE-2022-0466: Inappropriate implementation in
Extensions Platform. Reported by David Erceg on 2020-08-12</li>
<li>[1239496] Medium CVE-2022-0467: Inappropriate implementation in
Pointer Lock. Reported by Alesandro Ortiz on 2021-08-13</li>
<li>[1252716] Medium CVE-2022-0468: Use after free in Payments.
Reported by Krace on 2021-09-24</li>
<li>[1279531] Medium CVE-2022-0469: Use after free in Cast. Reported
by Thomas Orlita on 2021-12-14</li>
<li>[1269225] Low CVE-2022-0470: Out of bounds memory access in V8.
Reported by Looben Yang on 2021-11-11</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0452</cvename>
<cvename>CVE-2022-0453</cvename>
<cvename>CVE-2022-0454</cvename>
<cvename>CVE-2022-0455</cvename>
<cvename>CVE-2022-0456</cvename>
<cvename>CVE-2022-0457</cvename>
<cvename>CVE-2022-0458</cvename>
<cvename>CVE-2022-0459</cvename>
<cvename>CVE-2022-0460</cvename>
<cvename>CVE-2022-0461</cvename>
<cvename>CVE-2022-0462</cvename>
<cvename>CVE-2022-0463</cvename>
<cvename>CVE-2022-0464</cvename>
<cvename>CVE-2022-0465</cvename>
<cvename>CVE-2022-0466</cvename>
<cvename>CVE-2022-0467</cvename>
<cvename>CVE-2022-0468</cvename>
<cvename>CVE-2022-0469</cvename>
<cvename>CVE-2022-0470</cvename>
<url>https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2022-02-01</discovery>
<entry>2022-02-02</entry>
</dates>
</vuln>
<vuln vid="1d3677a8-9143-42d8-84a3-0585644dff4b">
<topic>h2o -- uninitialised memory access in HTTP3</topic>
<affects>
<package>
<name>h2o-devel</name>
<range><lt>2.3.0.d.20220131</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Emil Lerner reports:</p>
<blockquote cite="https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4">
<p>When receiving QUIC frames in certain order, HTTP/3 server-side
implementation of h2o can be misguided to treat uninitialized
memory as HTTP/3 frames that have been received. When h2o is
used as a reverse proxy, an attacker can abuse this vulnerability
to send internal state of h2o to backend servers controlled by
the attacker or third party. Also, if there is an HTTP endpoint
that reflects the traffic sent from the client, an attacker can
use that reflector to obtain internal state of h2o.</p>
<p>This internal state includes traffic of other connections in
unencrypted form and TLS session tickets.</p>
<p>This vulnerability exists in h2o server with HTTP/3
support, between commit 93af138 and d1f0f65. None of the
released versions of h2o are affected by this vulnerability.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-43848</cvename>
<url>https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4</url>
</references>
<dates>
<discovery>2021-01-31</discovery>
<entry>2022-02-02</entry>
</dates>
</vuln>
<vuln vid="b1b6d623-83e4-11ec-90de-1c697aa5a594">
<topic>FreeBSD -- vt console buffer overflow</topic>
<affects>
<package>
<name>FreeBSD</name>
<range><ge>13.0</ge><lt>13.0_6</lt></range>
<range><ge>12.2</ge><lt>12.2_12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<h1>Problem Description:</h1>
<p>Under certain conditions involving use of the highlight buffer
while text is scrolling on the console, console data may overwrite
data structures associated with the system console or other kernel
memory.</p>
<h1>Impact:</h1>
<p>Users with access to the system console may be able to cause system
misbehaviour.</p>
</body>
</description>
<references>
<cvename>CVE-2021-29632</cvename>
<freebsdsa>SA-22:01.vt</freebsdsa>
</references>
<dates>
<discovery>2022-01-11</discovery>
<entry>2022-02-02</entry>
</dates>
</vuln>
<vuln vid="8579074c-839f-11ec-a3b2-005056a311d1">
<topic>samba -- Multiple Vulnerabilities</topic>
<affects>
<package>
<name>samba413</name>
<range><lt>4.13.17</lt></range>
</package>
<package>
<name>samba414</name>
<range><lt>4.14.12</lt></range>
</package>
<package>
<name>samba415</name>
<range><lt>4.15.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Samba Team reports:</p>
<blockquote cite="https://www.samba.org/samba/history/security.html">
<ul>
<li>CVE-2021-43566: Malicious client using an SMB1 or NFS race to allow
a directory to be created in an area of the server file system not
exported under the share definition.</li>
<li>CVE-2021-44141: Information leak via symlinks of existance of files
or directories outside of the exported share.</li>
<li>CVE-2021-44142: Out-of-bounds heap read/write vulnerability
in VFS module vfs_fruit allows code execution.</li>
<li>CVE-2022-0336: Samba AD users with permission to write to
an account can impersonate arbitrary services.</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-43566</cvename>
<cvename>CVE-2021-44141</cvename>
<cvename>CVE-2021-44142</cvename>
<cvename>CVE-2022-0336</cvename>
<url>https://www.samba.org/samba/security/CVE-2021-43566.html</url>
<url>https://www.samba.org/samba/security/CVE-2021-44141.html</url>
<url>https://www.samba.org/samba/security/CVE-2021-44142.html</url>
<url>https://www.samba.org/samba/security/CVE-2022-0336.html</url>
</references>
<dates>
<discovery>2022-01-31</discovery>
<entry>2022-02-01</entry>
</dates>
</vuln>
<vuln vid="ee26f513-826e-11ec-8be6-d4c9ef517024">
<topic>Rust -- Race condition enabling symlink following</topic>
<affects>
<package>
<name>rust</name>
<range><lt>1.58.1</lt></range>
</package>
<package>
<name>rust-nightly</name>
<range><lt>1.60.0.20220202</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<blockquote cite="https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html">
<p>The Rust Security Response WG was notified that the
std::fs::remove_dir_all standard library function is vulnerable to a
race condition enabling symlink following (CWE-363). An attacker could
use this security issue to trick a privileged program into deleting
files and directories the attacker couldn't otherwise access or
delete.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-21658</cvename>
<url>https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html</url>
</references>
<dates>
<discovery>2022-01-20</discovery>
<entry>2022-01-31</entry>
<modified>2022-02-03</modified>
</dates>
</vuln>
<vuln vid="b0c83e1a-8153-11ec-84f9-641c67a117d8">
<topic>varnish -- Request Smuggling Vulnerability</topic>
<affects>
<package>
<name>varnish6</name>
<range><lt>6.6.2</lt></range>
</package>
<package>
<name>varnish4</name>
<range><lt>4.1.11r6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Varnish Cache Project reports:</p>
<blockquote cite="https://varnish-cache.org/security/VSV00008.html">
<p>A request smuggling attack can be performed on HTTP/1 connections on
Varnish Cache servers. The smuggled request would be treated as an additional
request by the Varnish server, go through normal VCL processing, and injected
as a spurious response on the client connection.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-23959</cvename>
<url>https://varnish-cache.org/security/VSV00008.html</url>
<url>https://docs.varnish-software.com/security/VSV00008/</url>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959</url>
</references>
<dates>
<discovery>2022-01-25</discovery>
<entry>2022-01-29</entry>
</dates>
</vuln>
<vuln vid="b6ef8a53-8062-11ec-9af3-fb232efe4d2e">
<topic>OpenEXR -- Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute</topic>
<affects>
<package>
<name>openexr</name>
<range><lt>3.1.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Cary Phillips reports:</p>
<blockquote cite="https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022">
<p>[OpenEXR Version 3.1.4 is a] patch release that [...]
addresses one public security vulnerability:
CVE-2021-45942 Heap-buffer-overflow in
Imf_3_1::LineCompositeTask::execute [and several]
specific OSS-fuzz issues [...].</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-45942</cvename>
<url>https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022</url>
<url>https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416</url> <!-- reported for dates.discovery below -->
<url>https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41999</url> <!-- reported 2021-12-04 -->
<url>https://github.com/AcademySoftwareFoundation/openexr/pull/1209</url> <!-- fix for CVE-inducing issue -->
</references>
<dates>
<discovery>2021-11-26</discovery>
<entry>2022-01-28</entry>
</dates>
</vuln>
<vuln vid="1aaaa5c6-804d-11ec-8be6-d4c9ef517024">
<topic>OpenSSL -- BN_mod_exp incorrect results on MIPS</topic>
<affects>
<package>
<name>openssl</name>
<range><lt>1.1.1m,1</lt></range>
</package>
<package>
<name>openssl-devel</name>
<range><lt>3.0.1</lt></range>
</package>
<package>
<name>openssl-quictls</name>
<range><lt>3.0.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenSSL project reports:</p>
<blockquote cite="https://www.openssl.org/news/secadv/20220128.txt">
<p>BN_mod_exp may produce incorrect results on MIPS (Moderate)</p>
<p>There is a carry propagation bug in the MIPS32 and MIPS64 squaring
procedure. Many EC algorithms are affected, including some of the
TLS 1.3 default curves. Impact was not analyzed in detail, because the
pre-requisites for attack are considered unlikely and include reusing
private keys. Analysis suggests that attacks against RSA and DSA as a
result of this defect would be very difficult to perform and are not
believed likely. Attacks against DH are considered just feasible
(although very difficult) because most of the work necessary to deduce
information about a private key may be performed offline. The amount
of resources required for such an attack would be significant.
However, for an attack on TLS to be meaningful, the server would have
to share the DH private key among multiple clients, which is no longer
an option since CVE-2016-0701.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-4160</cvename>
<url>https://www.openssl.org/news/secadv/20220128.txt</url>
</references>
<dates>
<discovery>2022-01-28</discovery>
<entry>2022-01-28</entry>
</dates>
</vuln>
<vuln vid="65847d9d-7f3e-11ec-8624-b42e991fc52e">
<topic>mustache - Possible Remote Code Execution</topic>
<affects>
<package>
<name>phpmustache</name>
<range><lt>2.14.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>huntr.dev reports:</p>
<blockquote cite="https://huntr.dev/bounties/a5f5a988-aa52-4443-839d-299a63f44fb7/">
<p>In Mustache.php v2.0.0 through v2.14.0, Sections tag can
lead to arbitrary php code execution even if
strict_callables is true when section value is
controllable.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0323</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0323</url>
</references>
<dates>
<discovery>2022-01-20</discovery>
<entry>2022-01-27</entry>
</dates>
</vuln>
<vuln vid="0f8bf913-7efa-11ec-8c04-2cf05d620ecc">
<topic>polkit -- Local Privilege Escalation</topic>
<affects>
<package>
<name>polkit</name>
<range><lt>0.120_1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Qualys reports:</p>
<blockquote cite="https://seclists.org/oss-sec/2022/q1/80">
<p>We discovered a Local Privilege Escalation (from any user to root) in
polkit's pkexec, a SUID-root program that is installed by default on
every major Linux distribution.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-4034</cvename>
<url>https://seclists.org/oss-sec/2022/q1/80</url>
<freebsdpr>ports/261482</freebsdpr>
</references>
<dates>
<discovery>2022-01-25</discovery>
<entry>2022-01-26</entry>
</dates>
</vuln>
<vuln vid="ccaea96b-7dcd-11ec-93df-00224d821998">
<topic>strongswan - Incorrect Handling of Early EAP-Success Messages</topic>
<affects>
<package>
<name>strongswan</name>
<range><lt>5.9.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Strongswan Release Notes reports:</p>
<blockquote cite="https://github.com/strongswan/strongswan/releases/tag/5.9.5">
<p>Fixed a vulnerability in the EAP client implementation
that was caused by incorrectly handling early EAP-Success
messages. It may allow to bypass the client and in some
scenarios even the server authentication, or could lead to
a denial-of-service attack. This vulnerability has been
registered as CVE-2021-45079.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-45079</cvename>
<url>https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html</url>
</references>
<dates>
<discovery>2021-12-16</discovery>
<entry>2022-01-25</entry>
</dates>
</vuln>
<vuln vid="58528a94-5100-4208-a04d-edc01598cf01">
<topic>strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache</topic>
<affects>
<package>
<name>strongswan</name>
<range><lt>5.9.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Strongswan Release Notes reports:</p>
<blockquote cite="https://github.com/strongswan/strongswan/releases/tag/5.9.4">
<p>Fixed a denial-of-service vulnerability in the gmp plugin that
was caused by an integer overflow when processing RSASSA-PSS
signatures with very large salt lengths. This vulnerability has
been registered as CVE-2021-41990.</p>
<p>Fixed a denial-of-service vulnerability in the in-memory
certificate cache if certificates are replaced and a very large
random value caused an integer overflow. This vulnerability has
been registered as CVE-2021-41991.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-41990</cvename>
<cvename>CVE-2021-41991</cvename>
<url>https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html</url>
<url>https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html</url>
</references>
<dates>
<discovery>2021-10-04</discovery>
<entry>2022-01-25</entry>
</dates>
</vuln>
<vuln vid="309c35f4-7c9f-11ec-a739-206a8a720317">
<topic>aide -- heap-based buffer overflow</topic>
<affects>
<package>
<name>aide</name>
<range><lt>0.17.4</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>David Bouman reports:</p>
<blockquote cite="INSERT URL HERE">
<p>AIDE before 0.17.4 allows local users to obtain root privileges
via crafted file metadata (such as XFS extended attributes or
tmpfs ACLs), because of a heap-based buffer overflow.</p>
<p>Aide uses a fixed size (16k bytes) for the return buffer in
encode_base64/decode_base64 functions. This results in a segfault
if aide processes a file with too large extended attribute value
or ACL.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-45417</cvename>
<url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45417</url>
</references>
<dates>
<discovery>2022-01-15</discovery>
<entry>2022-01-23</entry>
</dates>
</vuln>
<vuln vid="51496cbc-7a0e-11ec-a323-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>97.0.4692.99</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html">
<p>This release contains 26 security fixes, including:</p>
<ul>
<li>[1284367] Critical CVE-2022-0289: Use after free in Safe
browsing. Reported by Sergei Glazunov of Google Project Zero on
2022-01-05</li>
<li>[1260134][1260007] High CVE-2022-0290: Use after free in Site
isolation. Reported by Brendon Tiszka and Sergei Glazunov of
Google Project Zero on 2021-10-15</li>
<li>[1281084] High CVE-2022-0291: Inappropriate implementation in
Storage. Reported by Anonymous on 2021-12-19</li>
<li>[1270358] High CVE-2022-0292: Inappropriate implementation in
Fenced Frames. Reported by Brendon Tiszka on 2021-11-16</li>
<li>[1283371] High CVE-2022-0293: Use after free in Web packaging.
Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
2021-12-30</li>
<li>[1273017] High CVE-2022-0294: Inappropriate implementation in
Push messaging. Reported by Rong Jian and Guang Gong of 360 Alpha
Lab on 2021-11-23</li>
<li>[1278180] High CVE-2022-0295: Use after free in Omnibox.
Reported by Weipeng Jiang (@Krace) and Guang Gong of 360
Vulnerability Research Institute on 2021-12-09</li>
<li>[1283375] High CVE-2022-0296: Use after free in Printing.
Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability
Research Institute on 2021-12-30</li>
<li>[1274316] High CVE-2022-0297: Use after free in Vulkan. Reported
by Cassidy Kim of Amber Security Lab, OPPO Mobile
Telecommunications Corp. Ltd. on 2021-11-28</li>
<li>[1212957] High CVE-2022-0298: Use after free in Scheduling.
Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-25</li>
<li>[1275438] High CVE-2022-0300: Use after free in Text Input
Method Editor. Reported by Rong Jian and Guang Gong of 360 Alpha
Lab on 2021-12-01</li>
<li>[1276331] High CVE-2022-0301: Heap buffer overflow in DevTools.
Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
Research on 2021-12-03</li>
<li>[1278613] High CVE-2022-0302: Use after free in Omnibox.
Reported by Weipeng Jiang (@Krace) and Guang Gong of 360
Vulnerability Research Institute on 2021-12-10</li>
<li>[1281979] High CVE-2022-0303: Race in GPU Watchdog. Reported by
Yigit Can YILMAZ (@yilmazcanyigit) on 2021-12-22</li>
<li>[1282118] High CVE-2022-0304: Use after free in Bookmarks.
Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
2021-12-22</li>
<li>[1282354] High CVE-2022-0305: Inappropriate implementation in
Service Worker API. Reported by @uwu7586 on 2021-12-23</li>
<li>[1283198] High CVE-2022-0306: Heap buffer overflow in PDFium.
Reported by Sergei Glazunov of Google Project Zero on
2021-12-29</li>
<li>[1281881] Medium CVE-2022-0307: Use after free in Optimization
Guide. Reported by Samet Bekmezci @sametbekmezci on
2021-12-21</li>
<li>[1282480] Medium CVE-2022-0308: Use after free in Data Transfer.
Reported by @ginggilBesel on 2021-12-24</li>
<li>[1240472] Medium CVE-2022-0309: Inappropriate implementation in
Autofill. Reported by Alesandro Ortiz on 2021-08-17</li>
<li>[1283805] Medium CVE-2022-0310: Heap buffer overflow in Task
Manager. Reported by Samet Bekmezci @sametbekmezci on
2022-01-03</li>
<li>[1283807] Medium CVE-2022-0311: Heap buffer overflow in Task
Manager. Reported by Samet Bekmezci @sametbekmezci on
2022-01-03</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0289</cvename>
<cvename>CVE-2022-0290</cvename>
<cvename>CVE-2022-0291</cvename>
<cvename>CVE-2022-0292</cvename>
<cvename>CVE-2022-0293</cvename>
<cvename>CVE-2022-0294</cvename>
<cvename>CVE-2022-0295</cvename>
<cvename>CVE-2022-0296</cvename>
<cvename>CVE-2022-0297</cvename>
<cvename>CVE-2022-0298</cvename>
<cvename>CVE-2022-0300</cvename>
<cvename>CVE-2022-0301</cvename>
<cvename>CVE-2022-0302</cvename>
<cvename>CVE-2022-0303</cvename>
<cvename>CVE-2022-0304</cvename>
<cvename>CVE-2022-0305</cvename>
<cvename>CVE-2022-0306</cvename>
<cvename>CVE-2022-0307</cvename>
<cvename>CVE-2022-0308</cvename>
<cvename>CVE-2022-0309</cvename>
<cvename>CVE-2022-0310</cvename>
<cvename>CVE-2022-0311</cvename>
<url>https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html</url>
</references>
<dates>
<discovery>2022-01-19</discovery>
<entry>2022-01-20</entry>
</dates>
</vuln>
<vuln vid="7262f826-795e-11ec-8be6-d4c9ef517024">
<topic>MySQL -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>mysql-connector-odbc</name>
<range><lt>8.0.28</lt></range>
</package>
<package>
<name>mysql-connector-c++</name>
<range><lt>8.0.28</lt></range>
</package>
<package>
<name>mysql-connector-java</name>
<range><lt>8.0.28</lt></range>
</package>
<package>
<name>mysql-connector-java51</name>
<range><lt>8.0.28</lt></range>
</package>
<package>
<name>mysql-server55</name>
<range><lt>5.5.63</lt></range>
</package>
<package>
<name>mysql-server56</name>
<range><lt>5.6.52</lt></range>
</package>
<package>
<name>mysql-server57</name>
<range><lt>5.7.37</lt></range>
</package>
<package>
<name>mysql-server80</name>
<range><lt>8.0.27</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Oracle reports:</p>
<blockquote cite="https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL">
<p>This Critical Patch Update contains 78 new security patches for
Oracle MySQL. 3 of these vulnerabilities may be remotely exploitable
without authentication, i.e., may be exploited over a network without
requiring user credentials.<br/>
The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle
MySQL is 7.4</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-22946</cvename>
<cvename>CVE-2021-3712</cvename>
<cvename>CVE-2022-21278</cvename>
<cvename>CVE-2022-21351</cvename>
<cvename>CVE-2022-21363</cvename>
<cvename>CVE-2022-21358</cvename>
<cvename>CVE-2022-21352</cvename>
<cvename>CVE-2022-21367</cvename>
<cvename>CVE-2022-21301</cvename>
<cvename>CVE-2022-21378</cvename>
<cvename>CVE-2022-21302</cvename>
<cvename>CVE-2022-21254</cvename>
<cvename>CVE-2022-21348</cvename>
<cvename>CVE-2022-21270</cvename>
<cvename>CVE-2022-21256</cvename>
<cvename>CVE-2022-21379</cvename>
<cvename>CVE-2022-21362</cvename>
<cvename>CVE-2022-21374</cvename>
<cvename>CVE-2022-21253</cvename>
<cvename>CVE-2022-21264</cvename>
<cvename>CVE-2022-21297</cvename>
<cvename>CVE-2022-21339</cvename>
<cvename>CVE-2022-21342</cvename>
<cvename>CVE-2022-21370</cvename>
<cvename>CVE-2022-21304</cvename>
<cvename>CVE-2022-21344</cvename>
<cvename>CVE-2022-21303</cvename>
<cvename>CVE-2022-21368</cvename>
<cvename>CVE-2022-21245</cvename>
<cvename>CVE-2022-21265</cvename>
<cvename>CVE-2022-21249</cvename>
<cvename>CVE-2022-21372</cvename>
<url>https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL</url>
</references>
<dates>
<discovery>2022-01-18</discovery>
<entry>2022-01-19</entry>
</dates>
</vuln>
<vuln vid="e3ec8b30-757b-11ec-922f-654747404482">
<topic>Prosody XMPP server advisory 2022-01-13</topic>
<affects>
<package>
<name>prosody</name>
<range><lt>0.11.12</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The Prosody teaM reports:</p>
<blockquote cite="https://prosody.im/security/advisory_20220113/">
<p>It was discovered that an internal Prosody library to load XML based on
does not properly restrict the XML features allowed in parsed
XML data. Given suitable attacker input, this results in expansion of
recursive entity references from DTDs (CWE-776). In addition,
depending on the libexpat version used, it may also allow injections
using XML External Entity References (CWE-611).</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0217</cvename>
<url>https://prosody.im/security/advisory_20220113/</url>
</references>
<dates>
<discovery>2022-01-10</discovery>
<entry>2022-01-14</entry>
</dates>
</vuln>
<vuln vid="79b65dc5-749f-11ec-8be6-d4c9ef517024">
<topic>WordPress -- Multiple Vulnerabilities</topic>
<affects>
<package>
<name>wordpress</name>
<range><lt>5.8.3,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The WordPress project reports:</p>
<blockquote cite="https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/">
<ul><li>Issue with stored XSS through post slugs</li>
<li>Issue with Object injection in some multisite installations</li>
<li>SQL injection vulnerability in WP_Query</li>
<li>SQL injection vulnerability in WP_Meta_Query</li>
</ul>
</blockquote>
</body>
</description>
<references>
<url>https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/</url>
</references>
<dates>
<discovery>2022-01-06</discovery>
<entry>2022-01-13</entry>
</dates>
</vuln>
<vuln vid="2a6106c6-73e5-11ec-8fa2-0800270512f4">
<topic>clamav -- invalid pointer read that may cause a crash</topic>
<affects>
<package>
<name>clamav</name>
<range><lt>0.104.2,1</lt></range>
</package>
<package>
<name>clamav-lts</name>
<range><lt>0.103.5,1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Laurent Delosieres reports:</p>
<blockquote cite="https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html">
<p>
Fix for invalid pointer read that may cause a crash. This issue affects
0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the
<code>CL_SCAN_GENERAL_COLLECT_METADATA</code> scan option
(the <code>clamscan --gen-json</code> option) is enabled.
</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-20698</cvename>
<url>https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html</url>
</references>
<dates>
<discovery>2022-01-12</discovery>
<entry>2022-01-12</entry>
</dates>
</vuln>
<vuln vid="672eeea9-a070-4f88-b0f1-007e90a2cbc3">
<topic>jenkins -- multiple vulnerabilities</topic>
<affects>
<package>
<name>jenkins</name>
<range><lt>2.330</lt></range>
</package>
<package>
<name>jenkins-lts</name>
<range><lt>2.319.2</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Jenkins Security Advisory:</p>
<blockquote cite="https://www.jenkins.io/security/advisory/2021-11-04/">
<h1>Description</h1>
<h5>(Medium) SECURITY-2558 / CVE-2022-20612</h5>
<p>CSRF vulnerability in build triggers</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-20612</cvename>
<url>https://www.jenkins.io/security/advisory/2022-01-12/</url>
</references>
<dates>
<discovery>2022-01-12</discovery>
<entry>2022-01-12</entry>
</dates>
</vuln>
<vuln vid="43f84437-73ab-11ec-a587-001b217b3468">
<topic>Gitlab -- Multiple Vulnerabilities</topic>
<affects>
<package>
<name>gitlab-ce</name>
<range><ge>14.6.0</ge><lt>14.6.2</lt></range>
<range><ge>14.5.0</ge><lt>14.5.3</lt></range>
<range><ge>7.7</ge><lt>14.4.5</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Gitlab reports:</p>
<blockquote cite="https://about.gitlab.com/releases/2022/01/11/security-release-gitlab-14-6-2-released/">
<p>Arbitrary file read via group import feature</p>
<p>Stored XSS in notes</p>
<p>Lack of state parameter on GitHub import project OAuth</p>
<p>Vulnerability related fields are available to unauthorized users on GraphQL API</p>
<p>Deleting packages may cause table locks</p>
<p>IP restriction bypass via GraphQL</p>
<p>Repository content spoofing using Git replacement references</p>
<p>Users can import members from projects that they are not a maintainer on through API</p>
<p>Possibility to direct user to malicious site through Slack integration</p>
<p>Bypassing file size limits to the NPM package repository</p>
<p>User with expired password can still access sensitive information</p>
<p>Incorrect port validation allows access to services on ports 80 and 443 if GitLab is configured to run on another port</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-39946</cvename>
<cvename>CVE-2022-0154</cvename>
<cvename>CVE-2022-0152</cvename>
<cvename>CVE-2022-0151</cvename>
<cvename>CVE-2022-0172</cvename>
<cvename>CVE-2022-0090</cvename>
<cvename>CVE-2022-0125</cvename>
<cvename>CVE-2022-0124</cvename>
<cvename>CVE-2021-39942</cvename>
<cvename>CVE-2022-0093</cvename>
<cvename>CVE-2021-39927</cvename>
<url>https://about.gitlab.com/releases/2022/01/11/security-release-gitlab-14-6-2-released/</url>
</references>
<dates>
<discovery>2022-01-11</discovery>
<entry>2022-01-12</entry>
</dates>
</vuln>
<vuln vid="b927b654-7146-11ec-ad4b-5404a68ad561">
<topic>uriparser -- Multiple vulnerabilities</topic>
<affects>
<package>
<name>uriparser</name>
<range><lt>0.9.6</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Upstream project reports:</p>
<blockquote cite="https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog">
<p>Fix a bug affecting both uriNormalizeSyntax* and uriMakeOwner*
functions where the text range in .hostText would not be duped using
malloc but remain unchanged (and hence "not owned") for URIs with
an IPv4 or IPv6 address hostname; depending on how an application
uses uriparser, this could lead the application into a use-after-free
situation.
As the second half, fix uriFreeUriMembers* functions that would not
free .hostText memory for URIs with an IPv4 or IPv6 address host;
also, calling uriFreeUriMembers* multiple times on a URI of this
very nature would result in trying to free pointers to stack
(rather than heap) memory.
Fix functions uriNormalizeSyntax* for out-of-memory situations
(i.e. malloc returning NULL) for URIs containing empty segments
(any of user info, host text, query, or fragment) where previously
pointers to stack (rather than heap) memory were freed.</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-46141</cvename>
<cvename>CVE-2021-46142</cvename>
<url>https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog</url>
</references>
<dates>
<discovery>2022-01-06</discovery>
<entry>2022-01-09</entry>
</dates>
</vuln>
<vuln vid="d3e023fb-6e88-11ec-b948-080027240888">
<topic>Django -- multiple vulnerabilities</topic>
<affects>
<package>
<name>py37-django22</name>
<name>py38-django22</name>
<name>py39-django22</name>
<range><lt>2.2.26</lt></range>
</package>
<package>
<name>py37-django32</name>
<name>py38-django32</name>
<name>py39-django32</name>
<range><lt>3.2.11</lt></range>
</package>
<package>
<name>py37-django40</name>
<name>py38-django40</name>
<name>py39-django40</name>
<range><lt>4.0.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Django Release reports:</p>
<blockquote cite="https://www.djangoproject.com/weblog/2022/jan/04/security-releases/">
<p>CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator.</p>
<p>CVE-2021-45116: Potential information disclosure in dictsort template filter.</p>
<p>CVE-2021-45452: Potential directory-traversal via Storage.save().</p>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-45115</cvename>
<cvename>CVE-2021-45116</cvename>
<cvename>CVE-2021-45452</cvename>
<url>https://www.djangoproject.com/weblog/2022/jan/04/security-releases/</url>
</references>
<dates>
<discovery>2021-12-20</discovery>
<entry>2022-01-06</entry>
</dates>
</vuln>
<vuln vid="9c990e67-6e30-11ec-82db-b42e991fc52e">
<topic>routinator -- multiple vulnerabilities</topic>
<affects>
<package>
<name>routinator</name>
<range><lt>0.10.1</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>nlnetlabs reports:</p>
<blockquote cite="https://nlnetlabs.nl/projects/rpki/security-advisories/">
<p>Release 0.10.2 contains fixes for the following issues:</p>
<ul>
<li>Medium CVE-2021-43172: Infinite length chain of RRDP
repositories. Credit: Koen van Hove. Date: 2021-11-09</li>
<li>Medium CVE-2021-43173: Hanging RRDP request.
Credit: Koen van Hove. Date: 2021-11-09</li>
<li>Medium CVE-2021-43174: gzip transfer encoding caused
out-of-memory crash. Credit Koen van Hove. Date: 2021-11-09</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2021-43172</cvename>
<cvename>CVE-2021-43173</cvename>
<cvename>CVE-2021-43174</cvename>
<url>https://nlnetlabs.nl/projects/rpki/security-advisories/</url>
</references>
<dates>
<discovery>2021-11-09</discovery>
<entry>2022-01-05</entry>
</dates>
</vuln>
<vuln vid="9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec">
<topic>chromium -- multiple vulnerabilities</topic>
<affects>
<package>
<name>chromium</name>
<range><lt>97.0.4692.71</lt></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Chrome Releases reports:</p>
<blockquote cite="https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html">
<p>This release contains 37 security fixes, including:</p>
<ul>
<li>[$TBD][1275020] Critical CVE-2022-0096: Use after free in
Storage. Reported by Yangkang (@dnpushme) of 360 ATA on
2021-11-30</li>
<li>[1117173] High CVE-2022-0097: Inappropriate implementation in
DevTools. Reported by David Erceg on 2020-08-17</li>
<li>[1273609] High CVE-2022-0098: Use after free in Screen Capture.
Reported by @ginggilBesel on 2021-11-24</li>
<li>[1245629] High CVE-2022-0099: Use after free in Sign-in.
Reported by Rox on 2021-09-01</li>
<li>[1238209] High CVE-2022-0100: Heap buffer overflow in Media
streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO
Mobile Telecommunications Corp. Ltd. on 2021-08-10</li>
<li>[1249426] High CVE-2022-0101: Heap buffer overflow in Bookmarks.
Reported by raven (@raid_akame) on 2021-09-14</li>
<li>[1260129] High CVE-2022-0102: Type Confusion in V8 . Reported by
Brendon Tiszka on 2021-10-14</li>
<li>[1272266] High CVE-2022-0103: Use after free in SwiftShader.
Reported by Abraruddin Khan and Omair on 2021-11-21</li>
<li>[1273661] High CVE-2022-0104: Heap buffer overflow in ANGLE.
Reported by Abraruddin Khan and Omair on 2021-11-25</li>
<li>[1274376] High CVE-2022-0105: Use after free in PDF. Reported by
Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications
Corp. Ltd. on 2021-11-28</li>
<li>[1278960] High CVE-2022-0106: Use after free in Autofill.
Reported by Khalil Zhani on 2021-12-10</li>
<li>[1248438] Medium CVE-2022-0107: Use after free in File Manager
API. Reported by raven (@raid_akame) on 2021-09-10</li>
<li>[1248444] Medium CVE-2022-0108: Inappropriate implementation in
Navigation. Reported by Luan Herrera (@lbherrera_) on
2021-09-10</li>
<li>[1261689] Medium CVE-2022-0109: Inappropriate implementation in
Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at
Seoul National University on 2021-10-20</li>
<li>[1237310] Medium CVE-2022-0110: Incorrect security UI in
Autofill. Reported by Alesandro Ortiz on 2021-08-06</li>
<li>[1241188] Medium CVE-2022-0111: Inappropriate implementation in
Navigation. Reported by garygreen on 2021-08-18</li>
<li>[1255713] Medium CVE-2022-0112: Incorrect security UI in Browser
UI. Reported by Thomas Orlita on 2021-10-04</li>
<li>[1039885] Medium CVE-2022-0113: Inappropriate implementation in
Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07</li>
<li>[1267627] Medium CVE-2022-0114: Out of bounds memory access in
Web Serial. Reported by Looben Yang on 2021-11-06</li>
<li>[1268903] Medium CVE-2022-0115: Uninitialized Use in File API.
Reported by Mark Brand of Google Project Zero on 2021-11-10</li>
<li>[1272250] Medium CVE-2022-0116: Inappropriate implementation in
Compositing. Reported by Irvan Kurniawan (sourc7) on
2021-11-20</li>
<li>[1115847] Low CVE-2022-0117: Policy bypass in Service Workers.
Reported by Dongsung Kim (@kid1ng) on 2020-08-13</li>
<li>[1238631] Low CVE-2022-0118: Inappropriate implementation in
WebShare. Reported by Alesandro Ortiz on 2021-08-11</li>
<li>[1262953] Low CVE-2022-0120: Inappropriate implementation in
Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25</li>
</ul>
</blockquote>
</body>
</description>
<references>
<cvename>CVE-2022-0096</cvename>
<cvename>CVE-2022-0097</cvename>
<cvename>CVE-2022-0098</cvename>
<cvename>CVE-2022-0099</cvename>
<cvename>CVE-2022-0100</cvename>
<cvename>CVE-2022-0101</cvename>
<cvename>CVE-2022-0102</cvename>
<cvename>CVE-2022-0103</cvename>
<cvename>CVE-2022-0104</cvename>
<cvename>CVE-2022-0105</cvename>
<cvename>CVE-2022-0106</cvename>
<cvename>CVE-2022-0107</cvename>
<cvename>CVE-2022-0108</cvename>
<cvename>CVE-2022-0109</cvename>
<cvename>CVE-2022-0110</cvename>
<cvename>CVE-2022-0111</cvename>
<cvename>CVE-2022-0112</cvename>
<cvename>CVE-2022-0113</cvename>
<cvename>CVE-2022-0114</cvename>
<cvename>CVE-2022-0115</cvename>
<cvename>CVE-2022-0116</cvename>
<cvename>CVE-2022-0117</cvename>
<cvename>CVE-2022-0118</cvename>
<cvename>CVE-2022-0120</cvename>
<url>https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html</url>
</references>
<dates>
<discovery>2022-01-04</discovery>
<entry>2022-01-05</entry>
</dates>
</vuln>
Reference in a new issue View git blame Copy permalink