Defender For Cloud – Security alerts – a reference guide (Containers)
| QID | NAME | DESCRIPTION | REMEDIATION | CATEGORY | SUBASSESSMENTIMPACT | SEVERITY |
| 105095 | User(s) With Blank Password | The users have the blank password in the shadow file. These users connect to the system without entering a password. | Set the password for all the users. | Security Policy | An attacker may connect to the system by knowing just the username. | High |
| 105936 | OpenSSH Command Injection Vulnerability (Generic) | OpenSSH is the premier connectivity tool for remote login with the SSH protocol. <P>
scp in OpenSSH through 8.6p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. <P> QID Detection Logic:<BR> |
No solution available from Linux vendors yet.<P>Workaround:<BR>As per upstream, because of the way scp is based on a historical protocol called rcp which relies on that style of argument passing and therefore encounters expansion problems. Making changes to how the scp command line works breaks the pattern used by scp consumers. Upstream therefore recommends the use of rsync in the place of scp for better security. More details about supported alternatives available at <A HREF=”https://access.redhat.com/articles/5284081″ TARGET=”_blank”>Red Hat guide</A>. | Security Policy | Successful exploitation could disclose sensitive information.<P> | Medium |
| 105936 | OpenSSH Command Injection Vulnerability (Generic) | OpenSSH is the premier connectivity tool for remote login with the SSH protocol. <P>
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. <P> QID Detection Logic:<BR> |
No solution available from Linux vendors yet.<P>Workaround:<BR>As per upstream, because of the way scp is based on a historical protocol called rcp which relies on that style of argument passing and therefore encounters expansion problems. Making changes to how the scp command line works breaks the pattern used by scp consumers. Upstream therefore recommends the use of rsync in the place of scp for better security. More details about supported alternatives available at <A HREF=”https://access.redhat.com/articles/5284081″ TARGET=”_blank”>Red Hat guide</A>. | Security Policy | Successful exploitation could disclose sensitive information.<P> | Medium |
| 105936 | OpenSSH Command Injection Vulnerability (Generic) | OpenSSH is the premier connectivity tool for remote login with the SSH protocol. <P>
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. <P> QID Detection Logic:<BR> |
No solution available from Linux vendors yet.<P>Workaround:<BR>As per upstream, because of the way scp is based on a historical protocol called rcp which relies on that style of argument passing and therefore encounters expansion problems. Making changes to how the scp command line works breaks the pattern used by scp consumers. Upstream therefore recommends the use of rsync in the place of scp for better security. More details about supported alternatives available at <A HREF=”https://access.redhat.com/articles/5284081″ TARGET=”_blank”>Red Hat guide</A>. | Security Policy | Successful exploitation could disclose sensitive information.<P> | Medium |
| 106072 | EOL/Obsolete Operating System: Alpine Linux Version 3.12 Detected | Alpine Linux up to 3.12 is obsolete from 1st May 2022 <P>
Affected versions:<BR> |
Refer to Alpine Linux advisory <A HREF=”https://alpinelinux.org/releases/” TARGET=”_blank”>Alpine Linux </A> and update to latest available software.<P> | Security Policy | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 106078 | EOL/Obsolete Operating System: Alpine Linux Version 3.8 Detected | Alpine Linux Version 3.8 is obsolete from 1st May 2020 <P>
Affected versions:<BR> QID Detection Logic (authenticated): |
Refer to Alpine Linux advisory <A HREF=”https://alpinelinux.org/releases/” TARGET=”_blank”>Alpine Linux </A> and update to latest available software.<P> | Security Policy | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 106084 | EOL/Obsolete Operating System: Alpine Linux Version 3.6 Detected | Alpine Linux Version 3.6 is obsolete from 1st May 2019 <P>
Affected versions:<BR> QID Detection Logic (authenticated): |
Refer to Alpine Linux advisory <A HREF=”https://alpinelinux.org/releases/” TARGET=”_blank”>Alpine Linux </A> and update to latest available software.<P> | Security Policy | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 11845 | PHP gd_gif_in.c Memory Corruption Vulnerability | PHP is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.<P> The vulnerability exists because the gdImageCreateFromGifCtx() GIF decoding function implemented in in gd_gif_in.c source file uses constant-sized color tables of size 3 * 256, but does not zero-out these arrays before use. An unauthenticated, remote attacker could exploit this vulnerability by enticing a targeted user into visiting a malicious image and access sensitive information such as private keys.<P> Affected Versions:<BR> PHP versions prior to 5.6.31, 7.0.21 and 7.1.7<P> QID Detection Login:<BR> This unauthenticated detection remotely detects the version of PHP and the authenticated detection obtains PHP version by running "php -v" command. |
Customers are advised to upgrade to <A HREF=”http://php.net/downloads.php” TARGET=”_blank”>PHP 5.6.31, 7.0.21, 7.1.7</A> or later versions to remediate this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”http://php.net/downloads.php” TARGET=”_blank”>PHP 5.6.31, 7.0.21, 7.1.7 or later</A> |
CGI | Successful exploitation allows an unauthenticated remote attacker to obtain sensitive information or crash the application resulting in a denial-of-service condition. | Medium |
| 176197 | Debian Security Update for openssl (DSA 4018-1) | Debian has released security update for openssl to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2017/msg00280.html” TARGET=”_blank”>DSA 4018-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2017/msg00280.html” TARGET=”_blank”>DSA 4018-1:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. | Medium |
| 176221 | Debian Security Update for procmail (DSA 4041-1) | Debian has released security update for procmail to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2017/msg00304.html” TARGET=”_blank”>DSA 4041-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2017/msg00304.html” TARGET=”_blank”>DSA 4041-1:Debian</A> |
Debian | This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. | Medium |
| 176248 | Debian Security Update for php5 (DSA 4081-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00003.html” TARGET=”_blank”>DSA 4081-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00003.html” TARGET=”_blank”>DSA 4081-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system.<P> | Medium |
| 176257 | Debian Security Update for sensible-utils (DSA 4071-1) | Debian has released security update for sensible-utils to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2017/msg00334.html” TARGET=”_blank”>DSA 4071-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2017/msg00334.html” TARGET=”_blank”>DSA 4071-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 176266 | Debian Security Update for libxml2 (DSA 4086-1) | Debian has released security update for libxml2 to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00008.html” TARGET=”_blank”>DSA 4086-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00008.html” TARGET=”_blank”>DSA 4086-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 176298 | Debian Security Update for gcc-4.9 (DSA 4117-1) | Debian has released security update for gcc-4.9 to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00042.html” TARGET=”_blank”>DSA 4117-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00042.html” TARGET=”_blank”>DSA 4117-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 176339 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4157-1) | Debian has released security update for openssl to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00083.html” TARGET=”_blank”>DSA 4157-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00083.html” TARGET=”_blank”>DSA 4157-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 176345 | Debian Security Update for apache2 (DSA 4164-1) | Debian has released security update for apache2 to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00090.html” TARGET=”_blank”>DSA 4164-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00090.html” TARGET=”_blank”>DSA 4164-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 176355 | Debian Security Update for perl (DSA 4172-1) | Debian has released security update for perl to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00099.html” TARGET=”_blank”>DSA 4172-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00099.html” TARGET=”_blank”>DSA 4172-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 176389 | Debian Security Update for procps (DSA 4208-1) | Debian has released security update for procps to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00135.html” TARGET=”_blank”>DSA 4208-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00135.html” TARGET=”_blank”>DSA 4208-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. | Medium |
| 176407 | Debian Security Update for gnupg (DSA 4224-1) | Debian has released security update for gnupg to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00153.html” TARGET=”_blank”>DSA 4224-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00153.html” TARGET=”_blank”>DSA 4224-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 176409 | Debian Security Update for perl (DSA 4226-1) | Debian has released security update for perl to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00155.html” TARGET=”_blank”>DSA 4226-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2018/msg00155.html” TARGET=”_blank”>DSA 4226-1:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. | Medium |
| 176633 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 1701-1) | Debian has released security update for openssl to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html” TARGET=”_blank”>DLA 1701-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html” TARGET=”_blank”>DLA 1701-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. | Medium |
| 176641 | Debian Security Update for systemd (DLA 1711-1) | Debian has released security update for systemd to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00013.html” TARGET=”_blank”>DLA 1711-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00013.html” TARGET=”_blank”>DLA 1711-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 176669 | Debian Security Update for php5 (DLA 1674-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00020.html” TARGET=”_blank”>DLA 1674-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00020.html” TARGET=”_blank”>DLA 1674-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 176674 | Debian Security Update for php5 (DLA 1679-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00025.html” TARGET=”_blank”>DLA 1679-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00025.html” TARGET=”_blank”>DLA 1679-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 176686 | Debian Security Update for systemd (DLA 1684-1) | Debian has released security update for systemd to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html” TARGET=”_blank”>DLA 1684-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00031.html” TARGET=”_blank”>DLA 1684-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 176692 | Debian Security Update for file (DLA 1698-1) | Debian has released security update for file to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html” TARGET=”_blank”>DLA 1698-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/02/msg00044.html” TARGET=”_blank”>DLA 1698-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 176704 | Debian Security Update for tzdata (DLA 1625-1) | Debian has released security update for tzdata to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00001.html” TARGET=”_blank”>DLA 1625-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00001.html” TARGET=”_blank”>DLA 1625-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 176711 | Debian Security Update for sqlite3 (DLA 1633-1) | Debian has released security update for sqlite3 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html” TARGET=”_blank”>DLA 1633-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00009.html” TARGET=”_blank”>DLA 1633-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | High |
| 176713 | Debian Security Update for apt (DLA 1637-1) | Debian has released security update for apt to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html” TARGET=”_blank”>DLA 1637-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html” TARGET=”_blank”>DLA 1637-1:Debian</A> |
Debian | This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. | High |
| 176715 | Debian Security Update for systemd (DLA 1639-1) | Debian has released security update for systemd to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html” TARGET=”_blank”>DLA 1639-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00016.html” TARGET=”_blank”>DLA 1639-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 176719 | Debian Security Update for krb5 (DLA 1643-1) | Debian has released security update for krb5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html” TARGET=”_blank”>DLA 1643-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00020.html” TARGET=”_blank”>DLA 1643-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 176721 | Debian Security Update for apache2 (DLA 1647-1) | Debian has released security update for apache2 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html” TARGET=”_blank”>DLA 1647-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html” TARGET=”_blank”>DLA 1647-1:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. | Medium |
| 176754 | Debian Security Update for bash (DLA 1726-1) | Debian has released security update for bash to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html” TARGET=”_blank”>DLA 1726-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00028.html” TARGET=”_blank”>DLA 1726-1:Debian</A> |
Debian | This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. | Medium |
| 176768 | Debian Security Update for php5 (DLA 1741-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html” TARGET=”_blank”>DLA 1741-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/03/msg00043.html” TARGET=”_blank”>DLA 1741-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | High |
| 176771 | Debian Security Update for tzdata (DLA 1744-1) | Debian has released security update for tzdata to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00001.html” TARGET=”_blank”>DLA 1744-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00001.html” TARGET=”_blank”>DLA 1744-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 176777 | Debian Security Update for apache2 (DLA 1748-1) | Debian has released security update for apache2 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html” TARGET=”_blank”>DLA 1748-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html” TARGET=”_blank”>DLA 1748-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 176781 | Debian Security Update for gcc-4.9 (DLA 1606-1) | Debian has released security update for gcc-4.9 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00003.html” TARGET=”_blank”>DLA 1606-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00003.html” TARGET=”_blank”>DLA 1606-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 176782 | Debian Security Update for php5 (DLA 1608-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html” TARGET=”_blank”>DLA 1608-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00006.html” TARGET=”_blank”>DLA 1608-1:Debian</A> |
Debian | This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. | High |
| 176787 | Debian Security Update for sqlite3 (DLA 1613-1) | Debian has released security update for sqlite3 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html” TARGET=”_blank”>DLA 1613-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00012.html” TARGET=”_blank”>DLA 1613-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 176801 | Debian Security Update for tar (DLA 1623-1) | Debian has released security update for tar to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html” TARGET=”_blank”>DLA 1623-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/12/msg00023.html” TARGET=”_blank”>DLA 1623-1:Debian</A> |
Debian | This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 176809 | Debian Security Update for tzdata (DLA 1563-1) | Debian has released security update for tzdata to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00000.html” TARGET=”_blank”>DLA 1563-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00000.html” TARGET=”_blank”>DLA 1563-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 176823 | Debian Security Update for systemd (DLA 1580-1) | Debian has released security update for systemd to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html” TARGET=”_blank”>DLA 1580-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00017.html” TARGET=”_blank”>DLA 1580-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | High |
| 176828 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 1586-1) | Debian has released security update for openssl to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html” TARGET=”_blank”>DLA 1586-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00024.html” TARGET=”_blank”>DLA 1586-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. | Medium |
| 176849 | Debian Security Update for perl (DLA 1601-1) | Debian has released security update for perl to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html” TARGET=”_blank”>DLA 1601-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html” TARGET=”_blank”>DLA 1601-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | High |
| 176866 | Debian Security Update for systemd (DLA 1762-1) | Debian has released security update for systemd to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html” TARGET=”_blank”>DLA 1762-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00022.html” TARGET=”_blank”>DLA 1762-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 176923 | Debian Security Update for systemd (DLA 1762-2) | Debian has released security update for systemd to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00026.html” TARGET=”_blank”>DLA 1762-2</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/04/msg00026.html” TARGET=”_blank”>DLA 1762-2:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 176945 | Debian Security Update for php5 (DLA 1803-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html” TARGET=”_blank”>DLA 1803-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/05/msg00035.html” TARGET=”_blank”>DLA 1803-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 176985 | Debian Security Update for php5 (DLA 1813-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00000.html” TARGET=”_blank”>DLA 1813-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00000.html” TARGET=”_blank”>DLA 1813-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 177020 | Debian Security Update for bzip2 (DLA 1833-1) | Debian has released security update for bzip2 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html” TARGET=”_blank”>DLA 1833-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html” TARGET=”_blank”>DLA 1833-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | High |
| 177021 | Debian Security Update for python2.7 (DLA 1834-1) | Debian has released security update for python2.7 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html” TARGET=”_blank”>DLA 1834-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00022.html” TARGET=”_blank”>DLA 1834-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. | Medium |
| 177042 | Debian Security Update for expat (DLA 1839-1) | Debian has released security update for expat to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html” TARGET=”_blank”>DLA 1839-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/06/msg00028.html” TARGET=”_blank”>DLA 1839-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 177054 | Debian Security Update for libonig (DLA 1854-1) | Debian has released security update for libonig to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html” TARGET=”_blank”>DLA 1854-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/07/msg00013.html” TARGET=”_blank”>DLA 1854-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177090 | Debian Security Update for php5 (DLA 1878-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html” TARGET=”_blank”>DLA 1878-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/08/msg00010.html” TARGET=”_blank”>DLA 1878-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 177117 | Debian Security Update for gnutls28 (DLA 1560-1) | Debian has released security update for gnutls28 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html” TARGET=”_blank”>DLA 1560-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/10/msg00022.html” TARGET=”_blank”>DLA 1560-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. | Medium |
| 177119 | Debian Security Update for php5 (DLA 1490-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html” TARGET=”_blank”>DLA 1490-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/09/msg00000.html” TARGET=”_blank”>DLA 1490-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. | Medium |
| 177136 | Debian Security Update for php5 (DLA 1509-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/09/msg00020.html” TARGET=”_blank”>DLA 1509-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/09/msg00020.html” TARGET=”_blank”>DLA 1509-1:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. | Medium |
| 177205 | Debian Security Update for php5 (DLA 1397-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html” TARGET=”_blank”>DLA 1397-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/06/msg00005.html” TARGET=”_blank”>DLA 1397-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | High |
| 177217 | Debian Security Update for libgcrypt20 (DLA 1405-1) | Debian has released security update for libgcrypt20 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html” TARGET=”_blank”>DLA 1405-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/06/msg00013.html” TARGET=”_blank”>DLA 1405-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. | Low |
| 177229 | Debian Security Update for libxml2 (DLA 1524-1) | Debian has released security update for libxml2 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html” TARGET=”_blank”>DLA 1524-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/09/msg00035.html” TARGET=”_blank”>DLA 1524-1:Debian</A> |
Debian | This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177256 | Debian Long Term Support (LTS) Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 1449-1) | Debian has released security update for openssl to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html” TARGET=”_blank”>DLA 1449-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2018/07/msg00043.html” TARGET=”_blank”>DLA 1449-1:Debian</A> |
Debian | This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177291 | Debian Security Update for openldap (DLA 1891-1) | Debian has released security update for openldap to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html” TARGET=”_blank”>DLA 1891-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/08/msg00024.html” TARGET=”_blank”>DLA 1891-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. | Medium |
| 177299 | Debian Security Update for apache2 (DLA 1900-1) | Debian has released security update for apache2 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html” TARGET=”_blank”>DLA 1900-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/08/msg00034.html” TARGET=”_blank”>DLA 1900-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 177320 | Debian Security Update for python2.7 (DLA 1925-1) | Debian has released security update for python2.7 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html” TARGET=”_blank”>DLA 1925-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00019.html” TARGET=”_blank”>DLA 1925-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. | Medium |
| 177324 | Debian Security Update for expat (DLA 1912-1) | Debian has released security update for expat to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00005.html” TARGET=”_blank”>DLA 1912-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00005.html” TARGET=”_blank”>DLA 1912-1:Debian</A> |
Debian | This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177326 | Debian Security Update for libonig (DLA 1918-1) | Debian has released security update for libonig to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html” TARGET=”_blank”>DLA 1918-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00010.html” TARGET=”_blank”>DLA 1918-1:Debian</A> |
Debian | This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177348 | Debian Security Update for php5 (DLA 1928-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00023.html” TARGET=”_blank”>DLA 1928-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00023.html” TARGET=”_blank”>DLA 1928-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 177349 | Debian Security Update for libgcrypt20 (DLA 1931-1) | Debian has released security update for libgcrypt20 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html” TARGET=”_blank”>DLA 1931-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00024.html” TARGET=”_blank”>DLA 1931-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177351 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 1932-1) | Debian has released security update for openssl to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html” TARGET=”_blank”>DLA 1932-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00026.html” TARGET=”_blank”>DLA 1932-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. | Medium |
| 177354 | Debian Security Update for e2fsprogs (DLA 1935-1) | Debian has released security update for e2fsprogs to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html” TARGET=”_blank”>DLA 1935-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00029.html” TARGET=”_blank”>DLA 1935-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177359 | Debian Security Update for apache2 (DLA 1900-2) | Debian has released security update for apache2 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html” TARGET=”_blank”>DLA 1900-2</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/09/msg00034.html” TARGET=”_blank”>DLA 1900-2:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. | Medium |
| 177380 | Debian Security Update for apt (DLA 1637-1) | Debian has released security update for apt to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html” TARGET=”_blank”>DLA 1637-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/01/msg00014.html” TARGET=”_blank”>DLA 1637-1:Debian</A> |
Debian | This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. | High |
| 177412 | Debian Security Update for tzdata (DLA 1957-1) | Debian has released security update for tzdata to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/10/msg00016.html” TARGET=”_blank”>DLA 1957-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/10/msg00016.html” TARGET=”_blank”>DLA 1957-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 177425 | Debian Security Update for file (DLA 1969-1) | Debian has released security update for file to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html” TARGET=”_blank”>DLA 1969-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/10/msg00032.html” TARGET=”_blank”>DLA 1969-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | High |
| 177426 | Debian Security Update for php5 (DLA 1970-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/10/msg00033.html” TARGET=”_blank”>DLA 1970-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/10/msg00033.html” TARGET=”_blank”>DLA 1970-1:Debian</A> |
Debian | Successful exploitation of this vulnerability allows a remote attacker to execute arbitrary code on vulnerable server. | High |
| 177442 | Microsoft Defender For Cloud mock vulnerability (not a threat) | Microsoft Defender For Cloud mock vulnerability (not a threat) | This is a simulated vulnerability. No action required | Debian | This is simulated vulnerability. No impact. | High |
| 177509 | Debian Security Update for libonig (DLA 2020-1) | Debian has released security update for libonig to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html” TARGET=”_blank”>DLA 2020-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00002.html” TARGET=”_blank”>DLA 2020-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | High |
| 177559 | Debian Security Update for php5 (DLA 2050-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html” TARGET=”_blank”>DLA 2050-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00034.html” TARGET=”_blank”>DLA 2050-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 177560 | Debian Security Update for libbsd (DLA 2052-1) | Debian has released security update for libbsd to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00036.html” TARGET=”_blank”>DLA 2052-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00036.html” TARGET=”_blank”>DLA 2052-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | High |
| 177564 | Debian Security Update for cyrus-sasl2 (DLA 2044-1) | Debian has released security update for cyrus-sasl2 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html” TARGET=”_blank”>DLA 2044-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00027.html” TARGET=”_blank”>DLA 2044-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 177566 | Debian Security Update for libxml2 (DLA 2048-1) | Debian has released security update for libxml2 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html” TARGET=”_blank”>DLA 2048-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2019/12/msg00032.html” TARGET=”_blank”>DLA 2048-1:Debian</A> |
Debian | This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177571 | Debian Security Update for libgcrypt20 (DLA 1931-2) | Debian has released security update for libgcrypt20 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html” TARGET=”_blank”>DLA 1931-2</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/01/msg00001.html” TARGET=”_blank”>DLA 1931-2:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177622 | Debian Security Update for zlib (DLA 2085-1) | Debian has released security update for zlib to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html” TARGET=”_blank”>DLA 2085-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html” TARGET=”_blank”>DLA 2085-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | High |
| 177676 | Debian Security Update for php5 (DLA 2124-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html” TARGET=”_blank”>DLA 2124-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html” TARGET=”_blank”>DLA 2124-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177707 | Debian Security Update for e2fsprogs (DLA 2156-1) | Debian has released security update for e2fsprogs to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html” TARGET=”_blank”>DLA 2156-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/03/msg00030.html” TARGET=”_blank”>DLA 2156-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177725 | Debian Security Update for icu (DSA 4646-1) | Debian has released security update for icu to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00049.html” TARGET=”_blank”>DSA 4646-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00049.html” TARGET=”_blank”>DSA 4646-1:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. | Medium |
| 177732 | Debian Security Update for gnutls28 (DSA 4652-1) | Debian has released security update for gnutls28 to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00055.html” TARGET=”_blank”>DSA 4652-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00055.html” TARGET=”_blank”>DSA 4652-1:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. | Medium |
| 177741 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4661-1) | Debian has released security update for openssl to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00064.html” TARGET=”_blank”>DSA 4661-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00064.html” TARGET=”_blank”>DSA 4661-1:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. | Medium |
| 177742 | Debian Security Update for php5 (DLA 2160-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html” TARGET=”_blank”>DLA 2160-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/03/msg00034.html” TARGET=”_blank”>DLA 2160-1:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. | Medium |
| 177762 | Debian Security Update for php5 (DLA 2188-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html” TARGET=”_blank”>DLA 2188-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/04/msg00021.html” TARGET=”_blank”>DLA 2188-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177781 | Debian Security Update for openldap (DSA 4666-1) | Debian has released security update for openldap to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00069.html” TARGET=”_blank”>DSA 4666-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00069.html” TARGET=”_blank”>DSA 4666-1:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. | Medium |
| 177804 | Debian Security Update for apt (DSA 4685-1) | Debian has released security update for apt to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00089.html” TARGET=”_blank”>DSA 4685-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00089.html” TARGET=”_blank”>DSA 4685-1:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. | Medium |
| 177817 | Debian Security Update for inetutils (DLA 2176-1) | Debian has released security update for inetutils to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00012.html” TARGET=”_blank”>DLA 2176-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00012.html” TARGET=”_blank”>DLA 2176-1:Debian</A> |
Debian | This vulnerability could be exploited to gain complete access to sensitive information. Malicious users could also use this vulnerability to change all the contents or configuration on the system. | High |
| 177829 | Debian Security Update for openldap (DLA 2199-1) | Debian has released security update for openldap to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html” TARGET=”_blank”>DLA 2199-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00001.html” TARGET=”_blank”>DLA 2199-1:Debian</A> |
Debian | This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177831 | Debian Security Update for sqlite3 (DLA 2203-1) | Debian has released security update for sqlite3 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html” TARGET=”_blank”>DLA 2203-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00006.html” TARGET=”_blank”>DLA 2203-1:Debian</A> |
Debian | This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177832 | Debian Security Update for apt (DLA 2210-1) | Debian has released security update for apt to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00013.html” TARGET=”_blank”>DLA 2210-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00013.html” TARGET=”_blank”>DLA 2210-1:Debian</A> |
Debian | This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177834 | Debian Security Update for sqlite3 (DLA 2221-1) | Debian has released security update for sqlite3 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html” TARGET=”_blank”>DLA 2221-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00024.html” TARGET=”_blank”>DLA 2221-1:Debian</A> |
Debian | This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177837 | Debian Security Update for gnutls28 (DSA 4697-1) | Debian has released security update for gnutls28 to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00101.html” TARGET=”_blank”>DSA 4697-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00101.html” TARGET=”_blank”>DSA 4697-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 177847 | Debian Security Update for json-c (DLA 2228-1) | Debian has released security update for json-c to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html” TARGET=”_blank”>DLA 2228-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html” TARGET=”_blank”>DLA 2228-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177849 | Debian Security Update for json-c (DLA 2228-2) | Debian has released security update for json-c to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html” TARGET=”_blank”>DLA 2228-2</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html” TARGET=”_blank”>DLA 2228-2:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177913 | Debian Security Update for libtasn1-6 (DLA 2255-1) | Debian has released security update for libtasn1-6 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/06/msg00026.html” TARGET=”_blank”>DLA 2255-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/06/msg00026.html” TARGET=”_blank”>DLA 2255-1:Debian</A> |
Debian | This vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 177922 | Debian Security Update for php5 (DLA 2261-1) | Debian has released security update for php5 to fix the vulnerabilities.<P> | Refer to Debian LTS Announce <A HREF=”https://lists.debian.org/debian-lts-announce/2020/06/msg00033.html” TARGET=”_blank”>DLA 2261-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2020/06/msg00033.html” TARGET=”_blank”>DLA 2261-1:Debian</A> |
Debian | This vulnerability could be exploited to gain partial access to sensitive information. Malicious users could also use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | High |
| 178179 | Debian Security Update for openldap (DSA 4782-1) | Debian has released security update for openldap to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00189.html” TARGET=”_blank”>msg00189</A> for patching details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00189.html” TARGET=”_blank”>DSA 4782-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 178212 | Debian Security Update for krb5 (DSA 4795-1) | Debian has released security update for krb5 to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00202.html” TARGET=”_blank”>DSA 4795-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00202.html” TARGET=”_blank”>DSA 4795-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 178215 | Debian Security Update for openldap (DSA 4792-1) | Debian has released security update foropenldap to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00199.html” TARGET=”_blank”>DSA 4792-1</A> for patching details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00199.html” TARGET=”_blank”>DSA 4792-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | High |
| 178254 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4807-1) | Debian has released security update for openssl to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00214.html” TARGET=”_blank”>DSA 4807-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00214.html” TARGET=”_blank”>DSA 4807-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 178268 | Debian Security Update for apt (DSA 4808-1) | Debian has released security update forapt to fix the vulnerabilities. |
Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00215.html” TARGET=”_blank”>DSA 4808-1</A> for patching details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2020/msg00215.html” TARGET=”_blank”>DSA 4808-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 178316 | Debian Security Update for p11-kit (DSA 4822-1) | Debian has released security update forp11-kit to fix the vulnerabilities. |
Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00000.html” TARGET=”_blank”>DSA 4822-1</A> for patching details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00000.html” TARGET=”_blank”>DSA 4822-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 178391 | Debian Security Update Multiple Vulnerabilities for perl | Perl is a family of two high-level, general-purpose, interpreted, dynamic programming languages.<BR>Perl is found to be affected by Heap based buffer overflow and integer overflow vulnerability.<P>
Affected OS:<BR> |
The Customers are advised to update Perl <A HREF=”https://tracker.debian.org/pkg/perl” TARGET=”_blank”>here</A> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://packages.debian.org/source/buster/perl” TARGET=”_blank”>Debian 10</A><P> <A HREF=”https://packages.debian.org/source/stretch/perl” TARGET=”_blank”>Debian 9</A> |
Debian | Successful exploitation can result in disruption of service. | High |
| 178399 | Debian Security Update for openldap (DSA 4845-1) | Debian has released security update for openldap to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00025.html” TARGET=”_blank”>DSA 4845-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00025.html” TARGET=”_blank”>DSA 4845-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 178423 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4855-1) | Debian has released security update foropenssl to fix the vulnerabilities. |
Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00035.html” TARGET=”_blank”>DSA 4855-1</A> for patching details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00035.html” TARGET=”_blank”>DSA 4855-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 178448 | Debian Security Update for subversion (DSA 4851-1) | Debian has released security update forsubversion to fix the vulnerabilities. |
Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00032.html” TARGET=”_blank”>DSA 4851-1</A> for patching details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00032.html” TARGET=”_blank”>DSA 4851-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | High |
| 178450 | Debian Security Update for openldap (DSA 4860-1) | Debian has released security update foropenldap to fix the vulnerabilities. |
Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00041.html” TARGET=”_blank”>DSA 4860-1</A> for patching details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00041.html” TARGET=”_blank”>DSA 4860-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 178486 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4875-1) | Debian has released security update foropenssl to fix the vulnerabilities. |
Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00056.html” TARGET=”_blank”>DSA 4875-1</A> for patching details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00056.html” TARGET=”_blank”>DSA 4875-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | High |
| 178522 | Debian Security Update for curl (DSA 4881-1) | Debian has released security update forcurl to fix the vulnerabilities. |
Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00062.html” TARGET=”_blank”>DSA 4881-1</A> for patching details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00062.html” TARGET=”_blank”>DSA 4881-1:Debian</A> |
Debian | Successful exploitation allows attacker to compromise the system. | Medium |
| 178626 | Debian Security Update for libzstd (DSA 4850-1) | Debian has released security update for libzstd to fix the vulnerabilities.<P><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Refer to Debian security advisory to CentOS advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00031.html” TARGET=”_blank”>DSA 4850-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00031.html” TARGET=”_blank”>DSA 4850-1:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 178628 | Debian Security Update for libzstd (DSA 4859-1) | Debian has released security update for libzstd to fix the vulnerabilities.<P><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Refer to Debian security advisory to CentOS advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00040.html” TARGET=”_blank”>DSA 4859-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00040.html” TARGET=”_blank”>DSA 4859-1:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 178632 | Debian Security Update for lz4 (DSA 4919-1) | Debian has released security update for lz4 to fix the vulnerabilities.<P><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Refer to Debian security advisory to CentOS advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00100.html” TARGET=”_blank”>DSA 4919-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00100.html” TARGET=”_blank”>DSA 4919-1:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 178677 | Debian Security Update for nettle (DSA 4933-1) | Debian has released security update for nettle to fix the vulnerabilities.<P><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Refer to Debian security advisory to CentOS advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00116.html” TARGET=”_blank”>DSA 4933-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00116.html” TARGET=”_blank”>DSA 4933-1:Debian</A> |
Debian | This vulnerability could be exploited to gain remote access to sensitive information and execute commands. | Medium |
| 178709 | Debian Security Update for systemd (DSA 4942-1) | Debian has released security update for systemd to fix the vulnerabilities.<P> | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00125.html” TARGET=”_blank”>DSA 4942-1</A> to address this issue and obtain further details. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00125.html” TARGET=”_blank”>DSA 4942-1:Debian</A> |
Debian | Successful exploitation allows an attacker to compromise the system. | Medium |
| 178721 | Debian Security Update for krb5 (DSA 4944-1) | Debian has released security update for krb5 to fix the vulnerabilities.<P><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Refer to Debian security advisory to CentOS advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00127.html” TARGET=”_blank”>DSA 4944-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00127.html” TARGET=”_blank”>DSA 4944-1:Debian</A> |
Debian | Malicious users could use this vulnerability to change partial contents or configuration on the system. Additionally this vulnerability can also be used to cause a limited denial of service in the form of interruptions in resource availability. | Medium |
| 178774 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 4963-1) | Debian has released security update for openssl to fix the vulnerabilities.<P><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00147.html” TARGET=”_blank”>DSA 4963-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00147.html” TARGET=”_blank”>DSA 4963-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. | Medium |
| 178915 | Debian Security Update for icu (DSA 5014-1) | Debian has released security update for icu to fix the vulnerabilities.<P><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00200.html” TARGET=”_blank”>DSA 5014-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2021/msg00200.html” TARGET=”_blank”>DSA 5014-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. | Medium |
| 179068 | Debian Security Update for expat (DSA 5073-1) | Debian has released a security update for expat to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00040.html” TARGET=”_blank”>DSA 5073-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00040.html” TARGET=”_blank”>DSA 5073-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179091 | Debian Security Update for expat (DSA 5085-1) | Debian has released a security update for expat to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00052.html” TARGET=”_blank”>DSA 5085-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00052.html” TARGET=”_blank”>DSA 5085-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179093 | Debian Security Update for cyrus-sasl2 (DSA 5087-1) | Debian has released a security update for cyrus-sasl2 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00054.html” TARGET=”_blank”>DSA 5087-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00054.html” TARGET=”_blank”>DSA 5087-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179127 | Debian Security Update for debian-archive-keyring (DLA 2948-1) | Debian has released a security update for debian-archive-keyring to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/03/msg00019.html” TARGET=”_blank”>DLA 2948-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/03/msg00019.html” TARGET=”_blank”>DLA 2948-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179142 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5103-1) | Debian has released a security update for openssl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00071.html” TARGET=”_blank”>DSA 5103-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00071.html” TARGET=”_blank”>DSA 5103-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179143 | Debian Security Update for expat (DSA 5085-2) | Debian has released a security update for expat to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00069.html” TARGET=”_blank”>DSA 5085-2</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00069.html” TARGET=”_blank”>DSA 5085-2:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179158 | Debian Security Update for tiff (DSA 5108-1) | Debian has released a security update for tiff to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00076.html” TARGET=”_blank”>DSA 5108-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00076.html” TARGET=”_blank”>DSA 5108-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179162 | Debian Security Update for tzdata (DLA 2963-1) | Debian has released a security update for tzdata to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/03/msg00036.html” TARGET=”_blank”>DLA 2963-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/03/msg00036.html” TARGET=”_blank”>DLA 2963-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179168 | Debian Security Update for zlib (DSA 5111-1) | Debian has released a security update for zlib to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00079.html” TARGET=”_blank”>DSA 5111-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00079.html” TARGET=”_blank”>DSA 5111-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179169 | Debian Security Update for zlib (DLA 2968-1) | Debian has released a security update for zlib to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html” TARGET=”_blank”>DLA 2968-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/04/msg00000.html” TARGET=”_blank”>DLA 2968-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179180 | Debian Security Update for gzip (DLA 2976-1) | Debian has released a security update for gzip to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/04/msg00007.html” TARGET=”_blank”>DLA 2976-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/04/msg00007.html” TARGET=”_blank”>DLA 2976-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179184 | Debian Security Update for xz-utils (DLA 2977-1) | Debian has released a security update for xz-utils to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/04/msg00008.html” TARGET=”_blank”>DLA 2977-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/04/msg00008.html” TARGET=”_blank”>DLA 2977-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179188 | Debian Security Update for subversion (DSA 5119-1) | Debian has released a security update for subversion to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00087.html” TARGET=”_blank”>DSA 5119-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00087.html” TARGET=”_blank”>DSA 5119-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179199 | Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-24048) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-24048″ TARGET=”_blank”>CVE-2022-24048</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-24048″ TARGET=”_blank”>CVE-2022-24048:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179207 | Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-24051) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-24051″ TARGET=”_blank”>CVE-2022-24051</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-24051″ TARGET=”_blank”>CVE-2022-24051:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179208 | Debian Security Update for libxml2 (CVE-2022-23308) | Debian has released a security update for libxml2 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-23308″ TARGET=”_blank”>CVE-2022-23308</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-23308″ TARGET=”_blank”>CVE-2022-23308:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179218 | Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-24052) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-24052″ TARGET=”_blank”>CVE-2022-24052</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-24052″ TARGET=”_blank”>CVE-2022-24052:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179226 | Debian Security Update for glibc (CVE-2022-23218) | Debian has released a security update for glibc to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-23218″ TARGET=”_blank”>CVE-2022-23218</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-23218″ TARGET=”_blank”>CVE-2022-23218:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179233 | Debian Security Update for glibc (CVE-2022-23219) | Debian has released a security update for glibc to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-23219″ TARGET=”_blank”>CVE-2022-23219</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-23219″ TARGET=”_blank”>CVE-2022-23219:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179243 | Debian Security Update for gzip (DSA 5122-1) | Debian has released a security update for gzip to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00090.html” TARGET=”_blank”>DSA 5122-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00090.html” TARGET=”_blank”>DSA 5122-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179244 | Debian Security Update for xz-utils (DSA 5123-1) | Debian has released a security update for xz-utils to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00091.html” TARGET=”_blank”>DSA 5123-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00091.html” TARGET=”_blank”>DSA 5123-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179294 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5139-1) | Debian has released a security update for openssl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00107.html” TARGET=”_blank”>DSA 5139-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00107.html” TARGET=”_blank”>DSA 5139-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179300 | Debian Security Update for openldap (DSA 5140-1) | Debian has released a security update for openldap to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00108.html” TARGET=”_blank”>DSA 5140-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00108.html” TARGET=”_blank”>DSA 5140-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179303 | Debian Security Update for libxml2 (DSA 5142-1) | Debian has released a security update for libxml2 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00110.html” TARGET=”_blank”>DSA 5142-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00110.html” TARGET=”_blank”>DSA 5142-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179314 | Debian Security Update for dpkg (DLA 3022-1) | Debian has released a security update for dpkg to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html” TARGET=”_blank”>DLA 3022-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/05/msg00033.html” TARGET=”_blank”>DLA 3022-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179316 | Debian Security Update for dpkg (DSA 5147-1) | Debian has released a security update for dpkg to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00115.html” TARGET=”_blank”>DSA 5147-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00115.html” TARGET=”_blank”>DSA 5147-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179331 | Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-31624) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31624″ TARGET=”_blank”>CVE-2022-31624</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31624″ TARGET=”_blank”>CVE-2022-31624:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179332 | Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-31621) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31621″ TARGET=”_blank”>CVE-2022-31621</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31621″ TARGET=”_blank”>CVE-2022-31621:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179333 | Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-31623) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31623″ TARGET=”_blank”>CVE-2022-31623</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31623″ TARGET=”_blank”>CVE-2022-31623:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179334 | Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2022-31622) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31622″ TARGET=”_blank”>CVE-2022-31622</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-31622″ TARGET=”_blank”>CVE-2022-31622:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179383 | Debian Security Update for tzdata (DLA 3051-1) | Debian has released a security update for tzdata to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/06/msg00016.html” TARGET=”_blank”>DLA 3051-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/06/msg00016.html” TARGET=”_blank”>DLA 3051-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179390 | Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-46658) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46658″ TARGET=”_blank”>CVE-2021-46658</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46658″ TARGET=”_blank”>CVE-2021-46658:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179391 | Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-46667) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46667″ TARGET=”_blank”>CVE-2021-46667</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46667″ TARGET=”_blank”>CVE-2021-46667:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179493 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DSA 5169-1) | Debian has released a security update for openssl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00137.html” TARGET=”_blank”>DSA 5169-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00137.html” TARGET=”_blank”>DSA 5169-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179511 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-3449) | Debian has released a security update for openssl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3449″ TARGET=”_blank”>CVE-2021-3449</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3449″ TARGET=”_blank”>CVE-2021-3449:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179583 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-23841) | Debian has released a security update for openssl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23841″ TARGET=”_blank”>CVE-2021-23841</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23841″ TARGET=”_blank”>CVE-2021-23841:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179586 | Debian Security Update for systemd (CVE-2021-3997) | Debian has released a security update for systemd to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3997″ TARGET=”_blank”>CVE-2021-3997</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3997″ TARGET=”_blank”>CVE-2021-3997:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179602 | Debian Security Update for postgresql-13postgresql-11 (CVE-2021-3677) | Debian has released a security update for postgresql-13,postgresql-11 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3677″ TARGET=”_blank”>CVE-2021-3677</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3677″ TARGET=”_blank”>CVE-2021-3677:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179639 | Debian Security Update for git (CVE-2021-40330) | Debian has released a security update for git to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-40330″ TARGET=”_blank”>CVE-2021-40330</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-40330″ TARGET=”_blank”>CVE-2021-40330:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179664 | Debian Security Update for git (CVE-2021-21300) | Debian has released a security update for git to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-21300″ TARGET=”_blank”>CVE-2021-21300</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-21300″ TARGET=”_blank”>CVE-2021-21300:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179673 | Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-2166) | Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2166″ TARGET=”_blank”>CVE-2021-2166</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2166″ TARGET=”_blank”>CVE-2021-2166:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179677 | Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-2389) | Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2389″ TARGET=”_blank”>CVE-2021-2389</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2389″ TARGET=”_blank”>CVE-2021-2389:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179683 | Debian Security Update for glib2.0 (CVE-2021-27218) | Debian has released a security update for glib2.0 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27218″ TARGET=”_blank”>CVE-2021-27218</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27218″ TARGET=”_blank”>CVE-2021-27218:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179731 | Debian Security Update for postgresql-13postgresql-11 (CVE-2021-3393) | Debian has released a security update for postgresql-13,postgresql-11 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3393″ TARGET=”_blank”>CVE-2021-3393</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3393″ TARGET=”_blank”>CVE-2021-3393:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179739 | Debian Security Update for glib2.0 (CVE-2021-27219) | Debian has released a security update for glib2.0 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27219″ TARGET=”_blank”>CVE-2021-27219</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27219″ TARGET=”_blank”>CVE-2021-27219:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179744 | Debian Security Update for openexr (CVE-2021-23169) | Debian has released a security update for openexr to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23169″ TARGET=”_blank”>CVE-2021-23169</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23169″ TARGET=”_blank”>CVE-2021-23169:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179762 | Debian Security Update for python3.7python2.7python3.9 (CVE-2021-3177) | Debian has released a security update for python3.7,python2.7,python3.9 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3177″ TARGET=”_blank”>CVE-2021-3177</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3177″ TARGET=”_blank”>CVE-2021-3177:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179849 | Debian Security Update for mariadb-10.1mariadb-10.3mariadb-10.5 (CVE-2021-2022) | Debian has released a security update for mariadb-10.1,mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2022″ TARGET=”_blank”>CVE-2021-2022</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2022″ TARGET=”_blank”>CVE-2021-2022:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179856 | Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-27928) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27928″ TARGET=”_blank”>CVE-2021-27928</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27928″ TARGET=”_blank”>CVE-2021-27928:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179917 | Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-46657) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46657″ TARGET=”_blank”>CVE-2021-46657</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46657″ TARGET=”_blank”>CVE-2021-46657:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179935 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-3450) | Debian has released a security update for openssl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3450″ TARGET=”_blank”>CVE-2021-3450</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3450″ TARGET=”_blank”>CVE-2021-3450:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 179948 | Debian Security Update for libzstd (CVE-2021-24031) | Debian has released a security update for libzstd to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-24031″ TARGET=”_blank”>CVE-2021-24031</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-24031″ TARGET=”_blank”>CVE-2021-24031:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179967 | Debian Security Update for curl (CVE-2021-22890) | Debian has released a security update for curl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-22890″ TARGET=”_blank”>CVE-2021-22890</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-22890″ TARGET=”_blank”>CVE-2021-22890:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 179969 | Debian Security Update for libxml2 (CVE-2021-3517) | Debian has released a security update for libxml2 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3517″ TARGET=”_blank”>CVE-2021-3517</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3517″ TARGET=”_blank”>CVE-2021-3517:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180057 | Debian Security Update for postgresql-13 (CVE-2021-32029) | Debian has released a security update for postgresql-13 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-32029″ TARGET=”_blank”>CVE-2021-32029</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-32029″ TARGET=”_blank”>CVE-2021-32029:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180068 | Debian Security Update for curl (CVE-2021-22876) | Debian has released a security update for curl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-22876″ TARGET=”_blank”>CVE-2021-22876</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-22876″ TARGET=”_blank”>CVE-2021-22876:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180134 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-23839) | Debian has released a security update for openssl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23839″ TARGET=”_blank”>CVE-2021-23839</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23839″ TARGET=”_blank”>CVE-2021-23839:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180141 | Debian Security Update for postgresql-13 (CVE-2021-32028) | Debian has released a security update for postgresql-13 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-32028″ TARGET=”_blank”>CVE-2021-32028</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-32028″ TARGET=”_blank”>CVE-2021-32028:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180164 | Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-2154) | Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2154″ TARGET=”_blank”>CVE-2021-2154</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2154″ TARGET=”_blank”>CVE-2021-2154:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180169 | Debian Security Update for gnutls28 (CVE-2021-20232) | Debian has released a security update for gnutls28 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-20232″ TARGET=”_blank”>CVE-2021-20232</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-20232″ TARGET=”_blank”>CVE-2021-20232:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180179 | Debian Security Update for systemd (DLA 3063-1) | Debian has released a security update for systemd to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html” TARGET=”_blank”>DLA 3063-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/06/msg00025.html” TARGET=”_blank”>DLA 3063-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180182 | Debian Security Update for libxml2 (CVE-2021-3518) | Debian has released a security update for libxml2 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3518″ TARGET=”_blank”>CVE-2021-3518</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3518″ TARGET=”_blank”>CVE-2021-3518:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180209 | Debian Security Update for krb5 (CVE-2021-36222) | Debian has released a security update for krb5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-36222″ TARGET=”_blank”>CVE-2021-36222</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-36222″ TARGET=”_blank”>CVE-2021-36222:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180224 | Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-46662) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46662″ TARGET=”_blank”>CVE-2021-46662</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46662″ TARGET=”_blank”>CVE-2021-46662:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180240 | Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-46661) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46661″ TARGET=”_blank”>CVE-2021-46661</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46661″ TARGET=”_blank”>CVE-2021-46661:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180242 | Debian Security Update for libxml2 (CVE-2021-3537) | Debian has released a security update for libxml2 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3537″ TARGET=”_blank”>CVE-2021-3537</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3537″ TARGET=”_blank”>CVE-2021-3537:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180276 | Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-46663) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46663″ TARGET=”_blank”>CVE-2021-46663</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46663″ TARGET=”_blank”>CVE-2021-46663:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180301 | Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-46668) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46668″ TARGET=”_blank”>CVE-2021-46668</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46668″ TARGET=”_blank”>CVE-2021-46668:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180305 | Debian Security Update for mariadb-10.5mariadb-10.3 (CVE-2021-35604) | Debian has released a security update for mariadb-10.5,mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-35604″ TARGET=”_blank”>CVE-2021-35604</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-35604″ TARGET=”_blank”>CVE-2021-35604:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180332 | Debian Security Update for glibc (CVE-2021-33574) | Debian has released a security update for glibc to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-33574″ TARGET=”_blank”>CVE-2021-33574</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-33574″ TARGET=”_blank”>CVE-2021-33574:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180347 | Debian Security Update for libxml2 (CVE-2021-3516) | Debian has released a security update for libxml2 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3516″ TARGET=”_blank”>CVE-2021-3516</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3516″ TARGET=”_blank”>CVE-2021-3516:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180369 | Debian Security Update for gmp (CVE-2021-43618) | Debian has released a security update for gmp to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-43618″ TARGET=”_blank”>CVE-2021-43618</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-43618″ TARGET=”_blank”>CVE-2021-43618:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180373 | Debian Security Update for glib2.0 (CVE-2021-28153) | Debian has released a security update for glib2.0 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-28153″ TARGET=”_blank”>CVE-2021-28153</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-28153″ TARGET=”_blank”>CVE-2021-28153:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180390 | Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-46665) | Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46665″ TARGET=”_blank”>CVE-2021-46665</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46665″ TARGET=”_blank”>CVE-2021-46665:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180396 | Debian Security Update for openldap (CVE-2021-27212) | Debian has released a security update for openldap to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27212″ TARGET=”_blank”>CVE-2021-27212</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-27212″ TARGET=”_blank”>CVE-2021-27212:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180421 | Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-46664) | Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46664″ TARGET=”_blank”>CVE-2021-46664</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46664″ TARGET=”_blank”>CVE-2021-46664:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180441 | Debian Security Update for sqlite3 (CVE-2021-20227) | Debian has released a security update for sqlite3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-20227″ TARGET=”_blank”>CVE-2021-20227</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-20227″ TARGET=”_blank”>CVE-2021-20227:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180459 | Debian Security Update for glibc (CVE-2021-43396) | Debian has released a security update for glibc to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-43396″ TARGET=”_blank”>CVE-2021-43396</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-43396″ TARGET=”_blank”>CVE-2021-43396:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180473 | Debian Security Update for postgresql-13 (CVE-2021-32027) | Debian has released a security update for postgresql-13 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-32027″ TARGET=”_blank”>CVE-2021-32027</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-32027″ TARGET=”_blank”>CVE-2021-32027:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180479 | Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-46659) | Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46659″ TARGET=”_blank”>CVE-2021-46659</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46659″ TARGET=”_blank”>CVE-2021-46659:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180517 | Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-2194) | Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2194″ TARGET=”_blank”>CVE-2021-2194</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2194″ TARGET=”_blank”>CVE-2021-2194:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180528 | Debian Security Update for icuchromium (CVE-2021-30535) | Debian has released a security update for icu,chromium to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-30535″ TARGET=”_blank”>CVE-2021-30535</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-30535″ TARGET=”_blank”>CVE-2021-30535:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180540 | Debian Security Update for libxml2 (CVE-2021-3541) | Debian has released a security update for libxml2 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3541″ TARGET=”_blank”>CVE-2021-3541</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3541″ TARGET=”_blank”>CVE-2021-3541:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180548 | Debian Security Update for gnutls28 (CVE-2021-20231) | Debian has released a security update for gnutls28 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-20231″ TARGET=”_blank”>CVE-2021-20231</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-20231″ TARGET=”_blank”>CVE-2021-20231:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180558 | Debian Security Update for libgcrypt20 (CVE-2021-40528) | Debian has released a security update for libgcrypt20 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-40528″ TARGET=”_blank”>CVE-2021-40528</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-40528″ TARGET=”_blank”>CVE-2021-40528:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180566 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (CVE-2021-23840) | Debian has released a security update for openssl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23840″ TARGET=”_blank”>CVE-2021-23840</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-23840″ TARGET=”_blank”>CVE-2021-23840:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180574 | Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-2372) | Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2372″ TARGET=”_blank”>CVE-2021-2372</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-2372″ TARGET=”_blank”>CVE-2021-2372:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180578 | Debian Security Update for mariadb-10.3mariadb-10.5 (CVE-2021-46666) | Debian has released a security update for mariadb-10.3,mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46666″ TARGET=”_blank”>CVE-2021-46666</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46666″ TARGET=”_blank”>CVE-2021-46666:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180600 | Debian Security Update for krb5 (CVE-2021-37750) | Debian has released a security update for krb5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-37750″ TARGET=”_blank”>CVE-2021-37750</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-37750″ TARGET=”_blank”>CVE-2021-37750:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180842 | Debian Security Update for gnutls28 (CVE-2021-4209) | Debian has released a security update for gnutls28 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-4209″ TARGET=”_blank”>CVE-2021-4209</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-4209″ TARGET=”_blank”>CVE-2021-4209:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180843 | Debian Security Update for freetype (CVE-2022-27404) | Debian has released a security update for freetype to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27404″ TARGET=”_blank”>CVE-2022-27404</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27404″ TARGET=”_blank”>CVE-2022-27404:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180848 | Debian Security Update for freetype (CVE-2022-27406) | Debian has released a security update for freetype to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27406″ TARGET=”_blank”>CVE-2022-27406</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27406″ TARGET=”_blank”>CVE-2022-27406:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180880 | Debian Security Update for freetype (CVE-2022-27405) | Debian has released a security update for freetype to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27405″ TARGET=”_blank”>CVE-2022-27405</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27405″ TARGET=”_blank”>CVE-2022-27405:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180909 | Debian Security Update for curl (DSA 5197-1) | Debian has released a security update for curl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00166.html” TARGET=”_blank”>DSA 5197-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00166.html” TARGET=”_blank”>DSA 5197-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180920 | Debian Security Update for libtirpc (DSA 5200-1) | Debian has released a security update for libtirpc to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00170.html” TARGET=”_blank”>DSA 5200-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00170.html” TARGET=”_blank”>DSA 5200-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180922 | Debian Security Update for gnutls28 (DSA 5203-1) | Debian has released a security update for gnutls28 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00172.html” TARGET=”_blank”>DSA 5203-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00172.html” TARGET=”_blank”>DSA 5203-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180923 | Debian Security Update for unzip (DSA 5202-1) | Debian has released a security update for unzip to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00171.html” TARGET=”_blank”>DSA 5202-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00171.html” TARGET=”_blank”>DSA 5202-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180935 | Debian Security Update for postgresql-11 (DLA 3072-1) | Debian has released a security update for postgresql-11 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/08/msg00003.html” TARGET=”_blank”>DLA 3072-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/08/msg00003.html” TARGET=”_blank”>DLA 3072-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180936 | Debian Security Update for gnutls28 (DLA 3070-1) | Debian has released a security update for gnutls28 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html” TARGET=”_blank”>DLA 3070-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/08/msg00002.html” TARGET=”_blank”>DLA 3070-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180942 | Debian Security Update for net-snmp (DSA 5209-1) | Debian has released a security update for net-snmp to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00178.html” TARGET=”_blank”>DSA 5209-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00178.html” TARGET=”_blank”>DSA 5209-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180952 | Debian Security Update for systemd (CVE-2022-2526) | Debian has released a security update for systemd to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-2526″ TARGET=”_blank”>CVE-2022-2526</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-2526″ TARGET=”_blank”>CVE-2022-2526:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 180960 | Debian Security Update for libxslt (DSA 5216-1) | Debian has released a security update for libxslt to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00185.html” TARGET=”_blank”>DSA 5216-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00185.html” TARGET=”_blank”>DSA 5216-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180965 | Debian Security Update for zlib (DSA 5218-1) | Debian has released a security update for zlib to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00187.html” TARGET=”_blank”>DSA 5218-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00187.html” TARGET=”_blank”>DSA 5218-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 180969 | Debian Security Update for curl (DLA 3085-1) | Debian has released a security update for curl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html” TARGET=”_blank”>DLA 3085-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html” TARGET=”_blank”>DLA 3085-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181001 | Debian Security Update for libxslt (DLA 3101-1) | Debian has released a security update for libxslt to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html” TARGET=”_blank”>DLA 3101-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00010.html” TARGET=”_blank”>DLA 3101-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181006 | Debian Security Update for glibc (CVE-2021-3999) | Debian has released a security update for glibc to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3999″ TARGET=”_blank”>CVE-2021-3999</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-3999″ TARGET=”_blank”>CVE-2021-3999:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181024 | Debian Security Update for pcre2 (CVE-2022-1586) | Debian has released a security update for pcre2 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-1586″ TARGET=”_blank”>CVE-2022-1586</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-1586″ TARGET=”_blank”>CVE-2022-1586:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181032 | Debian Security Update for pcre2 (CVE-2022-1587) | Debian has released a security update for pcre2 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-1587″ TARGET=”_blank”>CVE-2022-1587</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-1587″ TARGET=”_blank”>CVE-2022-1587:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181037 | Debian Security Update for curl (CVE-2022-35252) | Debian has released a security update for curl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-35252″ TARGET=”_blank”>CVE-2022-35252</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-35252″ TARGET=”_blank”>CVE-2022-35252:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 181046 | Debian Security Update for zlib (DLA 3103-1) | Debian has released a security update for zlib to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html” TARGET=”_blank”>DLA 3103-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00012.html” TARGET=”_blank”>DLA 3103-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181051 | Debian Security Update for sqlite3 (DLA 3107-1) | Debian has released a security update for sqlite3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00016.html” TARGET=”_blank”>DLA 3107-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00016.html” TARGET=”_blank”>DLA 3107-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181058 | Debian Security Update for glib2.0 (DLA 3110-1) | Debian has released a security update for glib2.0 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html” TARGET=”_blank”>DLA 3110-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00020.html” TARGET=”_blank”>DLA 3110-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181060 | Debian Security Update for bzip2 (DLA 3112-1) | Debian has released a security update for bzip2 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00022.html” TARGET=”_blank”>DLA 3112-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00022.html” TARGET=”_blank”>DLA 3112-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 181070 | Debian Security Update for unzip (DLA 3118-1) | Debian has released a security update for unzip to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html” TARGET=”_blank”>DLA 3118-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00028.html” TARGET=”_blank”>DLA 3118-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 181073 | Debian Security Update for expat (DSA 5236-1) | Debian has released a security update for expat to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00205.html” TARGET=”_blank”>DSA 5236-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-security-announce/2022/msg00205.html” TARGET=”_blank”>DSA 5236-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181088 | Debian Security Update for mariadb-10.3 (DLA 3114-2) | Debian has released a security update for mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00037.html” TARGET=”_blank”>DLA 3114-2</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00037.html” TARGET=”_blank”>DLA 3114-2:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 181097 | Debian Security Update for mariadb-10.3 (DLA 3114-1) | Debian has released a security update for mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html” TARGET=”_blank”>DLA 3114-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00023.html” TARGET=”_blank”>DLA 3114-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181102 | Debian Security Update for tzdata (DLA 3134-1) | Debian has released a security update for tzdata to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00003.html” TARGET=”_blank”>DLA 3134-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00003.html” TARGET=”_blank”>DLA 3134-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 181127 | Debian Security Update for git (DLA 3145-1) | Debian has released a security update for git to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00014.html” TARGET=”_blank”>DLA 3145-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00014.html” TARGET=”_blank”>DLA 3145-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181130 | Debian Security Update for expat (DLA 3119-1) | Debian has released a security update for expat to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html” TARGET=”_blank”>DLA 3119-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/09/msg00029.html” TARGET=”_blank”>DLA 3119-1</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181138 | Debian Security Update for glibc (DLA 3152-1) | Debian has released a security update for glibc to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html” TARGET=”_blank”>DLA 3152-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00021.html” TARGET=”_blank”>DLA 3152-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181141 | Debian Security Update for postgresql-13 (CVE-2022-2625) | Debian has released a security update for postgresql-13 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-2625″ TARGET=”_blank”>CVE-2022-2625</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-2625″ TARGET=”_blank”>CVE-2022-2625:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181165 | Debian Security Update for tzdata (DLA 3161-1) | Debian has released a security update for tzdata to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00030.html” TARGET=”_blank”>DLA 3161-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00030.html” TARGET=”_blank”>DLA 3161-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 181170 | Debian Security Update for expat (DLA 3165-1) | Debian has released a security update for expat to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html” TARGET=”_blank”>DLA 3165-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00033.html” TARGET=”_blank”>DLA 3165-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181173 | Debian Security Update for ncurses (DLA 3167-1) | Debian has released a security update for ncurses to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html” TARGET=”_blank”>DLA 3167-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/10/msg00037.html” TARGET=”_blank”>DLA 3167-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181183 | Debian Security Update for python3.7 (DLA 3175-1) | Debian has released a security update for python3.7 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html” TARGET=”_blank”>DLA 3175-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00000.html” TARGET=”_blank”>DLA 3175-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181186 | Debian Security Update for sqlite3 (CVE-2019-8457) | Debian has released a security update for SQLite3 from 3.6.0 to and including 3.27.2 which are vulnerable to heap out-of-bound read in the rtreenode() function when handling invalid rtree tables.<BR> | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2019-8457″ TARGET=”_blank”>CVE-2019-8457</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2019-8457″ TARGET=”_blank”>CVE-2019-8457</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality.<BR> | High |
| 181197 | Debian Security Update for pixman (DLA 3179-1) | Debian has released a security update for pixman to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00008.html” TARGET=”_blank”>DLA 3179-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00008.html” TARGET=”_blank”>DLA 3179-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181214 | Debian Security Update for postgresql-11 (DLA 3189-1) | Debian has released a security update for postgresql-11 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00017.html” TARGET=”_blank”>DLA 3189-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00017.html” TARGET=”_blank”>DLA 3189-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 181259 | Debian Security Update for krb5 (DLA 3213-1) | Debian has released a security update for krb5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00041.html” TARGET=”_blank”>DLA 3213-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/11/msg00041.html” TARGET=”_blank”>DLA 3213-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181315 | Debian Security Update for openexr (DLA 3236-1) | Debian has released a security update for openexr to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html” TARGET=”_blank”>DLA 3236-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00022.html” TARGET=”_blank”>DLA 3236-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181320 | Debian Security Update for git (DLA 3239-1) | Debian has released a security update for git to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html” TARGET=”_blank”>DLA 3239-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00025.html” TARGET=”_blank”>DLA 3239-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181321 | Debian Security Update for git (DLA 3239-2) | Debian has released a security update for git to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00026.html” TARGET=”_blank”>DLA 3239-2</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00026.html” TARGET=”_blank”>DLA 3239-2:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181331 | Debian Security Update for libde265 (DLA 3240-1) | Debian has released a security update for libde265 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html” TARGET=”_blank”>DLA 3240-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00027.html” TARGET=”_blank”>DLA 3240-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181340 | Debian Security Update for mariadb-10.5 (CVE-2022-27378) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27378″ TARGET=”_blank”>CVE-2022-27378</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27378″ TARGET=”_blank”>CVE-2022-27378:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181343 | Debian Security Update for mariadb-10.5 (CVE-2021-46669) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46669″ TARGET=”_blank”>CVE-2021-46669</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2021-46669″ TARGET=”_blank”>CVE-2021-46669:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181344 | Debian Security Update for mariadb-10.5 (CVE-2022-32087) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32087″ TARGET=”_blank”>CVE-2022-32087</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32087″ TARGET=”_blank”>CVE-2022-32087:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181345 | Debian Security Update for mariadb-10.5 (CVE-2022-32088) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32088″ TARGET=”_blank”>CVE-2022-32088</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32088″ TARGET=”_blank”>CVE-2022-32088:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181349 | Debian Security Update for mariadb-10.5 (CVE-2022-27380) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27380″ TARGET=”_blank”>CVE-2022-27380</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27380″ TARGET=”_blank”>CVE-2022-27380:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181350 | Debian Security Update for mariadb-10.5 (CVE-2022-32091) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32091″ TARGET=”_blank”>CVE-2022-32091</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32091″ TARGET=”_blank”>CVE-2022-32091:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181351 | Debian Security Update for mariadb-10.5 (CVE-2022-32082) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32082″ TARGET=”_blank”>CVE-2022-32082</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32082″ TARGET=”_blank”>CVE-2022-32082:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181355 | Debian Security Update for mariadb-10.5 (CVE-2022-27457) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27457″ TARGET=”_blank”>CVE-2022-27457</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27457″ TARGET=”_blank”>CVE-2022-27457:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181359 | Debian Security Update for mariadb-10.5 (CVE-2022-32085) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32085″ TARGET=”_blank”>CVE-2022-32085</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32085″ TARGET=”_blank”>CVE-2022-32085:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181360 | Debian Security Update for mariadb-10.5 (CVE-2022-27377) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27377″ TARGET=”_blank”>CVE-2022-27377</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27377″ TARGET=”_blank”>CVE-2022-27377:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181368 | Debian Security Update for mariadb-10.5 (CVE-2022-27451) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27451″ TARGET=”_blank”>CVE-2022-27451</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27451″ TARGET=”_blank”>CVE-2022-27451:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181369 | Debian Security Update for mariadb-10.5 (CVE-2022-32084) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32084″ TARGET=”_blank”>CVE-2022-32084</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32084″ TARGET=”_blank”>CVE-2022-32084:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181370 | Debian Security Update for mariadb-10.5 (CVE-2022-27456) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27456″ TARGET=”_blank”>CVE-2022-27456</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27456″ TARGET=”_blank”>CVE-2022-27456:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181378 | Debian Security Update for mariadb-10.5 (CVE-2022-27386) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27386″ TARGET=”_blank”>CVE-2022-27386</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27386″ TARGET=”_blank”>CVE-2022-27386:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181380 | Debian Security Update for mariadb-10.5 (CVE-2022-27452) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27452″ TARGET=”_blank”>CVE-2022-27452</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27452″ TARGET=”_blank”>CVE-2022-27452:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181382 | Debian Security Update for mariadb-10.5 (CVE-2022-32081) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32081″ TARGET=”_blank”>CVE-2022-32081</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32081″ TARGET=”_blank”>CVE-2022-32081:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181384 | Debian Security Update for mariadb-10.5 (CVE-2022-27449) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27449″ TARGET=”_blank”>CVE-2022-27449</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27449″ TARGET=”_blank”>CVE-2022-27449:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181386 | Debian Security Update for mariadb-10.5 (CVE-2022-27387) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27387″ TARGET=”_blank”>CVE-2022-27387</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27387″ TARGET=”_blank”>CVE-2022-27387:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181388 | Debian Security Update for mariadb-10.5 (CVE-2022-27455) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27455″ TARGET=”_blank”>CVE-2022-27455</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27455″ TARGET=”_blank”>CVE-2022-27455:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181389 | Debian Security Update for mariadb-10.5 (CVE-2022-27376) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27376″ TARGET=”_blank”>CVE-2022-27376</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27376″ TARGET=”_blank”>CVE-2022-27376:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181393 | Debian Security Update for mariadb-10.5 (CVE-2022-27379) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27379″ TARGET=”_blank”>CVE-2022-27379</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27379″ TARGET=”_blank”>CVE-2022-27379:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181396 | Debian Security Update for mariadb-10.5 (CVE-2022-32086) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32086″ TARGET=”_blank”>CVE-2022-32086</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32086″ TARGET=”_blank”>CVE-2022-32086:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181397 | Debian Security Update for mariadb-10.5 (CVE-2022-27382) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27382″ TARGET=”_blank”>CVE-2022-27382</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27382″ TARGET=”_blank”>CVE-2022-27382:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181398 | Debian Security Update for mariadb-10.5 (CVE-2022-32083) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32083″ TARGET=”_blank”>CVE-2022-32083</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32083″ TARGET=”_blank”>CVE-2022-32083:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181400 | Debian Security Update for mariadb-10.5 (CVE-2022-27445) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27445″ TARGET=”_blank”>CVE-2022-27445</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27445″ TARGET=”_blank”>CVE-2022-27445:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181403 | Debian Security Update for mariadb-10.5 (CVE-2022-27381) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27381″ TARGET=”_blank”>CVE-2022-27381</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27381″ TARGET=”_blank”>CVE-2022-27381:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181406 | Debian Security Update for mariadb-10.5 (CVE-2022-27447) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27447″ TARGET=”_blank”>CVE-2022-27447</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27447″ TARGET=”_blank”>CVE-2022-27447:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181409 | Debian Security Update for mariadb-10.5 (CVE-2022-38791) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-38791″ TARGET=”_blank”>CVE-2022-38791</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-38791″ TARGET=”_blank”>CVE-2022-38791:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 181410 | Debian Security Update for mariadb-10.5 (CVE-2022-27458) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27458″ TARGET=”_blank”>CVE-2022-27458</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27458″ TARGET=”_blank”>CVE-2022-27458:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181412 | Debian Security Update for mariadb-10.5 (CVE-2022-27446) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27446″ TARGET=”_blank”>CVE-2022-27446</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27446″ TARGET=”_blank”>CVE-2022-27446:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181417 | Debian Security Update for mariadb-10.5 (CVE-2022-27448) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27448″ TARGET=”_blank”>CVE-2022-27448</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27448″ TARGET=”_blank”>CVE-2022-27448:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181421 | Debian Security Update for mariadb-10.5 (CVE-2022-32089) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32089″ TARGET=”_blank”>CVE-2022-32089</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-32089″ TARGET=”_blank”>CVE-2022-32089:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181425 | Debian Security Update for mariadb-10.5 (CVE-2022-27383) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27383″ TARGET=”_blank”>CVE-2022-27383</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27383″ TARGET=”_blank”>CVE-2022-27383:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181427 | Debian Security Update for mariadb-10.5 (CVE-2022-27384) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27384″ TARGET=”_blank”>CVE-2022-27384</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27384″ TARGET=”_blank”>CVE-2022-27384:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181428 | Debian Security Update for mariadb-10.5 (CVE-2022-27444) | Debian has released a security update for mariadb-10.5 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27444″ TARGET=”_blank”>CVE-2022-27444</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security-tracker.debian.org/tracker/CVE-2022-27444″ TARGET=”_blank”>CVE-2022-27444:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181445 | Debian Security Update for libksba (DLA 3248-1) | Debian has released a security update for libksba to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html” TARGET=”_blank”>DLA 3248-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2022/12/msg00035.html” TARGET=”_blank”>DLA 3248-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181462 | Debian Security Update for libtasn1-6 (DLA 3263-1) | Debian has released a security update for libtasn1-6 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html” TARGET=”_blank”>DLA 3263-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00003.html” TARGET=”_blank”>DLA 3263-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181488 | Debian Security Update for tiff (DLA 3278-1) | Debian has released a security update for tiff to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html” TARGET=”_blank”>DLA 3278-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00018.html” TARGET=”_blank”>DLA 3278-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181500 | Debian Security Update for libde265 (DLA 3280-1) | Debian has released a security update for libde265 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html” TARGET=”_blank”>DLA 3280-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00020.html” TARGET=”_blank”>DLA 3280-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181505 | Debian Security Update for git (DLA 3282-1) | Debian has released a security update for git to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00022.html” TARGET=”_blank”>DLA 3282-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00022.html” TARGET=”_blank”>DLA 3282-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181512 | Debian Security Update for curl (DLA 3288-1) | Debian has released a security update for curl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html” TARGET=”_blank”>DLA 3288-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00028.html” TARGET=”_blank”>DLA 3288-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181525 | Debian Security Update for tiff (DLA 3297-1) | Debian has released a security update for tiff to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html” TARGET=”_blank”>DLA 3297-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/01/msg00037.html” TARGET=”_blank”>DLA 3297-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181555 | Debian Security Update for postgresql-11 (DLA 3316-1) | Debian has released a security update for postgresql-11 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00010.html” TARGET=”_blank”>DLA 3316-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00010.html” TARGET=”_blank”>DLA 3316-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181582 | Debian Security Update for gnutls28 (DLA 3321-1) | Debian has released a security update for gnutls28 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html” TARGET=”_blank”>DLA 3321-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00015.html” TARGET=”_blank”>DLA 3321-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181593 | Debian Security Update for Open Secure Sockets Layer (OpenSSL) (DLA 3325-1) | Debian has released a security update for openssl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html” TARGET=”_blank”>DLA 3325-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00019.html” TARGET=”_blank”>DLA 3325-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181599 | Debian Security Update for apr-util (DLA 3332-1) | Debian has released a security update for apr-util to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00024.html” TARGET=”_blank”>DLA 3332-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00024.html” TARGET=”_blank”>DLA 3332-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181600 | Debian Security Update for tiff (DLA 3333-1) | Debian has released a security update for tiff to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html” TARGET=”_blank”>DLA 3333-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00026.html” TARGET=”_blank”>DLA 3333-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 181605 | Debian Security Update for mariadb-10.3 (DLA 3337-1) | Debian has released a security update for mariadb-10.3 to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00031.html” TARGET=”_blank”>DLA 3337-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00031.html” TARGET=”_blank”>DLA 3337-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181607 | Debian Security Update for git (DLA 3338-1) | Debian has released a security update for git to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00032.html” TARGET=”_blank”>DLA 3338-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00032.html” TARGET=”_blank”>DLA 3338-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 181609 | Debian Security Update for curl (DLA 3341-1) | Debian has released a security update for curl to fix the vulnerabilities. | Refer to Debian security advisory <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html” TARGET=”_blank”>DLA 3341-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html” TARGET=”_blank”>DLA 3341-1:Debian</A> |
Debian | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 197885 | Ubuntu Security Notification for Apt Vulnerability (USN-4359-1) | <P> It was discovered that APT incorrectly handled certain filenames during package installation. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-May/005431.html” TARGET=”_blank”>USN-4359-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/1.6.12ubuntu0.1″ TARGET=”_blank”>USN-4359-1:18.04 (bionic) on src (apt)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/2.0.2ubuntu0.1″ TARGET=”_blank”>USN-4359-1:20.04 (focal) on src (apt)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/1.9.4ubuntu0.1″ TARGET=”_blank”>USN-4359-1:19.10 (eoan) on src (apt)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/1.2.32ubuntu0.1″ TARGET=”_blank”>USN-4359-1:16.04 (Xenial) on src (apt)</A> |
Ubuntu | <P> If an attacker could provide a specially crafted package to be installed by the system administrator, this could cause APT to crash.<P> | Medium |
| 197927 | Ubuntu Security Notification for Curl Vulnerabilities (USN-4402-1) | <P> It was discovered that curl incorrectly handled certain credentials. <P> It was discovered that curl incorrectly handled certain parameters. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-June/005488.html” TARGET=”_blank”>USN-4402-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.9″ TARGET=”_blank”>USN-4402-1:18.04 (bionic) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.65.3-1ubuntu3.1″ TARGET=”_blank”>USN-4402-1:19.10 (eoan) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.65.3-1ubuntu3.1″ TARGET=”_blank”>USN-4402-1:19.10 (eoan) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.65.3-1ubuntu3.1″ TARGET=”_blank”>USN-4402-1:19.10 (eoan) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.9″ TARGET=”_blank”>USN-4402-1:18.04 (bionic) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.1″ TARGET=”_blank”>USN-4402-1:20.04 (focal) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.1″ TARGET=”_blank”>USN-4402-1:20.04 (focal) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.1″ TARGET=”_blank”>USN-4402-1:20.04 (focal) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.15″ TARGET=”_blank”>USN-4402-1:16.04 (Xenial) on src (libcurl3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.9″ TARGET=”_blank”>USN-4402-1:18.04 (bionic) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.15″ TARGET=”_blank”>USN-4402-1:16.04 (Xenial) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.15″ TARGET=”_blank”>USN-4402-1:16.04 (Xenial) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.65.3-1ubuntu3.1″ TARGET=”_blank”>USN-4402-1:19.10 (eoan) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.1″ TARGET=”_blank”>USN-4402-1:20.04 (focal) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.9″ TARGET=”_blank”>USN-4402-1:18.04 (bionic) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.15″ TARGET=”_blank”>USN-4402-1:16.04 (Xenial) on src (libcurl3-gnutls)</A> |
Ubuntu | <P> An attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 19.10 and Ubuntu 20.04 LTS. (CVE-2020-8169)<P> An attacker could possibly use this issue to overwrite a local file. (CVE-2020-8177)<P> | Medium |
| 197941 | Ubuntu Security Notification for Glibc Vulnerabilities (USN-4416-1) | <P> It was discovered that the GNU C Library incorrectly handled certain memory operations. <P> It was discovered that the GNU C Library incorrectly handled certain SSE2-optimized memmove operations. <P> It was discovered that the GNU C Library incorrectly handled certain pathname operations. <P> It was discovered that the GNU C Library incorrectly handled certain AVX-512-optimized mempcpy operations. <P> It was discovered that the GNU C Library incorrectly handled certain hostname loookups. <P> It was discovered that the GNU C Library incorrectly handled certain memalign functions. <P> It was discovered that the GNU C Library incorrectly ignored the LD_PREFER_MAP_32BIT_EXEC environment variable after security transitions. <P> It was discovered that the GNU C Library incorrectly handled certain regular expressions. <P> It was discovered that the GNU C Library incorrectly handled certain bit patterns. <P> It was discovered that the GNU C Library incorrectly handled certain signal trampolines on PowerPC. <P> It was discovered that the GNU C Library incorrectly handled tilde expansion. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-July/005505.html” TARGET=”_blank”>USN-4416-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/glibc/2.23-0ubuntu11.2″ TARGET=”_blank”>USN-4416-1:16.04 (Xenial) on src (libc6)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/glibc/2.30-0ubuntu2.2″ TARGET=”_blank”>USN-4416-1:19.10 (eoan) on src (libc6)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/glibc/2.27-3ubuntu1.2″ TARGET=”_blank”>USN-4416-1:18.04 (bionic) on src (libc6)</A> |
Ubuntu | <P> A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-12133)<P> A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-18269)<P> A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11236)<P> A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-11237)<P> A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-19591)<P> A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2018-6485)<P> A local attacker could use this issue to bypass ASLR restrictions. (CVE-2019-19126)<P> A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-9169)<P> A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-10029)<P> A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1751)<P> A remote attacker could use this issue to cause the GNU C Library to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-1752)<P> | Medium |
| 197990 | Ubuntu Security Notification for Curl Vulnerability (USN-4466-1) | <P> Marc Aldorasi discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-August/005568.html” TARGET=”_blank”>USN-4466-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.2″ TARGET=”_blank”>USN-4466-1:20.04 (focal) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.10″ TARGET=”_blank”>USN-4466-1:18.04 (bionic) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.10″ TARGET=”_blank”>USN-4466-1:18.04 (bionic) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.16″ TARGET=”_blank”>USN-4466-1:16.04 (Xenial) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.16″ TARGET=”_blank”>USN-4466-1:16.04 (Xenial) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.10″ TARGET=”_blank”>USN-4466-1:18.04 (bionic) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.2″ TARGET=”_blank”>USN-4466-1:20.04 (focal) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.2″ TARGET=”_blank”>USN-4466-1:20.04 (focal) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.16″ TARGET=”_blank”>USN-4466-1:16.04 (Xenial) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.10″ TARGET=”_blank”>USN-4466-1:18.04 (bionic) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.2″ TARGET=”_blank”>USN-4466-1:20.04 (focal) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.16″ TARGET=”_blank”>USN-4466-1:16.04 (Xenial) on src (libcurl3)</A> |
Ubuntu | <P> This could result in data being sent to the wrong destination, possibly exposing sensitive information.<P> | Medium |
| 198037 | Ubuntu Security Notification for Gnupg2 Vulnerability (USN-4516-1) | <P> It was discovered that GnuPG signatures could be forged when the SHA-1 algorithm is being used. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-September/005626.html” TARGET=”_blank”>USN-4516-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/gnupg2/2.2.4-1ubuntu1.3″ TARGET=”_blank”>USN-4516-1:18.04 (bionic) on src (gnupg)</A> |
Ubuntu | <P> This update removes validating signatures based on SHA-1 that were generated after 2019-01-19. In environments where this is still required, a new option –allow-weak-key-signatures can be used to revert this behaviour.<P> | Medium |
| 198120 | Ubuntu Security Notification for Perl Vulnerabilities (USN-4602-1) | <P> It was discovered that Perl incorrectly handled certain regular expressions. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-October/005718.html” TARGET=”_blank”>USN-4602-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.9″ TARGET=”_blank”>USN-4602-1:16.04 (Xenial) on src (perl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/perl/5.30.0-9ubuntu0.2″ TARGET=”_blank”>USN-4602-1:20.04 (focal) on src (perl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.5″ TARGET=”_blank”>USN-4602-1:18.04 (bionic) on src (perl)</A> |
Ubuntu | <P> In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543)<P> In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878)<P> In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723)<P> | Medium |
| 198130 | Ubuntu Security Notification for Ca-certificates Update (USN-4608-1) | <P> The ca-certificates package contained outdated CA certificates. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-October/005730.html” TARGET=”_blank”>USN-4608-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20201027ubuntu0.18.04.1″ TARGET=”_blank”>USN-4608-1:18.04 (bionic) on src (ca-certificates)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20201027ubuntu0.20.10.1″ TARGET=”_blank”>USN-4608-1:20.10 (groovy) on src (ca-certificates)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20201027ubuntu0.20.04.1″ TARGET=”_blank”>USN-4608-1:20.04 (focal) on src (ca-certificates)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20201027ubuntu0.16.04.1″ TARGET=”_blank”>USN-4608-1:16.04 (Xenial) on src (ca-certificates)</A> |
Ubuntu | <P> This update refreshes the included certificates to those contained in the 2.44 version of the Mozilla certificate authority bundle.<P> | Medium |
| 198143 | Ubuntu Security Notification for Openldap Vulnerability (USN-4622-1) | <P> It was discovered that OpenLDAP incorrectly handled certain network packets. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-November/005747.html” TARGET=”_blank”>USN-4622-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.7″ TARGET=”_blank”>USN-4622-1:18.04 (bionic) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.53+dfsg-1ubuntu1.1″ TARGET=”_blank”>USN-4622-1:20.10 (groovy) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.4″ TARGET=”_blank”>USN-4622-1:20.04 (focal) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.10″ TARGET=”_blank”>USN-4622-1:16.04 (Xenial) on src (slapd)</A> |
Ubuntu | <P> A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code.<P> | Medium |
| 198155 | Ubuntu Security Notification for Openldap Vulnerabilities (USN-4634-1) | <P> It was discovered that OpenLDAP incorrectly handled certain malformed inputs. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-November/005763.html” TARGET=”_blank”>USN-4634-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.8″ TARGET=”_blank”>USN-4634-1:18.04 (bionic) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.53+dfsg-1ubuntu1.2″ TARGET=”_blank”>USN-4634-1:20.10 (groovy) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.5″ TARGET=”_blank”>USN-4634-1:20.04 (focal) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.11″ TARGET=”_blank”>USN-4634-1:16.04 (Xenial) on src (slapd)</A> |
Ubuntu | <P> A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service.<P> | Medium |
| 198156 | Ubuntu Security Notification for Krb5 Vulnerability (USN-4635-1) | <P> It was discovered that Kerberos incorrectly handled certain ASN. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-November/005764.html” TARGET=”_blank”>USN-4635-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libkrad0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libk5crypto3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libkdb5-9)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libkrb5-3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-pkinit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-locales)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-admin-server)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libkdb5-8)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libkrb5support0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-kpropd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libkadm5clnt-mit11)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libgssapi-krb5-2)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libkadm5srv-mit11)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-pkinit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-kdc)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-otp)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-pkinit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libgssapi-krb5-2)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libgssrpc4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libkadm5clnt-mit11)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-locales)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libgssapi-krb5-2)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libkdb5-9)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libkdb5-9)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-kpropd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-kdc-ldap)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-kdc-ldap)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libkadm5srv-mit11)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libgssrpc4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-kdc)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libkadm5clnt-mit11)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-kdc-ldap)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libkadm5srv-mit11)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-otp)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-kdc-ldap)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-user)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libkrb5-3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libkrad0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-kdc)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libgssapi-krb5-2)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libgssrpc4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-multidev)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libkrad0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-user)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-user)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-admin-server)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libkadm5srv-mit9)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libkrb5support0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libk5crypto3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-k5tls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libk5crypto3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libkrb5-3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-k5tls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-k5tls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-user)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-otp)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-multidev)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libkrb5support0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libkadm5clnt-mit9)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-admin-server)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libkrb5-3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-pkinit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-kdc)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-locales)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (libgssrpc4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-locales)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (libk5crypto3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-admin-server)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (libkrad0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.16-2ubuntu0.2″ TARGET=”_blank”>USN-4635-1:18.04 (bionic) on src (krb5-kpropd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-6ubuntu4.1″ TARGET=”_blank”>USN-4635-1:20.04 (focal) on src (krb5-k5tls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.17-10ubuntu0.1″ TARGET=”_blank”>USN-4635-1:20.10 (groovy) on src (krb5-multidev)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (krb5-otp)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-5ubuntu2.2″ TARGET=”_blank”>USN-4635-1:16.04 (Xenial) on src (libkrb5support0)</A> |
Ubuntu | <P> An attacker could possibly use this issue to cause a denial of service.<P> | Medium |
| 198184 | Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-4662-1) | <P> It was discovered that OpenSSL incorrectly handled comparing certificates containing a EDIPartyName name type. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-December/005798.html” TARGET=”_blank”>USN-4662-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.7″ TARGET=”_blank”>USN-4662-1:18.04 (bionic) on src (libssl1.0.0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.1″ TARGET=”_blank”>USN-4662-1:20.10 (groovy) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.1″ TARGET=”_blank”>USN-4662-1:20.04 (focal) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.7″ TARGET=”_blank”>USN-4662-1:18.04 (bionic) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.5″ TARGET=”_blank”>USN-4662-1:16.04 (Xenial) on src (libssl1.0.0)</A> |
Ubuntu | <P> A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service.<P> | Medium |
| 198187 | Ubuntu Security Notification for Curl Vulnerabilities (USN-4665-1) | <P> It was discovered that curl incorrectly handled the libcurl CURLOPT_CONNECT_ONLY option. <P> It was discovered that curl incorrectly handled FTP PASV responses. <P> It was discovered that curl incorrectly handled FTP wildcard matchins. <P> It was discovered that curl incorrectly handled OCSP response verification. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-December/005799.html” TARGET=”_blank”>USN-4665-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.4″ TARGET=”_blank”>USN-4665-1:20.04 (focal) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.4″ TARGET=”_blank”>USN-4665-1:20.04 (focal) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.12″ TARGET=”_blank”>USN-4665-1:18.04 (bionic) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.12″ TARGET=”_blank”>USN-4665-1:18.04 (bionic) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.2″ TARGET=”_blank”>USN-4665-1:20.10 (groovy) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.4″ TARGET=”_blank”>USN-4665-1:20.04 (focal) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.2″ TARGET=”_blank”>USN-4665-1:20.10 (groovy) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.2″ TARGET=”_blank”>USN-4665-1:20.10 (groovy) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.18″ TARGET=”_blank”>USN-4665-1:16.04 (Xenial) on src (libcurl3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.12″ TARGET=”_blank”>USN-4665-1:18.04 (bionic) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.18″ TARGET=”_blank”>USN-4665-1:16.04 (Xenial) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.18″ TARGET=”_blank”>USN-4665-1:16.04 (Xenial) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.4″ TARGET=”_blank”>USN-4665-1:20.04 (focal) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.2″ TARGET=”_blank”>USN-4665-1:20.10 (groovy) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.12″ TARGET=”_blank”>USN-4665-1:18.04 (bionic) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.18″ TARGET=”_blank”>USN-4665-1:16.04 (Xenial) on src (libcurl3-gnutls)</A> |
Ubuntu | <P> This could result in data being sent to the wrong destination, possibly exposing sensitive information. This issue only affected Ubuntu 20.10. (CVE-2020-8231)<P> An attacker could possibly use this issue to trick curl into connecting to an arbitrary IP address and be used to perform port scanner and other information gathering. (CVE-2020-8284)<P> A remote attacker could possibly use this issue to cause curl to consume resources and crash, resulting in a denial of service. (CVE-2020-8285)<P> A remote attacker could possibly use this issue to provide a fraudulent OCSP response. (CVE-2020-8286)<P> | Medium |
| 198189 | Ubuntu Security Notification for Apt Vulnerability (USN-4667-1) | <P> It was discovered that APT incorrectly handled certain packages. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2020-December/005802.html” TARGET=”_blank”>USN-4667-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/1.6.12ubuntu0.2″ TARGET=”_blank”>USN-4667-1:18.04 (bionic) on src (apt)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/2.1.10ubuntu0.1″ TARGET=”_blank”>USN-4667-1:20.10 (groovy) on src (apt)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/2.0.2ubuntu0.2″ TARGET=”_blank”>USN-4667-1:20.04 (focal) on src (apt)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/apt/1.2.32ubuntu0.2″ TARGET=”_blank”>USN-4667-1:16.04 (Xenial) on src (apt)</A> |
Ubuntu | <P> A local attacker could possibly use this issue to cause APT to crash or stop responding, resulting in a denial of service.<P> | Medium |
| 198203 | Ubuntu Security Notification for P11-kit Vulnerabilities (USN-4677-1) | <P> It was discovered that p11-kit incorrectly handled certain memory operations. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-January/005819.html” TARGET=”_blank”>USN-4677-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.21-2ubuntu0.1″ TARGET=”_blank”>USN-4677-1:20.10 (groovy) on src (p11-kit-modules)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.20-1ubuntu0.1″ TARGET=”_blank”>USN-4677-1:20.04 (focal) on src (p11-kit-modules)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.20-1ubuntu0.1″ TARGET=”_blank”>USN-4677-1:20.04 (focal) on src (p11-kit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.2-5~ubuntu16.04.2″ TARGET=”_blank”>USN-4677-1:16.04 (Xenial) on src (p11-kit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.2-5~ubuntu16.04.2″ TARGET=”_blank”>USN-4677-1:16.04 (Xenial) on src (p11-kit-modules)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.9-2ubuntu0.1″ TARGET=”_blank”>USN-4677-1:18.04 (bionic) on src (libp11-kit0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.21-2ubuntu0.1″ TARGET=”_blank”>USN-4677-1:20.10 (groovy) on src (p11-kit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.21-2ubuntu0.1″ TARGET=”_blank”>USN-4677-1:20.10 (groovy) on src (libp11-kit0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.9-2ubuntu0.1″ TARGET=”_blank”>USN-4677-1:18.04 (bionic) on src (p11-kit-modules)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.9-2ubuntu0.1″ TARGET=”_blank”>USN-4677-1:18.04 (bionic) on src (p11-kit)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.20-1ubuntu0.1″ TARGET=”_blank”>USN-4677-1:20.04 (focal) on src (libp11-kit0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/p11-kit/0.23.2-5~ubuntu16.04.2″ TARGET=”_blank”>USN-4677-1:16.04 (Xenial) on src (libp11-kit0)</A> |
Ubuntu | <P> An attacker could use this issue to cause p11-kit to crash, resulting in a denial of service, or possibly execute arbitrary code.<P> | Medium |
| 198219 | Ubuntu Security Notification for Tar Vulnerabilities (USN-4692-1) | <P> It was discovered that tar incorrectly handled extracting files resized during extraction when invoked with the –sparse flag. <P> It was discovered that tar incorrectly handled certain malformed tar files. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-January/005839.html” TARGET=”_blank”>USN-4692-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/tar/1.29b-2ubuntu0.2″ TARGET=”_blank”>USN-4692-1:18.04 (bionic) on src (tar)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/tar/1.30+dfsg-7ubuntu0.20.10.1″ TARGET=”_blank”>USN-4692-1:20.10 (groovy) on src (tar)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/tar/1.30+dfsg-7ubuntu0.20.04.1″ TARGET=”_blank”>USN-4692-1:20.04 (focal) on src (tar)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/tar/1.28-2.1ubuntu0.2″ TARGET=”_blank”>USN-4692-1:16.04 (Xenial) on src (tar)</A> |
Ubuntu | <P> An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 12.04 ESM, Ubuntu 14.04 ESM, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-20482)<P> If a user or automated system were tricked into processing a specially crafted tar archive, a remote attacker could use this issue to cause tar to crash, resulting in a denial of service. (CVE-2019-9923)<P> | Medium |
| 198248 | Ubuntu Security Notification for Ca-certificates Update (USN-4719-1) | <P> The ca-certificates package contained outdated CA certificates. <P> This update refreshes the included certificates to those contained in the 2.46 version of the Mozilla certificate authority bundle.<P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-February/005874.html” TARGET=”_blank”>USN-4719-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20210119~18.04.1″ TARGET=”_blank”>USN-4719-1:18.04 (bionic) on src (ca-certificates)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20210119~20.10.1″ TARGET=”_blank”>USN-4719-1:20.10 (groovy) on src (ca-certificates)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20210119~20.04.1″ TARGET=”_blank”>USN-4719-1:20.04 (focal) on src (ca-certificates)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/ca-certificates/20210119~16.04.1″ TARGET=”_blank”>USN-4719-1:16.04 (Xenial) on src (ca-certificates)</A> |
Ubuntu | It can cause confidentiality issues. | Medium |
| 198253 | Ubuntu Security Notification for Openldap Vulnerabilities (USN-4724-1) | <P> It was discovered that OpenLDAP incorrectly handled Certificate Exact Assertion processing. <P> It was discovered that OpenLDAP incorrectly handled saslAuthzTo processing. <P> It was discovered that OpenLDAP incorrectly handled Return Filter control handling. <P> It was discovered that OpenLDAP incorrectly handled certain cancel operations. <P> It was discovered that OpenLDAP incorrectly handled Certificate List Extract Assertion processing. <P> It was discovered that OpenLDAP incorrectly handled X.509 DN parsing. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-February/005878.html” TARGET=”_blank”>USN-4724-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.9″ TARGET=”_blank”>USN-4724-1:18.04 (bionic) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.53+dfsg-1ubuntu1.3″ TARGET=”_blank”>USN-4724-1:20.10 (groovy) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.6″ TARGET=”_blank”>USN-4724-1:20.04 (focal) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.12″ TARGET=”_blank”>USN-4724-1:16.04 (Xenial) on src (slapd)</A> |
Ubuntu | <P> A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36221)<P> A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-36222, CVE-2020-36224, CVE-2020-36225, CVE-2020-36226)<P> A remote attacker could use this issue to cause OpenLDAP to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-36223)<P> A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36227)<P> A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36228)<P> A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service. (CVE-2020-36229, CVE-2020-36230)<P> | Medium |
| 198268 | Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-4738-1) | <P> It was discovered that OpenSSL incorrectly handled certain input lengths in EVP functions. <P> It was discovered that OpenSSL incorrectly handled parsing issuer fields. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-February/005896.html” TARGET=”_blank”>USN-4738-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.8″ TARGET=”_blank”>USN-4738-1:18.04 (bionic) on src (libssl1.0.0)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.2″ TARGET=”_blank”>USN-4738-1:20.10 (groovy) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.2″ TARGET=”_blank”>USN-4738-1:20.04 (focal) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.8″ TARGET=”_blank”>USN-4738-1:18.04 (bionic) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl1.0/1.0.2n-1ubuntu5.6″ TARGET=”_blank”>USN-4738-1:16.04 (Xenial) on src (libssl1.0.0)</A> |
Ubuntu | <P> A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23840)<P> A remote attacker could possibly use this issue to cause OpenSSL to crash, resulting in a denial of service. (CVE-2021-23841)<P> | Medium |
| 198274 | Ubuntu Security Notification for Openldap Vulnerability (USN-4744-1) | <P> It was discovered that OpenLDAP incorrectly handled certain short timestamps. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-February/005902.html” TARGET=”_blank”>USN-4744-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.45+dfsg-1ubuntu1.10″ TARGET=”_blank”>USN-4744-1:18.04 (bionic) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.53+dfsg-1ubuntu1.4″ TARGET=”_blank”>USN-4744-1:20.10 (groovy) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.49+dfsg-2ubuntu1.7″ TARGET=”_blank”>USN-4744-1:20.04 (focal) on src (slapd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openldap/2.4.42+dfsg-2ubuntu3.13″ TARGET=”_blank”>USN-4744-1:16.04 (Xenial) on src (slapd)</A> |
Ubuntu | <P> A remote attacker could possibly use this issue to cause OpenLDAP to crash, resulting in a denial of service.<P> | Medium |
| 198289 | Ubuntu Security Notification for Libzstd Vulnerabilities (USN-4760-1) | <P> It was discovered that libzstd incorrectly handled file permissions. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005923.html” TARGET=”_blank”>USN-4760-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/libzstd/1.4.4+dfsg-3ubuntu0.1″ TARGET=”_blank”>USN-4760-1:20.04 (focal) on src (libzstd1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/libzstd/1.3.3+dfsg-2ubuntu1.2″ TARGET=”_blank”>USN-4760-1:18.04 (bionic) on src (zstd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/libzstd/1.4.5+dfsg-4ubuntu0.1″ TARGET=”_blank”>USN-4760-1:20.10 (groovy) on src (libzstd1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/libzstd/1.4.5+dfsg-4ubuntu0.1″ TARGET=”_blank”>USN-4760-1:20.10 (groovy) on src (zstd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/libzstd/1.4.4+dfsg-3ubuntu0.1″ TARGET=”_blank”>USN-4760-1:20.04 (focal) on src (zstd)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/libzstd/1.3.3+dfsg-2ubuntu1.2″ TARGET=”_blank”>USN-4760-1:18.04 (bionic) on src (libzstd1)</A> |
Ubuntu | <P> A local attacker could possibly use this issue to access certain files, contrary to expectations.<P> | Medium |
| 198310 | Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-4891-1) | <P> It was discovered that OpenSSL incorrectly handled certain renegotiation ClientHello messages. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005947.html” TARGET=”_blank”>USN-4891-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1-1ubuntu2.1~18.04.9″ TARGET=”_blank”>USN-4891-1:18.04 (bionic) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu4.3″ TARGET=”_blank”>USN-4891-1:20.10 (groovy) on src (libssl1.1)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.3″ TARGET=”_blank”>USN-4891-1:20.04 (focal) on src (libssl1.1)</A> |
Ubuntu | <P> A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service, or possibly execute arbitrary code.<P> | Medium |
| 198316 | Ubuntu Security Notification for Curl Vulnerabilities (USN-4898-1) | <P> It was discovered that curl did not strip off user credentials from referrer header fields. <P> It was discovered that curl incorrectly handled session tickets when using an HTTPS proxy. <P> |
Refer to Ubuntu advisory <A HREF=”https://lists.ubuntu.com/archives/ubuntu-security-announce/2021-March/005955.html” TARGET=”_blank”>USN-4898-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5″ TARGET=”_blank”>USN-4898-1:20.04 (focal) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5″ TARGET=”_blank”>USN-4898-1:20.04 (focal) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13″ TARGET=”_blank”>USN-4898-1:18.04 (bionic) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13″ TARGET=”_blank”>USN-4898-1:18.04 (bionic) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3″ TARGET=”_blank”>USN-4898-1:20.10 (groovy) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5″ TARGET=”_blank”>USN-4898-1:20.04 (focal) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3″ TARGET=”_blank”>USN-4898-1:20.10 (groovy) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3″ TARGET=”_blank”>USN-4898-1:20.10 (groovy) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19″ TARGET=”_blank”>USN-4898-1:16.04 (Xenial) on src (libcurl3)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13″ TARGET=”_blank”>USN-4898-1:18.04 (bionic) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19″ TARGET=”_blank”>USN-4898-1:16.04 (Xenial) on src (libcurl3-nss)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19″ TARGET=”_blank”>USN-4898-1:16.04 (Xenial) on src (curl)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu2.5″ TARGET=”_blank”>USN-4898-1:20.04 (focal) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.68.0-1ubuntu4.3″ TARGET=”_blank”>USN-4898-1:20.10 (groovy) on src (libcurl4)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.58.0-2ubuntu3.13″ TARGET=”_blank”>USN-4898-1:18.04 (bionic) on src (libcurl3-gnutls)</A><P> <A HREF=”https://launchpad.net/ubuntu/+source/curl/7.47.0-1ubuntu2.19″ TARGET=”_blank”>USN-4898-1:16.04 (Xenial) on src (libcurl3-gnutls)</A> |
Ubuntu | <P> A remote attacker could possibly use this issue to obtain sensitive information. (CVE-2021-22876)<P> A remote attacker in control of an HTTPS proxy could use this issue to bypass certificate checks and intercept communications. This issue only affected Ubuntu 20.04 LTS and Ubuntu 20.10. (CVE-2021-22890)<P> | Medium |
| 198322 | Ubuntu Security Notification for Nettle vulnerability (USN-4906-1) | Nettle incorrectly handled signature verification<BR> | Refer to Ubuntu advisory: <A HREF=”https://usn.ubuntu.com/4906-1″ TARGET=”_blank”>USN-4906-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://usn.ubuntu.com/4906-1″ TARGET=”_blank”>USN-4906-1:Ubuntu Linux</A> |
Ubuntu | A remote attacker could use this issue to cause Nettle to crash, resulting in a denial of service, or possibly force invalid signatures<BR><BR> |
Medium |
| 198387 | Ubuntu Security Notification for LZ4 vulnerability (USN-4968-1) | Lz4 incorrectly handled certain memory operations.<BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Refer to Ubuntu advisory: <A HREF=”https://usn.ubuntu.com/4968-1″ TARGET=”_blank”>USN-4968-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://usn.ubuntu.com/4968-1″ TARGET=”_blank”>USN-4968-1:Ubuntu Linux</A> |
Ubuntu | if a user or automated system were tricked into uncompressing a specially- crafted lz4 file, a remote attacker could use this issue to cause lz4 to crash, resulting in a denial of service, or possibly execute arbitrary code..<BR> | Medium |
| 198408 | Ubuntu Security Notification for Nettle vulnerabilities (USN-4990-1) | Nettle incorrectly handled rsa decryption.<BR> Nettle incorrectly handled certain padding oracles.<BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Refer to Ubuntu advisory: <A HREF=”https://usn.ubuntu.com/4990-1″ TARGET=”_blank”>USN-4990-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://usn.ubuntu.com/4990-1″ TARGET=”_blank”>USN-4990-1:Ubuntu Linux</A> |
Ubuntu | a remote attacker could possibly use this issue to cause nettle to crash, resulting in a denial of service. (<BR><A TARGET=”_blank” HREF=”https://ubuntu.com//security/cve-2021-3580″>cve-2021-3580</A>).<BR> a remote attacker could possibly use this issue to perform a variant of the bleichenbacher attack.<BR>This issue only affected ubuntu 18.04 lts.<BR> (<A TARGET=”_blank” HREF=”https://ubuntu.com//security/cve-2018-16869″>cve-2018-16869</A>).<BR> | Medium |
| 198434 | Ubuntu Security Notification for systemd vulnerabilities (USN-5013-1) | Systemd incorrectly handled certain mount paths.<BR> Systemd incorrectly handled dhcp forcerenew packets.<BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Refer to Ubuntu advisory: <A HREF=”https://usn.ubuntu.com/5013-1″ TARGET=”_blank”>USN-5013-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://usn.ubuntu.com/5013-1″ TARGET=”_blank”>USN-5013-1:Ubuntu Linux</A> |
Ubuntu | a local attacker could possibly use this issue to cause systemd to crash, resulting in a denial of service. (<BR>Cve-2021-33910).<BR>A remote attacker could possibly use this issue to reconfigure servers. (Cve-2020-13529).<BR> | Medium |
| 198441 | Ubuntu Security Notification for curl vulnerabilities (USN-5021-1) | Curl incorrectly handled telnet connections when the -t option was used on the command line.<BR> Curl incorrectly reused connections in the connection pool.<BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Refer to Ubuntu advisory: <A HREF=”https://usn.ubuntu.com/5021-1″ TARGET=”_blank”>USN-5021-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://usn.ubuntu.com/5021-1″ TARGET=”_blank”>USN-5021-1:Ubuntu Linux</A> |
Ubuntu | uninitialized data possibly containing sensitive information could be sent to the remote server, contrary to expectations. (<BR>Cve-2021-22898, cve-2021-22925).<BR>This could result in curl reusing the wrong connections.<BR> (cve-2021-22924).<BR> | Medium |
| 198469 | Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5051-1) | Openssl incorrectly handled decrypting sm2 data.<BR> Openssl incorrectly handled certain asn.<BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Refer to Ubuntu advisory: <A HREF=”https://usn.ubuntu.com/5051-1″ TARGET=”_blank”>USN-5051-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://usn.ubuntu.com/5051-1″ TARGET=”_blank”>USN-5051-1:Ubuntu Linux</A> |
Ubuntu | a remote attacker could use this issue to cause applications using openssl to crash, resulting in a denial of service, or possibly change application behaviour. (<BR>Cve-2021-3711).1 strings.<BR>A remote attacker could use this issue to cause openssl to crash, resulting in a denial of service, or possibly obtain sensitive information.<BR> (cve-2021-3712).<BR> | Medium |
| 198501 | Ubuntu Security Notification for curl Vulnerabilities (USN-5079-1) | Curl incorrect handled memory when sending data to an mqtt server.<BR> Curl incorrectly handled upgrades to tls.<BR> Curl incorrectly handled responses received before starttls.<BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Refer to Ubuntu advisory: <A HREF=”https://ubuntu.com/security/notices/USN-5079-1″ TARGET=”_blank”>USN-5079-1</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5079-1″ TARGET=”_blank”>USN-5079-1:Ubuntu Linux</A> |
Ubuntu | a remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (<BR>Cve-2021-22945).<BR> when receiving certain responses from servers, curl would continue without tls even when the option to require a successful upgrade to tls was specified. (<BR>Cve-2021-22946).<BR>A remote attacker could possibly use this issue to inject responses and intercept communications. (<BR>Cve-2021-22947).<BR> | Medium |
| 198508 | Ubuntu Security Notification for curl Vulnerabilities (USN-5079-3) | Usn-5079-1 fixed vulnerabilities in curlcurl incorrect handled memory when sending data to an mqtt server.<BR> Curl incorrectly handled upgrades to tls.<BR> Curl incorrectly handled responses received before starttls.<BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Refer to Ubuntu advisory: <A HREF=”https://ubuntu.com/security/notices/USN-5079-3″ TARGET=”_blank”>USN-5079-3</A> for affected packages and patching details, or update with your package manager. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5079-3″ TARGET=”_blank”>USN-5079-3:Ubuntu Linux</A> |
Ubuntu | one of the fixes introduced a regression on ubuntu 18.04 lts.<BR>This update fixes the problem.<BR>A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code. (<BR>Cve-2021-22945).<BR> when receiving certain responses from servers, curl would continue without tls even when the option to require a successful upgrade to tls was specified. (<BR>Cve-2021-22946).<BR>A remote attacker could possibly use this issue to inject responses and intercept communications. (<BR>Cve-2021-22947).<BR> | Medium |
| 198646 | Ubuntu Security Notification for shadow Vulnerabilities (USN-5254-1) | Shadow incorrectly handled certain inputs.<BR>Shadow incorrectly handled certain inputs.<BR> | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5254-1″ TARGET=”_blank”>USN-5254-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5254-1″ TARGET=”_blank”>USN-5254-1:Ubuntu Linux</A> |
Ubuntu | An attacker could possibly use this issue to cause a crash orexpose sensitive information.<BR>An attacker could possibly use this issue to expose sensitive information.<BR> | High |
| 198675 | Ubuntu Security Notification for Cyrus SASL Vulnerability (USN-5301-1) | The cyrus sasl sql plugin incorrectly handled sqlinput.<BR> | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5301-1″ TARGET=”_blank”>USN-5301-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5301-1″ TARGET=”_blank”>USN-5301-1:Ubuntu Linux</A> |
Ubuntu | A remote attacker could use this issue to execute arbitrary sqlcommands.<BR> | Medium |
| 198685 | Ubuntu Security Notification for GNU C Library Vulnerabilities (USN-5310-1) | The gnu c libraryiconv feature incorrectly handled certain input sequences.<BR>The gnu c libraryincorrectly handled signed comparisons on armv7 targets.<BR>The gnu c library nscd daemon incorrectly handledcertain netgroup lookups.<BR>The gnu c library wordexp function incorrectlyhandled certain patterns.<BR>The gnu c library realpath function incorrectlyhandled return values.<BR>The gnu c library getcwd function incorrectlyhandled buffers.<BR>The gnu c library sunrpc module incorrectly handledbuffer lengths.<BR> | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5310-1″ TARGET=”_blank”>USN-5310-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5310-1″ TARGET=”_blank”>USN-5310-1:Ubuntu Linux</A> |
Ubuntu | An attackercould possibly use this issue to cause the gnu c library to hang or crash,resulting in a denial of service.<BR>A remote attackercould use this issue to cause the gnu c library to crash, resulting in adenial of service, or possibly execute arbitrary code.<BR>An attacker could possibly use this issue tocause the gnu c library to crash, resulting in a denial of service.<BR>An attacker could use this issue to cause thegnu c library to crash, resulting in a denial of service, or possiblyobtain sensitive information.<BR>An attacker could possibly use this issue to obtainsensitive information.<BR>An attacker could use this issue to cause the gnu clibrary to crash, resulting in a denial of service, or possibly executearbitrary code.<BR>An attacker could possibly use this issue to cause the gnuc library to crash, resulting in a denial of service.<BR> | High |
| 198702 | Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-5328-1) | Openssl incorrectly parsed certaincertificates.<BR> | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5328-1″ TARGET=”_blank”>USN-5328-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5328-1″ TARGET=”_blank”>USN-5328-1:Ubuntu Linux</A> |
Ubuntu | A remote attacker could possibly use this issue to causeopenssh to stop responding, resulting in a denial of service.<BR> | High |
| 198703 | Ubuntu Security Notification for tar Vulnerability (USN-5329-1) | Tar incorrectly handled certain files.<BR> | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5329-1″ TARGET=”_blank”>USN-5329-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5329-1″ TARGET=”_blank”>USN-5329-1:Ubuntu Linux</A> |
Ubuntu | An attacker could possibly use this issue to cause tar to crash,resulting in a denial of service.<BR> | Medium |
| 198720 | Ubuntu Security Notification for zlib Vulnerability (USN-5355-1) | Zlib incorrectly handled memory whenperforming certain deflating operations.<BR> | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5355-1″ TARGET=”_blank”>USN-5355-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5355-1″ TARGET=”_blank”>USN-5355-1:Ubuntu Linux</A> |
Ubuntu | An attacker could use this issueto cause zlib to crash, resulting in a denial of service, or possiblyexecute arbitrary code.<BR> | High |
| 198742 | Ubuntu Security Notification for Gzip Vulnerability (USN-5378-1) | Gzip incorrectly handled certainfilenames.<BR> | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5378-1″ TARGET=”_blank”>USN-5378-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5378-1″ TARGET=”_blank”>USN-5378-1:Ubuntu Linux</A> |
Ubuntu | If a user or automated system were tricked into performing zgrepoperations with specially crafted filenames, a remote attacker couldoverwrite arbitrary files.<BR> | High |
| 198743 | Ubuntu Security Notification for XZ Utils Vulnerability (USN-5378-2) | Xz utils incorrectly handled certainfilenames.<BR> | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5378-2″ TARGET=”_blank”>USN-5378-2</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5378-2″ TARGET=”_blank”>USN-5378-2:Ubuntu Linux</A> |
Ubuntu | If a user or automated system were tricked into performingxzgrep operations with specially crafted filenames, a remote attacker couldoverwrite arbitrary files.<BR> | High |
| 198748 | Ubuntu Security Notification for Bash Vulnerability (USN-5380-1) | Bash did not properly drop privilegeswhen the binary had the setuid bit enabled.<BR> | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5380-1″ TARGET=”_blank”>USN-5380-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5380-1″ TARGET=”_blank”>USN-5380-1:Ubuntu Linux</A> |
Ubuntu | An attacker couldpossibly use this issue to escalate privileges.<BR> | High |
| 198754 | Ubuntu Security Notification for libsepol Vulnerabilities (USN-5391-1) | Libsepol incorrectly handled memorywhen handling policies.<BR>Libsepol incorrectly handled memory whenhandling policies.<BR>Libsepol incorrectly handled memory whenhandling policies.<BR>Libsepol incorrectly validated certain data,leading to a heap overflow.<BR> | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5391-1″ TARGET=”_blank”>USN-5391-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5391-1″ TARGET=”_blank”>USN-5391-1:Ubuntu Linux</A> |
Ubuntu | An attacker could possibly use this issueto cause a crash, resulting in a denial of service, or possiblyexecute arbitrary code.<BR>An attacker could possibly use this issue to causea crash, resulting in a denial of service, or possibly executearbitrary code.<BR>An attacker could possibly use this issue to causea crash, resulting in a denial of service, or possibly executearbitrary code.<BR>An attacker could possibly use this issueto cause a crash, resulting in a denial of service, or possibly executearbitrary code.<BR> | Medium |
| 198759 | Ubuntu Security Notification for curl Vulnerabilities (USN-5397-1) | Curl incorrectly handled certain oauth2.<BR>Curl incorrectly handled certain requests.<BR> | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5397-1″ TARGET=”_blank”>USN-5397-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5397-1″ TARGET=”_blank”>USN-5397-1:Ubuntu Linux</A> |
Ubuntu | An attacker could possibly use this issue to access sensitive information.<BR>An attacker could possibly use this issue to expose sensitive information.<BR>(cve-2022-27774, cve-2022-27775, cve-2022-27776).<BR> | High |
| 198771 | Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5402-1) | Openssl incorrectly handled the c_rehashscript.<BR>Openssl incorrectly verified certain responsesigning certificates.<BR>Openssl used the incorrect mac key in therc4-md5 ciphersuite.<BR>Openssl incorrectly handled resources whendecoding certificates and keys.<BR> | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5402-1″ TARGET=”_blank”>USN-5402-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5402-1″ TARGET=”_blank”>USN-5402-1:Ubuntu Linux</A> |
Ubuntu | A local attacker could possibly use this issue to execute arbitrarycommands when c_rehash is run.<BR>A remote attacker could possibly use this issue tospoof certain response signing certificates.<BR>In non-default configurations were rc4-md5 is enabled,a remote attacker could possibly use this issue to modify encryptedcommunications.<BR>A remote attacker could possibly use thisissue to cause openssl to consume resources, leading to a denial ofservice.<BR> | High |
| 198773 | Ubuntu Security Notification for SQLite Vulnerability (USN-5403-1) | Ubuntu has released a security update for sqlite to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5403-1″ TARGET=”_blank”>USN-5403-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5403-1″ TARGET=”_blank”>USN-5403-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198780 | Ubuntu Security Notification for curl Vulnerabilities (USN-5412-1) | Ubuntu has released a security update for curl to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5412-1″ TARGET=”_blank”>USN-5412-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5412-1″ TARGET=”_blank”>USN-5412-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198789 | Ubuntu Security Notification for PCRE Vulnerabilities (USN-5425-1) | Ubuntu has released a security update for pcre to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5425-1″ TARGET=”_blank”>USN-5425-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5425-1″ TARGET=”_blank”>USN-5425-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198791 | Ubuntu Security Notification for OpenLDAP Vulnerability (USN-5424-1) | Ubuntu has released a security update for openldap to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5424-1″ TARGET=”_blank”>USN-5424-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5424-1″ TARGET=”_blank”>USN-5424-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198805 | Ubuntu Security Notification for dpkg Vulnerability (USN-5446-1) | Ubuntu has released a security update for dpkg to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5446-1″ TARGET=”_blank”>USN-5446-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5446-1″ TARGET=”_blank”>USN-5446-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198808 | Ubuntu Security Notification for GnuPG Vulnerability (USN-5431-1) | Ubuntu has released a security update for gnupg to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5431-1″ TARGET=”_blank”>USN-5431-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5431-1″ TARGET=”_blank”>USN-5431-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198819 | Ubuntu Security Notification for E2fsprogs Vulnerability (USN-5464-1) | Ubuntu has released a security update for e2fsprogs to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5464-1″ TARGET=”_blank”>USN-5464-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5464-1″ TARGET=”_blank”>USN-5464-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198839 | Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-5488-1) | Ubuntu has released a security update for openssl to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5488-1″ TARGET=”_blank”>USN-5488-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5488-1″ TARGET=”_blank”>USN-5488-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198842 | Ubuntu Security Notification for curl Vulnerabilities (USN-5495-1) | Ubuntu has released a security update for curl to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5495-1″ TARGET=”_blank”>USN-5495-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5495-1″ TARGET=”_blank”>USN-5495-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198848 | Ubuntu Security Notification for GnuPG Vulnerability (USN-5503-1) | Ubuntu has released a security update for gnupg to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5503-1″ TARGET=”_blank”>USN-5503-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5503-1″ TARGET=”_blank”>USN-5503-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198850 | Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerability (USN-5502-1) | Ubuntu has released a security update for openssl to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5502-1″ TARGET=”_blank”>USN-5502-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5502-1″ TARGET=”_blank”>USN-5502-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198887 | Ubuntu Security Notification for GnuTLS Vulnerabilities (USN-5550-1) | Ubuntu has released a security update for gnutls to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5550-1″ TARGET=”_blank”>USN-5550-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5550-1″ TARGET=”_blank”>USN-5550-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198903 | Ubuntu Security Notification for zlib Vulnerability (USN-5570-1) | Ubuntu has released a security update for zlib to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5570-1″ TARGET=”_blank”>USN-5570-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5570-1″ TARGET=”_blank”>USN-5570-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198914 | Ubuntu Security Notification for systemd Vulnerability (USN-5583-1) | Ubuntu has released a security update for systemd to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5583-1″ TARGET=”_blank”>USN-5583-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5583-1″ TARGET=”_blank”>USN-5583-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198918 | Ubuntu Security Notification for curl Vulnerability (USN-5587-1) | Ubuntu has released a security update for curl to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5587-1″ TARGET=”_blank”>USN-5587-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5587-1″ TARGET=”_blank”>USN-5587-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198940 | Ubuntu Security Notification for SQLite Vulnerabilities (USN-5615-1) | Ubuntu has released a security update for sqlite to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5615-1″ TARGET=”_blank”>USN-5615-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5615-1″ TARGET=”_blank”>USN-5615-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198955 | Ubuntu Security Notification for PCRE Vulnerabilities (USN-5627-1) | Ubuntu has released a security update for pcre to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5627-1″ TARGET=”_blank”>USN-5627-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5627-1″ TARGET=”_blank”>USN-5627-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198983 | Ubuntu Security Notification for GMP Vulnerability (USN-5672-1) | Ubuntu has released a security update for gmp to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5672-1″ TARGET=”_blank”>USN-5672-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5672-1″ TARGET=”_blank”>USN-5672-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198986 | Ubuntu Security Notification for Heimdal Vulnerabilities (USN-5675-1) | Ubuntu has released a security update for heimdal to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5675-1″ TARGET=”_blank”>USN-5675-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5675-1″ TARGET=”_blank”>USN-5675-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198991 | Ubuntu Security Notification for zlib Vulnerability (USN-5570-2) | Ubuntu has released a security update for zlib to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5570-2″ TARGET=”_blank”>USN-5570-2</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5570-2″ TARGET=”_blank”>USN-5570-2:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 198998 | Ubuntu Security Notification for Perl Vulnerability (USN-5689-1) | Ubuntu has released a security update for perl to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5689-1″ TARGET=”_blank”>USN-5689-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5689-1″ TARGET=”_blank”>USN-5689-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 199008 | Ubuntu Security Notification for curl Vulnerabilities (USN-5702-1) | Ubuntu has released a security update for curl to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5702-1″ TARGET=”_blank”>USN-5702-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5702-1″ TARGET=”_blank”>USN-5702-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 199018 | Ubuntu Security Notification for SQLite Vulnerability (USN-5716-1) | Ubuntu has released a security update for sqlite to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5716-1″ TARGET=”_blank”>USN-5716-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5716-1″ TARGET=”_blank”>USN-5716-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 199049 | Ubuntu Security Notification for shadow Vulnerability (USN-5745-1) | Ubuntu has released a security update for shadow to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5745-1″ TARGET=”_blank”>USN-5745-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5745-1″ TARGET=”_blank”>USN-5745-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 199067 | Ubuntu Security Notification for Heimdal Vulnerability (USN-5766-1) | Ubuntu has released a security update for heimdal to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5766-1″ TARGET=”_blank”>USN-5766-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5766-1″ TARGET=”_blank”>USN-5766-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 199083 | Ubuntu Security Notification for Libksba Vulnerability (USN-5787-1) | Ubuntu has released a security update for libksba to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5787-1″ TARGET=”_blank”>USN-5787-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5787-1″ TARGET=”_blank”>USN-5787-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 199085 | Ubuntu Security Notification for curl Vulnerabilities (USN-5788-1) | Ubuntu has released a security update for curl to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5788-1″ TARGET=”_blank”>USN-5788-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5788-1″ TARGET=”_blank”>USN-5788-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 199102 | Ubuntu Security Notification for Heimdal Vulnerabilities (USN-5800-1) | Ubuntu has released a security update for heimdal to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5800-1″ TARGET=”_blank”>USN-5800-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5800-1″ TARGET=”_blank”>USN-5800-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 199131 | Ubuntu Security Notification for PAM Vulnerability (USN-5825-1) | Ubuntu has released a security update for pam to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5825-1″ TARGET=”_blank”>USN-5825-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5825-1″ TARGET=”_blank”>USN-5825-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 199133 | Ubuntu Security Notification for Kerberos Vulnerabilities (USN-5828-1) | Ubuntu has released a security update for kerberos to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5828-1″ TARGET=”_blank”>USN-5828-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5828-1″ TARGET=”_blank”>USN-5828-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 199150 | Ubuntu Security Notification for Open Secure Sockets Layer (OpenSSL) Vulnerabilities (USN-5844-1) | Ubuntu has released a security update for openssl to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5844-1″ TARGET=”_blank”>USN-5844-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5844-1″ TARGET=”_blank”>USN-5844-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 199152 | Ubuntu Security Notification for Heimdal Vulnerabilities (USN-5849-1) | Ubuntu has released a security update for heimdal to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5849-1″ TARGET=”_blank”>USN-5849-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5849-1″ TARGET=”_blank”>USN-5849-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 199191 | Ubuntu Security Notification for curl Vulnerabilities (USN-5891-1) | Ubuntu has released a security update for curl to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5891-1″ TARGET=”_blank”>USN-5891-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5891-1″ TARGET=”_blank”>USN-5891-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 199199 | Ubuntu Security Notification for tar Vulnerability (USN-5900-1) | Ubuntu has released a security update for tar to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5900-1″ TARGET=”_blank”>USN-5900-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5900-1″ TARGET=”_blank”>USN-5900-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 199221 | Ubuntu Security Notification for systemd Vulnerabilities (USN-5928-1) | Ubuntu has released a security update for systemd to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5928-1″ TARGET=”_blank”>USN-5928-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5928-1″ TARGET=”_blank”>USN-5928-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 199244 | Ubuntu Security Notification for Kerberos Vulnerabilities (USN-5959-1) | Ubuntu has released a security update for kerberos to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5959-1″ TARGET=”_blank”>USN-5959-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5959-1″ TARGET=”_blank”>USN-5959-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 199246 | Ubuntu Security Notification for curl Vulnerabilities (USN-5964-1) | Ubuntu has released a security update for curl to fix the vulnerabilities. | Refer to Ubuntu security advisory <A HREF=”https://ubuntu.com/security/notices/USN-5964-1″ TARGET=”_blank”>USN-5964-1</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://ubuntu.com/security/notices/USN-5964-1″ TARGET=”_blank”>USN-5964-1:Ubuntu Linux</A> |
Ubuntu | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 257112 | CentOS Security Update for bind (CESA-2021:3325) | CentOS has released security update for bind security update to fix the vulnerabilities.<P>Affected Products:<BR><BR>centos 7<BR><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-September/048361.html” TARGET=”_blank”>>centos 7</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-September/048361.html” TARGET=”_blank”>CESA-2021:3325:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. | Medium |
| 257124 | CentOS Security Update for libxml2 (CESA-2021:3810) | CentOS has released security update for libxml2 security update to fix the vulnerabilities.<P>Affected Products:<BR><BR>centos 7<BR><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048378.html” TARGET=”_blank”>>centos 7</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048378.html” TARGET=”_blank”>CESA-2021:3810: centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. | High |
| 257124 | CentOS Security Update for libxml2 (CESA-2021:3810) | CentOS has released security update for libxml2 security update to fix the vulnerabilities.<P>Affected Products:<BR><BR>centos 7<BR><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048378.html” TARGET=”_blank”>>centos 7</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048378.html” TARGET=”_blank”>CESA-2021:3810:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. | High |
| 257128 | CentOS Security Update for Open Secure Sockets Layer (OpenSSL) (CESA-2021:3798) | CentOS has released security update for openssl security update to fix the vulnerabilities.<P>Affected Products:<BR><BR>centos 7<BR><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048384.html” TARGET=”_blank”>>centos 7</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048384.html” TARGET=”_blank”>CESA-2021:3798:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. | Medium |
| 257129 | CentOS Security Update for binutils (CESA-2021:4033) | CentOS has released security update for binutils security update to fix the vulnerabilities.<P>Affected Products:<BR><BR>centos 7<BR><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048395.html” TARGET=”_blank”>>centos 7</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048395.html” TARGET=”_blank”>CESA-2021:4033: centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. | Medium |
| 257129 | CentOS Security Update for binutils (CESA-2021:4033) | CentOS has released security update for binutils security update to fix the vulnerabilities.<P>Affected Products:<BR><BR>centos 7<BR><BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | To resolve this issue, upgrade to the latest packages which contain a patch. Refer to CentOS advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048395.html” TARGET=”_blank”>>centos 7</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-November/048395.html” TARGET=”_blank”>CESA-2021:4033:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. | Medium |
| 257130 | CentOS Security Update for rpm (CESA-2021:4785) | CentOS has released a security update for rpm security update to fix the vulnerabilities. | Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/048415.html” TARGET=”_blank”>CESA-2021:4785</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/048415.html” TARGET=”_blank”>CESA-2021:4785: centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 257130 | CentOS Security Update for rpm (CESA-2021:4785) | CentOS has released a security update for rpm security update to fix the vulnerabilities. | Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/048415.html” TARGET=”_blank”>CESA-2021:4785</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/048415.html” TARGET=”_blank”>CESA-2021:4785:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 257133 | CentOS Security Update for krb5 (CESA-2021:4788) | CentOS has released a security update for krb5 security update to fix the vulnerabilities. | Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/048422.html” TARGET=”_blank”>CESA-2021:4788</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/048422.html” TARGET=”_blank”>CESA-2021:4788:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 257135 | CentOS Security Update for nss (CESA-2021:4904) | CentOS has released a security update for nss security update to fix the vulnerabilities. | Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/060972.html” TARGET=”_blank”>CESA-2021:4904</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/060972.html” TARGET=”_blank”>CESA-2021:4904:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 257135 | CentOS Security Update for nss (CESA-2021:4904) | CentOS has released a security update for nss security update to fix the vulnerabilities. | Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/060972.html” TARGET=”_blank”>CESA-2021:4904</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2021-December/060972.html” TARGET=”_blank”>CESA-2021:4904: centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 257157 | CentOS Security Update for openldap (CESA-2022:0621) | CentOS has released a security update for openldap security update to fix the vulnerabilities. | Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-February/073566.html” TARGET=”_blank”>CESA-2022:0621</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-February/073566.html” TARGET=”_blank”>CESA-2022:0621:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 257159 | CentOS Security Update for cyrus-sasl (CESA-2022:0666) | CentOS has released a security update for cyrus-sasl security update to fix the vulnerabilities. | Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-February/073559.html” TARGET=”_blank”>CESA-2022:0666</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-February/073559.html” TARGET=”_blank”>CESA-2022:0666:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 257160 | CentOS Security Update for expat (CESA-2022:1069) | CentOS has released a security update for expat security update to fix the vulnerabilities. | Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-March/073580.html” TARGET=”_blank”>CESA-2022:1069</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-March/073580.html” TARGET=”_blank”>CESA-2022:1069:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 257163 | CentOS Security Update for Open Secure Sockets Layer (OpenSSL) (CESA-2022:1066) | CentOS has released a security update for openssl security update to fix the vulnerabilities. | Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-March/073577.html” TARGET=”_blank”>CESA-2022:1066</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-March/073577.html” TARGET=”_blank”>CESA-2022:1066:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 257169 | CentOS Security Update for gzip (CESA-2022:2191) | CentOS has released a security update for gzip security update to fix the vulnerabilities. | Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-May/073585.html” TARGET=”_blank”>CESA-2022:2191</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-May/073585.html” TARGET=”_blank”>CESA-2022:2191:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 257170 | CentOS Security Update for zlib (CESA-2022:2213) | CentOS has released a security update for zlib security update to fix the vulnerabilities. | Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-May/073584.html” TARGET=”_blank”>CESA-2022:2213</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-May/073584.html” TARGET=”_blank”>CESA-2022:2213:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 257179 | CentOS Security Update for python (CESA-2022:5235) | CentOS has released a security update for python security update to fix the vulnerabilities. | Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-August/073601.html” TARGET=”_blank”>CESA-2022:5235</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-August/073601.html” TARGET=”_blank”>CESA-2022:5235:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 257185 | CentOS Security Update for xz (CESA-2022:5052) | CentOS has released a security update for xz security update to fix the vulnerabilities. | Refer to CentOS security advisory <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-August/073618.html” TARGET=”_blank”>CESA-2022:5052</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://lists.centos.org/pipermail/centos-announce/2022-August/073618.html” TARGET=”_blank”>CESA-2022:5052:centos 7</A> |
CentOS | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 371776 | Linux Docker Image Hard-Coded Credential Vulnerability | <P>Linux docker images with a NULL password for the root user is detected.
<P>Affected Versions:<BR> <P>QID Detection Logic:<BR> <BR><B>Note</B>: on 5/21/2019, we extend this QID to detect this vulnerability on ALL Linux docker images. |
Customers are advised to set a password for the root user.<P>Workaround:<BR>Customers who have older Alpine Linux Docker images integrated inside (re)install scripts/routines should modify the Docker image to disable the root account or, at least, set a custom password. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/alpinelinux/docker-alpine” TARGET=”_blank”>Alpine Linux Docker Image</A> |
Local | Successful exploitation may result in hijacking of system by attackers who can authenticate using the root use and no password.<P> | High |
| 372268 | GNU Bash Privilege Escalation Vulnerability for Debian | GNU Bash. Bash is the GNU Project’s shell.<P> An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. <P> QID Detection Logic (Authenticated) <BR> This checks for vulnerable version of Bash shell in Debian 9 and 10. |
No updates available for Debian platform till date. | Local | On successful exploitation an attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges. |
High |
| 372307 | MongoDB Improper Invalidation Vulnerability (SERVER-38984) | MongoDB is an open-source document database, and NoSQL database. <P>After user deletion in MongoDB Server the improper invalidation of authorization sessions allows an authenticated user’s session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones.<BR><P>Affected Versions:<BR> MongoDB Server v4.0 versions prior to 4.0.9.<BR> MongoDB Server v3.6 versions prior to 3.6.13 <BR> MongoDB Server v3.4 versions prior to 3.4.22 <BR><P>QID Detection Logic:(Authenticated)<BR> This QID checks for vulnerable version of MongoDB installed on the target.<BR> |
Customer are advised to update MongoDb to the latest versions.(MongoDB Server 3.4.22,3.6.13,4.0.9 or later.)<BR> For more information visit <A HREF=”https://jira.mongodb.org/browse/SERVER-38984″ TARGET=”_blank”>MongoDB SERVER-38984</A>.<BR>Workaround:<BR>After deleting one or more users, restart any nodes which may have had active user authorization sessions.<BR> Refrain from creating user accounts with the same name as previously deleted accounts. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://www.mongodb.com/download-center” TARGET=”_blank”>MongoDB Server 3.4.22,3.6.13,4.0.9 or later</A> |
Local | Successful exploitation allows an authenticated user’s session to persist and become conflated with new accounts, if those accounts reuse the names of deleted ones.<BR> | Medium |
| 374643 | Go Misinterpretation of Input Vulnerability | Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.<P> Go’s encoding or xml handles XML directives in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and xml.Encoder implementations. Encoding and decoding using Go’s encoding or xml can introduce new structures around a maliciously crafted XML directive.<P>Affected Version:<BR> Go versions upto 1.15<P>QID Detection Logic(authenticated):<BR> This QID checks for vulnerable version of Go installed on the target.<P> Note: For unix target, this QID will only work if Go path is properly set in environment variable.<P> |
The vendor has released latest version of Go. For more information please visit: <A HREF=”https://github.com/mattermost/xml-roundtrip-validator/blob/master/advisories/unstable-directives.md” TARGET=”_blank”>Go</A><P>Workaround:<BR>The github.com/mattermost/xml-roundtrip-validator module can detect unstable constructs in an XML document, including unstable directives. Invoking the validator on all untrusted markup and failing early if it returns an error can prevent these types of issue from being exploited in an otherwise affected application.<P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://golang.org/dl/” TARGET=”_blank”>Go</A> |
Local | Mutations caused by encoding round-trips can lead to incorrect or conflicting decisions in affected applications. Equivalent lookups within an XML document can return different results during different stages of the document’s lifecycle. Attempting to validate the structure of an XML document can succeed or fail depending on the number of encoding round-trips it has gone through.<P> | High |
| 374644 | Go XML attribute instability Vulnerability | Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.<P> Go’s encoding/xml handles namespace prefixes on XML attributes in a way that causes crafted markup to mutate during round-trips through the xml.Decoder and xml.Encoder implementations. Encoding and decoding using Go’s encoding/xml can change the observed namespace as well as the observed local name of a maliciously crafted XML attribute.<P>Affected Version:<BR> Go all versions<P>QID Detection Logic(authenticated):<BR> This QID checks for vulnerable version of Go installed on the target.<P> Note: For unix target , this QID will only work if Go path is properly set in environment variable.<P> |
The vendor has not released any fixes for this.Workaround:<BR>The github.com/mattermost/xml-roundtrip-validator module can detect unstable constructs in an XML document, including unstable attribute namespace prefixes. Invoking the validator on all untrusted markup and failing early if it returns an error can prevent these types of issue from being exploited in an otherwise affected application. | Local | Mutations caused by encoding round-trips can lead to incorrect or conflicting decisions in affected applications. Equivalent lookups within an XML document can return different results during different stages of the document’s lifecycle. Attempting to validate the structure of an XML document can succeed or fail depending on the number of encoding round-trips it has gone through.<P> | High |
| 374667 | Kubernetes Man In The Middle Vulnerability | Kubernetes is an open-source container-orchestration system for automating deployment, scaling and management of containerized applications.<BR>
Affected version:<BR> QID Detection Logic:(Authenticated)<BR> QID Detection Logic:(Unauthenticated)<BR> |
As patched version is not available, customers are advised to apply mitigation. For more information please visit <A HREF=”https://github.com/kubernetes/kubernetes/issues/97076″ TARGET=”_blank”>here</A>.Workaround:<BR>There is no patch for this issue, and it can currently only be mitigated by restricting access to the vulnerable features.<BR> To restrict the use of external IPs kubernetes are providing an admission webhook container: k8s.gcr.io/multitenancy/externalip-webhook:v1.0.0. The source code and deployment instructions are <A HREF=”https://github.com/kubernetes-sigs/externalip-webhook” TARGET=”_blank”>published at</A>.Alternatively, external IPs can be restricted using OPA Gatekeeper. A sample ConstraintTemplate and Constraint can be found : <A HREF=”https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general/externalip” TARGET=”_blank”>here</A>. No mitigations are provided for LoadBalancer IPs since we do not recommend granting users patch service/status permission. If LoadBalancer IP restrictions are required, the approach for the external IP mitigations can be copied. |
Local | If a potential attacker can already create or edit services and pods, then they may be able to intercept traffic from other pods (or nodes) in the cluster.<P> | Medium |
| 375598 | Go Denial Of Service Vulnerability | Go is an open source programming language that makes it easy to build simple, reliable, and efficient software.<P>
CVE-2021-31525: A vulnerability was found in net/http of the Go standard library when parsing very large HTTP header values, causing a crash and subsequent denial of service. This vulnerability affects both clients and servers written in Go, however servers are only vulnerable if the default 1 MB value for MaxHeaderBytes is increased.<P> Affected Version:<BR> QID Detection Logic(authenticated):<BR>This QID checks for vulnerable version of Go installed on the target.<P> Note: For unix target, this QID will only work if Go path is properly set in environment variable.<P> |
It is advised to install the latest Go version from <A HREF=”https://golang.org/dl/” TARGET=”_blank”>Go download page.</A> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://golang.org/dl/” TARGET=”_blank”>Go</A> |
Local | Successful exploitation could result in denial of service attack.<P> | Medium |
| 375831 | Golang Improper Input Validation Of Octal Literals Vulnerability | Go is an open-source programming language that makes it easy to build simple, reliable, and efficient software.<P>
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR.<P> Affected versions: <BR> QID Detection Logic:<BR> |
The Vendor has released a security update to fix the vulnerability. For more information please visit <A HREF=”https://golang.org/doc/go1.17″ TARGET=”_blank”>Golang 1.17</A> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://golang.org/doc/go1.17″ TARGET=”_blank”>Go 1.17</A> |
Local | Successful exploitation of these vulnerabilities allows unauthenticated remote attackers to perform indeterminate SSRF, RFI, and LFI attacks on many programs that rely on golang builtin net.ParseCIDR function<P> | Medium |
| 375835 | Go Lang Transport Layer Security (TLS) Clients Vulnerability | Go is an open-source programming language that makes it easy to build simple, reliable, and efficient software.<P>
Affected versions: <BR> QID Detection Logic:<BR> |
The Vendor has released a security update to fix the vulnerability. For more information please visit <A HREF=”https://golang.org/doc/devel/release#go1.16.minor” TARGET=”_blank”>Golang 1.16.6</A> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://golang.org/doc/devel/release#go1.16.minor” TARGET=”_blank”>Golang1.16.6</A> |
Local | Successful exploitation of these vulnerabilities could affect Confidentiality, Integrity and Availability.<P> | Low |
| 376157 | Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell) | A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE).<BR>
<P>Affected versions:<BR> <P>QID Detection: (Authenticated) – Linux<BR> This detection logic is updated to find log4j installs using the locate command and ls proc command. These updates are in VULNSIGS-2.5.352-4 <BR> QID Detection: (Authenticated) – Windows<BR> Note: Please provide Oracle auth records for scanning Oracle Database instances.<BR> |
Apache is recommending customers to upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later). If updating the version is not possible, please refer to the mitigations mentioned here <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Log4j</A>.<BR> NOTE: This detection checks only version information and does not check for workaround.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://logging.apache.org/log4j/2.x/download.html” TARGET=”_blank”>Apache Log4j</A> |
Local | Successful exploitation of this vulnerability could lead to remote code execution (RCE) on the target.<BR> | High |
| 376157 | Apache Log4j Remote Code Execution (RCE) Vulnerability (Log4Shell) | A zero-day exploit affecting the popular Apache Log4j utility (CVE-2021-44228) was made public on December 9, 2021 that results in remote code execution (RCE).<BR>
<P>Affected versions:<BR> <P>QID Detection: (Authenticated)<BR> This detection logic is updated to find log4j installs using the locate command and ls proc command. These updates are in VULNSIGS-2.5.352-4 <BR> |
The vendor has released a fix for this vulnerability and the customers are advised to update their Log4j to the version 2.15.0. If updating the version is not possible, please refer to the mitigations mentioned here <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Log4j</A>.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://logging.apache.org/log4j/2.x/download.html” TARGET=”_blank”>Apache Log4j</A> |
Local | Successful exploitation of this vulnerability could lead to remote code execution (RCE) on the target.<BR> | High |
| 376178 | Apache Log4j Remote Code Execution (RCE) Vulnerability (CVE-2021-45046) | Apache Log4j is a Java-based logging utility. It is part of the Apache Logging Services, a project of the Apache Software Foundation.<P>
CVE-2021-45046: A zero-day exploit affecting the popular Apache Log4j utility to Denial of Service attack.<P> <P>Affected versions:<BR> <P>QID Detection: (Authenticated)<BR> |
The vendor has released a fix for this vulnerability and the customers are advised to update their Log4j to the version 2.12.2 and 2.16.0. Please refer to the mitigations mentioned here <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Log4j</A>.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Apache Log4j</A> |
Local | Successful exploitation of this vulnerability could lead to Sensitive Information Disclosure and Remote Code Execution<P> | High |
| 376178 | Apache Log4j Remote Code Execution (RCE) Vulnerability (CVE-2021-45046) (Log4Shell) | Apache Log4j is a Java-based logging utility. It is part of the Apache Logging Services, a project of the Apache Software Foundation.<P>
CVE-2021-45046: A zero-day exploit affecting the popular Apache Log4j utility to Remote Code Execution and Denial of Service attack.<P> <P>Affected versions:<BR> <P>QID Detection: (Authenticated) – Linux<BR> QID Detection: (Authenticated) – Windows<BR> |
Apache recommends customers to upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later). Please refer to the mitigations mentioned here <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Log4j</A>.<BR> This detection checks only version information and does not check for workaround.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Apache Log4j</A> |
Local | Successful exploitation of this vulnerability could lead to Sensitive Information Disclosure and Remote Code Execution<P> | High |
| 376194 | Apache Log4j Denial of Service (DOS) Vulnerability (Log4Shell) | Apache Log4j2 does not always protect from infinite recursion in lookup evaluation (CVE-2021-45105), this was made public on December 18, 2021<BR>
<P>Affected versions:<BR> <P>QID Detection: (Authenticated)<BR> This detection logic also tries to find log4j installs using the locate command and ls proc command. These updates are in VULNSIGS-2_5_357<BR> QID Detection: (Authenticated) – Windows <BR> |
Apache recommends customers to upgrade to Log4j 2.3.1 (for Java 6), 2.12.3 (for Java 7), or 2.17.0 (for Java 8 and later). If updating the version is not possible, please refer to the mitigations mentioned here <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Log4j</A>.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://logging.apache.org/log4j/2.x/download.html” TARGET=”_blank”>Apache Log4j</A> |
Local | Apache Log4j2 versions 2.0-alpha1 through 2.16.0, excluding 2.12.3, 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. When the logging configuration uses a non-default Pattern Layout with a Context Lookup (for example, $${ctx:loginId}), attackers with control over Thread Context Map (MDC) input data can craft malicious input data that contains a recursive lookup, resulting in a StackOverflowError that will terminate the process. This is also known as a DOS (Denial of Service) attack. <BR> |
High |
| 376209 | Apache Log4j Remote Code Execution (RCE) Vulnerability (CVE-2021-44832) | Apache Log4j is a Java-based logging utility. It is part of the Apache Logging Services, a project of the Apache Software Foundation.<P>
CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration.<P> <P>Affected versions:<BR> Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4)<P> <P>QID Detection: (Authenticated) – Linux<BR> |
Apache recommends customers to upgrade to Log4j 2.3.2 (for Java 6), 2.12.4 (for Java 7), or 2.17.1 (for Java 8 and later). Please refer to the mitigations mentioned here <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Log4j</A>.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://logging.apache.org/log4j/2.x/security.html” TARGET=”_blank”>Apache Log4j</A> |
Local | Successful exploitation of this vulnerability could lead to Remote Code Execution<P> | Medium |
| 376213 | Redis Server Heap Overflow Vulnerability | Redis is an open-source, in-memory database that persists on disk.<P>
Integer overflow that can lead to heap overflow in Redis-CLI, Redis-sentinel on some platforms and DoS vulnerability<P> Affected Versions:<BR> QID Detection Logic (Authenticated): Linux<BR> |
Customers are advised to update to the latest patch version of Redis Server. For more information, please refer to <A HREF=”https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p” TARGET=”_blank”>Redis Security Advisory GHSA-f6pw</A><A HREF=”https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr” TARGET=”_blank”>Redis Security Advisory GHSA-833w</A><P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/redis/redis/security/advisories/GHSA-f6pw-v9gw-v64p” TARGET=”_blank”>GHSA-f6pw</A><P> <A HREF=”https://github.com/redis/redis/security/advisories/GHSA-833w-8v3m-8wwr” TARGET=”_blank”>GHSA-833w</A> |
Local | Successful exploitation of this vulnerability may lead to heap overflow in redis-cli, redis-sentinel on some platforms.<P> | High |
| 376506 | Spring Framework Remote Code Execution (RCE) Vulnerability (Spring4Shell) | The vulnerability exists in the Spring Framework with the JDK version greater or equal to 9.0. (If the version number is less than or equal to 8, it is not affected by the vulnerability.)<BR>
Triggering this vulnerability requires use of the Spring MVC and Spring WebFlux applications running on JDK9 and above.<P> Vulnerable Versions:<BR> QID Detection: (Authenticated) – Linux<BR> QID Detection: (Qualys CS Image Scanning)<BR> |
The vendor has released an advisory to resolve these issues. <P> Customers are advised to visit <A HREF=”https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#overview” TARGET=”_blank”>Spring Framework RCE </A> for more information on this. <BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement” TARGET=”_blank”>Spring </A> |
Local | A remote attacker can obtain the AccessLogValve object and malicious field values via the parameter binding function of the framework on the basis of meeting certain conditions<BR> | High |
| 376506 | Spring Framework Remote Code Execution (RCE) Vulnerability (Spring4Shell) | The vulnerability exists in the Spring Framework with the JDK version greater or equal to 9.0. (If the version number is less than or equal to 8, it is not affected by the vulnerability.)<BR>
Triggering this vulnerability requires use of the Spring MVC and Spring WebFlux applications running on JDK9 and above.<P> Vulnerable Versions:<BR> QID Detection: (Authenticated) – Linux<BR> |
The vendor has released an advisory to resolve these issues. <P> Customers are advised to visit <A HREF=”https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement#overview” TARGET=”_blank”>Spring Framework RCE </A> for more information on this. <BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement” TARGET=”_blank”>Spring </A> |
Local | A remote attacker can obtain the AccessLogValve object and malicious field values via the parameter binding function of the framework on the basis of meeting certain conditions<BR> | High |
| 377846 | Kubernetes Validating Admission Webhook Vulnerability | Kubernetes is an open-source container-orchestration system for automating deployment, scaling, and management of containerized applications.<BR><P>
Affected version:<BR> QID Detection Logic:(Authenticated)<BR> |
For more information please visit <A HREF=”https://github.com/kubernetes/kubernetes/issues/100096″ TARGET=”_blank”>100096</A><P>Workaround:<BR>This only impacts validating admission plugins that rely on old values in certain fields, and does not impact calls from kubelets that go through the built-in NodeRestriction admission plugin. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/kubernetes/kubernetes/issues/100096″ TARGET=”_blank”>100096</A> |
Local | Successful exploitation of the vulnerability may allow an attacker to node updates to bypass a Validating Admission Webhook<P> | Medium |
| 377847 | Kubernetes Ceph RBD Admin Secrets exposed Vulnerability | Kubernetes is an open-source container-orchestration system for automating deployment, scaling, and management of containerized applications.<BR><P>
Affected version:<BR> QID Detection Logic:(Authenticated)<BR> |
For more information please visit <A HREF=”https://github.com/kubernetes/kubernetes/issues/95624″ TARGET=”_blank”>95624</A><P>Workaround:<BR>Vulnerable If Ceph RBD volumes are in use and kube-controller-manager is using a log level of at least 4. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/kubernetes/kubernetes/issues/95624″ TARGET=”_blank”>95624</A> |
Local | Successful exploitation of the vulnerability may allow an attacker to Ceph RBD adminSecrets exposed in logs<P> | Medium |
| 377848 | Kubernetes Token Leak Logs Vulnerability | Kubernetes is an open-source container-orchestration system for automating deployment, scaling, and management of containerized applications.<BR><P>
Affected version:<BR> QID Detection Logic:(Authenticated)<BR> |
For more information please visit <A HREF=”https://github.com/kubernetes/kubernetes/issues/95623″ TARGET=”_blank”>95623</A><P>Workaround:<BR>Vulnerable If kube-apiserver is using a log level of at least 9. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/kubernetes/kubernetes/issues/95623″ TARGET=”_blank”>95623</A> |
Local | Successful exploitation of the vulnerability may allow an attacker authorization and bearer tokens will be written to log files<P> | Medium |
| 377852 | Kubernetes Docker Config Secrets Leaked Vulnerability | Kubernetes is an open-source container-orchestration system for automating deployment, scaling, and management of containerized applications.<BR><P>
Affected version:<BR> QID Detection Logic:(Authenticated)<BR> |
For more information please visit <A HREF=”https://github.com/kubernetes/kubernetes/issues/95622″ TARGET=”_blank”>95622</A><P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/kubernetes/kubernetes/issues/95622″ TARGET=”_blank”>95622</A> |
Local | Successful exploitation of the vulnerability may allow an attacker to read docker config files<P> | Medium |
| 377853 | Kubernetes Kublet Node Disk Denial of Service (DoS) Vulnerability | Kubernetes is an open-source container-orchestration system for automating deployment, scaling, and management of containerized applications.<BR><P>
Affected version:<BR> QID Detection Logic:(Authenticated)<BR> |
For more information please visit <A HREF=”https://github.com/kubernetes/kubernetes/issues/93032″ TARGET=”_blank”>93032</A><P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/kubernetes/kubernetes/issues/93032″ TARGET=”_blank”>93032</A> |
Local | Successful exploitation of the vulnerability may allow an attacker to read docker config files<P> | Medium |
| 377854 | Kubernetes kube-Apiserver Privilege Escalation Vulnerability | Kubernetes is an open-source container-orchestration system for automating deployment, scaling, and management of containerized applications.<BR><P>
Affected version:<BR> QID Detection Logic:(Authenticated)<BR> |
For more information please visit <A HREF=”https://github.com/kubernetes/kubernetes/issues/92914″ TARGET=”_blank”>92914</A><P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/kubernetes/kubernetes/issues/92914″ TARGET=”_blank”>92914</A> |
Local | Successful exploitation of the vulnerability may allow an attacker to send a redirect response that may be followed by a client using the credentials from the original request<P> | Medium |
| 377913 | Git Multiple Security Vulnerabilities | Git is a revision control system, a tool to manage your source code history.<P>
Affected Versions:<BR> QID Detection Logic (authenticated):<BR> |
Customers are advised to upgrade to <A HREF=”https://git-scm.com/downloads” TARGET=”_blank”>Git v2.30.7, v2.31.6, v2.32.5, v2.33.6, v2.34.6, v2.35.6, v2.36.4, v2.37.5, v2.38.3, v2.39.1</A> or later versions to remediate these vulnerabilities. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/git/git/security/advisories/GHSA-475x-2q3q-hvwq” TARGET=”_blank”>GHSA-475x-2q3q-hvwq</A><P> <A HREF=”https://github.com/git/git/security/advisories/GHSA-c738-c5qq-xg89″ TARGET=”_blank”>GHSA-c738-c5qq-xg89</A> |
Local | An attacker can trigger remote code execution.<P> | High |
| 500027 | Alpine Linux Security Update for apk-tools | Alpine Linux has released a security update for apk-tools to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.10.6-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/apk-tools” TARGET=”_blank”>apk-tools</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/apk-tools” TARGET=”_blank”>apk-tools-2.10.6-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500028 | Alpine Linux Security Update for apk-tools | Alpine Linux has released a security update for apk-tools to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.10.7-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/apk-tools” TARGET=”_blank”>apk-tools</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/apk-tools” TARGET=”_blank”>apk-tools-2.10.7-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500081 | Alpine Linux Security Update for busybox | Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 1.31.1-r20. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.31.1-r20:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500082 | Alpine Linux Security Update for busybox | Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 1.31.1-r21. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.31.1-r21:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500083 | Alpine Linux Security Update for busybox | Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 1.31.1-r22. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.31.1-r22:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500130 | Alpine Linux Security Update for curl | Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 7.69.1-r1. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.69.1-r1:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500131 | Alpine Linux Security Update for curl | Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 7.69.1-r2. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.69.1-r2:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500132 | Alpine Linux Security Update for curl | Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 7.69.1-r3. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.69.1-r3:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500133 | Alpine Linux Security Update for curl | Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 7.74.0-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.74.0-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 500134 | Alpine Linux Security Update for curl | Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 7.76.0-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.76.0-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 500135 | Alpine Linux Security Update for curl | Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 7.77.0-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.77.0-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500136 | Alpine Linux Security Update for curl | Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 7.78.0-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.78.0-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 500137 | Alpine Linux Security Update for curl | Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 7.79.0-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.79.0-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500138 | Alpine Linux Security Update for curl | Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 7.79.1-r1. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.79.1-r1:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500177 | Alpine Linux Security Update for expat | Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.2.10-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.2.10-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500178 | Alpine Linux Security Update for expat | Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.2.10-r1. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.2.10-r1:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500179 | Alpine Linux Security Update for expat | Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.2.10-r2. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.2.10-r2:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500189 | Alpine Linux Security Update for freetype | Alpine Linux has released a security update for freetype to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.10.4-r1. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/freetype” TARGET=”_blank”>freetype</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/freetype” TARGET=”_blank”>freetype-2.10.4-r1:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500190 | Alpine Linux Security Update for freetype | Alpine Linux has released a security update for freetype to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.10.4-r2. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/freetype” TARGET=”_blank”>freetype</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/freetype” TARGET=”_blank”>freetype-2.10.4-r2:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500222 | Alpine Linux Security Update for git | Alpine Linux has released a security update for git to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.26.3-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git-2.26.3-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500223 | Alpine Linux Security Update for git | Alpine Linux has released a security update for git to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.26.3-r1. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git-2.26.3-r1:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500227 | Alpine Linux Security Update for gmp | Alpine Linux has released a security update for gmp to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 6.2.1-r1. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/gmp” TARGET=”_blank”>gmp</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/gmp” TARGET=”_blank”>gmp-6.2.1-r1:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500295 | Alpine Linux Security Update for libgcrypt | Alpine Linux has released a security update for libgcrypt to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR><BR><BR>Affected Package versions prior to 1.8.8-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libgcrypt” TARGET=”_blank”>libgcrypt</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/libgcrypt” TARGET=”_blank”>libgcrypt-1.8.8-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500296 | Alpine Linux Security Update for libgcrypt | Alpine Linux has released a security update for libgcrypt to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR><BR><BR>Affected Package versions prior to 1.8.8-r1. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libgcrypt” TARGET=”_blank”>libgcrypt</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/libgcrypt” TARGET=”_blank”>libgcrypt-1.8.8-r1:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 500306 | Alpine Linux Security Update for libjpeg-turbo | Alpine Linux has released a security update for libjpeg-turbo to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.1.0-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libjpeg-turbo” TARGET=”_blank”>libjpeg-turbo</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/libjpeg-turbo” TARGET=”_blank”>libjpeg-turbo-2.1.0-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 500342 | Alpine Linux Security Update for libxml2 | Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.9.10-r6. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2-2.9.10-r6:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500343 | Alpine Linux Security Update for libxml2 | Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 2.9.12-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2-2.9.12-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 500344 | Alpine Linux Security Update for libxml2 | Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.9.13-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2-2.9.13-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500345 | Alpine Linux Security Update for libxml2 | Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.9.14-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2-2.9.14-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 500355 | Alpine Linux Security Update for libxslt | Alpine Linux has released a security update for libxslt to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 1.1.35-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxslt” TARGET=”_blank”>libxslt</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxslt” TARGET=”_blank”>libxslt-1.1.35-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500415 | Alpine Linux Security Update for musl | Alpine Linux has released a security update for musl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 1.1.24-r10. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/musl” TARGET=”_blank”>musl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/musl” TARGET=”_blank”>musl-1.1.24-r10:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 500499 | Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL) | Alpine Linux has released a security update for openssl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 1.1.1l-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl-1.1.1l-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500500 | Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL) | Alpine Linux has released a security update for openssl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 1.1.1n-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl-1.1.1n-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500594 | Alpine Linux Security Update for python3 | Alpine Linux has released a security update for python3 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR><BR><BR>Affected Package versions prior to 3.8.5-r1. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/python3″ TARGET=”_blank”>python3</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/python3″ TARGET=”_blank”>python3-3.8.5-r1:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 500595 | Alpine Linux Security Update for python3 | Alpine Linux has released a security update for python3 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 3.8.8-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/python3″ TARGET=”_blank”>python3</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/python3″ TARGET=”_blank”>python3-3.8.8-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 500831 | Alpine Linux Security Update for zlib | Alpine Linux has released a security update for zlib to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.12<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 1.2.12-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/zlib” TARGET=”_blank”>zlib</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/zlib” TARGET=”_blank”>zlib-1.2.12-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 501355 | Alpine Linux Security Update for apk-tools | Alpine Linux has released a security update for apk-tools to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.12.6-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/apk-tools” TARGET=”_blank”>apk-tools</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/apk-tools” TARGET=”_blank”>apk-tools-2.12.6-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 501468 | Alpine Linux Security Update for pcre2 | Alpine Linux has released a security update for pcre2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 10.36-r1. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/pcre2″ TARGET=”_blank”>pcre2</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/pcre2″ TARGET=”_blank”>pcre2-10.36-r1:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 501733 | Alpine Linux Security Update for busybox | Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 1.33.1-r4. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.33.1-r4:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 501734 | Alpine Linux Security Update for busybox | Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 1.33.1-r5. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.33.1-r5:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 501735 | Alpine Linux Security Update for busybox | Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 1.33.1-r6. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.33.1-r6:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 501736 | Alpine Linux Security Update for busybox | Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 1.33.1-r7. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.33.1-r7:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 501738 | Alpine Linux Security Update for expat | Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.4.3-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.4.3-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 501739 | Alpine Linux Security Update for expat | Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.4.4-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.4.4-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 501740 | Alpine Linux Security Update for expat | Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.4.5-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.4.5-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 501742 | Alpine Linux Security Update for git | Alpine Linux has released a security update for git to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 2.32.1-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git-2.32.1-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 501747 | Alpine Linux Security Update for libretls | Alpine Linux has released a security update for libretls to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 3.3.3p1-r3. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libretls” TARGET=”_blank”>libretls</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/libretls” TARGET=”_blank”>libretls-3.3.3p1-r3:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 501777 | Alpine Linux Security Update for redis | Alpine Linux has released a security update for redis to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 6.2.6-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/redis” TARGET=”_blank”>redis</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/redis” TARGET=”_blank”>redis-6.2.6-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 501778 | Alpine Linux Security Update for redis | Alpine Linux has released a security update for redis to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 6.2.7-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/redis” TARGET=”_blank”>redis</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/redis” TARGET=”_blank”>redis-6.2.7-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 501951 | Alpine Linux Security Update for busybox | Alpine Linux has released a security update for busybox to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 1.34.1-r5. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/busybox” TARGET=”_blank”>busybox-1.34.1-r5:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 501967 | Alpine Linux Security Update for libretls | Alpine Linux has released a security update for libretls to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 3.3.4-r3. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libretls” TARGET=”_blank”>libretls</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/libretls” TARGET=”_blank”>libretls-3.3.4-r3:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502407 | Alpine Linux Security Update for curl | Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 7.79.1-r2. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.79.1-r2:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502413 | Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL) | Alpine Linux has released a security update for openssl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 1.1.1q-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl-1.1.1q-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502432 | Alpine Linux Security Update for git | Alpine Linux has released a security update for git to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 2.32.3-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git-2.32.3-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502475 | Alpine Linux Security Update for zlib | Alpine Linux has released a security update for zlib to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 1.2.12-r2. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/zlib” TARGET=”_blank”>zlib</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/zlib” TARGET=”_blank”>zlib-1.2.12-r2:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502487 | Alpine Linux Security Update for libxml2 | Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.9.14-r1. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2-2.9.14-r1:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502498 | Alpine Linux Security Update for curl | Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 7.79.1-r3. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.79.1-r3:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502509 | Alpine Linux Security Update for expat | Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.4.9-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.4.9-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502526 | Alpine Linux Security Update for libxml2 | Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.9.14-r1. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2-2.9.14-r1:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502547 | Alpine Linux Security Update for libxml2 | Alpine Linux has released a security update for libxml2 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.13<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.9.14-r2. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/libxml2″ TARGET=”_blank”>libxml2-2.9.14-r2:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502551 | Alpine Linux Security Update for git | Alpine Linux has released a security update for git to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 2.32.4-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git-2.32.4-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502572 | Alpine Linux Security Update for expat | Alpine Linux has released a security update for expat to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 2.5.0-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/expat” TARGET=”_blank”>expat-2.5.0-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502607 | Alpine Linux Security Update for python3 | Alpine Linux has released a security update for python3 to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 3.9.16-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/python3″ TARGET=”_blank”>python3</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/python3″ TARGET=”_blank”>python3-3.9.16-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502614 | Alpine Linux Security Update for curl | Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 7.79.1-r4. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.79.1-r4:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502636 | Alpine Linux Security Update for git | Alpine Linux has released a security update for git to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 2.32.5-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git-2.32.5-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502644 | Alpine Linux Security Update for redis | Alpine Linux has released a security update for redis to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR><BR><BR>Affected Package versions prior to 6.2.9-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/redis” TARGET=”_blank”>redis</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/redis” TARGET=”_blank”>redis-6.2.9-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502652 | Alpine Linux Security Update for Open Secure Sockets Layer (OpenSSL) | Alpine Linux has released a security update for openssl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR>Alpine Linux 3.15<BR>Alpine Linux 3.16<BR><BR><BR>Affected Package versions prior to 1.1.1t-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/openssl” TARGET=”_blank”>openssl-1.1.1t-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502664 | Alpine Linux Security Update for curl | Alpine Linux has released a security update for curl to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 7.79.1-r5. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/curl” TARGET=”_blank”>curl-7.79.1-r5:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 502665 | Alpine Linux Security Update for git | Alpine Linux has released a security update for git to fix the vulnerabilities.<BR><BR>Affected versions:<BR>Alpine Linux 3.14<BR><BR><BR>Affected Package versions prior to 2.32.6-r0. | Refer to Alpine Linux advisory <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git</A> for updates and patch information. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://security.alpinelinux.org/srcpkg/git” TARGET=”_blank”>git-2.32.6-r0:Alpine Linux</A> |
Alpine Linux | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 650035 | OpenSSH Information Disclosure Vulnerability (Generic) | OpenSSH is the premier connectivity tool for remote login with the SSH protocol. <P> The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to target initial connection attempts (where no host key for the server has been cached by the client).<P>Affected Versions:<BR> OpenSSH 5.7 through 8.3<P>QID Detection Logic:<BR> The QID checks for the vulnerable versions of OpenSSH |
OpenSSH team committed a partial mitigation of this issue which is included in openssh 8.4.<BR> Refer to <A HREF=”https://www.openssh.com/” TARGET=”_blank”>OpenSSH 8.4</A> for details.<P> |
Security Policy | On successful exploitation it allows man-in-the-middle attackers to target initial connection attempts. | Medium |
| 650049 | EOL/Obsolete Operating System: Debian 8.0 Detected | The host is running Debian 8.0 (Jessie). Support for Debian 8 ended on June 30, 2020. No further updates, including security updates, are available for Debian 8.0. | Users are advised to the latest version of Debian available. More information on the latest version can be obtained from <A HREF=”https://wiki.debian.org/DebianReleases” TARGET=”_blank”>Debian</A> | Security Policy | The system is at high risk of being exposed to security vulnerabilities. Since the vendor no longer provides updates, obsolete software is more vulnerable to viruses and other attacks. | High |
| 900204 | CBL-Mariner Linux Security Update for libarchive 3.4.2 | <P>CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.</P>Affected OS: CBL Mariner<BR><P>QID Detection Logic(Authenticated):<BR>This QID checks for vulnerable versions of package name. <BR> <BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | CBL-Mariner has issued updated packages to fix this vulnerability. <P>For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”></A> | CBL-Mariner | Successful exploitation of this vulnerability could lead to security breach or could affect integrity, availability and confidentiality. | Medium |
| 900829 | Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (9441) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for python2 to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 900845 | Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (9442) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for python3 to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 900855 | Common Base Linux Mariner (CBL-Mariner) Security Update for ncurses (9504) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for ncurses to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 901006 | Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (6441) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for glibc to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 901574 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9711) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 901576 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9710) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 901577 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9712) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 901578 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9713) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 901580 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9740) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 901987 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9751) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 901989 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9773) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 901990 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9772) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 901991 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9771) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 901997 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9782) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 901998 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9784) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 901999 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9783) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902045 | Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (9820) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for python2 to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902051 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9822) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902053 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9834) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902054 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9833) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902146 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9855) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902152 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9868) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902161 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9881) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902166 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9893) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902170 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9892) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902183 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9772-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9772-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902186 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9834-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9834-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902187 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9751-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9751-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902191 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9782-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9782-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902193 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9711-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9711-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902197 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9710-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9710-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902199 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9822-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9822-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902202 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9784-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9784-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902203 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9740-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9740-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902204 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9773-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9773-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902207 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9833-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9833-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902208 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9713-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9713-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902211 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9712-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9712-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902220 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9783-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9783-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902222 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9771-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9771-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902343 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9949) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902344 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9947) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902345 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9950) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902347 | Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (9946) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for python3 to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902348 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9948) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902361 | Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9971) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for openssl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902402 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9983) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902403 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9984) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902404 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9985) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902410 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9999) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902411 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10000) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902417 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10033) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902418 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10034) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902420 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10035) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902421 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10037) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902425 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10036) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902439 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10051) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902442 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10053) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902443 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10052) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902450 | Common Base Linux Mariner (CBL-Mariner) Security Update for gnupg2 (10077) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for gnupg2 to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902455 | Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (10126) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for openssl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902456 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10110) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902457 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10109) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902462 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10111) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902464 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10112) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902476 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9985-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9985-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902477 | Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (9971-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for openssl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9971-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902480 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10135) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902481 | Common Base Linux Mariner (CBL-Mariner) Security Update for ncurses (9504-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for ncurses to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9504-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902482 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10134) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902484 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9999-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9999-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902488 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9949-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9949-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902489 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9950-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9950-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902495 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9984-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9984-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902497 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9983-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9983-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902500 | Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (9946-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for python3 to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9946-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902501 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9948-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9948-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902506 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (9947-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9947-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902511 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10124) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902512 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10115) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902515 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10116) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902522 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10136) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902552 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10113) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902553 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10114) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902561 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10323) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902609 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10417) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902610 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10418) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902611 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10420) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902613 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10419) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for vim to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902673 | Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (9820-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for python2 to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9820-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 902674 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10034-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10034-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902675 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10125-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10125-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902679 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10124-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10124-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902681 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10052-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10052-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902682 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10036-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10036-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902683 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10033-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10033-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902687 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10000-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10000-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902691 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10051-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10051-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902693 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10053-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10053-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902694 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10035-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10035-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902703 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10037-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10037-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 902708 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10136-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10136-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903105 | Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (1939) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for glibc to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903355 | Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (5430) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for python3 to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903379 | Common Base Linux Mariner (CBL-Mariner) Security Update for lua (2658) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for lua to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 903640 | Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (2551) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for glibc to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903712 | Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10726) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for rpm to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903713 | Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10783) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for rpm to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 903714 | Common Base Linux Mariner (CBL-Mariner) Security Update for zlib (10473-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for zlib to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10473-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903718 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9881-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9881-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903719 | Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (9613-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for freetype to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9613-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903720 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10116-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10116-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 903722 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9867-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9867-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903726 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10114-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10114-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 903727 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9868-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9868-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903729 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9894-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9894-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 903730 | Common Base Linux Mariner (CBL-Mariner) Security Update for freetype (9612-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for freetype to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9612-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903739 | Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10784) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for rpm to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903740 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10419-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10419-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903745 | Common Base Linux Mariner (CBL-Mariner) Security Update for glib (10698) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for glib to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903752 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10417-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10417-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903754 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10418-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10418-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903755 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9895-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9895-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903765 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10323-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10323-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903772 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (9882-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9882-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 903777 | Common Base Linux Mariner (CBL-Mariner) Security Update for libarchive (4585-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for libarchive to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>4585-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 903778 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10113-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10113-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 903780 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10420-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10420-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 903786 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (10115-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10115-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903971 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10565-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10565-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903972 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10583-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10583-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903973 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10566-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10566-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903977 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10785-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10785-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903979 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10582-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10582-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903981 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10602-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10602-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903983 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10825-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10825-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903988 | Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (10625-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for python3 to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10625-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903991 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10581-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10581-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903994 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10564-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10564-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 903996 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10631-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10631-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904001 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10630-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10630-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 904003 | Common Base Linux Mariner (CBL-Mariner) Security Update for gzip (10811-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for gzip to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10811-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904004 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10649-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10649-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 904009 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10584-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10584-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 904011 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10650-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10650-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904018 | Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (10699-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for glibc to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10699-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904021 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10786-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10786-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904082 | Common Base Linux Mariner (CBL-Mariner) Security Update for expat (10944-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for expat to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10944-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904083 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10965-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10965-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 904103 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10879-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10879-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904106 | Common Base Linux Mariner (CBL-Mariner) Security Update for rpm (10647-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for rpm to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10647-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 904177 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11013-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11013-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904186 | Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (9442-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for python3 to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9442-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904187 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11043-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11043-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904190 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10988-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10988-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904192 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11055-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11055-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904198 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11042-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11042-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904202 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (10977-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>10977-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904205 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11075-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11075-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904206 | Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (9441-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for python2 to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>9441-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904209 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11023-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11023-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 904370 | Common Base Linux Mariner (CBL-Mariner) Security Update for expat (11329-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for expat to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11329-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904389 | Common Base Linux Mariner (CBL-Mariner) Security Update for libtasn1 (11333-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for libtasn1 to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11333-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904488 | Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (11445) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for python3 to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904489 | Common Base Linux Mariner (CBL-Mariner) Security Update for python2 (11444) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for python2 to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904515 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11362-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11362-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904516 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (11411-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11411-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904527 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (11412-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11412-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904534 | Common Base Linux Mariner (CBL-Mariner) Security Update for sudo (11423-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for sudo to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11423-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904539 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (11053-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11053-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 904561 | Common Base Linux Mariner (CBL-Mariner) Security Update for libarchive (11470) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for libarchive to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904576 | Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (11507) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for python3 to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904625 | Common Base Linux Mariner (CBL-Mariner) Security Update for vim (11510-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for vim to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11510-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904626 | Common Base Linux Mariner (CBL-Mariner) Security Update for systemd (11447-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for systemd to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11447-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 904627 | Common Base Linux Mariner (CBL-Mariner) Security Update for libarchive (11473-1) | CBL-Mariner is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for libarchive to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/releases” TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/releases</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner” TARGET=”_blank”>11473-1:CBL-Mariner Linux</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904637 | Common Base Linux Mariner (CBL-Mariner) Security Update for libarchive (11470-1) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for libarchive to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>11470-1:CBL-Mariner Linux 2\\.0</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904772 | Common Base Linux Mariner (CBL-Mariner) Security Update for libksba (12104) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for libksba to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904790 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (12107-1) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>12107-1:CBL-Mariner Linux 2\\.0</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 904797 | Common Base Linux Mariner (CBL-Mariner) Security Update for krb5 (12133) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for krb5 to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905025 | Common Base Linux Mariner (CBL-Mariner) Security Update for pam (12603) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for pam to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905238 | Common Base Linux Mariner (CBL-Mariner) Security Update for krb5 (12133-1) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for krb5 to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>12133-1:CBL-Mariner Linux 2\\.0</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905239 | Common Base Linux Mariner (CBL-Mariner) Security Update for libksba (12104-1) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for libksba to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>12104-1:CBL-Mariner Linux 2\\.0</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905262 | Common Base Linux Mariner (CBL-Mariner) Security Update for gnupg2 (13005) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for gnupg2 to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905434 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (13284-1) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for curl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>13284-1:CBL-Mariner Linux 2\\.0</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905438 | Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13310) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for openssl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905464 | Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13352) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for openssl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905467 | Common Base Linux Mariner (CBL-Mariner) Security Update for glibc (13348) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for glibc to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905469 | Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13351) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for openssl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905503 | Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13352-1) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for openssl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>13352-1:CBL-Mariner Linux 2\\.0</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905506 | Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13310-1) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for openssl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>13310-1:CBL-Mariner Linux 2\\.0</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905538 | Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13351-1) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for openssl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>13351-1:CBL-Mariner Linux 2\\.0</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905552 | Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13564) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for openssl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905562 | Common Base Linux Mariner (CBL-Mariner) Security Update for Open Secure Sockets Layer (OpenSSL) (13564-1) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has released a security update for openssl to fix the vulnerabilities. | <P>CBL-Mariner has issued updated packages to fix this vulnerability. For more information about the vulnerability and obtaining patches, refer to the following CBL-Mariner 2.0 security advisories:<A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>https://github.com/microsoft/CBL-Mariner/tree/2.0</A></P> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/microsoft/CBL-Mariner/tree/2.0″ TARGET=”_blank”>13564-1:CBL-Mariner Linux 2\\.0</A> |
CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905595 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (13653) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905599 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (13654) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 905603 | Common Base Linux Mariner (CBL-Mariner) Security Update for curl (13652) | CBL-Mariner 2.0 is an internal Linux distribution for cloud infrastructure and edge products and services of Microsoft.<BR>CBL-Mariner has NOT released a security update for curl to fix the vulnerabilities. | <P>Patch is NOT available for the package.</P> | CBL-Mariner | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 980019 | Go (go) Security Update for github.com/opencontainers/image-spec (GHSA-77vh-xpmg-72qh) | Security update has been released for github.com/opencontainers/image-spec to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | The Image Specification will be updated to recommend that both manifest and index documents contain a `mediaType` field to identify the type of document.<BR>Release [v1.0.2](https://github.com/opencontainers/image-spec/releases/tag/v1.0.2) includes these updates.Workaround:<BR>Software attempting to deserialize an ambiguous document may reject the document if it contains both manifests and layers fields or manifests and config fields. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-77vh-xpmg-72qh” TARGET=”_blank”>GHSA-77vh-xpmg-72qh:github.com/opencontainers/image-spec</A> |
SCA | In the OCI Image Specification version 1.0.1 and prior, manifest and index documents are not self-describing and documents with a single digest could be interpreted as either a manifest or an index. | Medium |
| 980036 | Nodejs (npm) Security Update for json-schema (GHSA-896r-f27r-55mw) | json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’) | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-896r-f27r-55mw” TARGET=”_blank”>GHSA-896r-f27r-55mw</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-896r-f27r-55mw” TARGET=”_blank”>GHSA-896r-f27r-55mw:json-schema</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980038 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-v585-23hc-c647) | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-v585-23hc-c647″ TARGET=”_blank”>GHSA-v585-23hc-c647</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-v585-23hc-c647″ TARGET=”_blank”>GHSA-v585-23hc-c647:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980070 | Go (go) Security Update for github.com/containerd/containerd (GHSA-5j5w-g665-5m35) | Security update has been released for github.com/containerd/containerd to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | This issue has been fixed in containerd 1.4.12 and 1.5.8. Image pulls for manifests that contain a manifests field or indices which contain a layers field are rejected.Workaround:<BR>Ensure you only pull images from trusted sources. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-5j5w-g665-5m35″ TARGET=”_blank”>GHSA-5j5w-g665-5m35:github.com/containerd/containerd</A> |
SCA | In the OCI Distribution Specification version 1.0.0 and prior and in the OCI Image Specification version 1.0.1 and prior, manifest and index documents are ambiguous without an accompanying Content-Type HTTP header. Versions of containerd prior to 1.4.12 and 1.5.8 treat the Content-Type header as trusted and deserialize the document according to that header. If the Content-Type header changed between pulls of the same ambiguous document (with the same digest), the document may be interpreted differently, meaning that the digest alone is insufficient to unambiguously identify the content of the image. | Medium |
| 980093 | Go (go) Security Update for github.com/containerd/containerd (GHSA-c2h3-6mxw-7mvq) | Security update has been released for github.com/containerd/containerd to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability.Workaround:<BR>Limit access to the host to trusted users. Update directory permission on container bundles directories. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-c2h3-6mxw-7mvq” TARGET=”_blank”>GHSA-c2h3-6mxw-7mvq:github.com/containerd/containerd</A> |
SCA | A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. | Medium |
| 980106 | Python (pip) Security Update for pip (GHSA-5xp3-jfq3-5q8x) | A flaw was found in python-pip in the way it handled Unicode separators in git references. A remote attacker could possibly use this issue to install a different revision on a repository. The highest threat from this vulnerability is to data integrity. This is fixed in python-pip version 21.1. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-5xp3-jfq3-5q8x” TARGET=”_blank”>GHSA-5xp3-jfq3-5q8x</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-5xp3-jfq3-5q8x” TARGET=”_blank”>GHSA-5xp3-jfq3-5q8x:pip</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 980150 | Nodejs (npm) Security Update for tar (GHSA-9r2w-394v-53qc) | Security update has been released for tar to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | 4.4.16 || 5.0.8 || 6.1.7Workaround:<BR>Users may work around this vulnerability without upgrading by creating a custom filter method which prevents the extraction of symbolic links.<BR><BR>“`js<BR>const tar = require(‘tar’)<BR><BR>tar.x({<BR> file: ‘archive.tgz’,<BR> filter: (file, entry) => {<BR> if (entry.type === ‘SymbolicLink’) {<BR> return false<BR> } else {<BR> return true<BR> }<BR> }<BR>})<BR>“`<BR><BR>Users are encouraged to upgrade to the latest patched versions, rather than attempt to sanitize tar input themselves. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-9r2w-394v-53qc” TARGET=”_blank”>GHSA-9r2w-394v-53qc:tar</A> |
SCA | Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution<BR><BR>`node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.<BR><BR>This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory, where the symlink and directory names in the archive entry used backslashes as a path separator on posix systems. The cache checking logic used both `\` and `/` characters as path separators, however `\` is a valid filename character on posix systems.<BR><BR>By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite.<BR><BR>Additionally, a similar confusion could arise on case-insensitive filesystems. If a tar archive contained a directory at `FOO`, followed by a symbolic link named `foo`, then on case-insensitive file systems, the creation of the symbolic link would remove the directory from the filesystem, but _not_ from the internal directory cache, as it would not be treated as a cache hit. A subsequent file entry within the `FOO` directory would then be placed in the target of the symbolic link, thinking that the directory had already been created. <BR><BR>These issues were addressed in releases 4.4.16, 5.0.8 and 6.1.7.<BR><BR>The v3 branch of `node-tar` has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of `node-tar`. If this is not possible, a workaround is available below. | High |
| 980152 | Nodejs (npm) Security Update for tar (GHSA-qq89-hq3f-393p) | Security update has been released for tar to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | 6.1.9 || 5.0.10 || 4.4.18Workaround:<BR>Users may work around this vulnerability without upgrading by creating a custom filter method which prevents the extraction of symbolic links.<BR><BR>“`js<BR>const tar = require(‘tar’)<BR><BR>tar.x({<BR> file: ‘archive.tgz’,<BR> filter: (file, entry) => {<BR> if (entry.type === ‘SymbolicLink’) {<BR> return false<BR> } else {<BR> return true<BR> }<BR> }<BR>})<BR>“`<BR><BR>Users are encouraged to upgrade to the latest patched versions, rather than attempt to sanitize tar input themselves. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-qq89-hq3f-393p” TARGET=”_blank”>GHSA-qq89-hq3f-393p:tar</A> |
SCA | Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution<BR><BR>node-tar aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary stat calls to determine whether a given path is a directory, paths are cached when directories are created.<BR><BR>This logic was insufficient when extracting tar files that contained two directories and a symlink with names containing unicode values that normalized to the same value. Additionally, on Windows systems, long path portions would resolve to the same file system entities as their 8.3 "short path" counterparts. A specially crafted tar archive could thus include directories with two forms of the path that resolve to the same file system entity, followed by a symbolic link with a name in the first form, lastly followed by a file using the second form. It led to bypassing node-tar symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite.<BR><BR>The v3 branch of `node-tar` has been deprecated and did not receive patches for these issues. If you are still using a v3 release we recommend you update to a more recent version of `node-tar`. If this is not possible, a workaround is available below. | High |
| 980214 | Nodejs (npm) Security Update for yarn (GHSA-wqfc-cr59-h64p) | Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Data due to HTTP URLs in lockfile causing unencrypted authentication data to be sent over the network. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-wqfc-cr59-h64p” TARGET=”_blank”>GHSA-wqfc-cr59-h64p</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-wqfc-cr59-h64p” TARGET=”_blank”>GHSA-wqfc-cr59-h64p:yarn</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980228 | Nodejs (npm) Security Update for validator (GHSA-qgmg-gppg-76g5) | validator.js prior to 13.7.0 is vulnerable to Inefficient Regular Expression Complexity | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-qgmg-gppg-76g5″ TARGET=”_blank”>GHSA-qgmg-gppg-76g5</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-qgmg-gppg-76g5″ TARGET=”_blank”>GHSA-qgmg-gppg-76g5:validator</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 980257 | Java (maven) Security Update for io.netty:netty-codec (GHSA-9vjp-v76f-g363) | Security update has been released for io.netty:netty-codec to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-9vjp-v76f-g363″ TARGET=”_blank”>GHSA-9vjp-v76f-g363</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-9vjp-v76f-g363″ TARGET=”_blank”>GHSA-9vjp-v76f-g363:io.netty:netty-codec</A> |
SCA | All users of SnappyFrameDecoder are affected and so the application may be in risk for a DoS attach due excessive memory usage. | Medium |
| 980258 | Java (maven) Security Update for io.netty:netty-codec (GHSA-grg4-wf29-r9vv) | Security update has been released for io.netty:netty-codec to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-grg4-wf29-r9vv” TARGET=”_blank”>GHSA-grg4-wf29-r9vv</A> for updates pertaining to this vulnerability.Workaround:<BR>No workarounds other than not using the `Bzip2Decoder` <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-grg4-wf29-r9vv” TARGET=”_blank”>GHSA-grg4-wf29-r9vv:io.netty:netty-codec</A> |
SCA | The Bzip2 decompression decoder function doesn’t allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression).<BR><BR><BR>All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack | Medium |
| 980276 | Java (maven) Security Update for com.google.guava:guava (GHSA-5mg8-w23w-74h3) | A temp directory creation vulnerability exist in Guava versions prior to 30.0 allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava com.google.common.io.Files.createTempDir(). The permissions granted to the directory created default to the standard unix-like /tmp ones, leaving the files open. We recommend updating Guava to version 30.0 or later, or update to Java 7 or later, or to explicitly change the permissions after the creation of the directory if neither are possible. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-5mg8-w23w-74h3″ TARGET=”_blank”>GHSA-5mg8-w23w-74h3</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-5mg8-w23w-74h3″ TARGET=”_blank”>GHSA-5mg8-w23w-74h3:com.google.guava:guava</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 980298 | Nodejs (npm) Security Update for npm (GHSA-m6cx-g6qm-p2cx) | Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It fails to prevent access to folders outside of the intended node_modules folder through the bin field. A properly constructed entry in the package.json bin field would allow a package publisher to create files on a user’s system when the package is installed. It is only possible to affect files that the user running `npm install` has access to and it is not possible to over write files that already exist on disk.<BR><BR>This behavior is still possible through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.<BR><BR><BR>## Recommendation<BR><BR>Upgrade to version 6.13.3 or later. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-m6cx-g6qm-p2cx” TARGET=”_blank”>GHSA-m6cx-g6qm-p2cx</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-m6cx-g6qm-p2cx” TARGET=”_blank”>GHSA-m6cx-g6qm-p2cx:npm</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980302 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-95cm-88f5-f2c7) | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-95cm-88f5-f2c7″ TARGET=”_blank”>GHSA-95cm-88f5-f2c7</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-95cm-88f5-f2c7″ TARGET=”_blank”>GHSA-95cm-88f5-f2c7:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980304 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-5p34-5m6p-p58g) | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-5p34-5m6p-p58g” TARGET=”_blank”>GHSA-5p34-5m6p-p58g</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-5p34-5m6p-p58g” TARGET=”_blank”>GHSA-5p34-5m6p-p58g:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980305 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-q93h-jc49-78gg) | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-q93h-jc49-78gg” TARGET=”_blank”>GHSA-q93h-jc49-78gg</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-q93h-jc49-78gg” TARGET=”_blank”>GHSA-q93h-jc49-78gg:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980307 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-fqwf-pjwf-7vqv) | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-fqwf-pjwf-7vqv” TARGET=”_blank”>GHSA-fqwf-pjwf-7vqv</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-fqwf-pjwf-7vqv” TARGET=”_blank”>GHSA-fqwf-pjwf-7vqv:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 980308 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-p43x-xfjf-5jhr) | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-p43x-xfjf-5jhr” TARGET=”_blank”>GHSA-p43x-xfjf-5jhr</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-p43x-xfjf-5jhr” TARGET=”_blank”>GHSA-p43x-xfjf-5jhr:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980309 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-58pp-9c76-5625) | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-58pp-9c76-5625″ TARGET=”_blank”>GHSA-58pp-9c76-5625</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-58pp-9c76-5625″ TARGET=”_blank”>GHSA-58pp-9c76-5625:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980310 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-v3xw-c963-f5hc) | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-v3xw-c963-f5hc” TARGET=”_blank”>GHSA-v3xw-c963-f5hc</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-v3xw-c963-f5hc” TARGET=”_blank”>GHSA-v3xw-c963-f5hc:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980311 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-9vvp-fxw6-jcxr) | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-9vvp-fxw6-jcxr” TARGET=”_blank”>GHSA-9vvp-fxw6-jcxr</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-9vvp-fxw6-jcxr” TARGET=”_blank”>GHSA-9vvp-fxw6-jcxr:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980312 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-758m-v56v-grj4) | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-758m-v56v-grj4″ TARGET=”_blank”>GHSA-758m-v56v-grj4</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-758m-v56v-grj4″ TARGET=”_blank”>GHSA-758m-v56v-grj4:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980313 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-rf6r-2c4q-2vwg) | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-rf6r-2c4q-2vwg” TARGET=”_blank”>GHSA-rf6r-2c4q-2vwg</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-rf6r-2c4q-2vwg” TARGET=”_blank”>GHSA-rf6r-2c4q-2vwg:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980316 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-c2q3-4qrh-fm48) | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-c2q3-4qrh-fm48″ TARGET=”_blank”>GHSA-c2q3-4qrh-fm48</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-c2q3-4qrh-fm48″ TARGET=”_blank”>GHSA-c2q3-4qrh-fm48:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980317 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-j823-4qch-3rgm) | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-j823-4qch-3rgm” TARGET=”_blank”>GHSA-j823-4qch-3rgm</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-j823-4qch-3rgm” TARGET=”_blank”>GHSA-j823-4qch-3rgm:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980318 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-c265-37vj-cwcc) | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-c265-37vj-cwcc” TARGET=”_blank”>GHSA-c265-37vj-cwcc</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-c265-37vj-cwcc” TARGET=”_blank”>GHSA-c265-37vj-cwcc:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980320 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-mc6h-4qgp-37qh) | FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-mc6h-4qgp-37qh” TARGET=”_blank”>GHSA-mc6h-4qgp-37qh</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-mc6h-4qgp-37qh” TARGET=”_blank”>GHSA-mc6h-4qgp-37qh:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980328 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-288c-cq4h-88gq) | A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-288c-cq4h-88gq” TARGET=”_blank”>GHSA-288c-cq4h-88gq</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-288c-cq4h-88gq” TARGET=”_blank”>GHSA-288c-cq4h-88gq:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980333 | Java (maven) Security Update for io.netty:netty-codec-http (GHSA-5mcr-gq6c-3hq2) | Security update has been released for io.netty:netty-codec-http to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | This has been patched in version `4.1.59.Final`.Workaround:<BR>Specify your own `java.io.tmpdir` when you start the JVM or use `DefaultHttpDataFactory.setBaseDir(…)` to set the directory to something that is only readable by the current user. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-5mcr-gq6c-3hq2″ TARGET=”_blank”>GHSA-5mcr-gq6c-3hq2:io.netty:netty-codec-http</A> |
SCA | When netty’s multipart decoders are used local information disclosure can occur via the local system temporary directory if temporary storing uploads on the disk is enabled.<BR><BR>The CVSSv3.1 score of this vulnerability is calculated to be a [6.2/10](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator?vector=AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N&version=3.1) | Medium |
| 980351 | Java (maven) Security Update for commons-io:commons-io (GHSA-gwrp-pvrq-jmwv) | In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo", or "\..\foo", the result would be the same value, thus possibly providing access to files in the parent directory, but not further above (thus "limited" path traversal), if the calling code would use the result to construct a path value. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-gwrp-pvrq-jmwv” TARGET=”_blank”>GHSA-gwrp-pvrq-jmwv</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-gwrp-pvrq-jmwv” TARGET=”_blank”>GHSA-gwrp-pvrq-jmwv:commons-io:commons-io</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 980360 | Java (maven) Security Update for org.eclipse.jetty:jetty-server (GHSA-m6cp-vxjx-65j6) | Security update has been released for org.eclipse.jetty:jetty-server to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-m6cp-vxjx-65j6″ TARGET=”_blank”>GHSA-m6cp-vxjx-65j6</A> for updates pertaining to this vulnerability.Workaround:<BR>The application should catch all Throwables within their `SessionListener#sessionDestroyed()` implementations. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-m6cp-vxjx-65j6″ TARGET=”_blank”>GHSA-m6cp-vxjx-65j6:org.eclipse.jetty:jetty-server</A> |
SCA | If an exception is thrown from the `SessionListener#sessionDestroyed()` method, then the session ID is not invalidated in the session ID manager. On deployments with clustered sessions and multiple contexts this can result in a session not being invalidated. This can result in an application used on a shared computer being left logged in.<BR><BR>There is no known path for an attacker to induce such an exception to be thrown, thus they must rely on an application to throw such an exception. The OP has also identified that during the call to `sessionDestroyed`, the `getLastAccessedTime()` throws an `IllegalStateException`, which potentially contrary to the servlet spec, so applications calling this method may always throw and fail to log out. If such an application was only tested on a non clustered test environment, then it may be deployed on a clustered environment with multiple contexts and fail to log out. | Medium |
| 980365 | Nodejs (npm) Security Update for tar (GHSA-r628-mhmh-qjhw) | Security update has been released for tar to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | 3.2.3 || 4.4.15 || 5.0.7 || 6.1.2Workaround:<BR>Users may work around this vulnerability without upgrading by creating a custom `filter` method which prevents the extraction of symbolic links.<BR><BR>“`js<BR>const tar = require(‘tar’)<BR><BR>tar.x({<BR> file: ‘archive.tgz’,<BR> filter: (file, entry) => {<BR> if (entry.type === ‘SymbolicLink’) {<BR> return false<BR> } else {<BR> return true<BR> }<BR> }<BR>})<BR>“`<BR><BR>Users are encouraged to upgrade to the latest patch versions, rather than attempt to sanitize tar input themselves. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-r628-mhmh-qjhw” TARGET=”_blank”>GHSA-r628-mhmh-qjhw:tar</A> |
SCA | Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution<BR><BR>`node-tar` aims to guarantee that any file whose location would be modified by a symbolic link is not extracted. This is, in part, achieved by ensuring that extracted directories are not symlinks. Additionally, in order to prevent unnecessary `stat` calls to determine whether a given path is a directory, paths are cached when directories are created.<BR><BR>This logic was insufficient when extracting tar files that contained both a directory and a symlink with the same name as the directory. This order of operations resulted in the directory being created and added to the `node-tar` directory cache. When a directory is present in the directory cache, subsequent calls to mkdir for that directory are skipped. However, this is also where `node-tar` checks for symlinks occur.<BR><BR>By first creating a directory, and then replacing that directory with a symlink, it was thus possible to bypass `node-tar` symlink checks on directories, essentially allowing an untrusted tar file to symlink into an arbitrary location and subsequently extracting arbitrary files into that location, thus allowing arbitrary file creation and overwrite.<BR><BR>This issue was addressed in releases 3.2.3, 4.4.15, 5.0.7 and 6.1.2. | High |
| 980366 | Nodejs (npm) Security Update for tar (GHSA-3jfq-g458-7qm9) | Security update has been released for tar to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | 3.2.2 || 4.4.14 || 5.0.6 || 6.1.1<BR><BR>NOTE: an adjacent issue [CVE-2021-32803](https://github.com/npm/node-tar/security/advisories/GHSA-r628-mhmh-qjhw) affects this release level. Please ensure you update to the latest patch levels that address CVE-2021-32803 as well if this adjacent issue affects your `node-tar` use case.Workaround:<BR>Users may work around this vulnerability without upgrading by creating a custom `onentry` method which sanitizes the `entry.path` or a `filter` method which removes entries with absolute paths.<BR><BR>“`js<BR>const path = require(‘path’)<BR>const tar = require(‘tar’)<BR><BR>tar.x({<BR> file: ‘archive.tgz’,<BR> // either add this function…<BR> onentry: (entry) => {<BR> if (path.isAbsolute(entry.path)) {<BR> entry.path = sanitizeAbsolutePathSomehow(entry.path)<BR> entry.absolute = path.resolve(entry.path)<BR> }<BR> },<BR><BR> // or this one<BR> filter: (file, entry) => {<BR> if (path.isAbsolute(entry.path)) {<BR> return false<BR> } else {<BR> return true<BR> }<BR> }<BR>})<BR>“`<BR><BR>Users are encouraged to upgrade to the latest patch versions, rather than attempt to sanitize tar input themselves. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-3jfq-g458-7qm9″ TARGET=”_blank”>GHSA-3jfq-g458-7qm9:tar</A> |
SCA | Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution<BR><BR>`node-tar` aims to prevent extraction of absolute file paths by turning absolute paths into relative paths when the `preservePaths` flag is not set to `true`. This is achieved by stripping the absolute path root from any absolute file paths contained in a tar file. For example `/home/user/.bashrc` would turn into `home/user/.bashrc`. <BR><BR>This logic was insufficient when file paths contained repeated path roots such as `////home/user/.bashrc`. `node-tar` would only strip a single path root from such paths. When given an absolute file path with repeating path roots, the resulting path (e.g. `///home/user/.bashrc`) would still resolve to an absolute path, thus allowing arbitrary file creation and overwrite. | High |
| 980369 | Nodejs (npm) Security Update for tar (GHSA-5955-9wpr-37jh) | Security update has been released for tar to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | 4.4.18 || 5.0.10 || 6.1.9Workaround:<BR>There is no reasonable way to work around this issue without performing the same path normalization procedures that node-tar now does.<BR><BR>Users are encouraged to upgrade to the latest patched versions of node-tar, rather than attempt to sanitize paths themselves. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-5955-9wpr-37jh” TARGET=”_blank”>GHSA-5955-9wpr-37jh:tar</A> |
SCA | Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution<BR><BR>node-tar aims to guarantee that any file whose location would be outside of the extraction target directory is not extracted. This is, in part, accomplished by sanitizing absolute paths of entries within the archive, skipping archive entries that contain `..` path portions, and resolving the sanitized paths against the extraction target directory.<BR><BR>This logic was insufficient on Windows systems when extracting tar files that contained a path that was not an absolute path, but specified a drive letter different from the extraction target, such as `C:some\path`. If the drive letter does not match the extraction target, for example `D:\extraction\dir`, then the result of `path.resolve(extractionDirectory, entryPath)` would resolve against the current working directory on the `C:` drive, rather than the extraction target directory.<BR><BR>Additionally, a `..` portion of the path could occur immediately after the drive letter, such as `C:../foo`, and was not properly sanitized by the logic that checked for `..` within the normalized and split portions of the path.<BR><BR>This only affects users of `node-tar` on Windows systems. | High |
| 980391 | Go (go) Security Update for github.com/containerd/containerd (GHSA-c72p-9xmj-rx3w) | Security update has been released for github.com/containerd/containerd to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-c72p-9xmj-rx3w” TARGET=”_blank”>GHSA-c72p-9xmj-rx3w</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-c72p-9xmj-rx3w” TARGET=”_blank”>GHSA-c72p-9xmj-rx3w:github.com/containerd/containerd</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 980460 | Java (maven) Security Update for org.yaml:snakeyaml (GHSA-rvwf-54qp-4r6v) | The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-rvwf-54qp-4r6v” TARGET=”_blank”>GHSA-rvwf-54qp-4r6v</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-rvwf-54qp-4r6v” TARGET=”_blank”>GHSA-rvwf-54qp-4r6v:org.yaml:snakeyaml</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980499 | Nodejs (npm) Security Update for ansi-regex (GHSA-93q8-gq69-wqmw) | ansi-regex is vulnerable to Inefficient Regular Expression Complexity | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-93q8-gq69-wqmw” TARGET=”_blank”>GHSA-93q8-gq69-wqmw</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-93q8-gq69-wqmw” TARGET=”_blank”>GHSA-93q8-gq69-wqmw:ansi-regex</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 980518 | Go (go) Security Update for github.com/in-toto/in-toto-golang (GHSA-vrxp-mg9f-hwf3) | Security update has been released for github.com/in-toto/in-toto-golang to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | The problem has been fixed in version 0.3.0.Workaround:<BR>Exploiting this vulnerability is dependent on the specific policy applied. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-vrxp-mg9f-hwf3″ TARGET=”_blank”>GHSA-vrxp-mg9f-hwf3:github.com/in-toto/in-toto-golang</A> |
SCA | Authenticated attackers posing as functionaries (i.e., within a trusted set of users for a layout) are able to create attestations that may bypass DISALLOW rules in the same layout. An attacker with access to trusted private keys, may issue an attestation that contains a disallowed artifact by including path traversal semantics (e.g., foo vs dir/../foo). | Medium |
| 980649 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-qxxx-2pp7-5hmx) | A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-qxxx-2pp7-5hmx” TARGET=”_blank”>GHSA-qxxx-2pp7-5hmx</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-qxxx-2pp7-5hmx” TARGET=”_blank”>GHSA-qxxx-2pp7-5hmx:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980763 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-w3f4-3q6j-rh82) | FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-w3f4-3q6j-rh82″ TARGET=”_blank”>GHSA-w3f4-3q6j-rh82</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-w3f4-3q6j-rh82″ TARGET=”_blank”>GHSA-w3f4-3q6j-rh82:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 980885 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-rfx6-vp9g-rh7v) | FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the Spring libraries are available in the classpath. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-rfx6-vp9g-rh7v” TARGET=”_blank”>GHSA-rfx6-vp9g-rh7v</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-rfx6-vp9g-rh7v” TARGET=”_blank”>GHSA-rfx6-vp9g-rh7v:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981037 | Nodejs (npm) Security Update for deep-extend (GHSA-hr2v-3952-633q) | Versions of `deep-extend` before 0.5.1 are vulnerable to prototype pollution.<BR><BR><BR>## Recommendation<BR><BR>Update to version 0.5.1 or later. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-hr2v-3952-633q” TARGET=”_blank”>GHSA-hr2v-3952-633q</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-hr2v-3952-633q” TARGET=”_blank”>GHSA-hr2v-3952-633q:deep-extend</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981090 | Nodejs (npm) Security Update for tough-cookie (GHSA-g7q5-pjjr-gqvp) | Affected versions of `tough-cookie` are susceptible to a regular expression denial of service.<BR><BR>The amplification on this vulnerability is relatively low – it takes around 2 seconds for the engine to execute on a malicious input which is 50,000 characters in length.<BR><BR>If node was compiled using the `-DHTTP_MAX_HEADER_SIZE` however, the impact of the vulnerability can be significant, as the primary limitation for the vulnerability is the default max HTTP header length in node.<BR><BR><BR>## Recommendation<BR><BR>Update to version 2.3.3 or later. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-g7q5-pjjr-gqvp” TARGET=”_blank”>GHSA-g7q5-pjjr-gqvp</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-g7q5-pjjr-gqvp” TARGET=”_blank”>GHSA-g7q5-pjjr-gqvp:tough-cookie</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981196 | Nodejs (npm) Security Update for https-proxy-agent (GHSA-8g7p-74h8-hg48) | Versions of `https-proxy-agent` before 2.2.0 are vulnerable to denial of service. This is due to unsanitized options (proxy.auth) being passed to `Buffer()`.<BR><BR><BR>## Recommendation<BR><BR>Update to version 2.2.0 or later. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-8g7p-74h8-hg48″ TARGET=”_blank”>GHSA-8g7p-74h8-hg48</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-8g7p-74h8-hg48″ TARGET=”_blank”>GHSA-8g7p-74h8-hg48:https-proxy-agent</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981400 | Nodejs (npm) Security Update for ssri (GHSA-325j-24f4-qv5x) | Version of `ssri` prior to 5.2.2 are vulnerable to regular expression denial of service (ReDoS) when using strict mode.<BR><BR><BR>## Recommendation<BR><BR>Update to version 5.2.2 or later. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-325j-24f4-qv5x” TARGET=”_blank”>GHSA-325j-24f4-qv5x</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-325j-24f4-qv5x” TARGET=”_blank”>GHSA-325j-24f4-qv5x:ssri</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 981448 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-f3j5-rmmp-3fc5) | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-f3j5-rmmp-3fc5″ TARGET=”_blank”>GHSA-f3j5-rmmp-3fc5</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-f3j5-rmmp-3fc5″ TARGET=”_blank”>GHSA-f3j5-rmmp-3fc5:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981496 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-27xj-rqx5-2255) | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-27xj-rqx5-2255″ TARGET=”_blank”>GHSA-27xj-rqx5-2255</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-27xj-rqx5-2255″ TARGET=”_blank”>GHSA-27xj-rqx5-2255:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981500 | Java (maven) Security Update for io.netty:netty-handler (GHSA-p2v9-g2qv-p635) | HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-p2v9-g2qv-p635″ TARGET=”_blank”>GHSA-p2v9-g2qv-p635</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-p2v9-g2qv-p635″ TARGET=”_blank”>GHSA-p2v9-g2qv-p635:io.netty:netty-handler</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981501 | Nodejs (npm) Security Update for underscore (GHSA-cf4h-3jhx-xvhq) | The package `underscore` from 1.13.0-0 and before 1.13.0-2, from 1.3.2 and before 1.12.1 are vulnerable to Arbitrary Code Execution via the template function, particularly when a variable property is passed as an argument as it is not sanitized. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cf4h-3jhx-xvhq” TARGET=”_blank”>GHSA-cf4h-3jhx-xvhq</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-cf4h-3jhx-xvhq” TARGET=”_blank”>GHSA-cf4h-3jhx-xvhq:underscore</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981502 | Java (maven) Security Update for io.netty:netty-handler (GHSA-cqqj-4p63-rrmm) | HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invalid fold." | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cqqj-4p63-rrmm” TARGET=”_blank”>GHSA-cqqj-4p63-rrmm</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-cqqj-4p63-rrmm” TARGET=”_blank”>GHSA-cqqj-4p63-rrmm:io.netty:netty-handler</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981559 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-h4rc-386g-6m85) | FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly). | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-h4rc-386g-6m85″ TARGET=”_blank”>GHSA-h4rc-386g-6m85</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-h4rc-386g-6m85″ TARGET=”_blank”>GHSA-h4rc-386g-6m85:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981561 | Nodejs (npm) Security Update for https-proxy-agent (GHSA-pc5p-h8pf-mvwp) | Versions of `https-proxy-agent` prior to 2.2.3 are vulnerable to Machine-In-The-Middle. The package fails to enforce TLS on the socket if the proxy server responds the to the request with a HTTP status different than 200. This allows an attacker with access to the proxy server to intercept unencrypted communications, which may include sensitive information such as credentials.<BR><BR><BR>## Recommendation<BR><BR>Upgrade to version 3.0.0 or 2.2.3. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-pc5p-h8pf-mvwp” TARGET=”_blank”>GHSA-pc5p-h8pf-mvwp</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-pc5p-h8pf-mvwp” TARGET=”_blank”>GHSA-pc5p-h8pf-mvwp:https-proxy-agent</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 981582 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-4w82-r329-3q67) | FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demonstrated by org.apache.xbean.propertyeditor.JndiConverter. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-4w82-r329-3q67″ TARGET=”_blank”>GHSA-4w82-r329-3q67</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-4w82-r329-3q67″ TARGET=”_blank”>GHSA-4w82-r329-3q67:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981590 | Nodejs (npm) Security Update for yarn (GHSA-5xf4-f2fq-f69j) | In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted "bin" keys. Existing files could be overwritten depending on the current user permission set. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-5xf4-f2fq-f69j” TARGET=”_blank”>GHSA-5xf4-f2fq-f69j</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-5xf4-f2fq-f69j” TARGET=”_blank”>GHSA-5xf4-f2fq-f69j:yarn</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981649 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-h822-r4r5-v8jg) | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-h822-r4r5-v8jg” TARGET=”_blank”>GHSA-h822-r4r5-v8jg</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-h822-r4r5-v8jg” TARGET=”_blank”>GHSA-h822-r4r5-v8jg:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981650 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-85cw-hj65-qqv9) | A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-85cw-hj65-qqv9″ TARGET=”_blank”>GHSA-85cw-hj65-qqv9</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-85cw-hj65-qqv9″ TARGET=”_blank”>GHSA-85cw-hj65-qqv9:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981693 | Nodejs (npm) Security Update for mem (GHSA-4xcv-9jjx-gfj3) | Versions of `mem` prior to 4.0.0 are vulnerable to Denial of Service (DoS). The package fails to remove old values from the cache even after a value passes its `maxAge` property. This may allow attackers to exhaust the system’s memory if they are able to abuse the application logging.<BR><BR><BR>## Recommendation<BR><BR>Upgrade to version 4.0.0 or later. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-4xcv-9jjx-gfj3″ TARGET=”_blank”>GHSA-4xcv-9jjx-gfj3</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-4xcv-9jjx-gfj3″ TARGET=”_blank”>GHSA-4xcv-9jjx-gfj3:mem</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 981745 | DotNet (Nuget) Security Update for System.Text.RegularExpressions (GHSA-cmhx-cq75-c4mj) | A denial of service vulnerability exists when .NET Framework and .NET Core improperly process RegEx strings, aka ‘.NET Framework and .NET Core Denial of Service Vulnerability’. This CVE ID is unique from CVE-2019-0980, CVE-2019-0981. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cmhx-cq75-c4mj” TARGET=”_blank”>GHSA-cmhx-cq75-c4mj</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-cmhx-cq75-c4mj” TARGET=”_blank”>GHSA-cmhx-cq75-c4mj:System.Text.RegularExpressions</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 981772 | Nodejs (npm) Security Update for fstream (GHSA-xf7w-r453-m56c) | Versions of `fstream` prior to 1.0.12 are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system and a file that matches the hardlink will overwrite the system’s file with the contents of the extracted file. The `fstream.DirWriter()` function is vulnerable.<BR><BR><BR>## Recommendation<BR><BR>Upgrade to version 1.0.12 or later. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-xf7w-r453-m56c” TARGET=”_blank”>GHSA-xf7w-r453-m56c</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-xf7w-r453-m56c” TARGET=”_blank”>GHSA-xf7w-r453-m56c:fstream</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981780 | Java (maven) Security Update for org.hibernate.validator:hibernate-validator (GHSA-m8p2-495h-ccmh) | A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-m8p2-495h-ccmh” TARGET=”_blank”>GHSA-m8p2-495h-ccmh</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-m8p2-495h-ccmh” TARGET=”_blank”>GHSA-m8p2-495h-ccmh:org.hibernate.validator:hibernate-validator</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 981797 | Nodejs (npm) Security Update for tar (GHSA-j44m-qm6p-hp7m) | Versions of `tar` prior to 4.4.2 for 4.x and 2.2.2 for 2.x are vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink will overwrite the system’s file with the contents of the extracted file.<BR><BR><BR>## Recommendation<BR><BR>For tar 4.x, upgrade to version 4.4.2 or later.<BR>For tar 2.x, upgrade to version 2.2.2 or later. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-j44m-qm6p-hp7m” TARGET=”_blank”>GHSA-j44m-qm6p-hp7m</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-j44m-qm6p-hp7m” TARGET=”_blank”>GHSA-j44m-qm6p-hp7m:tar</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981798 | Nodejs (npm) Security Update for tar-fs (GHSA-x2mc-8fgj-3wmr) | A vulnerability was found in tar-fs before 1.16.2. An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-x2mc-8fgj-3wmr” TARGET=”_blank”>GHSA-x2mc-8fgj-3wmr</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-x2mc-8fgj-3wmr” TARGET=”_blank”>GHSA-x2mc-8fgj-3wmr:tar-fs</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981906 | Nodejs (npm) Security Update for yargs-parser (GHSA-p9pc-299p-vxgp) | Affected versions of `yargs-parser` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. <BR>Parsing the argument `–foo.__proto__.bar baz’` adds a `bar` property with value `baz` to all objects. This is only exploitable if attackers have control over the arguments being passed to `yargs-parser`.<BR><BR><BR><BR>## Recommendation<BR><BR>Upgrade to versions 13.1.2, 15.0.1, 18.1.1 or later. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-p9pc-299p-vxgp” TARGET=”_blank”>GHSA-p9pc-299p-vxgp</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-p9pc-299p-vxgp” TARGET=”_blank”>GHSA-p9pc-299p-vxgp:yargs-parser</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 981935 | Nodejs (npm) Security Update for minimist (GHSA-vh95-rmgr-6w4m) | Affected versions of `minimist` are vulnerable to prototype pollution. Arguments are not properly sanitized, allowing an attacker to modify the prototype of `Object`, causing the addition or modification of an existing property that will exist on all objects. <BR>Parsing the argument `–__proto__.y=Polluted` adds a `y` property with value `Polluted` to all objects. The argument `–__proto__=Polluted` raises and uncaught error and crashes the application. <BR>This is exploitable if attackers have control over the arguments being passed to `minimist`.<BR><BR><BR><BR>## Recommendation<BR><BR>Upgrade to versions 0.2.1, 1.2.3 or later. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-vh95-rmgr-6w4m” TARGET=”_blank”>GHSA-vh95-rmgr-6w4m</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-vh95-rmgr-6w4m” TARGET=”_blank”>GHSA-vh95-rmgr-6w4m:minimist</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 981949 | Java (maven) Security Update for net.minidev:json-smart-mini (GHSA-v528-7hrm-frqp) | An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-v528-7hrm-frqp” TARGET=”_blank”>GHSA-v528-7hrm-frqp</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-v528-7hrm-frqp” TARGET=”_blank”>GHSA-v528-7hrm-frqp:net.minidev:json-smart-mini</A><P> <A HREF=”https://github.com/advisories/GHSA-v528-7hrm-frqp” TARGET=”_blank”>GHSA-v528-7hrm-frqp:net.minidev:json-smart</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981950 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-gww7-p5w4-wrfv) | FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-gww7-p5w4-wrfv” TARGET=”_blank”>GHSA-gww7-p5w4-wrfv</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-gww7-p5w4-wrfv” TARGET=”_blank”>GHSA-gww7-p5w4-wrfv:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981964 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-gjmw-vf9h-g25v) | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-gjmw-vf9h-g25v” TARGET=”_blank”>GHSA-gjmw-vf9h-g25v</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-gjmw-vf9h-g25v” TARGET=”_blank”>GHSA-gjmw-vf9h-g25v:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 981966 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-fmmc-742q-jg75) | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-fmmc-742q-jg75″ TARGET=”_blank”>GHSA-fmmc-742q-jg75</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-fmmc-742q-jg75″ TARGET=”_blank”>GHSA-fmmc-742q-jg75:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982011 | Go (go) Security Update for github.com/opencontainers/runc (GHSA-c3xm-pvg7-gh7r) | Security update has been released for github.com/opencontainers/runc to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | This has been patched in runc 1.0.0-rc95, and users should upgrade as soon as<BR>possible. The patch itself can be found [here](https://github.com/opencontainers/runc/commit/0ca91f44f1664da834bc61115a849b56d22f595f).Workaround:<BR>There are no known workarounds for this issue.<BR><BR>However, users who enforce running containers with more confined security<BR>profiles (such as reduced capabilities, not running code as root in the<BR>container, user namespaces, AppArmor/SELinux, and seccomp) will restrict what<BR>an attacker can do in the case of a container breakout — we recommend users<BR>make use of strict security profiles if possible (most notably user namespaces<BR>– which can massively restrict the impact a container breakout can have on the<BR>host system). <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-c3xm-pvg7-gh7r” TARGET=”_blank”>GHSA-c3xm-pvg7-gh7r:github.com/opencontainers/runc</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982056 | Go (go) Security Update for go.mongodb.org/mongo-driver (GHSA-f6mq-5m25-4r72) | Specific cstrings input may not be properly validated in the MongoDB Go Driver when marshalling Go objects into BSON. A malicious user could use a Go object with specific string to potentially inject additional fields into marshalled documents. This issue affects all MongoDB GO Drivers up to (and including) 1.5.0. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-f6mq-5m25-4r72″ TARGET=”_blank”>GHSA-f6mq-5m25-4r72</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-f6mq-5m25-4r72″ TARGET=”_blank”>GHSA-f6mq-5m25-4r72:go.mongodb.org/mongo-driver</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 982091 | Java (maven) Security Update for org.glassfish.jersey.core:jersey-common (GHSA-c43q-5hpj-4crv) | Security update has been released for org.glassfish.jersey.core:jersey-common to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-c43q-5hpj-4crv” TARGET=”_blank”>GHSA-c43q-5hpj-4crv</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-c43q-5hpj-4crv” TARGET=”_blank”>GHSA-c43q-5hpj-4crv:org.glassfish.jersey.core:jersey-common</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 982245 | Nodejs (npm) Security Update for y18n (GHSA-c4w7-xm78-47vh) | Security update has been released for y18n to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-c4w7-xm78-47vh” TARGET=”_blank”>GHSA-c4w7-xm78-47vh</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-c4w7-xm78-47vh” TARGET=”_blank”>GHSA-c4w7-xm78-47vh:y18n</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982253 | Java (maven) Security Update for io.netty:netty-handler (GHSA-mm9x-g8pc-w292) | The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream. An attacker could send a large ZlibEncoded byte stream to the Netty server, forcing the server to allocate all of its free memory to a single decoder. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-mm9x-g8pc-w292″ TARGET=”_blank”>GHSA-mm9x-g8pc-w292</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-mm9x-g8pc-w292″ TARGET=”_blank”>GHSA-mm9x-g8pc-w292:io.netty:netty-handler</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982255 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-mx7p-6679-8g3q) | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the commons-dbcp (1.4) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of org.apache.commons.dbcp.datasources.SharedPoolDataSource and org.apache.commons.dbcp.datasources.PerUserPoolDataSource mishandling. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-mx7p-6679-8g3q” TARGET=”_blank”>GHSA-mx7p-6679-8g3q</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-mx7p-6679-8g3q” TARGET=”_blank”>GHSA-mx7p-6679-8g3q:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982256 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-6fpp-rgj9-8rwc) | SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-6fpp-rgj9-8rwc” TARGET=”_blank”>GHSA-6fpp-rgj9-8rwc</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-6fpp-rgj9-8rwc” TARGET=”_blank”>GHSA-6fpp-rgj9-8rwc:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982257 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-5ww9-j83m-q7qx) | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-5ww9-j83m-q7qx” TARGET=”_blank”>GHSA-5ww9-j83m-q7qx</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-5ww9-j83m-q7qx” TARGET=”_blank”>GHSA-5ww9-j83m-q7qx:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982277 | Nodejs (npm) Security Update for redis (GHSA-35q2-47q7-3pc3) | Security update has been released for redis to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | The problem was fixed in commit [`2d11b6d`](https://github.com/NodeRedis/node-redis/commit/2d11b6dc9b9774464a91fb4b448bad8bf699629e) and was released in version `3.1.1`. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-35q2-47q7-3pc3″ TARGET=”_blank”>GHSA-35q2-47q7-3pc3:redis</A> |
SCA | When a client is in monitoring mode, the regex begin used to detected monitor messages could cause exponential backtracking on some strings. This issue could lead to a denial of service. | High |
| 982280 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-cjjf-94ff-43w7) | An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cjjf-94ff-43w7″ TARGET=”_blank”>GHSA-cjjf-94ff-43w7</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-cjjf-94ff-43w7″ TARGET=”_blank”>GHSA-cjjf-94ff-43w7:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982281 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-645p-88qh-w398) | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-645p-88qh-w398″ TARGET=”_blank”>GHSA-645p-88qh-w398</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-645p-88qh-w398″ TARGET=”_blank”>GHSA-645p-88qh-w398:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982282 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-4gq5-ch57-c2mg) | FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-4gq5-ch57-c2mg” TARGET=”_blank”>GHSA-4gq5-ch57-c2mg</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-4gq5-ch57-c2mg” TARGET=”_blank”>GHSA-4gq5-ch57-c2mg:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982302 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-cggj-fvv3-cqwv) | FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 deserialization flaw. This is exploitable by sending maliciously crafted JSON input to the readValue method of the ObjectMapper, bypassing a blacklist that is ineffective if the c3p0 libraries are available in the classpath. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cggj-fvv3-cqwv” TARGET=”_blank”>GHSA-cggj-fvv3-cqwv</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-cggj-fvv3-cqwv” TARGET=”_blank”>GHSA-cggj-fvv3-cqwv:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982333 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-h592-38cm-4ggp) | A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-h592-38cm-4ggp” TARGET=”_blank”>GHSA-h592-38cm-4ggp</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-h592-38cm-4ggp” TARGET=”_blank”>GHSA-h592-38cm-4ggp:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982337 | Nodejs (npm) Security Update for hosted-git-info (GHSA-43f8-2h32-f4cj) | The npm package `hosted-git-info` before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular expression exhibits polynomial worst-case time complexity | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-43f8-2h32-f4cj” TARGET=”_blank”>GHSA-43f8-2h32-f4cj</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-43f8-2h32-f4cj” TARGET=”_blank”>GHSA-43f8-2h32-f4cj:hosted-git-info</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 982360 | Java (maven) Security Update for org.hibernate.validator:hibernate-validator (GHSA-rmrm-75hp-phr2) | A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-rmrm-75hp-phr2″ TARGET=”_blank”>GHSA-rmrm-75hp-phr2</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-rmrm-75hp-phr2″ TARGET=”_blank”>GHSA-rmrm-75hp-phr2:org.hibernate.validator:hibernate-validator</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 982383 | Go (go) Security Update for github.com/containerd/containerd/cmd (GHSA-36xw-fx78-c5r4) | Security update has been released for github.com/containerd/containerd/cmd,github.com/containerd/containerd to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-36xw-fx78-c5r4″ TARGET=”_blank”>GHSA-36xw-fx78-c5r4</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-36xw-fx78-c5r4″ TARGET=”_blank”>GHSA-36xw-fx78-c5r4:github.com/containerd/containerd/cmd</A><P> <A HREF=”https://github.com/advisories/GHSA-36xw-fx78-c5r4″ TARGET=”_blank”>GHSA-36xw-fx78-c5r4:github.com/containerd/containerd</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 982402 | Go (go) Security Update for github.com/ulikunitz/xz (GHSA-25xm-hr59-7c27) | Security update has been released for github.com/ulikunitz/xz to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | The problem has been fixed in release v0.5.8.Workaround:<BR>Limit the size of the compressed file input to a reasonable size for your use case. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-25xm-hr59-7c27″ TARGET=”_blank”>GHSA-25xm-hr59-7c27:github.com/ulikunitz/xz</A> |
SCA | The function readUvarint used to read the xz container format may not terminate a loop provide malicous input. | High |
| 982423 | Go (go) Security Update for github.com/Masterminds/goutils (GHSA-xg2h-wx96-xgxr) | Security update has been released for github.com/Masterminds/goutils to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | This issue has been corrected in v1.0.2.Workaround:<BR>If you cannot upgrade to v1.0.2, you can work around the issue by calling `RandomAlphaNumericCustom(N, true, true)`|`CryptoRandomAlphaNumericCustom(N, true, true)` instead. (Where `N` is the desired length, and `true` is the literal boolean `true`.) <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-xg2h-wx96-xgxr” TARGET=”_blank”>GHSA-xg2h-wx96-xgxr:github.com/Masterminds/goutils</A> |
SCA | A security-sensitive bug was discovered by Open Source Developer *Erik Sundell of Sundell Open Source Consulting AB*.<BR><BR>The functions `RandomAlphaNumeric(int)` and `CryptoRandomAlphaNumeric(int)` are not as random as they should be. Small values of `int` in the functions above will return a smaller subset of results than they should. For example, `RandomAlphaNumeric(1)` will always return a digit in the 0-9 range, while `RandomAlphaNumeric(4)` will return around ~7 million of the ~13M possible permutations.<BR><BR>This is considered a security release because programs that rely upon random generators for passwords are at an increased risk of brute force-style password guessing. There is also a higher probability of collision.<BR><BR>The problem was the result of a mistaken regular expression that only accepted random strings if they contained a digit from `[0-9]`. That restriction has been removed. | Medium |
| 982579 | Go (go) Security Update for golang.org/x/crypto (GHSA-ffhg-7mh4-33c4) | golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-ffhg-7mh4-33c4″ TARGET=”_blank”>GHSA-ffhg-7mh4-33c4</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-ffhg-7mh4-33c4″ TARGET=”_blank”>GHSA-ffhg-7mh4-33c4:golang.org/x/crypto</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 982611 | Nodejs (npm) Security Update for npm-user-validate (GHSA-pw54-mh39-w3hc) | This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-pw54-mh39-w3hc” TARGET=”_blank”>GHSA-pw54-mh39-w3hc</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-pw54-mh39-w3hc” TARGET=”_blank”>GHSA-pw54-mh39-w3hc:npm-user-validate</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982626 | Nodejs (npm) Security Update for dot-prop (GHSA-ff7x-qrg7-qggm) | Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-ff7x-qrg7-qggm” TARGET=”_blank”>GHSA-ff7x-qrg7-qggm</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-ff7x-qrg7-qggm” TARGET=”_blank”>GHSA-ff7x-qrg7-qggm:dot-prop</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982627 | Nodejs (npm) Security Update for bl (GHSA-pp7h-53gx-mx7r) | A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow an attacker to supply user input (even typed) that if it ends up in consume() argument and can become negative, the BufferList state can be corrupted, tricking it into exposing uninitialized memory via regular .slice() calls. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-pp7h-53gx-mx7r” TARGET=”_blank”>GHSA-pp7h-53gx-mx7r</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-pp7h-53gx-mx7r” TARGET=”_blank”>GHSA-pp7h-53gx-mx7r:bl</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982702 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-cf6r-3wgc-h863) | A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cf6r-3wgc-h863″ TARGET=”_blank”>GHSA-cf6r-3wgc-h863</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-cf6r-3wgc-h863″ TARGET=”_blank”>GHSA-cf6r-3wgc-h863:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982704 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-qr7j-h6gg-jmgc) | An issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.5. Use of Jackson default typing along with a gadget class from iBatis allows exfiltration of content. Fixed in 2.7.9.4, 2.8.11.2, and 2.9.6. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-qr7j-h6gg-jmgc” TARGET=”_blank”>GHSA-qr7j-h6gg-jmgc</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-qr7j-h6gg-jmgc” TARGET=”_blank”>GHSA-qr7j-h6gg-jmgc:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982705 | Nodejs (npm) Security Update for npm (GHSA-x8qc-rrcw-4r46) | Versions of the npm CLI prior to 6.13.3 are vulnerable to a symlink reference outside of node_modules. It is possible for packages to create symlinks to files outside of the`node_modules` folder through the `bin` field upon installation. A properly constructed entry in the package.json bin field would allow a package publisher to create a symlink pointing to arbitrary files on a users system when the package is installed. Only files accessible by the user running the `npm install` are affected. <BR><BR>This behavior is still possible through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.<BR><BR><BR>## Recommendation<BR><BR>Upgrade to version 6.13.3 or later. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-x8qc-rrcw-4r46″ TARGET=”_blank”>GHSA-x8qc-rrcw-4r46</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-x8qc-rrcw-4r46″ TARGET=”_blank”>GHSA-x8qc-rrcw-4r46:npm</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982711 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-5949-rw7g-wx7w) | A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-5949-rw7g-wx7w” TARGET=”_blank”>GHSA-5949-rw7g-wx7w</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-5949-rw7g-wx7w” TARGET=”_blank”>GHSA-5949-rw7g-wx7w:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982715 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-mph4-vhrx-mv67) | FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-mph4-vhrx-mv67″ TARGET=”_blank”>GHSA-mph4-vhrx-mv67</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-mph4-vhrx-mv67″ TARGET=”_blank”>GHSA-mph4-vhrx-mv67:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 982716 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-cmfg-87vq-g5g4) | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cmfg-87vq-g5g4″ TARGET=”_blank”>GHSA-cmfg-87vq-g5g4</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-cmfg-87vq-g5g4″ TARGET=”_blank”>GHSA-cmfg-87vq-g5g4:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 982798 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-gwp4-hfv6-p7hw) | A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-gwp4-hfv6-p7hw” TARGET=”_blank”>GHSA-gwp4-hfv6-p7hw</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-gwp4-hfv6-p7hw” TARGET=”_blank”>GHSA-gwp4-hfv6-p7hw:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982904 | Nodejs (npm) Security Update for stringstream (GHSA-mf6x-7mm4-x2g7) | All versions of `stringstream` are vulnerable to out-of-bounds read as it allocates uninitialized Buffers when number is passed in input stream on Node.js 4.x and below.<BR><BR><BR>## Recommendation<BR><BR>No fix is currently available for this vulnerability. It is our recommendation to not install or use this module if user input is being passed in to `stringstream`. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-mf6x-7mm4-x2g7″ TARGET=”_blank”>GHSA-mf6x-7mm4-x2g7</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-mf6x-7mm4-x2g7″ TARGET=”_blank”>GHSA-mf6x-7mm4-x2g7:stringstream</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 982937 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-qmqc-x3r4-6v39) | A flaw was discovered in FasterXML jackson-databind in all versions before 2.9.10 and 2.10.0, where it would permit polymorphic deserialization of malicious objects using the xalan JNDI gadget when used in conjunction with polymorphic type handling methods such as `enableDefaultTyping()` or when @JsonTypeInfo is using `Id.CLASS` or `Id.MINIMAL_CLASS` or in any other way which ObjectMapper.readValue might instantiate objects from unsafe sources. An attacker could use this flaw to execute arbitrary code. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-qmqc-x3r4-6v39″ TARGET=”_blank”>GHSA-qmqc-x3r4-6v39</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-qmqc-x3r4-6v39″ TARGET=”_blank”>GHSA-qmqc-x3r4-6v39:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 982991 | Nodejs (npm) Security Update for npm (GHSA-93f3-23rq-pjfp) | Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like `<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>`. The password value is not redacted and is printed to stdout and also to any generated log files. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-93f3-23rq-pjfp” TARGET=”_blank”>GHSA-93f3-23rq-pjfp</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-93f3-23rq-pjfp” TARGET=”_blank”>GHSA-93f3-23rq-pjfp:npm</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 983066 | Nodejs (npm) Security Update for npm (GHSA-4328-8hgf-7wjr) | Versions of the npm CLI prior to 6.13.4 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. <BR><BR>For example, if a package was installed globally and created a `serve` binary, any subsequent installs of packages that also create a `serve` binary would overwrite the first binary. This will not overwrite system binaries but only binaries put into the global node_modules directory.<BR><BR>This behavior is still allowed in local installations and also through install scripts. This vulnerability bypasses a user using the –ignore-scripts install option.<BR><BR><BR>## Recommendation<BR><BR>Upgrade to version 6.13.4 or later. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-4328-8hgf-7wjr” TARGET=”_blank”>GHSA-4328-8hgf-7wjr</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-4328-8hgf-7wjr” TARGET=”_blank”>GHSA-4328-8hgf-7wjr:npm</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 983209 | Nodejs (npm) Security Update for node-fetch (GHSA-w7rc-rwvf-8q5r) | Security update has been released for node-fetch to fix the vulnerability.<BR><BR>Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. | We released patched versions for both stable and beta channels:<BR><BR>- For `v2`: 2.6.1<BR>- For `v3`: 3.0.0-beta.9Workaround:<BR>None, it is strongly recommended to update as soon as possible. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-w7rc-rwvf-8q5r” TARGET=”_blank”>GHSA-w7rc-rwvf-8q5r:node-fetch</A> |
SCA | Node Fetch did not honor the `size` option after following a redirect, which means that when a content size was over the limit, a `FetchError` would never get thrown and the process would end without failure.<BR><BR>For most people, this fix will have a little or no impact. However, if you are relying on node-fetch to gate files above a size, the impact could be significant, for example: If you don’t double-check the size of the data after `fetch()` has completed, your JS thread could get tied up doing work on a large file (DoS) and/or cost you money in computing. | Medium |
| 983258 | Nodejs (npm) Security Update for npm-user-validate (GHSA-xgh6-85xh-479p) | `npm-user-validate` before version `1.0.1` is vulnerable to a Regular Expression Denial of Service (REDos). The regex that validates user emails took exponentially longer to process long input strings beginning with `@` characters.<BR><BR> | The issue is patched in version 1.0.1 by improving the regular expression used and also enforcing a 254 character limit.Workaround:<BR>Restrict the character length to a reasonable degree before passing a value to `.emal()`; Also, consider doing a more rigorous sanitizing/validation beforehand. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-xgh6-85xh-479p” TARGET=”_blank”>GHSA-xgh6-85xh-479p:npm-user-validate</A> |
SCA | The issue affects the `email` function. If you use this function to process arbitrary user input with no character limit the application may be susceptible to Denial of Service. | Medium |
| 983306 | Nodejs (npm) Security Update for http-proxy-agent (GHSA-8w57-jfpm-945m) | Versions of `http-proxy-agent` before 2.1.0 are vulnerable to denial of service and uninitialized memory leak when unsanitized options are passed to `Buffer`.<BR><BR><BR>## Recommendation<BR><BR>Update to version 2.1.0 or later. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-8w57-jfpm-945m” TARGET=”_blank”>GHSA-8w57-jfpm-945m</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-8w57-jfpm-945m” TARGET=”_blank”>GHSA-8w57-jfpm-945m:http-proxy-agent</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 983409 | Nodejs (npm) Security Update for sshpk (GHSA-2m39-62fm-q8r3) | Versions of `sshpk` before 1.13.2 or 1.14.1 are vulnerable to regular expression denial of service when parsing crafted invalid public keys.<BR><BR><BR>## Recommendation<BR><BR>Update to version 1.13.2, 1.14.1 or later. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-2m39-62fm-q8r3″ TARGET=”_blank”>GHSA-2m39-62fm-q8r3</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-2m39-62fm-q8r3″ TARGET=”_blank”>GHSA-2m39-62fm-q8r3:sshpk</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 983759 | Nodejs (npm) Security Update for cryptiles (GHSA-rq8g-5pc5-wrhr) | Versions of `cryptiles` prior to 4.1.2 are vulnerable to Insufficient Entropy. The `randomDigits()` method does not provide sufficient entropy and its generates digits that are not evenly distributed.
## Recommendation Upgrade to version 4.1.2. The package is deprecated and has been moved to `@hapi/cryptiles` and it is strongly recommended to use the maintained package. |
Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-rq8g-5pc5-wrhr” TARGET=”_blank”>GHSA-rq8g-5pc5-wrhr</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-rq8g-5pc5-wrhr” TARGET=”_blank”>GHSA-rq8g-5pc5-wrhr:cryptiles</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 983801 | Nodejs (npm) Security Update for ini (GHSA-qqgx-2p2h-9c37) | Security update has been released for ini to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. |
This has been patched in 1.3.6 <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-qqgx-2p2h-9c37″ TARGET=”_blank”>GHSA-qqgx-2p2h-9c37:ini</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 983966 | Nodejs (npm) Security Update for morgan (GHSA-gwg9-rgvj-4h5j) | Verisons of `morgan` before 1.9.1 are vulnerable to code injection when user input is allowed into the filter or combined with a prototype pollution attack.
## Recommendation Update to version 1.9.1 or later. |
Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-gwg9-rgvj-4h5j” TARGET=”_blank”>GHSA-gwg9-rgvj-4h5j</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-gwg9-rgvj-4h5j” TARGET=”_blank”>GHSA-gwg9-rgvj-4h5j:morgan</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 983967 | Nodejs (npm) Security Update for debug (GHSA-gxpj-cx7g-858c) | Affected versions of `debug` are vulnerable to regular expression denial of service when untrusted user input is passed into the `o` formatter.
As it takes 50,000 characters to block the event loop for 2 seconds, this issue is a low severity issue. ## Recommendation Version 2.x.x: Update to version 2.6.9 or later. |
Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-gxpj-cx7g-858c” TARGET=”_blank”>GHSA-gxpj-cx7g-858c</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-gxpj-cx7g-858c” TARGET=”_blank”>GHSA-gxpj-cx7g-858c:debug</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 983993 | Nodejs (npm) Security Update for hoek (GHSA-jp4x-w63m-7wgm) | Versions of `hoek` prior to 4.2.1 and 5.0.3 are vulnerable to prototype pollution.
The `merge` function, and the `applyToDefaults` and `applyToDefaultsWithShallow` functions which leverage `merge` behind the scenes, are vulnerable to a prototype pollution attack when provided an _unvalidated_ payload created from a JSON string containing the `__proto__` property. This can be demonstrated like so: “`javascript var a = {}; This type of attack can be used to overwrite existing properties causing a potential denial of service. ## Recommendation Update to version 4.2.1, 5.0.3 or later. |
Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-jp4x-w63m-7wgm” TARGET=”_blank”>GHSA-jp4x-w63m-7wgm</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-jp4x-w63m-7wgm” TARGET=”_blank”>GHSA-jp4x-w63m-7wgm:hoek</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 984035 | Nodejs (npm) Security Update for extend (GHSA-qrmc-fj45-qfc2) | Versions of `extend` prior to 3.0.2 (for 3.x) and 2.0.2 (for 2.x) are vulnerable to Prototype Pollution. The `extend()` function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects.
## Recommendation If you’re using `extend` 3.x upgrade to 3.0.2 or later. |
Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-qrmc-fj45-qfc2″ TARGET=”_blank”>GHSA-qrmc-fj45-qfc2</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-qrmc-fj45-qfc2″ TARGET=”_blank”>GHSA-qrmc-fj45-qfc2:extend</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 984157 | Java (maven) Security Update for org.apache.logging.log4j:log4j-api (GHSA-jfh8-c2jp-5v3q) | Security update has been released for org.apache.logging.log4j:log4j-core,org.apache.logging.log4j:log4j-api to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. |
Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-jfh8-c2jp-5v3q” TARGET=”_blank”>GHSA-jfh8-c2jp-5v3q</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-jfh8-c2jp-5v3q” TARGET=”_blank”>GHSA-jfh8-c2jp-5v3q:org.apache.logging.log4j:log4j-core</A><P> <A HREF=”https://github.com/advisories/GHSA-jfh8-c2jp-5v3q” TARGET=”_blank”>GHSA-jfh8-c2jp-5v3q:org.apache.logging.log4j:log4j-api</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 984174 | Go (go) Security Update for github.com/open-policy-agent/opa (GHSA-2m4x-4q9j-w97g) | An issue in the AST parser (ast/compile.go) of Open Policy Agent v0.10.2 allows attackers to cause a Denial of Service (DoS) via a crafted input. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-2m4x-4q9j-w97g” TARGET=”_blank”>GHSA-2m4x-4q9j-w97g</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-2m4x-4q9j-w97g” TARGET=”_blank”>GHSA-2m4x-4q9j-w97g:github.com/open-policy-agent/opa</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 984403 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-rpr3-cw39-3pxh) | The com.fasterxml.jackson.core:jackson-databind library before versions 2.9.10.4 is vulnerable to an Unsafe Deserialization vulnerability when handling interactions related to the class `ignite-jta`. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-rpr3-cw39-3pxh” TARGET=”_blank”>GHSA-rpr3-cw39-3pxh</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-rpr3-cw39-3pxh” TARGET=”_blank”>GHSA-rpr3-cw39-3pxh:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 984586 | Java (maven) Security Update for org.apache.hadoop:hadoop-common (GHSA-rmpj-7c96-mrg8) | There is a potential heap buffer overflow in Apache Hadoop libhdfs native code. Opening a file path provided by user without validation may result in a denial of service or arbitrary code execution. Users should upgrade to Apache Hadoop 2.10.2, 3.2.3, 3.3.2 or higher. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-rmpj-7c96-mrg8″ TARGET=”_blank”>GHSA-rmpj-7c96-mrg8</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-rmpj-7c96-mrg8″ TARGET=”_blank”>GHSA-rmpj-7c96-mrg8:org.apache.hadoop:hadoop-common</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 984587 | Java (maven) Security Update for org.eclipse.jetty.http2:http2-server (GHSA-wgmr-mf83-7x4j) | Invalid HTTP/2 requests (for example, invalid URIs) are incorrectly handled by writing a blocking error response directly from the selector thread. If the client manages to exhaust the HTTP/2 flow control window, or TCP congest the connection, the selector thread will be blocked trying to write the error response. If this is repeated for all the selector threads, the server becomes unresponsive, causing the denial of service. |
The fix is available in Jetty versions 9.4.47. 10.0.10, 11.0.10.Workaround:<BR>No workaround available within Jetty itself. One possible workaround is to filter the requests before sending them to Jetty (for example in a proxy) <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-wgmr-mf83-7x4j” TARGET=”_blank”>GHSA-wgmr-mf83-7x4j:org.eclipse.jetty.http2:http2-server</A> |
SCA | A malicious client may render the server unresponsive. | High |
| 984588 | Java (maven) Security Update for org.eclipse.jetty:jetty-http (GHSA-cj7v-27pg-wf7q) | URI use within Jetty’s `HttpURI` class can parse invalid URIs such as `http://localhost;/path` as having an authority with a host of `localhost;`.
A URIs of the type `http://localhost;/path` should be interpreted to be either invalid or as `localhost;` to be the userinfo and no host. |
Patched in PR [#8146](https://github.com/eclipse/jetty.project/pull/8146) for Jetty version 9.4.47. Patched in PR [#8014](https://github.com/eclipse/jetty.project/pull/8015) for Jetty versions 10.0.10, and 11.0.10Workaround:<BR>None. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-cj7v-27pg-wf7q” TARGET=”_blank”>GHSA-cj7v-27pg-wf7q:org.eclipse.jetty:jetty-http</A> |
SCA | This can lead to errors with Jetty’s `HttpClient`, and Jetty’s `ProxyServlet` / `AsyncProxyServlet` / `AsyncMiddleManServlet` wrongly interpreting an authority with no host as one with a host. | Medium |
| 984720 | Go (go) Security Update for github.com/containerd/containerd (GHSA-5ffw-gxpp-mxpf) | Security update has been released for github.com/containerd/containerd to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. |
This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue.Workaround:<BR>Ensure that only trusted images and commands are used. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-5ffw-gxpp-mxpf” TARGET=”_blank”>GHSA-5ffw-gxpp-mxpf:github.com/containerd/containerd</A> |
SCA | A bug was found in containerd’s CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd’s CRI implementation; `ExecSync` may be used when running probes or when executing processes via an "exec" facility. | Medium |
| 984734 | Go (go) Security Update for github.com/hashicorp/go-getter (GHSA-fcgg-rvwg-jv58) | HashiCorp go-getter through 2.0.2 does not safely perform downloads. Protocol switching, endless redirect, and configuration bypass were possible via abuse of custom HTTP response header processing. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-fcgg-rvwg-jv58″ TARGET=”_blank”>GHSA-fcgg-rvwg-jv58</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-fcgg-rvwg-jv58″ TARGET=”_blank”>GHSA-fcgg-rvwg-jv58:github.com/hashicorp/go-getter</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 984735 | Go (go) Security Update for github.com/hashicorp/go-getter (GHSA-cjr4-fv6c-f3mv) | HashiCorp go-getter through 2.0.2 does not safely perform downloads. Arbitrary host access was possible via go-getter path traversal, symlink processing, and command injection flaws. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-cjr4-fv6c-f3mv” TARGET=”_blank”>GHSA-cjr4-fv6c-f3mv</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-cjr4-fv6c-f3mv” TARGET=”_blank”>GHSA-cjr4-fv6c-f3mv:github.com/hashicorp/go-getter</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 984745 | Go (go) Security Update for github.com/opencontainers/runc (GHSA-f3fp-gc8g-vw66) | Security update has been released for github.com/opencontainers/runc to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. |
This bug has been fixed in runc 1.1.2. Users should update to this version as soon as possible.
This fix changes `runc exec –cap` behavior such that the additional capabilities granted to the process being executed (as specified via `–cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file. |
SCA | A bug was found in runc where `runc exec –cap` executed processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2).
This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container’s bounding set. |
Medium |
| 984751 | Go (go) Security Update for github.com/hashicorp/go-getter (GHSA-27rq-4943-qcwp) | The Hashicorp go-getter library before 1.5.11 could write SSH credentials into its logfile, exposing sensitive credentials to local users able to read the logfile. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-27rq-4943-qcwp” TARGET=”_blank”>GHSA-27rq-4943-qcwp</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-27rq-4943-qcwp” TARGET=”_blank”>GHSA-27rq-4943-qcwp:github.com/hashicorp/go-getter</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 984753 | Go (go) Security Update for github.com/hashicorp/go-getter (GHSA-28r2-q6m8-9hpx) | HashiCorp go-getter through 2.0.2 does not safely perform downloads. Asymmetric resource exhaustion could occur when go-getter processed malicious HTTP responses. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-28r2-q6m8-9hpx” TARGET=”_blank”>GHSA-28r2-q6m8-9hpx</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-28r2-q6m8-9hpx” TARGET=”_blank”>GHSA-28r2-q6m8-9hpx:github.com/hashicorp/go-getter</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 984754 | Go (go) Security Update for github.com/hashicorp/go-getter (GHSA-x24g-9w7v-vprh) | HashiCorp go-getter before 2.0.2 allows Command Injection. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-x24g-9w7v-vprh” TARGET=”_blank”>GHSA-x24g-9w7v-vprh</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-x24g-9w7v-vprh” TARGET=”_blank”>GHSA-x24g-9w7v-vprh:github.com/hashicorp/go-getter</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 984755 | Go (go) Security Update for github.com/open-policy-agent/opa (GHSA-x7f3-62pm-9p38) | An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-x7f3-62pm-9p38″ TARGET=”_blank”>GHSA-x7f3-62pm-9p38</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-x7f3-62pm-9p38″ TARGET=”_blank”>GHSA-x7f3-62pm-9p38:github.com/open-policy-agent/opa</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 985246 | Go (go) Security Update for github.com/Masterminds/vcs (GHSA-6635-c626-vj4r) | URLs and local file paths passed to the Mercurial (hg) APIs that are specially crafted can contain commands which are executed by Mercurial if it is installed on the host operating system. The `vcs` package uses the underly version control system, in this case `hg`, to implement the needed functionality. When `hg` is executed, argument strings are passed to `hg` in a way that additional flags can be set. The additional flags can be used to perform a command injection. Other version control systems with an implemented interface may also be vulnerable. The issue has been fixed in version 1.13.2. A work around is to sanitize data passed to the `vcs` package APIs to ensure it does not contain commands or unexpected data. This is important for user input data that is passed directly to the package APIs. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-6635-c626-vj4r” TARGET=”_blank”>GHSA-6635-c626-vj4r</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-6635-c626-vj4r” TARGET=”_blank”>GHSA-6635-c626-vj4r:github.com/Masterminds/vcs</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 985252 | Go (go) Security Update for github.com/containerd/containerd (GHSA-crp2-qrr5-8pq7) | Security update has been released for github.com/containerd/containerd to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. |
This bug has been fixed in containerd 1.6.1, 1.5.10 and 1.4.13. Users should update to these versions to resolve the issue.Workaround:<BR>Ensure that only trusted images are used. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-crp2-qrr5-8pq7″ TARGET=”_blank”>GHSA-crp2-qrr5-8pq7:github.com/containerd/containerd</A> |
SCA | A bug was found in containerd where containers launched through containerds CRI implementation with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerds CRI implementation. | High |
| 985292 | Go (go) Security Update for github.com/opencontainers/runc (GHSA-v95c-p5hm-xq8f) | Security update has been released for github.com/opencontainers/runc to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. |
The patch for this is d72d057ba794164c3cce9451a00b72a78b25e1ae and runc 1.0.3 was released with this bug fixed.Workaround:<BR>To the extent this is exploitable, disallowing untrusted namespace paths in container configuration should eliminate all practical ways of exploiting this bug. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-v95c-p5hm-xq8f” TARGET=”_blank”>GHSA-v95c-p5hm-xq8f:github.com/opencontainers/runc</A> |
SCA | In runc, [netlink](https://www.man7.org/linux/man-pages/man7/netlink.7.html) is used internally as a serialization system for specifying the relevant container configuration to the C portion of our code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration.
This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. Prior to 9c444070ec7bb83995dbc0185da68284da71c554, in practice it was fairly difficult to specify an arbitrary-length netlink message with most container runtimes. The only user-controlled byte array was the namespace paths attributes which can be specified in runc’s `config.json`, but as far as we can tell no container runtime gives raw access to that configuration setting — and having raw access to that setting **would allow the attacker to disable namespace protections entirely anyway** (setting them to `/proc/1/ns/…` for instance). In addition, each namespace path is limited to 4096 bytes (with only 7 namespaces supported by runc at the moment) meaning that even with custom namespace paths it appears an attacker still cannot shove enough bytes into the netlink bytemsg in order to overflow the uint16 counter. However, out of an abundance of caution (given how old this bug is) we decided to treat it as a potentially exploitable vulnerability with a low severity. After 9c444070ec7bb83995dbc0185da68284da71c554 (which was not present in any release of runc prior to the discovery of this bug), all mount paths are included as a giant netlink message which means that this bug becomes significantly more exploitable in more reasonable threat scenarios. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure), though as mentioned above it appears this bug was not practically exploitable on any released version of runc to date. |
Medium |
| 985293 | Go (go) Security Update for github.com/docker/distribution (GHSA-qq97-vm5h-rrhg) | Security update has been released for github.com/docker/distribution to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. |
Upgrade to at least `v2.8.0-beta.1` if you are running `v2.x` release. If you use the code from the `main` branch, update at least to the commit after [b59a6f827947f9e0e67df0cfb571046de4733586](https://github.com/distribution/distribution/commit/b59a6f827947f9e0e67df0cfb571046de4733586).Workaround:<BR>There is no way to work around this issue without patching. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-qq97-vm5h-rrhg” TARGET=”_blank”>GHSA-qq97-vm5h-rrhg:github.com/docker/distribution</A> |
SCA | Systems that rely on digest equivalence for image attestations may be vulnerable to type confusion. | Medium |
| 985298 | Go (go) Security Update for github.com/deislabs/oras (GHSA-g5v4-5×39-vwhx) | Security update has been released for github.com/deislabs/oras to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. |
The problem has been patched by the PR linked with this advisory. Users should upgrade their `oras` CLI and packages to `0.9.0`.Workaround:<BR>For `oras` CLI users, there is no workarounds other than pulling from a trusted artifact provider.
For `oras` package users, the workaround is to not use `github.com/deislabs/oras/pkg/content.FileStore`, and use other content stores instead, or pull from a trusted artifact provider. |
SCA | The directory support (#55) allows the downloaded gzipped tarballs to be automatically extracted to the user-specified directory where the tarball can have symbolic links and hard links.
A well-crafted tarball or tarballs allow malicious artifact providers linking, writing, or overwriting specific files on the host filesystem outside of the user-specified directory unexpectedly with the same permissions as the user who runs `oras pull`. Precisely, the following users of the affected versions are impacted |
High |
| 985314 | Go (go) Security Update for github.com/opencontainers/runc (GHSA-g54h-m393-cpwq) | Security update has been released for github.com/opencontainers/runc to fix the vulnerability.
Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. |
This issue has been fixed in [a patch that was part of a larger rework of the devices cgroup code in runc](https://github.com/opencontainers/runc/pull/2391) — which lead to the discovery of this security bug. Users should upgrade to 1.0.0-rc91 as soon as it is released, or wait for your distribution to backport the relevant fixes.Workaround:<BR>If you are using `runc` directly, ensure that there is a deny-all entry at the beginning of `linux.resources.devices` — such an entry would look like `{"allow": false, "permissions": "rwm"}` (all other fields are ignored, though `type` must be set to `"a"` or `null` if it is present).
Users which consume `runc` through another program should check whether their containers are operating under a white-list — this can be done by reading `/sys/fs/cgroup/devices/devices.list` inside the container. If the file contains only the entry `a *:* rwm` (meaning the cgroup is in black-list mode, which likely means "allow all device access") then your containers are vulnerable to this issue. As always, we recommend **in the strongest possible terms** that all of our users enable user namespaces on all of their workloads (or pressure their vendors to do so). User namespaces are one of the most significant defense-in-depth protections you can enable for containers, and have prevented many container-related vulnerabilities (both kernel 0days as well as bugs in container runtimes, such as this one). |
SCA | Contrary to the [OCI runtime specification](https://github.com/opencontainers/runtime-spec/blob/v1.0.2/config-linux.md#device-whitelist), `runc`’s implementation of the `linux.resources.devices` list was a black-list by default. This means that users who created their own `config.json` objects and didn’t prefix a deny-all rule (`{"allow": false, "permissions": "rwm"}` or equivalent) were not provided protection by the `devices` cgroup. This would allow malicious containers (with sufficient privileges) to create arbitrary device inodes (assuming they have `CAP_MKNOD`) and operate on any device inodes they may have access to (assuming they have regular Unix DAC permissions).
However, most (if not all) programs that make use of `runc` include this deny-all rule. This was most likely added before the specification mandated a white-list of devices, and the fact that all programs wrote their own deny-all rule obscured the existence of this bug for several years. In fact, even the specification’s examples include a default deny-all rule! We therefore believe that while this is a security bug (and has been fixed as such), it was almost certainly not exploitable in the wild due to the inclusion of default deny-all rules by all known users of `runc` — hence why this advisory has low severity. |
Medium |
| 985380 | Go (go) Security Update for github.com/valyala/fasthttp (GHSA-fx95-883v-4q4h) | The package github.com/valyala/fasthttp before 1.34.0 is vulnerable to Directory Traversal via the ServeFile function, due to improper sanitization. It is possible to be exploited by using a backslash %5c character in the path. **Note:** This security issue impacts Windows users only. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-fx95-883v-4q4h” TARGET=”_blank”>GHSA-fx95-883v-4q4h</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-fx95-883v-4q4h” TARGET=”_blank”>GHSA-fx95-883v-4q4h:github.com/valyala/fasthttp</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 985381 | Go (go) Security Update for github.com/gogo/protobuf (GHSA-c3h9-896r-86jm) | An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the "skippy peanut butter" issue. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-c3h9-896r-86jm” TARGET=”_blank”>GHSA-c3h9-896r-86jm</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-c3h9-896r-86jm” TARGET=”_blank”>GHSA-c3h9-896r-86jm:github.com/gogo/protobuf</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 985399 | Go (go) Security Update for github.com/opencontainers/runc (GHSA-fgv8-vj5c-2ppq) | runc through 1.0.0-rc8, as used in Docker through 19.03.2-ce and other products, allows AppArmor restriction bypass because libcontainer/rootfs_linux.go incorrectly checks mount targets, and thus a malicious Docker image can mount over a /proc directory. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-fgv8-vj5c-2ppq” TARGET=”_blank”>GHSA-fgv8-vj5c-2ppq</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-fgv8-vj5c-2ppq” TARGET=”_blank”>GHSA-fgv8-vj5c-2ppq:github.com/opencontainers/runc</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 985404 | Go (go) Security Update for github.com/docker/docker (GHSA-g7v2-2qxx-wjrw) | Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor passed to the pid-1 process before performing the chroot, which allows local users to gain privileges via a symlink attack in an image. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-g7v2-2qxx-wjrw” TARGET=”_blank”>GHSA-g7v2-2qxx-wjrw</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-g7v2-2qxx-wjrw” TARGET=”_blank”>GHSA-g7v2-2qxx-wjrw:github.com/docker/docker</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 985432 | Go (go) Security Update for github.com/opencontainers/runc (GHSA-gp4j-w3vj-7299) | RunC allowed additional container processes via ‘runc exec’ to be ptraced by the pid 1 of the container. This allows the main processes of the container, if running as root, to gain access to file-descriptors of these new processes during the initialization and can lead to container escapes or modification of runC state before the process is fully placed inside the container. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-gp4j-w3vj-7299″ TARGET=”_blank”>GHSA-gp4j-w3vj-7299</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-gp4j-w3vj-7299″ TARGET=”_blank”>GHSA-gp4j-w3vj-7299:github.com/opencontainers/runc</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 985441 | Go (go) Security Update for gopkg.in/yaml.v2 (GHSA-wxc4-f4m6-wwqv) | The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-wxc4-f4m6-wwqv” TARGET=”_blank”>GHSA-wxc4-f4m6-wwqv</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-wxc4-f4m6-wwqv” TARGET=”_blank”>GHSA-wxc4-f4m6-wwqv:gopkg.in/yaml.v2</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | Medium |
| 985442 | Go (go) Security Update for github.com/ulikunitz/xz (GHSA-q6gq-997w-f55g) | Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. | Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-q6gq-997w-f55g” TARGET=”_blank”>GHSA-q6gq-997w-f55g</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-q6gq-997w-f55g” TARGET=”_blank”>GHSA-q6gq-997w-f55g:github.com/ulikunitz/xz</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 985455 | DotNet (Nuget) Security Update for Newtonsoft.Json (GHSA-5crp-9r3c-p9vr) | Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of expressions with high nesting level that lead to StackOverFlow exception or high CPU and RAM usage. Exploiting this vulnerability results in Denial Of Service (DoS).
The serialization and deserialization path have different properties regarding the issue. Deserializing methods (like `JsonConvert.DeserializeObject`) will process the input that results in burning the CPU, allocating memory, and consuming a thread of execution. Quite high nesting level (>10kk, or 9.5MB of `{a:{a:{…` input) is needed to achieve the latency over 10 seconds, depending on the hardware. Serializing methods (like `JsonConvert.Serialize` or `JObject.ToString`) will throw StackOverFlow exception with the nesting level of around 20k. To mitigate the issue one either need to update Newtonsoft.Json to 13.0.1 or set `MaxDepth` parameter in the `JsonSerializerSettings`. This can be done globally with the following statement. After that the parsing of the nested input will fail fast with `Newtonsoft.Json.JsonReaderException`: “` Repro code: //Parse this object (leads to high CPU/RAM consumption) // Methods below all throw stack overflow with nRep around 20k and higher **Note the original statement about the problem only affecting IIS applications is misleading.** Any application is affected, however the IIS has a behavior that stops restarting the instance after some time resulting in a harder-to-fix DoS. |
Customers are advised to refer to <A HREF=”https://github.com/advisories/GHSA-5crp-9r3c-p9vr” TARGET=”_blank”>GHSA-5crp-9r3c-p9vr</A> for updates pertaining to this vulnerability. <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-5crp-9r3c-p9vr” TARGET=”_blank”>GHSA-5crp-9r3c-p9vr:Newtonsoft.Json</A> |
SCA | Successful exploitation of this vulnerability may affect the confidentiality, integrity, and availability of the targeted user. | High |
| 985585 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-f9xh-2qgp-cq57) | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-f9xh-2qgp-cq57″ TARGET=”_blank”>GHSA-f9xh-2qgp-cq57</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-f9xh-2qgp-cq57″ TARGET=”_blank”>GHSA-f9xh-2qgp-cq57:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 985586 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-cvm9-fjm9-3572) | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-cvm9-fjm9-3572″ TARGET=”_blank”>GHSA-cvm9-fjm9-3572</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-cvm9-fjm9-3572″ TARGET=”_blank”>GHSA-cvm9-fjm9-3572:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 985587 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-9m6f-7xcq-8vf8) | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-9m6f-7xcq-8vf8″ TARGET=”_blank”>GHSA-9m6f-7xcq-8vf8</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-9m6f-7xcq-8vf8″ TARGET=”_blank”>GHSA-9m6f-7xcq-8vf8:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 985588 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-wh8g-3j2c-rqj5) | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-wh8g-3j2c-rqj5″ TARGET=”_blank”>GHSA-wh8g-3j2c-rqj5</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-wh8g-3j2c-rqj5″ TARGET=”_blank”>GHSA-wh8g-3j2c-rqj5:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 985592 | Java (maven) Security Update for io.netty:netty-codec-http (GHSA-269q-hmxg-m83q) | Security update has been released for io.netty:netty-codec-http to fix the vulnerability. <BR> Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. |
Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-269q-hmxg-m83q” TARGET=”_blank”>GHSA-269q-hmxg-m83q</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-269q-hmxg-m83q” TARGET=”_blank”>GHSA-269q-hmxg-m83q:io.netty:netty-codec-http</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 985604 | Java (maven) Security Update for org.apache.logging.log4j:log4j-core (GHSA-8489-44mv-ggj8) | Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to an attack where an attacker with permission to modify the logging configuration file can construct a malicious configuration using a JDBC Appender with a data source referencing a JNDI URI which can execute remote code. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
# Affected packages This issue does not impact default configurations of Log4j2 and requires an attacker to have control over the Log4j2 configuration, which reduces the likelihood of being exploited. |
Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-8489-44mv-ggj8″ TARGET=”_blank”>GHSA-8489-44mv-ggj8</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-8489-44mv-ggj8″ TARGET=”_blank”>GHSA-8489-44mv-ggj8:org.apache.logging.log4j:log4j-core</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 985606 | Java (maven) Security Update for io.netty:netty-codec-http (GHSA-wx5j-54mm-rqqq) | Security update has been released for io.netty:netty-codec-http to fix the vulnerability. <BR> Note: The preceding description block is extracted directly from the security advisory. Using automation, we have attempted to clean and format it as much as possible without introducing additional issues. |
Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-wx5j-54mm-rqqq” TARGET=”_blank”>GHSA-wx5j-54mm-rqqq</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-wx5j-54mm-rqqq” TARGET=”_blank”>GHSA-wx5j-54mm-rqqq:io.netty:netty-codec-http</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 985612 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-r695-7vr9-jgc2) | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-r695-7vr9-jgc2″ TARGET=”_blank”>GHSA-r695-7vr9-jgc2</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-r695-7vr9-jgc2″ TARGET=”_blank”>GHSA-r695-7vr9-jgc2:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 985614 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-vfqx-33qm-g869) | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-vfqx-33qm-g869″ TARGET=”_blank”>GHSA-vfqx-33qm-g869</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-vfqx-33qm-g869″ TARGET=”_blank”>GHSA-vfqx-33qm-g869:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 985775 | Nodejs (npm) Security Update for got (GHSA-pfrx-2q88-qq97) | The got package before 11.8.5 and 12.1.0 for Node.js allows a redirect to a UNIX socket. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-pfrx-2q88-qq97″ TARGET=”_blank”>GHSA-pfrx-2q88-qq97</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-pfrx-2q88-qq97″ TARGET=”_blank”>GHSA-pfrx-2q88-qq97:got</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 985789 | Nodejs (npm) Security Update for npm (GHSA-ph34-pc88-72gc) | An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor’s blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-ph34-pc88-72gc” TARGET=”_blank”>GHSA-ph34-pc88-72gc</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-ph34-pc88-72gc” TARGET=”_blank”>GHSA-ph34-pc88-72gc:npm</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 985876 | Nodejs (npm) Security Update for hawk (GHSA-44pw-h2cw-w3vq) | Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack – meaning each added character in the attacker’s input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead.`Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-44pw-h2cw-w3vq” TARGET=”_blank”>GHSA-44pw-h2cw-w3vq</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-44pw-h2cw-w3vq” TARGET=”_blank”>GHSA-44pw-h2cw-w3vq:hawk</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 985919 | Nodejs (npm) Security Update for node-fetch (GHSA-r683-j2x4-v87g) | node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-r683-j2x4-v87g” TARGET=”_blank”>GHSA-r683-j2x4-v87g</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-r683-j2x4-v87g” TARGET=”_blank”>GHSA-r683-j2x4-v87g:node-fetch</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 986031 | Nodejs (npm) Security Update for chownr (GHSA-c6rq-rjc2-86v2) | A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-c6rq-rjc2-86v2″ TARGET=”_blank”>GHSA-c6rq-rjc2-86v2</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-c6rq-rjc2-86v2″ TARGET=”_blank”>GHSA-c6rq-rjc2-86v2:chownr</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 986032 | Nodejs (npm) Security Update for ajv (GHSA-v88g-cgmw-v5xw) | An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. A carefully crafted JSON schema could be provided that allows execution of other code by prototype pollution. (While untrusted schemas are recommended against, the worst case of an untrusted schema should be a denial of service, not execution of code.) | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-v88g-cgmw-v5xw” TARGET=”_blank”>GHSA-v88g-cgmw-v5xw</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-v88g-cgmw-v5xw” TARGET=”_blank”>GHSA-v88g-cgmw-v5xw:ajv</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 986045 | Nodejs (npm) Security Update for yarn (GHSA-hjxc-462x-x77j) | The package integrity validation in yarn &lt; 1.19.0 contains a TOCTOU vulnerability where the hash is computed before writing a package to cache. It&#39;s not computed again when reading from the cache. This may lead to a cache pollution attack. This issue is fixed in 1.19.0. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hjxc-462x-x77j” TARGET=”_blank”>GHSA-hjxc-462x-x77j</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-hjxc-462x-x77j” TARGET=”_blank”>GHSA-hjxc-462x-x77j:yarn</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 986048 | Nodejs (npm) Security Update for yarn (GHSA-8mfc-v7wv-p62g) | Arbitrary filesystem write vulnerability in Yarn 1.21.1 and earlier allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-8mfc-v7wv-p62g” TARGET=”_blank”>GHSA-8mfc-v7wv-p62g</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-8mfc-v7wv-p62g” TARGET=”_blank”>GHSA-8mfc-v7wv-p62g:yarn</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 986084 | Nodejs (npm) Security Update for http-proxy-agent (GHSA-86wf-436m-h424) | A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-86wf-436m-h424″ TARGET=”_blank”>GHSA-86wf-436m-h424</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-86wf-436m-h424″ TARGET=”_blank”>GHSA-86wf-436m-h424:http-proxy-agent</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 986394 | Java (maven) Security Update for com.google.code.gson:gson (GHSA-4jrv-ppp4-jm57) | The package `com.google.code.gson:gson` before 2.8.9 is vulnerable to Deserialization of Untrusted Data via the `writeReplace()` method in internal classes, which may lead to denial of service attacks. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-4jrv-ppp4-jm57″ TARGET=”_blank”>GHSA-4jrv-ppp4-jm57</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-4jrv-ppp4-jm57″ TARGET=”_blank”>GHSA-4jrv-ppp4-jm57:com.google.code.gson:gson</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 986395 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-8c4j-34r4-xr8g) | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-8c4j-34r4-xr8g” TARGET=”_blank”>GHSA-8c4j-34r4-xr8g</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-8c4j-34r4-xr8g” TARGET=”_blank”>GHSA-8c4j-34r4-xr8g:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 986398 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-89qr-369f-5m5x) | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-89qr-369f-5m5x” TARGET=”_blank”>GHSA-89qr-369f-5m5x</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-89qr-369f-5m5x” TARGET=”_blank”>GHSA-89qr-369f-5m5x:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 986399 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-m6x4-97wx-4q27) | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-m6x4-97wx-4q27″ TARGET=”_blank”>GHSA-m6x4-97wx-4q27</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-m6x4-97wx-4q27″ TARGET=”_blank”>GHSA-m6x4-97wx-4q27:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 986400 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-8w26-6f25-cm9x) | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-8w26-6f25-cm9x” TARGET=”_blank”>GHSA-8w26-6f25-cm9x</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-8w26-6f25-cm9x” TARGET=”_blank”>GHSA-8w26-6f25-cm9x:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 986403 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-r3gr-cxrf-hg25) | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-r3gr-cxrf-hg25″ TARGET=”_blank”>GHSA-r3gr-cxrf-hg25</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-r3gr-cxrf-hg25″ TARGET=”_blank”>GHSA-r3gr-cxrf-hg25:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 986404 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-9gph-22xh-8×98) | FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-9gph-22xh-8×98″ TARGET=”_blank”>GHSA-9gph-22xh-8×98</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-9gph-22xh-8×98″ TARGET=”_blank”>GHSA-9gph-22xh-8×98:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 986970 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-57j2-w4cx-62h2) | jackson-databind is a data-binding package for the Jackson Data Processor. jackson-databind allows a Java stack overflow exception and denial of service via a large depth of nested objects. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-57j2-w4cx-62h2″ TARGET=”_blank”>GHSA-57j2-w4cx-62h2</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-57j2-w4cx-62h2″ TARGET=”_blank”>GHSA-57j2-w4cx-62h2:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 986971 | Java (maven) Security Update for net.minidev:json-smart (GHSA-fg2v-w576-w4v3) | A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions prior to 1.3.3 and 2.4.5 which causes a denial of service (DOS) via a crafted web request. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-fg2v-w576-w4v3″ TARGET=”_blank”>GHSA-fg2v-w576-w4v3</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-fg2v-w576-w4v3″ TARGET=”_blank”>GHSA-fg2v-w576-w4v3:net.minidev:json-smart</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 986972 | Java (maven) Security Update for org.apache.logging.log4j:log4j-core (GHSA-7rjr-3q55-vv33) | Security update has been released for org.apache.logging.log4j:log4j-core to fix the vulnerability. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-7rjr-3q55-vv33″ TARGET=”_blank”>GHSA-7rjr-3q55-vv33</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-7rjr-3q55-vv33″ TARGET=”_blank”>GHSA-7rjr-3q55-vv33:org.apache.logging.log4j:log4j-core</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 986973 | Java (maven) Security Update for org.apache.logging.log4j:log4j-core (GHSA-p6xc-xr62-6r2g) | Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0 and 2.12.3.
# Affected packages |
Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-p6xc-xr62-6r2g” TARGET=”_blank”>GHSA-p6xc-xr62-6r2g</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-p6xc-xr62-6r2g” TARGET=”_blank”>GHSA-p6xc-xr62-6r2g:org.apache.logging.log4j:log4j-core</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 986975 | Java (maven) Security Update for ch.qos.logback:logback-core (GHSA-668q-qrv7-99fm) | In logback version 1.2.7 and prior versions, an attacker with the required privileges to edit configurations files could craft a malicious configuration allowing to execute arbitrary code loaded from LDAP servers. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-668q-qrv7-99fm” TARGET=”_blank”>GHSA-668q-qrv7-99fm</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-668q-qrv7-99fm” TARGET=”_blank”>GHSA-668q-qrv7-99fm:ch.qos.logback:logback-core</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 986976 | Java (maven) Security Update for org.apache.hadoop:hadoop-common (GHSA-8wm5-8h9c-47pc) | Apache Hadoop’s `FileUtil.unTar(File, File)` API does not escape the input file name before being passed to the shell. An attacker can inject arbitrary commands. This is only used in Hadoop 3.3 InMemoryAliasMap.completeBootstrapTransfer, which is only ever run by a local user. It has been used in Hadoop 2.x for yarn localization, which does enable remote code execution. It is used in Apache Spark, from the SQL command ADD ARCHIVE. As the ADD ARCHIVE command adds new binaries to the classpath, being able to execute shell scripts does not confer new permissions to the caller. SPARK-38305. "Check existence of file before untarring/zipping", which is included in 3.3.0, 3.1.4, 3.2.2, prevents shell commands being executed, regardless of which version of the hadoop libraries are in use. Users should upgrade to Apache Hadoop 2.10.2, 3.2.4, 3.3.3 or upper (including HADOOP-18136). | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-8wm5-8h9c-47pc” TARGET=”_blank”>GHSA-8wm5-8h9c-47pc</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-8wm5-8h9c-47pc” TARGET=”_blank”>GHSA-8wm5-8h9c-47pc:org.apache.hadoop:hadoop-common</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 987197 | Java (maven) Security Update for com.google.oauth-client:google-oauth-client (GHSA-xh97-72ww-2w58) | Security update has been released for com.google.oauth-client:google-oauth-client to fix the vulnerability. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-xh97-72ww-2w58″ TARGET=”_blank”>GHSA-xh97-72ww-2w58</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-xh97-72ww-2w58″ TARGET=”_blank”>GHSA-xh97-72ww-2w58:com.google.oauth-client:google-oauth-client</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 987283 | Java (maven) Security Update for org.apache.hadoop:hadoop-common (GHSA-gx2c-fvhc-ph4j) | In Apache Hadoop, The unTar function uses unTarUsingJava function on Windows and the built-in tar utility on Unix and other OSes. As a result, a TAR entry may create a symlink under the expected extraction directory which points to an external directory. A subsequent TAR entry may extract an arbitrary file into the external directory using the symlink name. This however would be caught by the same targetDirPath check on Unix because of the getCanonicalPath call. However on Windows, getCanonicalPath doesn’t resolve symbolic links, which bypasses the check. unpackEntries during TAR extraction follows symbolic links which allows writing outside expected base directory on Windows. This was addressed in Apache Hadoop 3.2.3 | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-gx2c-fvhc-ph4j” TARGET=”_blank”>GHSA-gx2c-fvhc-ph4j</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-gx2c-fvhc-ph4j” TARGET=”_blank”>GHSA-gx2c-fvhc-ph4j:org.apache.hadoop:hadoop-common</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 987316 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-qjw2-hr98-qgfh) | FasterXML jackson-databind 2.x before 2.6.7.5 and from 2.7.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-qjw2-hr98-qgfh” TARGET=”_blank”>GHSA-qjw2-hr98-qgfh</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-qjw2-hr98-qgfh” TARGET=”_blank”>GHSA-qjw2-hr98-qgfh:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 987327 | Java (maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-h3cw-g4mq-c5x2) | This project contains the general-purpose data-binding functionality and tree-model for Jackson Data Processor. FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-h3cw-g4mq-c5x2″ TARGET=”_blank”>GHSA-h3cw-g4mq-c5x2</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-h3cw-g4mq-c5x2″ TARGET=”_blank”>GHSA-h3cw-g4mq-c5x2:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 987333 | Java (maven) Security Update for com.google.protobuf:protobuf-kotlin (GHSA-wrvw-hg22-4m67) | Security update has been released for com.google.protobuf:protobuf-kotlin,com.google.protobuf:protobuf-java to fix the vulnerability. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-wrvw-hg22-4m67″ TARGET=”_blank”>GHSA-wrvw-hg22-4m67</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-wrvw-hg22-4m67″ TARGET=”_blank”>GHSA-wrvw-hg22-4m67:com.google.protobuf:protobuf-kotlin</A><P> <A HREF=”https://github.com/advisories/GHSA-wrvw-hg22-4m67″ TARGET=”_blank”>GHSA-wrvw-hg22-4m67:com.google.protobuf:protobuf-java</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 987434 | Nodejs (npm) Security Update for minimist (GHSA-xvch-5gv4-984h) | Github has released a security update for minimist to fix the vulnerabilities. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-xvch-5gv4-984h” TARGET=”_blank”>GHSA-xvch-5gv4-984h</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-xvch-5gv4-984h” TARGET=”_blank”>GHSA-xvch-5gv4-984h:minimist</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 988053 | Java (Maven) Security Update for com.google.protobuf:protobuf-java (GHSA-h4h5-3hr4-j3g2) | A potential Denial of Service issue in protobuf-java core and lite was discovered in the parsing procedure for binary and text format data. Input streams containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-h4h5-3hr4-j3g2″ TARGET=”_blank”>GHSA-h4h5-3hr4-j3g2</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-h4h5-3hr4-j3g2″ TARGET=”_blank”>GHSA-h4h5-3hr4-j3g2:com.google.protobuf:protobuf-java</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 988179 | Java (Maven) Security Update for org.apache.commons:commons-text (GHSA-599f-7c49-w659) | Apache Commons Text performs variable interpolation, allowing properties to be dynamically evaluated and expanded. The standard format for interpolation is "${prefix:name}", where "prefix" is used to locate an instance of org.apache.commons.text.lookup.StringLookup that performs the interpolation. Starting with version 1.5 and continuing through 1.9, the set of default Lookup instances included interpolators that could result in arbitrary code execution or contact with remote servers. These lookups are: – "script" – execute expressions using the JVM script execution engine (javax.script) – "dns" – resolve dns records – "url" – load values from urls, including from remote servers Applications using the interpolation defaults in the affected versions may be vulnerable to remote code execution or unintentional contact with remote servers if untrusted configuration values are used. Users are recommended to upgrade to Apache Commons Text 1.10.0, which disables the problematic interpolators by default. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-599f-7c49-w659″ TARGET=”_blank”>GHSA-599f-7c49-w659</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-599f-7c49-w659″ TARGET=”_blank”>GHSA-599f-7c49-w659:org.apache.commons:commons-text</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 988968 | DotNet (Nuget) Security Update for Microsoft.AspNetCore.App.Runtime.linux-arm (GHSA-3rq8-h3gj-r5c6) | Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-3rq8-h3gj-r5c6″ TARGET=”_blank”>GHSA-3rq8-h3gj-r5c6</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-3rq8-h3gj-r5c6″ TARGET=”_blank”>GHSA-3rq8-h3gj-r5c6:Microsoft.AspNetCore.App.Runtime.linux-arm</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 988978 | DotNet (Nuget) Security Update for Microsoft.AspNetCore.App.Runtime.linux-arm (GHSA-cw98-9j8w-wxv9) | Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0, and .NET CORE 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-cw98-9j8w-wxv9″ TARGET=”_blank”>GHSA-cw98-9j8w-wxv9</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-cw98-9j8w-wxv9″ TARGET=”_blank”>GHSA-cw98-9j8w-wxv9:Microsoft.AspNetCore.App.Runtime.linux-arm</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 988979 | DotNet (Nuget) Security Update for Microsoft.AspNetCore.App.Runtime.linux-arm (GHSA-485p-mrj5-8w2v) | Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-485p-mrj5-8w2v” TARGET=”_blank”>GHSA-485p-mrj5-8w2v</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-485p-mrj5-8w2v” TARGET=”_blank”>GHSA-485p-mrj5-8w2v:Microsoft.AspNetCore.App.Runtime.linux-arm</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 989996 | Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-c4r9-r8fh-9vj2) | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-c4r9-r8fh-9vj2″ TARGET=”_blank”>GHSA-c4r9-r8fh-9vj2</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-c4r9-r8fh-9vj2″ TARGET=”_blank”>GHSA-c4r9-r8fh-9vj2:org.yaml:snakeyaml</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 990004 | Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-w37g-rhq8-7m4j) | Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-w37g-rhq8-7m4j” TARGET=”_blank”>GHSA-w37g-rhq8-7m4j</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-w37g-rhq8-7m4j” TARGET=”_blank”>GHSA-w37g-rhq8-7m4j:org.yaml:snakeyaml</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 990008 | Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-hhhw-99gj-p3c3) | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hhhw-99gj-p3c3″ TARGET=”_blank”>GHSA-hhhw-99gj-p3c3</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-hhhw-99gj-p3c3″ TARGET=”_blank”>GHSA-hhhw-99gj-p3c3:org.yaml:snakeyaml</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 990039 | Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-3mc7-4q67-w48m) | The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-3mc7-4q67-w48m” TARGET=”_blank”>GHSA-3mc7-4q67-w48m</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-3mc7-4q67-w48m” TARGET=”_blank”>GHSA-3mc7-4q67-w48m:org.yaml:snakeyaml</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 990193 | Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-98wm-3w3q-mw94) | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-98wm-3w3q-mw94″ TARGET=”_blank”>GHSA-98wm-3w3q-mw94</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-98wm-3w3q-mw94″ TARGET=”_blank”>GHSA-98wm-3w3q-mw94:org.yaml:snakeyaml</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 990209 | Java (Maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-jjjh-jjxp-wpff) | In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4.1 resource exhaustion can occur because of a lack of a check in primitive value deserializers to avoid deep wrapper array nesting, when the UNWRAP_SINGLE_VALUE_ARRAYS feature is enabled. This was patched in 2.12.7.1, 2.13.4.1, and 2.14.0. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-jjjh-jjxp-wpff” TARGET=”_blank”>GHSA-jjjh-jjxp-wpff</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-jjjh-jjxp-wpff” TARGET=”_blank”>GHSA-jjjh-jjxp-wpff:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 990212 | Java (Maven) Security Update for com.fasterxml.woodstox:woodstox-core (GHSA-3f7h-mf4q-vrm4) | Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-3f7h-mf4q-vrm4″ TARGET=”_blank”>GHSA-3f7h-mf4q-vrm4</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-3f7h-mf4q-vrm4″ TARGET=”_blank”>GHSA-3f7h-mf4q-vrm4:com.fasterxml.woodstox:woodstox-core</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 990228 | Java (Maven) Security Update for com.fasterxml.woodstox:woodstox-core (GHSA-5hc5-c3m9-8vcj) | Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-5hc5-c3m9-8vcj” TARGET=”_blank”>GHSA-5hc5-c3m9-8vcj</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-5hc5-c3m9-8vcj” TARGET=”_blank”>GHSA-5hc5-c3m9-8vcj:com.fasterxml.woodstox:woodstox-core</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 990283 | Java (Maven) Security Update for com.fasterxml.jackson.core:jackson-databind (GHSA-rgv9-q543-rqg4) | In FasterXML jackson-databind before 2.12.7.1 and in 2.13.x before 2.13.4, resource exhaustion can occur because of a lack of a check in BeanDeserializer._deserializeFromArray to prevent use of deeply nested arrays. An application is vulnerable only with certain customized choices for deserialization. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-rgv9-q543-rqg4″ TARGET=”_blank”>GHSA-rgv9-q543-rqg4</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-rgv9-q543-rqg4″ TARGET=”_blank”>GHSA-rgv9-q543-rqg4:com.fasterxml.jackson.core:jackson-databind</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 990334 | Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-9w3m-gqgf-c4p9) | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-9w3m-gqgf-c4p9″ TARGET=”_blank”>GHSA-9w3m-gqgf-c4p9</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-9w3m-gqgf-c4p9″ TARGET=”_blank”>GHSA-9w3m-gqgf-c4p9:org.yaml:snakeyaml</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 990416 | Java (Maven) Security Update for com.fasterxml.woodstox:woodstox-core (GHSA-fv22-xp26-mm9w) | Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-fv22-xp26-mm9w” TARGET=”_blank”>GHSA-fv22-xp26-mm9w</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-fv22-xp26-mm9w” TARGET=”_blank”>GHSA-fv22-xp26-mm9w:com.fasterxml.woodstox:woodstox-core</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 990429 | Java (Maven) Security Update for com.fasterxml.woodstox:woodstox-core (GHSA-4rv7-wj6m-6c6r) | Those using FasterXML/woodstox to seralize XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-4rv7-wj6m-6c6r” TARGET=”_blank”>GHSA-4rv7-wj6m-6c6r</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-4rv7-wj6m-6c6r” TARGET=”_blank”>GHSA-4rv7-wj6m-6c6r:com.fasterxml.woodstox:woodstox-core</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 990454 | Java (Maven) Security Update for com.fasterxml.woodstox:woodstox-core (GHSA-9fwf-46g9-45rx) | Those using FasterXML/woodstox to serialise XML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-9fwf-46g9-45rx” TARGET=”_blank”>GHSA-9fwf-46g9-45rx</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-9fwf-46g9-45rx” TARGET=”_blank”>GHSA-9fwf-46g9-45rx:com.fasterxml.woodstox:woodstox-core</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 990565 | Python (pip) Security Update for GitPython (GHSA-hcpj-qp55-gfph) | All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hcpj-qp55-gfph” TARGET=”_blank”>GHSA-hcpj-qp55-gfph</A> for updates and patch information.<BR> | SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 990565 | Python (pip) Security Update for GitPython (GHSA-hcpj-qp55-gfph) | All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hcpj-qp55-gfph” TARGET=”_blank”>GHSA-hcpj-qp55-gfph</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-hcpj-qp55-gfph” TARGET=”_blank”>GHSA-hcpj-qp55-gfph:GitPython</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 990566 | Nodejs (npm) Security Update for qs (GHSA-hrpp-h998-j3pp) | qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable). | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hrpp-h998-j3pp” TARGET=”_blank”>GHSA-hrpp-h998-j3pp</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-hrpp-h998-j3pp” TARGET=”_blank”>GHSA-hrpp-h998-j3pp:qs</A><P> <A HREF=”https://github.com/advisories/GHSA-hrpp-h998-j3pp” TARGET=”_blank”>GHSA-hrpp-h998-j3pp:express</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 990620 | Go (go) Security Update for github.com/containerd/containerd (GHSA-2qjp-425j-52j9) | Security update has been released for github.com/containerd/containerd to fix the vulnerability. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-2qjp-425j-52j9″ TARGET=”_blank”>GHSA-2qjp-425j-52j9</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-2qjp-425j-52j9″ TARGET=”_blank”>GHSA-2qjp-425j-52j9:github.com/containerd/containerd</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 990811 | Java (Maven) Security Update for com.google.protobuf:protobuf-java (GHSA-g5ww-5jh7-63cx) | A parsing issue similar to CVE-2022-3171, but with textformat in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-g5ww-5jh7-63cx” TARGET=”_blank”>GHSA-g5ww-5jh7-63cx</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-g5ww-5jh7-63cx” TARGET=”_blank”>GHSA-g5ww-5jh7-63cx:com.google.protobuf:protobuf-java</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 990822 | Java (Maven) Security Update for io.netty:netty-codec-http (GHSA-hh82-3pmq-7frp) | When calling DefaultHttpHeaders.set with an iterator of values (as opposed to a single given value), header value validation was not performed, allowing malicious header values in the iterator to perform HTTP Response Splitting. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hh82-3pmq-7frp” TARGET=”_blank”>GHSA-hh82-3pmq-7frp</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-hh82-3pmq-7frp” TARGET=”_blank”>GHSA-hh82-3pmq-7frp:io.netty:netty-codec-http</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 990836 | Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-mjmj-j48q-9wg2) | SnakeYaml’s Constructor class, which inherits from SafeConstructor, allows any type be deserialized given the following line: |
Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-mjmj-j48q-9wg2″ TARGET=”_blank”>GHSA-mjmj-j48q-9wg2</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-mjmj-j48q-9wg2″ TARGET=”_blank”>GHSA-mjmj-j48q-9wg2:org.yaml:snakeyaml</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 990836 | Java (Maven) Security Update for org.yaml:snakeyaml (GHSA-mjmj-j48q-9wg2) | SnakeYaml’s Constructor class, which inherits from SafeConstructor, allows any type be deserialized given the following line: |
Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-mjmj-j48q-9wg2″ TARGET=”_blank”>GHSA-mjmj-j48q-9wg2</A> for updates and patch information.<BR> | SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 990987 | GO (Go) Security Update for gopkg.in/yaml.v2 (GHSA-6q6q-88xp-6f2r) | Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-6q6q-88xp-6f2r” TARGET=”_blank”>GHSA-6q6q-88xp-6f2r</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-6q6q-88xp-6f2r” TARGET=”_blank”>GHSA-6q6q-88xp-6f2r:gopkg.in/yaml.v2</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 990995 | GO (Go) Security Update for gopkg.in/yaml.v2 (GHSA-r88r-gmrh-7j83) | Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-r88r-gmrh-7j83″ TARGET=”_blank”>GHSA-r88r-gmrh-7j83</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-r88r-gmrh-7j83″ TARGET=”_blank”>GHSA-r88r-gmrh-7j83:gopkg.in/yaml.v2</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 991006 | GO (Go) Security Update for github.com/aws/aws-sdk-go (GHSA-6jvc-q2x7-pchv) | The AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field. This hash can be used to brute force the plaintext, if the hash is readable to the attacker. AWS now blocks this metadata field, but older SDK versions still send it. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-6jvc-q2x7-pchv” TARGET=”_blank”>GHSA-6jvc-q2x7-pchv</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-6jvc-q2x7-pchv” TARGET=”_blank”>GHSA-6jvc-q2x7-pchv:github.com/aws/aws-sdk-go</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 991035 | Python (Pip) Security Update for setuptools (GHSA-r9hx-vwmv-q579) | Python Packaging Authority (PyPA)’s setuptools is a library designed to facilitate packaging Python projects. Setuptools version 65.5.0 and earlier could allow remote attackers to cause a denial of service by fetching malicious HTML from a PyPI package or custom PackageIndex page due to a vulnerable Regular Expression in package_index. This has been patched in version 65.5.1. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-r9hx-vwmv-q579″ TARGET=”_blank”>GHSA-r9hx-vwmv-q579</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-r9hx-vwmv-q579″ TARGET=”_blank”>GHSA-r9hx-vwmv-q579:setuptools</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 991043 | Java (Maven) Security Update for com.google.protobuf:protobuf-java (GHSA-4gg5-vx3j-xwc7) | A parsing issue similar to CVE-2022-3171, but with Message-Type Extensions in protobuf-java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 can lead to a denial of service attack. Inputs containing multiple instances of non-repeated embedded messages with repeated or unknown fields causes objects to be converted back-n-forth between mutable and immutable forms, resulting in potentially long garbage collection pauses. We recommend updating to the versions mentioned above. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-4gg5-vx3j-xwc7″ TARGET=”_blank”>GHSA-4gg5-vx3j-xwc7</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-4gg5-vx3j-xwc7″ TARGET=”_blank”>GHSA-4gg5-vx3j-xwc7:com.google.protobuf:protobuf-java</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 991088 | GO (Go) Security Update for github.com/Masterminds/goutils (GHSA-3839-6r69-m497) | Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-3839-6r69-m497″ TARGET=”_blank”>GHSA-3839-6r69-m497</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-3839-6r69-m497″ TARGET=”_blank”>GHSA-3839-6r69-m497:github.com/Masterminds/goutils</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 991338 | Python (Pip) Security Update for wheel (GHSA-qwmp-2cf2-g9g6) | Python Packaging Authority (PyPA) Wheel is a reference implementation of the Python wheel packaging standard. Wheel 0.37.1 and earlier are vulnerable to a Regular Expression denial of service via attacker controlled input to the wheel cli. The vulnerable regex is used to verify the validity of Wheel file names. This has been patched in version 0.38.1. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-qwmp-2cf2-g9g6″ TARGET=”_blank”>GHSA-qwmp-2cf2-g9g6</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-qwmp-2cf2-g9g6″ TARGET=”_blank”>GHSA-qwmp-2cf2-g9g6:wheel</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 991563 | NodeJs (Npm) Security Update for luxon (GHSA-3xq5-wjfh-ppjc) | Luxon’s `DateTime.fromRFC2822() has quadratic (N^2) complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k characters. Users providing untrusted data to this method are therefore vulnerable to (Re)DoS attacks. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-3xq5-wjfh-ppjc” TARGET=”_blank”>GHSA-3xq5-wjfh-ppjc</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-3xq5-wjfh-ppjc” TARGET=”_blank”>GHSA-3xq5-wjfh-ppjc:luxon</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 991589 | NodeJs (Npm) Security Update for debug (GHSA-9vvw-cc9w-f27h) | A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to inefficient regular expression complexity. Upgrading to version 3.1.0 is able to address this issue. The name of the patch is c38a0166c266a679c8de012d4eaccec3f944e685. It is recommended to upgrade the affected component. The identifier VDB-217665 was assigned to this vulnerability. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-9vvw-cc9w-f27h” TARGET=”_blank”>GHSA-9vvw-cc9w-f27h</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-9vvw-cc9w-f27h” TARGET=”_blank”>GHSA-9vvw-cc9w-f27h:debug</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 991973 | GO (Go) Security Update for github.com/kubernetes/kubernetes (GHSA-8cfg-vx93-jvxw) | GitHub has released a security update for github.com/kubernetes/kubernetes to fix the vulnerabilities. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-8cfg-vx93-jvxw” TARGET=”_blank”>GHSA-8cfg-vx93-jvxw</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-8cfg-vx93-jvxw” TARGET=”_blank”>GHSA-8cfg-vx93-jvxw:github.com/kubernetes/kubernetes</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 992186 | GO (Go) Security Update for github.com/containerd/containerd (GHSA-hmfx-3pcx-653p) | A bug was found in containerd where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hmfx-3pcx-653p” TARGET=”_blank”>GHSA-hmfx-3pcx-653p</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-hmfx-3pcx-653p” TARGET=”_blank”>GHSA-hmfx-3pcx-653p:github.com/containerd/containerd</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 992187 | GO (Go) Security Update for github.com/containerd/containerd (GHSA-259w-8hf6-59c2) | When importing an OCI image, there was no limit on the number of bytes read for certain files. A maliciously crafted image with a large file where a limit was not applied could cause a denial of service. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-259w-8hf6-59c2″ TARGET=”_blank”>GHSA-259w-8hf6-59c2</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-259w-8hf6-59c2″ TARGET=”_blank”>GHSA-259w-8hf6-59c2:github.com/containerd/containerd</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 992196 | Python (Pip) Security Update for Werkzeug (GHSA-xg9f-g7g7-2323) | Werkzeug’s multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses request.data, request.form, request.files, or request.get_data(parse_form_data=False), it can cause unexpectedly high resource usage. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-xg9f-g7g7-2323″ TARGET=”_blank”>GHSA-xg9f-g7g7-2323</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-xg9f-g7g7-2323″ TARGET=”_blank”>GHSA-xg9f-g7g7-2323:Werkzeug</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |
| 992198 | Python (Pip) Security Update for Werkzeug (GHSA-px8h-6qxv-m22q) | Browsers may allow "nameless" cookies that look like =value instead of key=value. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like =__Host-test=bad for another subdomain. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-px8h-6qxv-m22q” TARGET=”_blank”>GHSA-px8h-6qxv-m22q</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-px8h-6qxv-m22q” TARGET=”_blank”>GHSA-px8h-6qxv-m22q:Werkzeug</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 992210 | GO (Go) Security Update for github.com/hashicorp/go-getter (GHSA-jpxj-2jvg-6jv9) | HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-jpxj-2jvg-6jv9″ TARGET=”_blank”>GHSA-jpxj-2jvg-6jv9</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-jpxj-2jvg-6jv9″ TARGET=”_blank”>GHSA-jpxj-2jvg-6jv9:github.com/hashicorp/go-getter</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 992213 | GO (Go) Security Update for golang.org/x/net (GHSA-vvpx-j8f3-3w6h) | A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-vvpx-j8f3-3w6h” TARGET=”_blank”>GHSA-vvpx-j8f3-3w6h</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-vvpx-j8f3-3w6h” TARGET=”_blank”>GHSA-vvpx-j8f3-3w6h:golang.org/x/net</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | Medium |
| 992227 | Java (Maven) Security Update for commons-fileupload:commons-fileupload (GHSA-hfrx-6qgj-fp6c) | Apache Commons FileUpload before 1.5 does not limit the number of request parts to be processed resulting in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads. | Refer to Github security advisory <A HREF=”https://github.com/advisories/GHSA-hfrx-6qgj-fp6c” TARGET=”_blank”>GHSA-hfrx-6qgj-fp6c</A> for updates and patch information.<BR> <P>Patch:<BR> Following are links for downloading patches to fix the vulnerabilities: <P> <A HREF=”https://github.com/advisories/GHSA-hfrx-6qgj-fp6c” TARGET=”_blank”>GHSA-hfrx-6qgj-fp6c:commons-fileupload:commons-fileupload</A> |
SCA | Successful exploitation of this vulnerability could lead to a security breach or could affect integrity, availability, and confidentiality. | High |