security/vuxml/vuln-2022.xml

  <vuln vid="5b8d8dee-6088-11ed-8c5e-641c67a117d8">
    <topic>varnish -- HTTP/2 Request Forgery Vulnerability</topic>
    <affects>
      <package>
	<name>varnish7</name>
	<range><lt>7.2.1</lt></range>
      </package>
      <package>
	<name>varnish6</name>
	<range><le>6.6.2</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Varnish Cache Project reports:</p>
	<blockquote cite="https://varnish-cache.org/security/VSV00011.html">
      <p>A request forgery attack can be performed on Varnish Cache servers that
	 have the HTTP/2 protocol turned on. An attacker may introduce
	 characters through the HTTP/2 pseudo-headers that are invalid in the
	 context of an HTTP/1 request line, causing the Varnish server to
	 produce invalid HTTP/1 requests to the backend. This may in turn be
	 used to successfully exploit vulnerabilities in a server behind the
	 Varnish server.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://varnish-cache.org/security/VSV00011.html</url>
    </references>
    <dates>
      <discovery>2022-11-08</discovery>
      <entry>2022-11-09</entry>
    </dates>
  </vuln>

  <vuln vid="b10d1afa-6087-11ed-8c5e-641c67a117d8">
    <topic>varnish -- Request Smuggling Vulnerability</topic>
    <affects>
      <package>
	<name>varnish7</name>
	<range><lt>7.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Varnish Cache Project reports:</p>
	<blockquote cite="https://varnish-cache.org/security/VSV00010.html">
      <p>A request smuggling attack can be performed on Varnish Cache servers by
	 requesting that certain headers are made hop-by-hop, preventing the
	 Varnish Cache servers from forwarding critical headers to the backend.
	 Among the headers that can be filtered this way are both Content-Length
	 and Host, making it possible for an attacker to both break the HTTP/1
	 protocol framing, and bypass request to host routing in VCL.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://varnish-cache.org/security/VSV00010.html</url>
    </references>
    <dates>
      <discovery>2022-11-08</discovery>
      <entry>2022-11-09</entry>
    </dates>
  </vuln>

  <vuln vid="6b04476f-601c-11ed-92ce-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>107.0.5304.110</lt></range>
      </package>
      <package>
	<name>ungoogled-chromium</name>
	<range><lt>107.0.5304.110</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html">
	  <p>This release contains 10 security fixes, including:</p>
	  <ul>
	    <li>[1377816] High CVE-2022-3885: Use after free in V8. Reported by gzobqq@ on 2022-10-24</li>
	    <li>[1372999] High CVE-2022-3886: Use after free in Speech Recognition. Reported by anonymous on 2022-10-10</li>
	    <li>[1372695] High CVE-2022-3887: Use after free in Web Workers. Reported by anonymous on 2022-10-08</li>
	    <li>[1375059] High CVE-2022-3888: Use after free in WebCodecs. Reported by Peter Nemeth on 2022-10-16</li>
	    <li>[1380063] High CVE-2022-3889: Type Confusion in V8. Reported by anonymous on 2022-11-01</li>
	    <li>[1380083] High CVE-2022-3890: Heap buffer overflow in Crashpad. Reported by anonymous on 2022-11-01</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3885</cvename>
      <cvename>CVE-2022-3886</cvename>
      <cvename>CVE-2022-3887</cvename>
      <cvename>CVE-2022-3888</cvename>
      <cvename>CVE-2022-3889</cvename>
      <cvename>CVE-2022-3890</cvename>
      <url>https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2022-11-08</discovery>
      <entry>2022-11-09</entry>
    </dates>
  </vuln>

  <vuln vid="60d4d31a-a573-41bd-8c1e-5af7513c1ee9">
    <topic>zeek -- potential DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>5.0.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v5.0.3">
	  <p> Fix an issue where a specially-crafted FTP packet can
	  cause Zeek to spend large amounts of time attempting to
	  search for valid commands in the data stream. </p>
	  <p> Fix a possible overflow in the Zeek dictionary code
	  that may lead to a memory leak. </p>
	  <p> Fix an issue where a specially-crafted packet can
	  cause Zeek to spend large amounts of time reporting
	  analyzer violations. </p>
	  <p> Fix a possible assert and crash in the HTTP analyzer
	  when receiving a specially crafted packet. </p>
	  <p> Fix an issue where a specially-crafted HTTP or SMTP
	  packet can cause Zeek to spend a large amount of time
	  attempting to search for filenames within the packet data.
	  </p>
	  <p> Fix two separate possible crashes when converting
	  processed IP headers for logging via the raw_packet event
	  handlers. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v5.0.3</url>
    </references>
    <dates>
      <discovery>2022-11-09</discovery>
      <entry>2022-11-09</entry>
    </dates>
  </vuln>

  <vuln vid="9c399521-5f80-11ed-8ac4-b42e991fc52e">
    <topic>darkhttpd -- DOS vulnerability</topic>
    <affects>
      <package>
	<name>darkhttpd</name>
	<range><lt>1.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mitre reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25691">
	  <p>
	    flaw was found in darkhttpd. Invalid error handling allows
	    remote attackers to cause denial-of-service by accessing a
	    file with a large modification date. The highest threat
	    from this vulnerability is to system availability.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-25691</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25691</url>
    </references>
    <dates>
      <discovery>2020-11-02</discovery>
      <entry>2022-11-08</entry>
    </dates>
  </vuln>

  <vuln vid="3310014a-5ef9-11ed-812b-206a8a720317">
    <topic>sudo -- Potential out-of-bounds write for small passwords</topic>
    <affects>
      <package>
	<name>sudo</name>
	<range><ge>1.8.0</ge><lt>1.9.12p1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>SO-AND-SO reports:</p>
	<blockquote cite="INSERT URL HERE">
	  <p>Sudo 1.8.0 through 1.9.12, with the crypt() password backend,
	     contains a plugins/sudoers/auth/passwd.c array-out-of-bounds
	     error that can result in a heap-based buffer over-read. This
	     can be triggered by arbitrary local users with access to sudo
	     by entering a password of seven characters or fewer. The impact
	     could vary depending on the system libraries, compiler,
	     and processor architecture.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-43995</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43995</url>
    </references>
    <dates>
      <discovery>2022-11-07</discovery>
      <entry>2022-11-07</entry>
    </dates>
  </vuln>

  <vuln vid="16f7ec68-5cce-11ed-9be7-454b1dd82c64">
    <topic>Gitlab -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.5.0</ge><lt>15.5.2</lt></range>
	<range><ge>15.4.0</ge><lt>15.4.4</lt></range>
	<range><ge>9.3.0</ge><lt>15.3.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2022/11/02/security-release-gitlab-15-5-2-released/">
	  <p>DAST analyzer sends custom request headers with every request</p>
	  <p>Stored-XSS with CSP-bypass via scoped labels' color</p>
	  <p>Maintainer can leak Datadog API key by changing integration URL</p>
	  <p>Uncontrolled resource consumption when parsing URLs</p>
	  <p>Issue HTTP requests when users view an OpenAPI document and click buttons</p>
	  <p>Command injection in CI jobs via branch name in CI pipelines</p>
	  <p>Open redirection</p>
	  <p>Prefill variables do not check permission of the project in external CI config</p>
	  <p>Disclosure of audit events to insufficiently permissioned group and project members</p>
	  <p>Arbitrary GFM references rendered in Jira issue description leak private/confidential resources</p>
	  <p>Award emojis API for an internal note is accessible to users without access to the note</p>
	  <p>Open redirect in pipeline artifacts when generating HTML documents</p>
	  <p>Retrying a job in a downstream pipeline allows the retrying user to take ownership of the retried jobs in upstream pipelines</p>
	  <p>Project-level Secure Files can be written out of the target directory</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3767</cvename>
      <cvename>CVE-2022-3265</cvename>
      <cvename>CVE-2022-3483</cvename>
      <cvename>CVE-2022-3818</cvename>
      <cvename>CVE-2022-3726</cvename>
      <cvename>CVE-2022-2251</cvename>
      <cvename>CVE-2022-3486</cvename>
      <cvename>CVE-2022-3793</cvename>
      <cvename>CVE-2022-3413</cvename>
      <cvename>CVE-2022-2761</cvename>
      <cvename>CVE-2022-3819</cvename>
      <cvename>CVE-2022-3280</cvename>
      <cvename>CVE-2022-3706</cvename>
      <url>https://about.gitlab.com/releases/2022/11/02/security-release-gitlab-15-5-2-released/</url>
    </references>
    <dates>
      <discovery>2022-11-02</discovery>
      <entry>2022-11-05</entry>
    </dates>
  </vuln>

  <vuln vid="b278783f-5c1d-11ed-a21f-001fc69cd6dc">
    <topic>pixman -- heap overflow</topic>
    <affects>
      <package>
	<name>pixman</name>
	<range><lt>0.42.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Pixman reports: for release 0.42.2</p>
	<blockquote cite="https://lists.freedesktop.org/archives/pixman/2022-November/004994.html">
	  <p>Avoid integer overflow leading to out-of-bounds write</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-44638</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-44638</url>
    </references>
    <dates>
      <discovery>2022-11-02</discovery>
      <entry>2022-11-03</entry>
    </dates>
  </vuln>

  <vuln vid="26b1100a-5a27-11ed-abfe-29ac76ec31b5">
    <topic>go -- syscall, os/exec: unsanitized NUL in environment variables</topic>
    <affects>
      <package>
	<name>go118</name>
	<range><lt>1.18.8</lt></range>
      </package>
      <package>
	<name>go119</name>
	<range><lt>1.19.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://go.dev/issue/56284">
	  <p>syscall, os/exec: unsanitized NUL in environment
	    variables</p>
	  <p>On Windows, syscall.StartProcess and os/exec.Cmd did not
	    properly check for invalid environment variable values. A
	    malicious environment variable value could exploit this
	    behavior to set a value for a different environment
	    variable. For example, the environment variable string
	    "A=B\x00C=D" set the variables "A=B" and "C=D".</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41716</cvename>
      <url>https://groups.google.com/g/golang-dev/c/83nKqv2W1Dk/m/gEJdD5vjDwAJ</url>
    </references>
    <dates>
      <discovery>2022-10-17</discovery>
      <entry>2022-11-01</entry>
    </dates>
  </vuln>

  <vuln vid="0844671c-5a09-11ed-856e-d4c9ef517024">
    <topic>OpenSSL -- Buffer overflows in Email verification</topic>
    <affects>
      <package>
	<name>openssl-devel</name>
	<range><lt>3.0.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20221101.txt">
	  <p>X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) (High):
	    A buffer overrun can be triggered in X.509 certificate verification,
	    specifically in name constraint checking.</p>
	  <p>X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
	    (High): A buffer overrun can be triggered in X.509 certificate
	    verification, specifically in name constraint checking.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3602</cvename>
      <cvename>CVE-2022-3786</cvename>
      <url>https://www.openssl.org/news/secadv/20221101.txt</url>
    </references>
    <dates>
      <discovery>2022-11-01</discovery>
      <entry>2022-11-01</entry>
    </dates>
  </vuln>

  <vuln vid="4b9c1c17-587c-11ed-856e-d4c9ef517024">
    <topic>MySQL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mysql-connector-c++</name>
	<range><lt>8.0.31</lt></range>
      </package>
      <package>
	<name>mysql-connector-odbc</name>
	<range><lt>8.0.31</lt></range>
      </package>
      <package>
	<name>mysql-client57</name>
	<range><lt>5.7.40</lt></range>
      </package>
      <package>
	<name>mysql-server57</name>
	<range><lt>5.7.40</lt></range>
      </package>
      <package>
	<name>mysql-client80</name>
	<range><lt>8.0.31</lt></range>
      </package>
      <package>
	<name>mysql-server80</name>
	<range><lt>8.0.31</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixMSQL">
	  <p>This Critical Patch Update contains 37 new security patches for
	    Oracle MySQL. 11 of these vulnerabilities may be remotely
	    exploitable without authentication, i.e., may be exploited over a
	    network without requiring user credentials</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-21600</cvename>
      <cvename>CVE-2022-21635</cvename>
      <cvename>CVE-2022-39408</cvename>
      <cvename>CVE-2022-39410</cvename>
      <cvename>CVE-2022-2097</cvename>
      <cvename>CVE-2022-21604</cvename>
      <cvename>CVE-2022-21637</cvename>
      <cvename>CVE-2022-21617</cvename>
      <cvename>CVE-2022-21605</cvename>
      <cvename>CVE-2022-21594</cvename>
      <cvename>CVE-2022-21607</cvename>
      <cvename>CVE-2022-21608</cvename>
      <cvename>CVE-2022-21638</cvename>
      <cvename>CVE-2022-21640</cvename>
      <cvename>CVE-2022-21641</cvename>
      <cvename>CVE-2022-39400</cvename>
      <cvename>CVE-2022-21633</cvename>
      <cvename>CVE-2022-21632</cvename>
      <cvename>CVE-2022-21599</cvename>
      <cvename>CVE-2022-21595</cvename>
      <cvename>CVE-2022-21625</cvename>
      <cvename>CVE-2022-21592</cvename>
      <cvename>CVE-2022-21589</cvename>
      <cvename>CVE-2022-39402</cvename>
      <cvename>CVE-2022-39404</cvename>
      <cvename>CVE-2022-21611</cvename>
      <cvename>CVE-2022-39403</cvename>
      <url>https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixMSQL</url>
    </references>
    <dates>
      <discovery>2022-10-18</discovery>
      <entry>2022-10-30</entry>
    </dates>
  </vuln>

  <vuln vid="1225c888-56ea-11ed-b5c3-3065ec8fd3ec">
    <topic>chromium -- Type confusion in V8</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>107.0.5304.87</lt></range>
      </package>
      <package>
	<name>ungoogled-chromium</name>
	<range><lt>107.0.5304.87</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html">
	  <p>This release contains 1 security fix:</p>
	  <ul>
	    <li>[1378239] High CVE-2022-3723: Type Confusion in V8. Reported by Jan Vojtešek, Milánek, and Przemek Gmerek of Avast on 2022-10-25</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3723</cvename>
      <url>https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html</url>
    </references>
    <dates>
      <discovery>2022-10-27</discovery>
      <entry>2022-10-28</entry>
    </dates>
  </vuln>

  <vuln vid="1c5f3fd7-54bf-11ed-8d1e-005056a311d1">
    <topic>samba -- buffer overflow in Heimdal unwrap_des3()</topic>
    <affects>
      <package>
	<name>samba412</name>
	<range><lt>4.12.16</lt></range>
      </package>
      <package>
	<name>samba413</name>
	<range><lt>4.13.17_4</lt></range>
      </package>
      <package>
	<name>samba416</name>
	<range><lt>4.16.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Samba Team reports:</p>
	<blockquote cite="https://www.samba.org/samba/security/CVE-2022-3437.html">
	  <p>The DES (for Samba 4.11 and earlier) and Triple-DES decryption
	  routines in the Heimdal GSSAPI library allow a length-limited write
	  buffer overflow on malloc() allocated memory when presented with a
	  maliciously small packet.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3437</cvename>
      <url>https://www.samba.org/samba/security/CVE-2022-3437.html</url>
    </references>
    <dates>
      <discovery>2022-08-02</discovery>
      <entry>2022-10-25</entry>
    </dates>
  </vuln>

  <vuln vid="b4ef02f4-549f-11ed-8ad9-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>107.0.5304.68</lt></range>
      </package>
      <package>
	<name>ungoogled-chromium</name>
	<range><lt>107.0.5304.68</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html">
	  <p>This release contains 14 security fixes, including:</p>
	  <ul>
	    <li>[1369871] High CVE-2022-3652: Type Confusion in V8. Reported by srodulv and ZNMchtss at S.S.L Team on 2022-09-30</li>
	    <li>[1354271] High CVE-2022-3653: Heap buffer overflow in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-08-19</li>
	    <li>[1365330] High CVE-2022-3654: Use after free in Layout. Reported by Sergei Glazunov of Google Project Zero on 2022-09-19</li>
	    <li>[1343384] Medium CVE-2022-3655: Heap buffer overflow in Media Galleries. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11</li>
	    <li>[1345275] Medium CVE-2022-3656: Insufficient data validation in File System. Reported by Ron Masas, Imperva on 2022-07-18</li>
	    <li>[1351177] Medium CVE-2022-3657: Use after free in Extensions. Reported by Omri Bushari, Talon Cyber Security on 2022-08-09</li>
	    <li>[1352817] Medium CVE-2022-3658: Use after free in Feedback service on Chrome OS. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-14</li>
	    <li>[1355560] Medium CVE-2022-3659: Use after free in Accessibility. Reported by @ginggilBesel on 2022-08-23</li>
	    <li>[1327505] Medium CVE-2022-3660: Inappropriate implementation in Full screen mode. Reported by Irvan Kurniawan (sourc7) on 2022-05-20</li>
	    <li>[1350111] Low CVE-2022-3661: Insufficient data validation in Extensions. Reported by Young Min Kim (@ylemkimon), CompSec Lab at Seoul National University on 2022-08-04</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3652</cvename>
      <cvename>CVE-2022-3653</cvename>
      <cvename>CVE-2022-3654</cvename>
      <cvename>CVE-2022-3655</cvename>
      <cvename>CVE-2022-3656</cvename>
      <cvename>CVE-2022-3657</cvename>
      <cvename>CVE-2022-3658</cvename>
      <cvename>CVE-2022-3659</cvename>
      <cvename>CVE-2022-3660</cvename>
      <cvename>CVE-2022-3661</cvename>
      <url>https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_25.html</url>
    </references>
    <dates>
      <discovery>2022-10-25</discovery>
      <entry>2022-10-25</entry>
    </dates>
  </vuln>

  <vuln vid="68fcee9b-5259-11ed-89c9-0800276af896">
    <topic>Cleartext leak in libudisks</topic>
    <affects>
      <package>
	<name>libudisks</name>
	<range><lt>2.9.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>From libudisks 2.9.4 NEWS:</p>
	<blockquote cite="https://github.com/storaged-project/udisks/blob/udisks-2.9.4/NEWS">
	  <p>udiskslinuxblock: Fix leaking cleartext block interface</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/storaged-project/udisks/blob/udisks-2.9.4/NEWS</url>
    </references>
    <dates>
      <discovery>2021-09-29</discovery>
      <entry>2022-10-22</entry>
    </dates>
  </vuln>

  <vuln vid="c253c4aa-5126-11ed-8a21-589cfc0f81b0">
    <topic>phpmyfaq -- CSRF vulnerability</topic>
    <affects>
      <package>
	<name>phpmyfaq</name>
	<range><lt>3.1.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>phpmyfaq developers report:</p>
	<blockquote cite="https://www.phpmyfaq.de/security/advisory-2022-10-02">
	  <p> phpMyFAQ does not implement sufficient checks to avoid
	   CSRF when logging out an user.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://huntr.dev/bounties/76095ac1-da12-449b-9564-4a086be96592/</url>
    </references>
    <dates>
      <discovery>2022-10-02</discovery>
      <entry>2022-10-21</entry>
    </dates>
  </vuln>

  <vuln vid="d6d088c9-5064-11ed-bade-080027881239">
    <topic>Python -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>python37</name>
	<range><lt>3.7.15</lt></range>
      </package>
      <package>
	<name>python38</name>
	<range><lt>3.8.15</lt></range>
      </package>
      <package>
	<name>python39</name>
	<range><lt>3.9.15</lt></range>
      </package>
      <package>
	<name>python310</name>
	<range><lt>3.10.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Python reports:</p>
	<blockquote cite="https://docs.python.org/release/3.9.15/whatsnew/changelog.html">
	  <p>gh-97616: Fix multiplying a list by an integer (list *= int): detect
	    the integer overflow when the new allocated length is close to the
	    maximum size. Issue reported by Jordan Limor. Patch by Victor Stinner.</p>
	  <p>gh-97612: Fix a shell code injection vulnerability in the
	    get-remote-certificate.py example script. The script no longer uses
	    a shell to run openssl commands. Issue reported and initial fix by
	    Caleb Shortt. Patch by Victor Stinner.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://docs.python.org/release/3.9.15/whatsnew/changelog.html</url>
    </references>
    <dates>
      <discovery>2022-09-29</discovery>
      <entry>2022-10-20</entry>
    </dates>
  </vuln>

  <vuln vid="676d4f16-4fb3-11ed-a374-8c164567ca3c">
    <topic>nginx -- Two vulnerabilities</topic>
    <affects>
      <package>
	<name>nginx</name>
	<range><ge>1.0.7</ge><lt>1.22.1</lt></range>
      </package>
      <package>
	<name>nginx-devel</name>
	<range><ge>1.1.3</ge><lt>1.23.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NGINX Development Team reports:</p>
	<blockquote cite="https://mailman.nginx.org/archives/list/nginx@nginx.org/thread/F7TMIHDNNU3M52GYS23UWDWW2R2BLVVH/">
	  <p>Two security issues were identified in the ngx_http_mp4_module,
	   which might allow an attacker to cause a worker process crash
	   or worker process memory disclosure by using a specially crafted
	   mp4 file, or might have potential other impact (CVE-2022-41741,
	   CVE-2022-41742).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41741</cvename>
      <cvename>CVE-2022-41742</cvename>
      <url>https://mailman.nginx.org/archives/list/nginx@nginx.org/thread/F7TMIHDNNU3M52GYS23UWDWW2R2BLVVH/</url>
    </references>
    <dates>
      <discovery>2022-10-19</discovery>
      <entry>2022-10-19</entry>
    </dates>
  </vuln>

  <vuln vid="2523bc76-4f01-11ed-929b-002590f2a714">
    <topic>git -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>git</name>
	<range><lt>2.38.1</lt></range>
      </package>
      <package>
	<name>git-lite</name>
	<range><lt>2.38.1</lt></range>
      </package>
      <package>
	<name>git-tiny</name>
	<range><lt>2.38.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p></p>
	<blockquote cite="https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u">
	  <h1>This release contains 2 security fixes:</h1>
	  <h2>CVE-2022-39253</h2>
	  <p>
	   When relying on the `--local` clone optimization, Git dereferences
	   symbolic links in the source repository before creating hardlinks
	   (or copies) of the dereferenced link in the destination repository.
	   This can lead to surprising behavior where arbitrary files are
	   present in a repository's `$GIT_DIR` when cloning from a malicious
	   repository.

	   Git will no longer dereference symbolic links via the `--local`
	   clone mechanism, and will instead refuse to clone repositories that
	   have symbolic links present in the `$GIT_DIR/objects` directory.

	   Additionally, the value of `protocol.file.allow` is changed to be
	   "user" by default.
	  </p>
	  <h2>CVE-2022-39260</h2>
	  <p>
	   An overly-long command string given to `git shell` can result in
	   overflow in `split_cmdline()`, leading to arbitrary heap writes and
	   remote code execution when `git shell` is exposed and the directory
	   `$HOME/git-shell-commands` exists.

	   `git shell` is taught to refuse interactive commands that are
	   longer than 4MiB in size. `split_cmdline()` is hardened to reject
	   inputs larger than 2GiB.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-39253</cvename>
      <cvename>CVE-2022-39260</cvename>
      <url>https://lore.kernel.org/git/xmqq4jw1uku5.fsf@gitster.g/T/#u</url>
    </references>
    <dates>
      <discovery>2022-06-09</discovery>
      <entry>2022-10-18</entry>
    </dates>
  </vuln>

  <vuln vid="7392e1e3-4eb9-11ed-856e-d4c9ef517024">
    <topic>OpenSSL -- Potential NULL encryption in NID_undef with Custom Cipher</topic>
    <affects>
      <package>
	<name>openssl-devel</name>
	<range><lt>3.0.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="://www.openssl.org/news/secadv/20221011.txt">
	  <p>Using a Custom Cipher with NID_undef may lead to NULL encryption (low)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3358</cvename>
      <url>https://www.openssl.org/news/secadv/20221011.txt</url>
    </references>
    <dates>
      <discovery>2022-10-11</discovery>
      <entry>2022-10-18</entry>
    </dates>
  </vuln>

  <vuln vid="d713d709-4cc9-11ed-a621-0800277bb8a8">
    <topic>gitea -- multiple issues</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.17.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/21463">
	  <p>Sanitize and Escape refs in git backend</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/21412">
	  <p>Bump golang.org/x/text</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/21281">
	  <p>Update bluemonday</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.17.3</url>
    </references>
    <dates>
      <discovery>2022-09-27</discovery>
      <entry>2022-10-15</entry>
    </dates>
  </vuln>

  <vuln vid="127674c6-4a27-11ed-9f93-002b67dfc673">
    <topic>roundcube-thunderbird_labels -- RCE with custom label titles</topic>
    <affects>
      <package>
	<name>roundcube-thunderbird_labels</name>
	<range><le>1.4.12</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Roundcube project reports:</p>
	<blockquote cite="https://roundcube.net/news/2021/12/30/security-update-1.4.13-released">
	  <h1>Description:</h1>
	  <p>Remote code execution vulnerability in
	    roundcube-thunderbird_labels when tb_label_modify_labels is enabled.</p>
	  <h1>Workaround:</h1>
	  <p>If you cannot upgrade to roundcube-thunderbird_labels-1.4.13 disable the
	    tb_label_modify_labels config option.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/mike-kfed/roundcube-thunderbird_labels/security/advisories/GHSA-wp6h-wgxq-v949</url>
    </references>
    <dates>
      <discovery>2022-10-10</discovery>
      <entry>2022-10-12</entry>
    </dates>
  </vuln>

  <vuln vid="7cb12ee0-4a13-11ed-8ad9-3065ec8fd3ec">
    <topic>chromium -- mulitple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>106.0.5249.119</lt></range>
      </package>
      <package>
	<name>ungoogled-chromium</name>
	<range><lt>106.0.5249.119</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html">
	  <p>This release contains 6 security fixes:</p>
	  <ul>
	    <li>[1364604] High CVE-2022-3445: Use after free in Skia. Reported by Nan Wang (@eternalsakura13) and Yong Liu of 360 Vulnerability Research Institute on 2022-09-16</li>
	    <li>[1368076] High CVE-2022-3446: Heap buffer overflow in WebSQL. Reported by Kaijie Xu (@kaijieguigui) on 2022-09-26</li>
	    <li>[1366582] High CVE-2022-3447: Inappropriate implementation in Custom Tabs. Reported by Narendra Bhati of Suma Soft Pvt. Ltd. Pune (India) on 2022-09-22</li>
	    <li>[1363040] High CVE-2022-3448: Use after free in Permissions API. Reported by raven at KunLun lab on 2022-09-13</li>
	    <li>[1364662] High CVE-2022-3449: Use after free in Safe Browsing. Reported by asnine on 2022-09-17</li>
	    <li>[1369882] High CVE-2022-3450: Use after free in Peer Connection. Reported by Anonymous on 2022-09-30</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3445</cvename>
      <cvename>CVE-2022-3446</cvename>
      <cvename>CVE-2022-3447</cvename>
      <cvename>CVE-2022-3448</cvename>
      <cvename>CVE-2022-3449</cvename>
      <cvename>CVE-2022-3450</cvename>
      <url>https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_11.html</url>
    </references>
    <dates>
      <discovery>2022-10-11</discovery>
      <entry>2022-10-12</entry>
    </dates>
  </vuln>

  <vuln vid="f9140ad4-4920-11ed-a07e-080027f5fec9">
    <topic>samba -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>samba412</name>
	<range><lt>4.12.16</lt></range>
      </package>
      <package>
	<name>samba413</name>
	<range><lt>4.13.17_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Samba Team reports:</p>
	<blockquote cite="https://lists.samba.org/archive/samba-announce/2022/000609.html">
	  <dl>
	    <dt>CVE-2022-2031</dt>
	    <dd>
	      The KDC and the kpasswd service share a single account
	      and set of keys, allowing them to decrypt each other's
	      tickets. A user who has been requested to change their
	      password can exploit this to obtain and use tickets to
	      other services.
	    </dd>
	    <dt>CVE-2022-32744</dt>
	    <dd>
	      The KDC accepts kpasswd requests encrypted with any key
	      known to it. By encrypting forged kpasswd requests with
	      its own key, a user can change the passwords of other
	      users, enabling full domain takeover.
	    </dd>
	    <dt>CVE-2022-32745</dt>
	    <dd>
	      Samba AD users can cause the server to access
	      uninitialised data with an LDAP add or modify request,
	      usually resulting in a segmentation fault.
	    </dd>
	    <dt>CVE-2022-32746</dt>
	    <dd>
	      The AD DC database audit logging module can be made to
	      access LDAP message values that have been freed by a
	      preceding database module, resulting in a
	      use-after-free. This is only possible when modifying
	      certain privileged attributes, such as
	      userAccountControl.
	    </dd>
	    <dt>CVE-2022-32742</dt>
	    <dd>
	      SMB1 Client with write access to a share can cause
	      server memory contents to be written into a file or
	      printer.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2031</cvename>
      <cvename>CVE-2022-32744</cvename>
      <cvename>CVE-2022-32745</cvename>
      <cvename>CVE-2022-32746</cvename>
      <cvename>CVE-2022-32742</cvename>
      <url>https://lists.samba.org/archive/samba-announce/2022/000609.html</url>
      <url>https://www.samba.org/samba/security/CVE-2022-2031.html</url>
      <url>https://www.samba.org/samba/security/CVE-2022-32744.html</url>
      <url>https://www.samba.org/samba/security/CVE-2022-32745.html</url>
      <url>https://www.samba.org/samba/security/CVE-2022-32746.html</url>
      <url>https://www.samba.org/samba/security/CVE-2022-32742.html</url>
    </references>
    <dates>
      <discovery>2022-07-27</discovery>
      <entry>2022-10-11</entry>
    </dates>
  </vuln>

  <vuln vid="0ae56f3e-488c-11ed-bb31-b42e99a1b9c3">
    <topic>strongswan -- DOS attack vulnerability</topic>
    <affects>
      <package>
	<name>strongswan</name>
	<range><lt>5.9.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Lahav Schlesinger reported a bug related to online
	  certificate revocation checking that can lead to a
	  denial-of-service attack</p>
	<blockquote cite="https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html">
	  <p>.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-40617</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-40617</url>
    </references>
    <dates>
      <discovery>2022-10-03</discovery>
      <entry>2022-10-10</entry>
    </dates>
  </vuln>

  <vuln vid="e4133d8b-ab33-451a-bc68-3719de73d54a">
    <topic>routinator -- potential DOS attack</topic>
    <affects>
      <package>
	<name>routinator</name>
	<range><ge>0.9.0</ge><lt>0.11.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>
	 Due to a mistake in error handling, data in RRDP snapshot and delta files
	 that isn’t correctly base 64 encoded is treated as a fatal error and causes
	 Routinator to exit.

	 Worst case impact of this vulnerability is denial of service for the RPKI
	 data that Routinator provides to routers. This may stop your network from
	 validating route origins based on RPKI data. This vulnerability does not
	 allow an attacker to manipulate RPKI data. We are not aware of exploitation
	 of this vulnerability at this point in time.

	 Starting with release 0.11.3, Routinator handles encoding errors by rejecting
	 the snapshot or delta file and continuing with validation. In case of an
	 invalid delta file, it will try using the snapshot instead. If a snapshot file
	 is invalid, the update of the repository will fail and an update through rsync
	 is attempted.
	 </p>
	<blockquote cite="https://www.cvedetails.com/cve/CVE-2022-3029/">
	  <p>.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3029</cvename>
      <url>https://nlnetlabs.nl/downloads/routinator/CVE-2022-3029.txt</url>
    </references>
    <dates>
      <discovery>2022-10-06</discovery>
      <entry>2022-10-07</entry>
    </dates>
  </vuln>

  <vuln vid="f4f15051-4574-11ed-81a1-080027881239">
    <topic>Django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py37-django32</name>
	<name>py38-django32</name>
	<name>py39-django32</name>
	<name>py310-django32</name>
	<range><lt>3.2.16</lt></range>
      </package>
      <package>
	<name>py38-django40</name>
	<name>py39-django40</name>
	<name>py310-django40</name>
	<range><lt>4.0.8</lt></range>
      </package>
      <package>
	<name>py38-django41</name>
	<name>py39-django41</name>
	<name>py310-django41</name>
	<range><lt>4.1.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Django reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2022/oct/04/security-releases/">
	  <p>CVE-2022-41323: Potential denial-of-service vulnerability in
	    internationalized URLs.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41323</cvename>
      <url>https://www.djangoproject.com/weblog/2022/oct/04/security-releases/</url>
    </references>
    <dates>
      <discovery>2022-09-23</discovery>
      <entry>2022-10-06</entry>
    </dates>
  </vuln>

  <vuln vid="c2a89e8f-44e9-11ed-9215-00e081b7aa2d">
    <topic>jenkins -- XSS vulnerability</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.370</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2022-09-21/">
	  <h1>Description</h1>
	  <h5>(High) SECURITY-2886 / CVE-2022-41224</h5>
	  <p>Jenkins 2.367 through 2.369 (both inclusive) does not escape
	    tooltips of the l:helpIcon UI component used for some help icons on
	    the Jenkins web UI.</p>
	  <p>This results in a stored cross-site scripting (XSS) vulnerability
	    exploitable by attackers able to control tooltips for this
	    component.</p>
	  <p>Jenkins 2.370 escapes tooltips of the l:helpIcon UI component.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41224</cvename>
      <url>https://www.jenkins.io/security/advisory/2022-09-21/</url>
    </references>
    <dates>
      <discovery>2022-09-21</discovery>
      <entry>2022-10-05</entry>
      <modified>2022-10-07</modified>
    </dates>
  </vuln>

  <vuln vid="854c2afb-4424-11ed-af97-adcabf310f9b">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go118</name>
	<range><lt>1.18.7</lt></range>
      </package>
      <package>
	<name>go119</name>
	<range><lt>1.19.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://go.dev/issue/54853">
	  <p>archive/tar: unbounded memory consumption when reading
	    headers</p>
	  <p>Reader.Read did not set a limit on the maximum size of
	    file headers. A maliciously crafted archive could cause
	    Read to allocate unbounded amounts of memory, potentially
	    causing resource exhaustion or panics. Reader.Read now
	    limits the maximum size of header blocks to 1 MiB.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/54663">
	  <p>net/http/httputil: ReverseProxy should not forward
	    unparseable query parameters</p>
	  <p>Requests forwarded by ReverseProxy included the raw
	    query parameters from the inbound request, including
	    unparseable parameters rejected by net/http. This could
	    permit query parameter smuggling when a Go proxy
	    forwards a parameter with an unparseable value.</p>
	  <p>ReverseProxy will now sanitize the query parameters in
	    the forwarded query when the outbound request's Form
	    field is set after the ReverseProxy.Director function
	    returns, indicating that the proxy has parsed the query
	    parameters. Proxies which do not parse query parameters
	    continue to forward the original query parameters
	    unchanged.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/55949">
	  <p>regexp/syntax: limit memory used by parsing regexps</p>
	  <p>The parsed regexp representation is linear in the size
	    of the input, but in some cases the constant factor can be
	    as high as 40,000, making relatively small regexps consume
	    much larger amounts of memory.</p>
	  <p>Each regexp being parsed is now limited to a 256 MB
	    memory footprint. Regular expressions whose
	    representation would use more space than that are now
	    rejected. Normal use of regular expressions is
	    unaffected.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2879</cvename>
      <cvename>CVE-2022-2880</cvename>
      <cvename>CVE-2022-41715</cvename>
      <url>https://groups.google.com/g/golang-announce/c/xtuG5faxtaU/m/jEhlI_5WBgAJ</url>
    </references>
    <dates>
      <discovery>2022-10-04</discovery>
      <entry>2022-10-04</entry>
    </dates>
  </vuln>

  <vuln vid="d487d4fc-43a8-11ed-8b01-b42e991fc52e">
    <topic>zydis -- heap buffer overflow</topic>
    <affects>
      <package>
	<name>zydis</name>
	<range><lt>3.2.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Zyantific reports:</p>
	<blockquote cite="https://github.com/zyantific/zydis/security/advisories/GHSA-q42v-hv86-3m4g">
	<p>
	Zydis users of versions v3.2.0 and older
	that use the string functions provided in zycore in order to
	append untrusted user data to the formatter buffer within
	their custom formatter hooks can run into heap buffer
	overflows. Older versions of Zydis failed to properly
	initialize the string object within the formatter buffer,
	forgetting to initialize a few fields, leaving their value
	to chance. This could then in turn cause zycore functions
	like ZyanStringAppend to make incorrect calculations for the
	new target size, resulting in heap memory corruption.
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41253</cvename>
      <url>https://www.cvedetails.com/cve/CVE-2021-41253</url>
    </references>
    <dates>
      <discovery>2021-11-08</discovery>
      <entry>2022-10-04</entry>
    </dates>
  </vuln>

  <vuln vid="67057b48-41f4-11ed-86c3-080027881239">
    <topic>mediawiki -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mediawiki135</name>
	<range><lt>1.35.8</lt></range>
      </package>
      <package>
	<name>mediawiki137</name>
	<range><lt>1.37.6</lt></range>
      </package>
      <package>
	<name>mediawiki138</name>
	<range><lt>1.38.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mediawiki reports:</p>
	<blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/">
	  <p>(T316304, CVE-2022-41767) SECURITY: reassignEdits doesn't update results
	    in an IP range check on Special:Contributions..</p>
	  <p>(T309894, CVE-2022-41765) SECURITY: HTMLUserTextField exposes existence
	    of hidden users.</p>
	  <p> (T307278, CVE-2022-41766) SECURITY: On action=rollback the message
	    "alreadyrolled" can leak revision deleted user name.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41765</cvename>
      <cvename>CVE-2022-41766</cvename>
      <cvename>CVE-2022-41767</cvename>
      <url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/SPYFDCGZE7KJNO73ET7QVSUXMHXVRFTE/</url>
    </references>
    <dates>
      <discovery>2022-09-29</discovery>
      <entry>2022-10-02</entry>
    </dates>
  </vuln>

  <vuln vid="d459c914-4100-11ed-9bc7-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>106.0.5249.91</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html">
	  <p>This release contains 3 security fixes, including:</p>
	  <ul>
	    <li>[1366813] High CVE-2022-3370: Use after free in Custom Elements. Reported by Aviv A. on 2022-09-22</li>
	    <li>[1366399] High CVE-2022-3373: Out of bounds write in V8. Reported by Tibor Klajnscek on 2022-09-21</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3370</cvename>
      <cvename>CVE-2022-3373</cvename>
      <url>https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_30.html</url>
    </references>
    <dates>
      <discovery>2022-09-30</discovery>
      <entry>2022-09-30</entry>
    </dates>
  </vuln>

  <vuln vid="04422df1-40d8-11ed-9be7-454b1dd82c64">
    <topic>Gitlab -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.4.0</ge><lt>15.4.1</lt></range>
	<range><ge>15.3.0</ge><lt>15.3.4</lt></range>
	<range><ge>9.3.0</ge><lt>15.2.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2022/09/29/security-release-gitlab-15-4-1-released/">
	  <p>Denial of Service via cloning an issue</p>
	  <p>Arbitrary PUT request as victim user through Sentry error list</p>
	  <p>Content injection via External Status Checks</p>
	  <p>Project maintainers can access Datadog API Key from logs</p>
	  <p>Unsafe serialization of Json data could lead to sensitive data leakage</p>
	  <p>Import bug allows importing of private local git repos</p>
	  <p>Maintainer can leak Github access tokens by changing integration URL (even after 15.2.1 patch)</p>
	  <p>Unauthorized users able to create issues in any project</p>
	  <p>Bypass group IP restriction on Dependency Proxy</p>
	  <p>Healthcheck endpoint allow list can be bypassed when accessed over HTTP in an HTTPS enabled system</p>
	  <p>Disclosure of Todo details to guest users</p>
	  <p>A user's primary email may be disclosed through group member events webhooks</p>
	  <p>Content manipulation due to branch/tag name confusion with the default branch name</p>
	  <p>Leakage of email addresses in WebHook logs</p>
	  <p>Specially crafted output makes job logs inaccessible</p>
	  <p>Enforce editing approval rules on project level</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3283</cvename>
      <cvename>CVE-2022-3060</cvename>
      <cvename>CVE-2022-2904</cvename>
      <cvename>CVE-2022-3018</cvename>
      <cvename>CVE-2022-3291</cvename>
      <cvename>CVE-2022-3067</cvename>
      <cvename>CVE-2022-2882</cvename>
      <cvename>CVE-2022-3066</cvename>
      <cvename>CVE-2022-3286</cvename>
      <cvename>CVE-2022-3285</cvename>
      <cvename>CVE-2022-3330</cvename>
      <cvename>CVE-2022-3351</cvename>
      <cvename>CVE-2022-3288</cvename>
      <cvename>CVE-2022-3293</cvename>
      <cvename>CVE-2022-3279</cvename>
      <cvename>CVE-2022-3325</cvename>
      <url>https://about.gitlab.com/releases/2022/09/29/security-release-gitlab-15-4-1-released/</url>
    </references>
    <dates>
      <discovery>2022-09-29</discovery>
      <entry>2022-09-30</entry>
    </dates>
  </vuln>

  <vuln vid="5a1c2e06-3fb7-11ed-a402-b42e991fc52e">
    <topic>unbound -- Non-Responsive Delegation Attack</topic>
    <affects>
      <package>
	<name>unbound</name>
	<range><lt>1.16.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
      <p>
	A vulnerability named 'Non-Responsive Delegation Attack'
	(NRDelegation Attack) has been discovered in various DNS
	resolving software. The NRDelegation Attack works by having
	a malicious delegation with a considerable number of non
	responsive nameservers. The attack starts by querying a
	resolver for a record that relies on those unresponsive
	nameservers. The attack can cause a resolver to spend a lot
	of time/resources resolving records under a malicious
	delegation point where a considerable number of unresponsive
	NS records reside. It can trigger high CPU usage in some
	resolver implementations that continually look in the cache
	for resolved NS records in that delegation.
      </p>
	<blockquote cite="https://www.cvedetails.com/cve/CVE-2022-3204">
	  <p>.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3204</cvename>
      <url>https://nlnetlabs.nl/downloads/unbound/CVE-2022-3204.txt</url>
    </references>
    <dates>
      <discovery>2022-09-26</discovery>
      <entry>2022-09-29</entry>
    </dates>
  </vuln>

  <vuln vid="cb902a77-3f43-11ed-9402-901b0e9408dc">
    <topic>Matrix clients -- several vulnerabilities</topic>
    <affects>
      <package>
	<name>cinny</name>
	<range><lt>2.2.1</lt></range>
      </package>
      <package>
	<name>element-web</name>
	<range><lt>1.11.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matrix developers report:</p>
	<blockquote cite="https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients">
	  <p>Two critical severity vulnerabilities in end-to-end encryption were
	  found in the SDKs which power Element, Beeper, Cinny, SchildiChat,
	  Circuli, Synod.im and any other clients based on matrix-js-sdk,
	  matrix-ios-sdk or matrix-android-sdk2.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-39249</cvename>
      <cvename>CVE-2022-39250</cvename>
      <cvename>CVE-2022-39251</cvename>
      <cvename>CVE-2022-39236</cvename>
      <url>https://matrix.org/blog/2022/09/28/upgrade-now-to-address-encryption-vulns-in-matrix-sdks-and-clients</url>
    </references>
    <dates>
      <discovery>2022-09-23</discovery>
      <entry>2022-09-28</entry>
    </dates>
  </vuln>

  <vuln vid="18529cb0-3e9c-11ed-9bc7-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>106.0.5249.61</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html">
	  <p>This release contains 20 security fixes, including:</p>
	  <ul>
	    <li>[1358907] High CVE-2022-3304: Use after free in CSS. Reported by Anonymous on 2022-09-01</li>
	    <li>[1343104] High CVE-2022-3201: Insufficient validation of untrusted input in Developer Tools. Reported by NDevTK on 2022-07-09</li>
	    <li>[1319229] High CVE-2022-3305: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-24</li>
	    <li>[1320139] High CVE-2022-3306: Use after free in Survey. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-27</li>
	    <li>[1323488] High CVE-2022-3307: Use after free in Media. Reported by Anonymous Telecommunications Corp. Ltd. on 2022-05-08</li>
	    <li>[1342722] Medium CVE-2022-3308: Insufficient policy enforcement in Developer Tools. Reported by Andrea Cappa (zi0Black) @ Shielder on 2022-07-08</li>
	    <li>[1348415] Medium CVE-2022-3309: Use after free in Assistant. Reported by zh1x1an1221 of Ant Group Tianqiong Security Lab on 2022-07-29</li>
	    <li>[1240065] Medium CVE-2022-3310: Insufficient policy enforcement in Custom Tabs. Reported by Ashwin Agrawal from Optus, Sydney on 2021-08-16</li>
	    <li>[1302813] Medium CVE-2022-3311: Use after free in Import. Reported by Samet Bekmezci @sametbekmezci on 2022-03-04</li>
	    <li>[1303306] Medium CVE-2022-3312: Insufficient validation of untrusted input in VPN. Reported by Andr.Ess on 2022-03-06</li>
	    <li>[1317904] Medium CVE-2022-3313: Incorrect security UI in Full Screen. Reported by Irvan Kurniawan (sourc7) on 2022-04-20</li>
	    <li>[1328708] Medium CVE-2022-3314: Use after free in Logging. Reported by Anonymous on 2022-05-24</li>
	    <li>[1322812] Medium CVE-2022-3315: Type confusion in Blink. Reported by Anonymous on 2022-05-05</li>
	    <li>[1333623] Low CVE-2022-3316: Insufficient validation of untrusted input in Safe Browsing. Reported by Sven Dysthe (@svn_dy) on 2022-06-07</li>
	    <li>[1300539] Low CVE-2022-3317: Insufficient validation of untrusted input in Intents. Reported by Hafiizh on 2022-02-24</li>
	    <li>[1318791] Low CVE-2022-3318: Use after free in ChromeOS Notifications. Reported by GraVity0 on 2022-04-22</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3201</cvename>
      <cvename>CVE-2022-3304</cvename>
      <cvename>CVE-2022-3305</cvename>
      <cvename>CVE-2022-3306</cvename>
      <cvename>CVE-2022-3307</cvename>
      <cvename>CVE-2022-3308</cvename>
      <cvename>CVE-2022-3309</cvename>
      <cvename>CVE-2022-3310</cvename>
      <cvename>CVE-2022-3311</cvename>
      <cvename>CVE-2022-3312</cvename>
      <cvename>CVE-2022-3313</cvename>
      <cvename>CVE-2022-3314</cvename>
      <cvename>CVE-2022-3315</cvename>
      <cvename>CVE-2022-3316</cvename>
      <cvename>CVE-2022-3317</cvename>
      <cvename>CVE-2022-3318</cvename>
      <url>https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html</url>
    </references>
    <dates>
      <discovery>2022-09-27</discovery>
      <entry>2022-09-27</entry>
    </dates>
  </vuln>

  <vuln vid="0a0670a1-3e1a-11ed-b48b-e0d55e2a8bf9">
    <topic>expat -- Heap use-after-free vulnerability</topic>
    <affects>
      <package>
	<name>expat</name>
	<range><lt>2.4.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Debian Security Advisory reports:</p>
	<blockquote cite="https://www.debian.org/security/2022/dsa-5236">
	  <p>Rhodri James discovered a heap use-after-free vulnerability in the doContent function in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-40674</cvename>
      <url>https://www.debian.org/security/2022/dsa-5236</url>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-40674</url>
    </references>
    <dates>
      <discovery>2022-09-14</discovery>
      <entry>2022-09-27</entry>
    </dates>
  </vuln>

  <vuln vid="f9ada0b5-3d80-11ed-9330-080027f5fec9">
    <topic>squid -- Exposure of sensitive information in cache manager</topic>
    <affects>
      <package>
	<name>squid</name>
	<range><lt>5.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mikhail Evdokimov (aka konata) reports:</p>
	<blockquote cite="https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq">
	  <p>
	    Due to inconsistent handling of internal URIs Squid is
	    vulnerable to Exposure of Sensitive Information about
	    clients using the proxy. This problem allows a trusted
	    client to directly access cache manager information
	    bypassing the manager ACL protection. The available cache
	    manager information contains records of internal network
	    structure, client credentials, client identity and client
	    traffic behaviour.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-41317</cvename>
      <url>https://github.com/squid-cache/squid/security/advisories/GHSA-rcg9-7fqm-83mq</url>
    </references>
    <dates>
      <discovery>2022-04-17</discovery>
      <entry>2022-09-26</entry>
    </dates>
  </vuln>

  <vuln vid="f1f637d1-39eb-11ed-ab44-080027f5fec9">
    <topic>redis -- Potential remote code execution vulnerability</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><ge>7.0.0</ge><lt>7.0.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Redis core team reports:</p>
	<blockquote cite="https://github.com/redis/redis/releases/tag/7.0.5">
	  <p>
	    Executing a XAUTOCLAIM command on a stream key in a
	    specific state, with a specially crafted COUNT argument,
	    may cause an integer overflow, a subsequent heap overflow,
	    and potentially lead to remote code execution. The problem
	    affects Redis versions 7.0.0 or newer.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-35951</cvename>
      <url>https://github.com/redis/redis/releases/tag/7.0.5</url>
    </references>
    <dates>
      <discovery>2022-09-21</discovery>
      <entry>2022-09-21</entry>
    </dates>
  </vuln>

  <vuln vid="95e6e6ca-3986-11ed-8e0c-6c3be5272acd">
    <topic>Grafana -- Privilege escalation</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>2.1.0</ge><lt>8.5.13</lt></range>
	<range><ge>9.0.0</ge><lt>9.0.9</lt></range>
	<range><ge>9.1.0</ge><lt>9.1.6</lt></range>
      </package>
      <package>
	<name>grafana7</name>
	<range><ge>7.0</ge></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><ge>8.0.0</ge><lt>8.5.13</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.0.0</ge><lt>9.0.9</lt></range>
	<range><ge>9.1.0</ge><lt>9.1.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2022/09/20/grafana-security-releases-new-versions-with-moderate-severity-security-fixes-for-cve-2022-35957-and-cve-2022-36062/">
	  <p>On August 9 an internal security review identified a vulnerability
	  in the Grafana which allows an escalation from Admin privileges
	  to Server Admin when Auth proxy authentication is used.</p>
	  <p><a href="https://grafana.com/docs/grafana/latest/setup-grafana/configure-security/configure-authentication/auth-proxy/#configure-auth-proxy-authentication">
	  Auth proxy</a> allows to authenticate a user by only providing the username
	  (or email) in a <code>X-WEBAUTH-USER</code> HTTP header: the trust assumption
	  is that a front proxy will take care of authentication and that Grafana server
	  is publicly reachable only with this front proxy.</p>
	  <p><a href="https://grafana.com/docs/grafana/latest/developers/http_api/data_source/#data-source-proxy-calls">
	  Datasource proxy</a> breaks this assumption:</p>
	  <ul>
	    <li>it is possible to configure a fake datasource pointing to a localhost
	    Grafana install with a <code>X-WEBAUTH-USER</code> HTTP header containing
	    admin username.</li>
	    <li>This fake datasource can be called publicly via this proxying feature.</li>
	  </ul>
	  <p>The CVSS score for this vulnerability is 6.6 Moderate
	  (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-35957</cvename>
      <url>https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q</url>
    </references>
    <dates>
      <discovery>2022-08-09</discovery>
      <entry>2022-09-21</entry>
    </dates>
  </vuln>

  <vuln vid="656b0152-faa9-4755-b08d-aee4a774bd04">
    <topic>zeek -- potential DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>5.0.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v5.0.2">
	<p> Fix a possible overflow and crash in the ICMP analyzer
	when receiving a specially crafted packet. </p>
	<p> Fix a possible overflow and crash in the IRC analyzer
	when receiving a specially crafted packet. </p>
	<p> Fix a possible overflow and crash in the SMB analyzer
	when receiving a specially crafted packet. </p>
	<p> Fix two possible crashes when converting IP headers for
	output via the raw_packet event. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v5.0.2</url>
    </references>
    <dates>
      <discovery>2022-09-19</discovery>
      <entry>2022-09-19</entry>
    </dates>
  </vuln>

  <vuln vid="aeb4c85b-3600-11ed-b52d-589cfc007716">
    <topic>puppetdb -- Potential SQL injection</topic>
    <affects>
      <package>
	<name>puppetdb6</name>
	<range><lt>6.22.1</lt></range>
      </package>
      <package>
	<name>puppetdb7</name>
	<range><lt>7.11.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Puppet reports:</p>
	<blockquote cite="https://puppet.com/docs/puppetdb/7/release_notes.html#puppetdb-7111">
	  <p>The org.postgresql/postgresql driver has been updated to version 42.4.1 to address CVE-2022-31197, which is an SQL injection risk that according to the CVE report, can only be exploited if an attacker controls the database to the extent that they can adjust relevant tables to have "malicious" column names.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-31197</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2022-31197</url>
      <url>https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-r38f-c4h4-hqq2</url>
    </references>
    <dates>
      <discovery>2022-08-03</discovery>
      <entry>2022-09-16</entry>
    </dates>
  </vuln>

  <vuln vid="b59847e0-346d-11ed-8fe9-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>105.0.5195.125</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html">
	  <p>This release includes 11 security fixes, including:</p>
	  <ul>
	    <li>[1358381] High CVE-2022-3195: Out of bounds write in Storage. Reported by Ziling Chen and Nan Wang (@eternalsakura13) of 360 Vulnerability Research Institute on 2022-08-31</li>
	    <li>[1358090] High CVE-2022-3196: Use after free in PDF. Reported by triplepwns on 2022-08-30</li>
	    <li>[1358075] High CVE-2022-3197: Use after free in PDF. Reported by triplepwns on 2022-08-30</li>
	    <li>[1355682] High CVE-2022-3198: Use after free in PDF. Reported by MerdroidSG on 2022-08-23</li>
	    <li>[1355237] High CVE-2022-3199: Use after free in Frames. Reported by Anonymous on 2022-08-22</li>
	    <li>[1355103] High CVE-2022-3200: Heap buffer overflow in Internals. Reported by Richard Lorenz, SAP on 2022-08-22</li>
	    <li>[1343104] High CVE-2022-3201: Insufficient validation of untrusted input in DevTools. Reported by NDevTK on 2022-07-09</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3195</cvename>
      <cvename>CVE-2022-3196</cvename>
      <cvename>CVE-2022-3197</cvename>
      <cvename>CVE-2022-3198</cvename>
      <cvename>CVE-2022-3199</cvename>
      <cvename>CVE-2022-3200</cvename>
      <cvename>CVE-2022-3201</cvename>
      <url>https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_14.html</url>
    </references>
    <dates>
      <discovery>2022-09-14</discovery>
      <entry>2022-09-14</entry>
    </dates>
  </vuln>

  <vuln vid="4ebaa983-3299-11ed-95f8-901b0e9408dc">
    <topic>dendrite -- Signature checks not applied to some retrieved missing events</topic>
    <affects>
      <package>
	<name>dendrite</name>
	<range><lt>0.9.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Dendrite team reports:</p>
	<blockquote cite="https://github.com/matrix-org/dendrite/security/advisories/GHSA-pfw4-xjgm-267c">
	  <p>Events retrieved from a remote homeserver using /get_missing_events did
	  not have their signatures verified correctly. This could potentially allow
	  a remote homeserver to provide invalid/modified events to Dendrite via this
	  endpoint.</p>
	  <p>Note that this does not apply to events retrieved through other endpoints
	  (e.g. /event, /state) as they have been correctly verified.</p>
	  <p>Homeservers that have federation disabled are not vulnerable.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/matrix-org/dendrite/security/advisories/GHSA-pfw4-xjgm-267c</url>
    </references>
    <dates>
      <discovery>2022-09-12</discovery>
      <entry>2022-09-12</entry>
    </dates>
  </vuln>

  <vuln vid="f75722ce-31b0-11ed-8b56-0800277bb8a8">
    <topic>gitea -- multiple issues</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.17.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/20869">
	  <p>Double check CloneURL is acceptable</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/21011">
	  <p>Add more checks in migration code</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://blog.gitea.io/2022/09/gitea-1.17.2-is-released/</url>
    </references>
    <dates>
      <discovery>2022-08-19</discovery>
      <entry>2022-09-11</entry>
    </dates>
  </vuln>

  <vuln vid="80e057e7-2f0a-11ed-978f-fcaa147e860e">
    <topic>Python -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>python37</name>
	<range><lt>3.7.14</lt></range>
      </package>
      <package>
	<name>python38</name>
	<range><lt>3.8.14</lt></range>
      </package>
      <package>
	<name>python39</name>
	<range><lt>3.9.14</lt></range>
      </package>
      <package>
	<name>python310</name>
	<range><lt>3.10.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Python reports:</p>
	<blockquote cite="https://docs.python.org/release/3.7.14/whatsnew/changelog.html#changelog">
	  <p>gh-95778: Converting between int and str in bases other than 2 (binary), 4, 8 (octal),
	    16 (hexadecimal), or 32 such as base 10 (decimal) now raises a ValueError if the number
	    of digits in string form is above a limit to avoid potential denial of service attacks
	    due to the algorithmic complexity.</p>
	  <p>gh-87389: http.server: Fix an open redirection vulnerability in the HTTP server when
	    an URI path starts with //. Vulnerability discovered, and initial fix proposed, by
	    Hamza Avvan.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-10735</cvename>
      <url>https://docs.python.org/release/3.7.14/whatsnew/changelog.html#changelog</url>
    </references>
    <dates>
      <discovery>2020-03-20</discovery>
      <entry>2022-09-08</entry>
    </dates>
  </vuln>

  <vuln vid="6fea7103-2ea4-11ed-b403-3dae8ac60d3e">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go118</name>
	<range><lt>1.18.6</lt></range>
      </package>
      <package>
	<name>go119</name>
	<range><lt>1.19.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://go.dev/issue/54658">
	  <p>net/http: handle server errors after sending GOAWAY</p>
	  <p>A closing HTTP/2 server connection could hang forever
	    waiting for a clean shutdown that was preempted by a
	    subsequent fatal error. This failure mode could be
	    exploited to cause a denial of service.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/54385">
	  <p>net/url: JoinPath does not strip relative path components
	    in all circumstances</p>
	  <p>JoinPath and URL.JoinPath would not remove ../ path
	    components appended to a relative path.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-27664</cvename>
      <cvename>CVE-2022-32190</cvename>
      <url>https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ</url>
    </references>
    <dates>
      <discovery>2022-09-06</discovery>
      <entry>2022-09-07</entry>
    </dates>
  </vuln>

  <vuln vid="f38d25ac-2b7a-11ed-a1ef-3065ec8fd3ec">
    <topic>chromium -- insufficient data validation in Mojo</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>105.0.5195.102</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html">
	  <p>This release contains 1 security fix:</p>
	  <ul>
	    <li>[1358134] High CVE-2022-3075: Insufficient data validation in Mojo. Reported by Anonymous on 2022-08-30</li>
	  </ul>
	  <p>Google is aware that an exploit of CVE-2022-3075 exists in the wild.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3075</cvename>
      <url>https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2022-09-02</discovery>
      <entry>2022-09-03</entry>
    </dates>
  </vuln>

  <vuln vid="5418b360-29cc-11ed-a6d4-6805ca2fa271">
    <topic>powerdns-recursor -- denial of service</topic>
    <affects>
      <package>
	<name>powerdns-recursor</name>
	<range><lt>4.7.2</lt></range>
	<range><lt>4.6.3</lt></range>
	<range><lt>4.5.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PowerDNS Team reports:</p>
	<blockquote cite="https://www.powerdns.com/news.html#20220823">
	  <p>PowerDNS Security Advisory 2022-02: incomplete exception handling related to protobuf message generation.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-37428</cvename>
      <url>https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2022-02.html</url>
    </references>
    <dates>
      <discovery>2022-08-23</discovery>
      <entry>2022-09-01</entry>
    </dates>
  </vuln>

  <vuln vid="827b95ff-290e-11ed-a2e7-6c3be5272acd">
    <topic>Grafana -- Unauthorized file disclosure</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>5.2.0</ge><lt>8.3.11</lt></range>
	<range><ge>8.4.0</ge><lt>8.4.11</lt></range>
	<range><ge>8.5.0</ge><lt>8.5.11</lt></range>
	<range><ge>9.0.0</ge><lt>9.0.8</lt></range>
	<range><ge>9.1.0</ge><lt>9.1.2</lt></range>
      </package>
      <package>
	<name>grafana7</name>
	<range><ge>7.0</ge></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><ge>8.3.0</ge><lt>8.3.11</lt></range>
	<range><ge>8.4.0</ge><lt>8.4.11</lt></range>
	<range><ge>8.5.0</ge><lt>8.5.11</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><ge>9.0.0</ge><lt>9.0.8</lt></range>
	<range><ge>9.1.0</ge><lt>9.1.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2022/08/30/security-release-new-versions-of-grafana-and-grafana-image-renderer-with-a-high-severity-security-fix-for-cve-2022-31176/">
	  <p>On July 21, an internal security review identified an unauthorized file disclosure vulnerability in the <a href="https://grafana.com/grafana/plugins/grafana-image-renderer/">Grafana Image Renderer plugin</a> when HTTP remote rendering is used. The Chromium browser embedded in the Grafana Image Renderer allows for “printing” of unauthorized files in a PNG file. This makes it possible for a malicious user to retrieve unauthorized files under some network conditions or via a fake data source (this applies if the user has admin permissions in Grafana).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-31176</cvename>
      <url>https://github.com/grafana/grafana-image-renderer/security/advisories/GHSA-2cfh-233g-m4c5</url>
    </references>
    <dates>
      <discovery>2022-07-21</discovery>
      <entry>2022-09-01</entry>
    </dates>
  </vuln>

  <vuln vid="e4d93d07-297a-11ed-95f8-901b0e9408dc">
    <topic>Matrix clients -- several vulnerabilities</topic>
    <affects>
      <package>
	<name>cinny</name>
	<range><lt>2.1.3</lt></range>
      </package>
      <package>
	<name>element-web</name>
	<range><lt>1.11.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matrix developers report:</p>
	<blockquote cite="https://matrix.org/blog/2022/08/31/security-releases-matrix-js-sdk-19-4-0-and-matrix-react-sdk-3-53-0">
	  <p>The vulnerabilities give an adversary who you share a
	  room with the ability to carry out a denial-of-service
	  attack against the affected clients, making it not show all
	  of a user's rooms or spaces and/or causing minor temporary
	  corruption.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-36059</cvename>
      <cvename>CVE-2022-36060</cvename>
      <url>https://matrix.org/blog/2022/08/31/security-releases-matrix-js-sdk-19-4-0-and-matrix-react-sdk-3-53-0</url>
    </references>
    <dates>
      <discovery>2022-08-31</discovery>
      <entry>2022-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="f2043ff6-2916-11ed-a1ef-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>105.0.5195.52</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html">
	  <p>This release contains 24 security fixes, including:</p>
	  <ul>
	    <li>[1340253] Critical CVE-2022-3038: Use after free in Network Service. Reported by Sergei Glazunov of Google Project Zero on 2022-06-28</li>
	    <li>[1343348] High CVE-2022-3039: Use after free in WebSQL. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Vulnerability Research Institute on 2022-07-11</li>
	    <li>[1341539] High CVE-2022-3040: Use after free in Layout. Reported by Anonymous on 2022-07-03</li>
	    <li>[1345947] High CVE-2022-3041: Use after free in WebSQL. Reported by Ziling Chen and Nan Wang(@eternalsakura13) of 360 Vulnerability Research Institute on 2022-07-20</li>
	    <li>[1338553] High CVE-2022-3042: Use after free in PhoneHub. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22</li>
	    <li>[1336979] High CVE-2022-3043: Heap buffer overflow in Screen Capture. Reported by @ginggilBesel on 2022-06-16</li>
	    <li>[1051198] High CVE-2022-3044: Inappropriate implementation in Site Isolation. Reported by Lucas Pinheiro, Microsoft Browser Vulnerability Research on 2020-02-12</li>
	    <li>[1339648] High CVE-2022-3045: Insufficient validation of untrusted input in V8. Reported by Ben Noordhuis &lt;info@bnoordhuis.nl&gt; on 2022-06-26</li>
	    <li>[1346245] High CVE-2022-3046: Use after free in Browser Tag. Reported by Rong Jian of VRI on 2022-07-21</li>
	    <li>[1342586] Medium CVE-2022-3047: Insufficient policy enforcement in Extensions API. Reported by Maurice Dauer on 2022-07-07</li>
	    <li>[1303308] Medium CVE-2022-3048: Inappropriate implementation in Chrome OS lockscreen. Reported by Andr.Ess on 2022-03-06</li>
	    <li>[1316892] Medium CVE-2022-3049: Use after free in SplitScreen. Reported by @ginggilBesel on 2022-04-17</li>
	    <li>[1337132] Medium CVE-2022-3050: Heap buffer overflow in WebUI. Reported by Zhihua Yao of KunLun Lab on 2022-06-17</li>
	    <li>[1345245] Medium CVE-2022-3051: Heap buffer overflow in Exosphere. Reported by @ginggilBesel on 2022-07-18</li>
	    <li>[1346154] Medium CVE-2022-3052: Heap buffer overflow in Window Manager. Reported by Khalil Zhani on 2022-07-21</li>
	    <li>[1267867] Medium CVE-2022-3053: Inappropriate implementation in Pointer Lock. Reported by Jesper van den Ende (Pelican Party Studios) on 2021-11-08</li>
	    <li>[1290236] Medium CVE-2022-3054: Insufficient policy enforcement in DevTools. Reported by Kuilin Li on 2022-01-24</li>
	    <li>[1351969] Medium CVE-2022-3055: Use after free in Passwords. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-08-11</li>
	    <li>[1329460] Low CVE-2022-3056: Insufficient policy enforcement in Content Security Policy. Reported by Anonymous on 2022-05-26</li>
	    <li>[1336904] Low CVE-2022-3057: Inappropriate implementation in iframe Sandbox. Reported by Gareth Heyes on 2022-06-16</li>
	    <li>[1337676] Low CVE-2022-3058: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-06-20</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-3038</cvename>
      <cvename>CVE-2022-3039</cvename>
      <cvename>CVE-2022-3040</cvename>
      <cvename>CVE-2022-3041</cvename>
      <cvename>CVE-2022-3042</cvename>
      <cvename>CVE-2022-3043</cvename>
      <cvename>CVE-2022-3044</cvename>
      <cvename>CVE-2022-3045</cvename>
      <cvename>CVE-2022-3046</cvename>
      <cvename>CVE-2022-3047</cvename>
      <cvename>CVE-2022-3048</cvename>
      <cvename>CVE-2022-3049</cvename>
      <cvename>CVE-2022-3050</cvename>
      <cvename>CVE-2022-3051</cvename>
      <cvename>CVE-2022-3052</cvename>
      <cvename>CVE-2022-3053</cvename>
      <cvename>CVE-2022-3054</cvename>
      <cvename>CVE-2022-3055</cvename>
      <cvename>CVE-2022-3056</cvename>
      <cvename>CVE-2022-3057</cvename>
      <cvename>CVE-2022-3058</cvename>
      <url>https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html</url>
    </references>
    <dates>
      <discovery>2022-08-30</discovery>
      <entry>2022-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="a1323a76-28f1-11ed-a72a-002590c1f29c">
    <topic>FreeBSD -- zlib heap buffer overflow</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.1</ge><lt>13.1_2</lt></range>
	<range><ge>13.0</ge><lt>13.0_13</lt></range>
	<range><ge>12.3</ge><lt>12.3_7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>zlib through 1.2.12 has a heap-based buffer over-read or buffer
	overflow in inflate in inflate.c via a large gzip header extra
	field.</p>
	<h1>Impact:</h1>
	<p>Applications that call inflateGetHeader may be vulnerable to a
	buffer overflow.  Note that inflateGetHeader is not used by anything
	in the FreeBSD base system, but may be used by third party
	software.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-37434</cvename>
      <freebsdsa>SA-22:13.zlib</freebsdsa>
    </references>
    <dates>
      <discovery>2022-08-30</discovery>
      <entry>2022-08-31</entry>
    </dates>
  </vuln>

  <vuln vid="e6b994e2-2891-11ed-9be7-454b1dd82c64">
    <topic>Gitlab -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.3.0</ge><lt>15.3.2</lt></range>
	<range><ge>15.2.0</ge><lt>15.2.4</lt></range>
	<range><ge>10.0.0</ge><lt>15.1.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/">
	  <p>Remote Command Execution via GitHub import</p>
	  <p>Stored XSS via labels color</p>
	  <p>Content injection via Incidents Timeline description</p>
	  <p>Lack of length validation in Snippets leads to Denial of Service</p>
	  <p>Group IP allow-list not fully respected by the Package Registry</p>
	  <p>Abusing Gitaly.GetTreeEntries calls leads to denial of service</p>
	  <p>Arbitrary HTTP Requests Possible in .ipynb Notebook with Malicious Form Tags</p>
	  <p>Regular Expression Denial of Service via special crafted input</p>
	  <p>Information Disclosure via Arbitrary GFM references rendered in Incident Timeline Events</p>
	  <p>Regex backtracking through the Commit message field</p>
	  <p>Read repository content via LivePreview feature</p>
	  <p>Denial of Service via the Create branch API</p>
	  <p>Denial of Service via Issue preview</p>
	  <p>IDOR in Zentao integration leaked issue details</p>
	  <p>Brute force attack may guess a password even when 2FA is enabled</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2992</cvename>
      <cvename>CVE-2022-2865</cvename>
      <cvename>CVE-2022-2527</cvename>
      <cvename>CVE-2022-2592</cvename>
      <cvename>CVE-2022-2533</cvename>
      <cvename>CVE-2022-2455</cvename>
      <cvename>CVE-2022-2428</cvename>
      <cvename>CVE-2022-2908</cvename>
      <cvename>CVE-2022-2630</cvename>
      <cvename>CVE-2022-2931</cvename>
      <cvename>CVE-2022-2907</cvename>
      <cvename>CVE-2022-3031</cvename>
      <url>https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/</url>
    </references>
    <dates>
      <discovery>2022-08-30</discovery>
      <entry>2022-08-30</entry>
    </dates>
  </vuln>

  <vuln vid="3110b29e-c82d-4287-9f6c-db82bb883b1e">
    <topic>zeek -- potential DoS vulnerabilities</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>5.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v5.0.1">
	<p> Fix a possible overflow and crash in the ARP analyzer
	when receiving a specially crafted packet. Due to the
	possibility of this happening with packets received from
	the network, this is a potential DoS vulnerability. </p>
	<p> Fix a possible overflow and crash in the Modbus analyzer
	when receiving a specially crafted packet. Due to the
	possibility of this happening with packets received from
	the network, this is a potential DoS vulnerability. </p>
	<p> Fix two possible crashes when converting IP headers for
	output via the raw_packet event. Due to the possibility of
	this happening with packets received from the network, this
	is a potential DoS vulnerability. Note that the raw_packet
	event is not enabled by default so these are likely
	low-severity issues. </p>
	<p> Fix an abort related to an error related to the ordering
	of record fields when processing DNS EDNS headers via events.
	Due to the possibility of this happening with packets
	received from the network, this is a potential DoS
	vulnerability.  Note that the dns_EDNS events are not
	implemented by default so this is likely a low-severity
	issue. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v5.0.1</url>
    </references>
    <dates>
      <discovery>2022-08-23</discovery>
      <entry>2022-08-26</entry>
    </dates>
  </vuln>

  <vuln vid="36d10af7-248d-11ed-856e-d4c9ef517024">
    <topic>MariaDB -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mariadb103-server</name>
	<range><lt>10.3.36</lt></range>
      </package>
      <package>
	<name>mariadb104-server</name>
	<range><lt>10.4.26</lt></range>
      </package>
      <package>
	<name>mariadb105-server</name>
	<range><lt>10.5.17</lt></range>
      </package>
      <package>
	<name>mariadb106-server</name>
	<range><lt>10.6.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The MariaDB project reports:</p>
	<blockquote cite="https://mariadb.com/kb/en/cve/">
	  <p>Multiple vulnerabilities, mostly segfaults, in
	    the server component</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-32082</cvename>
      <cvename>CVE-2022-32089</cvename>
      <cvename>CVE-2022-32081</cvename>
      <cvename>CVE-2018-25032</cvename>
      <cvename>CVE-2022-32091</cvename>
      <cvename>CVE-2022-32084</cvename>
      <url>https://mariadb.com/kb/en/cve/</url>
    </references>
    <dates>
      <discovery>2022-08-22</discovery>
      <entry>2022-08-25</entry>
    </dates>
  </vuln>

  <vuln vid="8a0cd618-22a0-11ed-b1e7-001b217b3468">
    <topic>Gitlab -- Remote Code Execution</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.3.0</ge><lt>15.3.1</lt></range>
	<range><ge>15.2.0</ge><lt>15.2.3</lt></range>
	<range><ge>11.3.4</ge><lt>15.1.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/">
	  <p>Remote Command Execution via Github import</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2884</cvename>
      <url>https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/</url>
    </references>
    <dates>
      <discovery>2022-08-22</discovery>
      <entry>2022-08-23</entry>
    </dates>
  </vuln>

  <vuln vid="03bb8373-2026-11ed-9d70-080027240888">
    <topic>drupal9 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>drupal9</name>
	<range><lt>9.4.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Drupal reports:</p>
	<blockquote cite="https://www.drupal.org/project/drupal/releases/9.4.5">
	  <p>CVE-2022-31175: Cross-site scripting (XSS) caused by the editor
	     instance destroying process.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-31175</cvename>
      <url>https://www.drupal.org/project/drupal/releases/9.4.5</url>
    </references>
    <dates>
      <discovery>2022-08-01</discovery>
      <entry>2022-08-20</entry>
    </dates>
  </vuln>

  <vuln vid="f12368a8-1e05-11ed-a1ef-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>104.0.5112.101</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html">
	  <p>This release contains 11 security fixes, including:</p>
	  <ul>
	    <li>[1349322] Critical CVE-2022-2852: Use after free in FedCM. Reported by Sergei Glazunov of Google Project Zero on 2022-08-02</li>
	    <li>[1337538] High CVE-2022-2854: Use after free in SwiftShader. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-06-18</li>
	    <li>[1345042] High CVE-2022-2855: Use after free in ANGLE. Reported by Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications Corp. Ltd. on 2022-07-16</li>
	    <li>[1338135] High CVE-2022-2857: Use after free in Blink. Reported by Anonymous on 2022-06-21</li>
	    <li>[1341918] High CVE-2022-2858: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05</li>
	    <li>[1350097] High CVE-2022-2853: Heap buffer overflow in Downloads. Reported by Sergei Glazunov of Google Project Zero on 2022-08-04</li>
	    <li>[1345630] High CVE-2022-2856: Insufficient validation of untrusted input in Intents. Reported by Ashley Shen and Christian Resell of Google Threat Analysis Group on 2022-07-19</li>
	    <li>[1338412] Medium CVE-2022-2859: Use after free in Chrome OS Shell. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-22</li>
	    <li>[1345193] Medium CVE-2022-2860: Insufficient policy enforcement in Cookies. Reported by Axel Chong on 2022-07-18</li>
	    <li>[1346236] Medium CVE-2022-2861: Inappropriate implementation in Extensions API. Reported by Rong Jian of VRI on 2022-07-21</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2852</cvename>
      <cvename>CVE-2022-2853</cvename>
      <cvename>CVE-2022-2854</cvename>
      <cvename>CVE-2022-2855</cvename>
      <cvename>CVE-2022-2856</cvename>
      <cvename>CVE-2022-2857</cvename>
      <cvename>CVE-2022-2858</cvename>
      <cvename>CVE-2022-2859</cvename>
      <cvename>CVE-2022-2860</cvename>
      <cvename>CVE-2022-2861</cvename>
      <url>https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html</url>
    </references>
    <dates>
      <discovery>2022-08-16</discovery>
      <entry>2022-08-17</entry>
    </dates>
  </vuln>

  <vuln vid="d658042c-1c98-11ed-95f8-901b0e9408dc">
    <topic>dendrite -- Incorrect parsing of the event default power level in event auth</topic>
    <affects>
      <package>
	<name>dendrite</name>
	<range><lt>0.9.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Dendrite team reports:</p>
	<blockquote cite="https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-grvv-h2f9-7v9c">
	  <p>The power level parsing within gomatrixserverlib was failing to parse the "events_default"
	  key of the m.room.power_levels event, defaulting the event default power level to zero in all cases.</p>
	  <p> In rooms where the "events_default" power level had been changed, this could result in
	  events either being incorrectly authorised or rejected by Dendrite servers.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-36009</cvename>
      <url>https://github.com/matrix-org/gomatrixserverlib/security/advisories/GHSA-grvv-h2f9-7v9c</url>
    </references>
    <dates>
      <discovery>2022-08-15</discovery>
      <entry>2022-08-15</entry>
      <modified>2022-08-25</modified>
    </dates>
  </vuln>

  <vuln vid="e2e7faf9-1b51-11ed-ae46-002b67dfc673">
    <topic>Tomcat -- XSS in examples web application</topic>
    <affects>
      <package>
	<name>tomcat</name>
	<range><ge>8.5.50</ge><lt>8.5.81</lt></range>
	<range><ge>9.0.30</ge><lt>9.0.64</lt></range>
	<range><ge>10.0.0-M1</ge><lt>10.0.22</lt></range>
	<range><ge>10.1.0-M1</ge><lt>10.1.0-M16</lt></range>
      </package>
      <package>
	<name>tomcat85</name>
	<range><ge>8.5.50</ge><lt>8.5.81</lt></range>
      </package>
      <package>
	<name>tomcat9</name>
	<range><ge>9.0.30</ge><lt>9.0.64</lt></range>
      </package>
      <package>
	<name>tomcat10</name>
	<range><ge>10.0.0-M1</ge><lt>10.0.22</lt></range>
      </package>
      <package>
	<name>tomcat-devel</name>
	<range><ge>10.1.0-M1</ge><lt>10.1.0-M16</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Apache Tomcat reports:</p>
	<blockquote cite="https://lists.apache.org/thread/k04zk0nq6w57m72w5gb0r6z9ryhmvr4k">
	  <p>The Form authentication example in the examples web application displayed user provided data without filtering, exposing a XSS vulnerability.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-34305</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34305</url>
    </references>
    <dates>
      <discovery>2022-06-22</discovery>
      <entry>2022-08-14</entry>
    </dates>
  </vuln>

  <vuln vid="75c073cc-1a1d-11ed-bea0-48ee0c739857">
    <topic>XFCE tumbler -- Vulnerability in the GStreamer plugin</topic>
    <affects>
      <package>
	<name>xfce4-tumbler</name>
	<range><lt>4.16.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The XFCE project reports:</p>
	<blockquote cite="https://mail.xfce.org/pipermail/xfce-announce/2022-August/001133.html">
	  <p>Added mime type check to the gst-thumbnailer plugin
	  to fix an undisclosed vulnerability.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://mail.xfce.org/pipermail/xfce-announce/2022-August/001133.html</url>
      <url>https://gitlab.xfce.org/xfce/tumbler/-/commit/a0fc191e8ab41fe579f3333085d649fdacb2daa5</url>
    </references>
    <dates>
      <discovery>2022-08-02</discovery>
      <entry>2022-08-12</entry>
    </dates>
  </vuln>

  <vuln vid="c3610f39-18f1-11ed-9854-641c67a117d8">
    <topic>varnish -- Denial of Service Vulnerability</topic>
    <affects>
      <package>
	<name>varnish7</name>
	<range><lt>7.1.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Varnish Cache Project reports:</p>
	<blockquote cite="https://varnish-cache.org/security/VSV00009.html">
	<p>A denial of service attack can be performed against Varnish Cache
	  servers by specially formatting the reason phrase of the backend response
	  status line. In order to execute an attack, the attacker would have to
	  be able to influence the HTTP/1 responses that the Varnish Server
	  receives from its configured backends. A successful attack would cause
	  the Varnish Server to assert and automatically restart.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://varnish-cache.org/security/VSV00009.html</url>
    </references>
    <dates>
      <discovery>2022-08-09</discovery>
      <entry>2022-08-10</entry>
    </dates>
  </vuln>

  <vuln vid="8eaaf135-1893-11ed-9b22-002590c1f29c">
    <topic>FreeBSD -- Missing bounds check in 9p message handling</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.1</ge><lt>13.1_1</lt></range>
	<range><ge>13.0</ge><lt>13.0_12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>The implementation of lib9p's handling of RWALK messages was
	missing a bounds check needed when unpacking the message contents.
	The missing check means that the receipt of a specially crafted
	message will cause lib9p to overwrite unrelated memory.</p>
	<h1>Impact:</h1>
	<p>The bug can be triggered by a malicious bhyve guest kernel to
	overwrite memory in the bhyve(8) process.  This could potentially lead
	to user-mode code execution on the host, subject to bhyve's Capsicum
	sandbox.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23092</cvename>
      <freebsdsa>SA-22:12.lib9p</freebsdsa>
    </references>
    <dates>
      <discovery>2022-08-09</discovery>
      <entry>2022-08-10</entry>
    </dates>
  </vuln>

  <vuln vid="02fb9764-1893-11ed-9b22-002590c1f29c">
    <topic>FreeBSD -- Memory disclosure by stale virtual memory mapping</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.1</ge><lt>13.1_1</lt></range>
	<range><ge>13.0</ge><lt>13.0_12</lt></range>
	<range><ge>12.3</ge><lt>12.3_6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>A particular case of memory sharing is mishandled in the virtual
	memory system.  This is very similar to SA-21:08.vm, but with a
	different root cause.</p>
	<h1>Impact:</h1>
	<p>An unprivileged local user process can maintain a mapping of a page
	after it is freed, allowing that process to read private data
	belonging to other processes or the kernel.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23091</cvename>
      <freebsdsa>SA-22:11.vm</freebsdsa>
    </references>
    <dates>
      <discovery>2022-08-09</discovery>
      <entry>2022-08-10</entry>
    </dates>
  </vuln>

  <vuln vid="5ddbe47b-1891-11ed-9b22-002590c1f29c">
    <topic>FreeBSD -- AIO credential reference count leak</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.0</ge><lt>13.0_12</lt></range>
	<range><ge>12.3</ge><lt>12.3_6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>The aio_aqueue function, used by the lio_listio system call, fails
	to release a reference to a credential in an error case.</p>
	<h1>Impact:</h1>
	<p>An attacker may cause the reference count to overflow, leading to a
	use after free (UAF).</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23090</cvename>
      <freebsdsa>SA-22:10.aio</freebsdsa>
    </references>
    <dates>
      <discovery>2022-08-09</discovery>
      <entry>2022-08-10</entry>
      <modified>2022-08-10</modified>
    </dates>
  </vuln>

  <vuln vid="5028c1ae-1890-11ed-9b22-002590c1f29c">
    <topic>FreeBSD -- Out of bound read in elf_note_prpsinfo()</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.1</ge><lt>13.1_1</lt></range>
	<range><ge>13.0</ge><lt>13.0_12</lt></range>
	<range><ge>12.3</ge><lt>12.3_6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>When dumping core and saving process information, proc_getargv()
	might return an sbuf which have a sbuf_len() of 0 or -1, which is not
	properly handled.</p>
	<h1>Impact:</h1>
	<p>An out-of-bound read can happen when user constructs a specially
	crafted ps_string, which in turn can cause the kernel to crash.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23089</cvename>
      <freebsdsa>SA-22:09.elf</freebsdsa>
    </references>
    <dates>
      <discovery>2022-08-09</discovery>
      <entry>2022-08-10</entry>
    </dates>
  </vuln>

  <vuln vid="21f43976-1887-11ed-9911-40b034429ecf">
    <topic>rsync -- client-side arbitrary file write vulnerability</topic>
    <affects>
      <package>
	<name>rsync</name>
	<range><lt>3.2.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Openwall oss-security reports:</p>
	<blockquote cite="https://www.openwall.com/lists/oss-security/2022/08/02/1">
	  <p>We have discovered a critical arbitrary file write vulnerability
	    in the rsync utility that allows malicious remote servers to write
	    arbitrary files inside the directories of connecting peers.
	    The server chooses which files/directories are sent to the client.
	    Due to the insufficient controls inside the do_server_recv function
	    a malicious rysnc server (or Man-in-The-Middle attacker) can
	    overwrite arbitrary files in the rsync client target directory and
	    subdirectories.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-29154</cvename>
      <url>https://www.openwall.com/lists/oss-security/2022/08/02/1</url>
    </references>
    <dates>
      <discovery>2022-08-02</discovery>
      <entry>2022-08-10</entry>
    </dates>
  </vuln>

  <vuln vid="1cd0c17a-17c0-11ed-91a5-080027f5fec9">
    <topic>gnutls -- double free vulnerability</topic>
    <affects>
      <package>
	<name>gnutls</name>
	<range><ge>3.6.0</ge><lt>3.7.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The GnuTLS project reports:</p>
	<blockquote cite="https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07">
	  <p>
	    When gnutls_pkcs7_verify cannot verify signature against
	    given trust list, it starts creating a chain of
	    certificates starting from identified signer up to known
	    root. During the creation of this chain the signer
	    certificate gets freed which results in double free when
	    the same signer certificate is freed at the end of the
	    algorithm.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2509</cvename>
      <url>https://www.gnutls.org/security-new.html#GNUTLS-SA-2022-07-07</url>
    </references>
    <dates>
      <discovery>2022-07-07</discovery>
      <entry>2022-08-09</entry>
    </dates>
  </vuln>

  <vuln vid="9b9a5f6e-1755-11ed-adef-589cfc01894a">
    <topic>wolfssl -- multiple issues</topic>
    <affects>
      <package>
	<name>wolfssl</name>
	<range><lt>5.4.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>wolfSSL blog  reports:</p>
	<blockquote cite="https://www.wolfssl.com/wolfssl-5-4-0-release/">
	  <p>In release 5.4.0 there were 3 vulnerabilities listed as
	    fixed in wolfSSL. Two relatively new reports, one dealing with a DTLS
	    1.0/1.2 denial of service attack and the other a ciphertext attack on
	    ECC/DH operations. The last vulnerability listed was a public
	    disclosure of a previous attack on AMD devices fixed since wolfSSL
	    version 5.1.0. Coordination of the disclosure of the attack was done
	    responsibly, in cooperation with the researchers, waiting for the
	    public release of the attack details since it affects multiple
	    security libraries.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-34293</cvename>
      <cvename>CVE-2020-12966</cvename>
      <cvename>CVE-2021-46744</cvename>
      <url>https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable</url>
      <url>https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1013</url>
      <url>https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1033</url>
    </references>
    <dates>
      <discovery>2022-07-11</discovery>
      <entry>2022-08-08</entry>
    </dates>
  </vuln>

  <vuln vid="8bec3994-104d-11ed-a7ac-0800273f11ea">
    <topic>gitea -- multiple issues</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.17.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/20114">
	  <p>Use git.HOME_PATH for Git HOME directory</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/20332">
	  <p>Add write check for creating Commit status</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/18697">
	  <p>Remove deprecated SSH ciphers from default</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.17.0</url>
    </references>
    <dates>
      <discovery>2022-07-12</discovery>
      <entry>2022-08-05</entry>
    </dates>
  </vuln>

  <vuln vid="bc43a578-14ec-11ed-856e-d4c9ef517024">
    <topic>Unbound -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>unbound</name>
	<range><lt>1.16.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NLnet Labs reports:</p>
	<blockquote cite="https://www.nlnetlabs.nl/projects/unbound/security-advisories/">
	  <p>novel type of the "ghost domain names" attack. The vulnerability
	    works by targeting an Unbound instance. Unbound is queried for a
	    rogue domain name when the cached delegation information is about to
	    expire. The rogue nameserver delays the response so that the cached
	    delegation information is expired. Upon receiving the delayed answer
	    containing the delegation information, Unbound overwrites the now
	    expired entries. This action can be repeated when the delegation
	    information is about to expire making the rogue delegation
	    information ever-updating.</p>
	  <p>novel type of the "ghost domain names" attack. The vulnerability
	    works by targeting an Unbound instance. Unbound is queried for a
	    subdomain of a rogue domain name. The rogue nameserver returns
	    delegation information for the subdomain that updates Unbound's
	    delegation cache. This action can be repeated before expiry of the
	    delegation information by querying Unbound for a second level
	    subdomain which the rogue nameserver provides new delegation
	    information.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-30699</cvename>
      <cvename>CVE-2022-30698</cvename>
      <url>https://www.nlnetlabs.nl/projects/unbound/security-advisories/</url>
    </references>
    <dates>
      <discovery>2022-08-01</discovery>
      <entry>2022-08-05</entry>
    </dates>
  </vuln>

  <vuln vid="df29c391-1046-11ed-a7ac-0800273f11ea">
    <topic>gitea -- multiple issues</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.16.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/20334">
	  <p>Add write check for creating Commit status</p>
	</blockquote>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/20196">
	  <p>Check for permission when fetching user controlled issues</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/releases/tag/v1.16.9</url>
    </references>
    <dates>
      <discovery>2022-07-12</discovery>
      <entry>2022-08-05</entry>
    </dates>
  </vuln>

  <vuln vid="3b47104f-1461-11ed-a0c5-080027240888">
    <topic>Django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py38-django32</name>
	<name>py39-django32</name>
	<name>py310-django32</name>
	<range><lt>3.2.15</lt></range>
      </package>
      <package>
	<name>py38-django40</name>
	<name>py39-django40</name>
	<name>py310-django40</name>
	<range><lt>4.0.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Django reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2022/aug/03/security-releases/">
	  <p>CVE-2022-36359: Potential reflected file download vulnerability in FileResponse.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-36359</cvename>
      <url>https://www.djangoproject.com/weblog/2022/aug/03/security-releases/</url>
    </references>
    <dates>
      <discovery>2022-08-01</discovery>
      <entry>2022-08-05</entry>
    </dates>
  </vuln>

  <vuln vid="96a41723-133a-11ed-be3b-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>104.0.5112.79</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html">
	  <p>This release contains 27 security fixes, including:</p>
	  <ul>
	    <li>[1325699] High CVE-2022-2603: Use after free in Omnibox. Reported by Anonymous on 2022-05-16</li>
	    <li>[1335316] High CVE-2022-2604: Use after free in Safe Browsing. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-10</li>
	    <li>[1338470] High CVE-2022-2605: Out of bounds read in Dawn. Reported by Looben Yang on 2022-06-22</li>
	    <li>[1330489] High CVE-2022-2606: Use after free in Managed devices API. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-31</li>
	    <li>[1286203] High CVE-2022-2607: Use after free in Tab Strip. Reported by @ginggilBesel on 2022-01-11</li>
	    <li>[1330775] High CVE-2022-2608: Use after free in Overview Mode. Reported by Khalil Zhani on 2022-06-01</li>
	    <li>[1338560] High CVE-2022-2609: Use after free in Nearby Share. Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability Research Institute on 2022-06-22</li>
	    <li>[1278255] Medium CVE-2022-2610: Insufficient policy enforcement in Background Fetch. Reported by Maurice Dauer on 2021-12-09</li>
	    <li>[1320538] Medium CVE-2022-2611: Inappropriate implementation in Fullscreen API. Reported by Irvan Kurniawan (sourc7) on 2022-04-28</li>
	    <li>[1321350] Medium CVE-2022-2612: Side-channel information leakage in Keyboard input. Reported by Erik Kraft (erik.kraft5@gmx.at), Martin Schwarzl (martin.schwarzl@iaik.tugraz.at) on 2022-04-30</li>
	    <li>[1325256] Medium CVE-2022-2613: Use after free in Input. Reported by Piotr Tworek (Vewd) on 2022-05-13</li>
	    <li>[1341907] Medium CVE-2022-2614: Use after free in Sign-In Flow. Reported by raven at KunLun lab on 2022-07-05</li>
	    <li>[1268580] Medium CVE-2022-2615: Insufficient policy enforcement in Cookies. Reported by Maurice Dauer on 2021-11-10</li>
	    <li>[1302159] Medium CVE-2022-2616: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-03-02</li>
	    <li>[1292451] Medium CVE-2022-2617: Use after free in Extensions API. Reported by @ginggilBesel on 2022-01-31</li>
	    <li>[1308422] Medium CVE-2022-2618: Insufficient validation of untrusted input in Internals. Reported by asnine on 2022-03-21</li>
	    <li>[1332881] Medium CVE-2022-2619: Insufficient validation of untrusted input in Settings. Reported by Oliver Dunk on 2022-06-04</li>
	    <li>[1337304] Medium CVE-2022-2620: Use after free in WebUI. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-06-17</li>
	    <li>[1323449] Medium CVE-2022-2621: Use after free in Extensions. Reported by Huyna at Viettel Cyber Security on 2022-05-07</li>
	    <li>[1332392] Medium CVE-2022-2622: Insufficient validation of untrusted input in Safe Browsing. Reported by Imre Rad (@ImreRad) and @j00sean on 2022-06-03</li>
	    <li>[1337798] Medium CVE-2022-2623: Use after free in Offline. Reported by raven at KunLun lab on 2022-06-20</li>
	    <li>[1339745] Medium CVE-2022-2624: Heap buffer overflow in PDF. Reported by YU-CHANG CHEN and CHIH-YEN CHANG, working with DEVCORE Internship Program on 2022-06-27</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2603</cvename>
      <cvename>CVE-2022-2604</cvename>
      <cvename>CVE-2022-2605</cvename>
      <cvename>CVE-2022-2606</cvename>
      <cvename>CVE-2022-2607</cvename>
      <cvename>CVE-2022-2608</cvename>
      <cvename>CVE-2022-2609</cvename>
      <cvename>CVE-2022-2610</cvename>
      <cvename>CVE-2022-2611</cvename>
      <cvename>CVE-2022-2612</cvename>
      <cvename>CVE-2022-2613</cvename>
      <cvename>CVE-2022-2614</cvename>
      <cvename>CVE-2022-2615</cvename>
      <cvename>CVE-2022-2616</cvename>
      <cvename>CVE-2022-2617</cvename>
      <cvename>CVE-2022-2618</cvename>
      <cvename>CVE-2022-2619</cvename>
      <cvename>CVE-2022-2620</cvename>
      <cvename>CVE-2022-2621</cvename>
      <cvename>CVE-2022-2622</cvename>
      <cvename>CVE-2022-2623</cvename>
      <cvename>CVE-2022-2624</cvename>
      <url>https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2022-08-02</discovery>
      <entry>2022-08-03</entry>
    </dates>
  </vuln>

  <vuln vid="7f8d5435-125a-11ed-9a69-10c37b4ac2ea">
    <topic>go -- decoding big.Float and big.Rat can panic</topic>
    <affects>
      <package>
	<name>go118</name>
	<range><lt>1.18.5</lt></range>
      </package>
      <package>
	<name>go117</name>
	<range><lt>1.17.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://go.dev/issue/53871">
	  <p>encoding/gob &amp; math/big: decoding big.Float and
	    big.Rat can panic</p>
	  <p>Decoding big.Float and big.Rat types can panic if the
	    encoded message is too short.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-32189</cvename>
      <url>https://groups.google.com/g/golang-announce/c/YqYYG87xB10</url>
    </references>
    <dates>
      <discovery>2022-07-14</discovery>
      <entry>2022-08-02</entry>
    </dates>
  </vuln>

  <vuln vid="4c26f668-0fd2-11ed-a83d-001b217b3468">
    <topic>Gitlab -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.2.0</ge><lt>15.2.1</lt></range>
	<range><ge>15.1.0</ge><lt>15.1.4</lt></range>
	<range><ge>0</ge><lt>15.0.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/">
	  <p>Revoke access to confidential notes todos</p>
	  <p>Pipeline subscriptions trigger new pipelines with the wrong author</p>
	  <p>Ability to gain access to private project through an email invite by using other user's email address as an unverified secondary email</p>
	  <p>Import via git protocol allows to bypass checks on repository</p>
	  <p>Unauthenticated IP allowlist bypass when accessing job artifacts through GitLab Pages</p>
	  <p>Maintainer can leak Packagist and other integration access tokens by changing integration URL</p>
	  <p>Unauthenticated access to victims Grafana datasources through path traversal</p>
	  <p>Unauthorized users can filter issues by contact and organization</p>
	  <p>Malicious Maintainer may change the visibility of project or a group</p>
	  <p>Stored XSS in job error messages</p>
	  <p>Enforced group MFA can be bypassed when using Resource Owner Password Credentials grant</p>
	  <p>Non project members can view public project's Deploy Keys</p>
	  <p>IDOR in project with Jira integration leaks project owner's other projects Jira issues</p>
	  <p>Group Bot Users and Tokens not deleted after group deletion</p>
	  <p>Email invited members can join projects even after the member lock has been enabled</p>
	  <p>Datadog integration returns user emails</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2512</cvename>
      <cvename>CVE-2022-2498</cvename>
      <cvename>CVE-2022-2326</cvename>
      <cvename>CVE-2022-2417</cvename>
      <cvename>CVE-2022-2501</cvename>
      <cvename>CVE-2022-2497</cvename>
      <cvename>CVE-2022-2531</cvename>
      <cvename>CVE-2022-2539</cvename>
      <cvename>CVE-2022-2456</cvename>
      <cvename>CVE-2022-2500</cvename>
      <cvename>CVE-2022-2303</cvename>
      <cvename>CVE-2022-2095</cvename>
      <cvename>CVE-2022-2499</cvename>
      <cvename>CVE-2022-2307</cvename>
      <cvename>CVE-2022-2459</cvename>
      <cvename>CVE-2022-2534</cvename>
      <url>https://about.gitlab.com/releases/2022/07/28/security-release-gitlab-15-2-1-released/</url>
    </references>
    <dates>
      <discovery>2022-07-28</discovery>
      <entry>2022-07-30</entry>
    </dates>
  </vuln>

  <vuln vid="e1387e95-08d0-11ed-be26-001999f8d30b">
    <topic>VirtualBox -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>virtualbox-ose</name>
	<range><lt>6.1.36</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpujul2022.html">
	  <p> Easily exploitable vulnerability allows high privileged
	  attacker with logon to the infrastructure where Oracle
	  VM VirtualBox executes to compromise Oracle VM VirtualBox.
	  Successful attacks of this vulnerability can result in
	  unauthorized ability to cause a hang or frequently
	  repeatable crash (complete DOS) of Oracle VM VirtualBox.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-21554</cvename>
      <cvename>CVE-2022-21571</cvename>
      <url>https://www.oracle.com/security-alerts/cpujul2022.html</url>
    </references>
    <dates>
      <discovery>2022-07-20</discovery>
      <entry>2022-07-21</entry>
    </dates>
  </vuln>

  <vuln vid="8e150606-08c9-11ed-856e-d4c9ef517024">
    <topic>MySQL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mysql-server56</name>
	<range><lt>5.6.52</lt></range>
      </package>
      <package>
	<name>mysql-server57</name>
	<range><lt>5.7.39</lt></range>
      </package>
      <package>
	<name>mysql-client80</name>
	<range><lt>8.0.30</lt></range>
      </package>
      <package>
	<name>mysql-server80</name>
	<range><lt>8.0.30</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpujul2022.html#AppendixMSQL">
	  <p>This Critical Patch Update contains 34 new security patches plus
	    additional third party patches noted below for Oracle MySQL. 10 of
	    these vulnerabilities may be remotely exploitable without
	    authentication, i.e., may be exploited over a network without
	    requiring user credentials.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1292</cvename>
      <cvename>CVE-2022-21824</cvename>
      <cvename>CVE-2022-27778</cvename>
      <cvename>CVE-2018-25032</cvename>
      <cvename>CVE-2022-21556</cvename>
      <cvename>CVE-2022-21569</cvename>
      <cvename>CVE-2022-21550</cvename>
      <cvename>CVE-2022-21519</cvename>
      <cvename>CVE-2022-21527</cvename>
      <cvename>CVE-2022-21528</cvename>
      <cvename>CVE-2022-21509</cvename>
      <cvename>CVE-2022-21539</cvename>
      <cvename>CVE-2022-21517</cvename>
      <cvename>CVE-2022-21537</cvename>
      <cvename>CVE-2022-21547</cvename>
      <cvename>CVE-2022-21525</cvename>
      <cvename>CVE-2022-21526</cvename>
      <cvename>CVE-2022-21529</cvename>
      <cvename>CVE-2022-21530</cvename>
      <cvename>CVE-2022-21531</cvename>
      <cvename>CVE-2022-21553</cvename>
      <cvename>CVE-2022-21515</cvename>
      <cvename>CVE-2022-21455</cvename>
      <cvename>CVE-2022-21534</cvename>
      <cvename>CVE-2022-21522</cvename>
      <cvename>CVE-2022-21538</cvename>
      <cvename>CVE-2022-21535</cvename>
      <url>https://www.oracle.com/security-alerts/cpujul2022.html#AppendixMSQL</url>
    </references>
    <dates>
      <discovery>2022-07-19</discovery>
      <entry>2022-07-21</entry>
    </dates>
  </vuln>

  <vuln vid="27cc4258-0805-11ed-8ac1-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>103.0.5060.134</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html">
	  <p>This release contains 11 security fixes, including:</p>
	  <ul>
	    <li>[1336266] High CVE-2022-2477: Use after free in Guest View. Reported by anonymous on 2022-06-14</li>
	    <li>[1335861] High CVE-2022-2478: Use after free in PDF. Reported by triplepwns on 2022-06-13</li>
	    <li>[1329987] High CVE-2022-2479: Insufficient validation of untrusted input in File. Reported by anonymous on 2022-05-28</li>
	    <li>[1339844] High CVE-2022-2480: Use after free in Service Worker API. Reported by Sergei Glazunov of Google Project Zero on 2022-06-27</li>
	    <li>[1341603] High CVE-2022-2481: Use after free in Views. Reported by YoungJoo Lee(@ashuu_lee) of CompSecLab at Seoul National University on 2022-07-04</li>
	    <li>[1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2163</cvename>
      <cvename>CVE-2022-2477</cvename>
      <cvename>CVE-2022-2478</cvename>
      <cvename>CVE-2022-2479</cvename>
      <cvename>CVE-2022-2480</cvename>
      <cvename>CVE-2022-2481</cvename>
      <url>https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop_19.html</url>
    </references>
    <dates>
      <discovery>2022-07-19</discovery>
      <entry>2022-07-20</entry>
    </dates>
  </vuln>

  <vuln vid="871d93f9-06aa-11ed-8d5f-080027f5fec9">
    <topic>redis -- Potential remote code execution vulnerability</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><ge>7.0.0</ge><lt>7.0.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Redis core team reports:</p>
	<blockquote cite="https://groups.google.com/g/redis-db/c/FWngtg3WpfA">
	  <p>
	    A specially crafted XAUTOCLAIM command on a stream key in
	    a specific state may result with heap overflow, and
	    potentially remote code execution.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-31144</cvename>
      <url>https://groups.google.com/g/redis-db/c/FWngtg3WpfA</url>
    </references>
    <dates>
      <discovery>2022-07-18</discovery>
      <entry>2022-07-18</entry>
    </dates>
  </vuln>

  <vuln vid="0c367e98-0415-11ed-a53b-6c3be5272acd">
    <topic>Grafana -- Stored XSS</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>8.3.0</ge><lt>8.3.10</lt></range>
	<range><ge>8.4.0</ge><lt>8.4.10</lt></range>
	<range><ge>8.5.0</ge><lt>8.5.9</lt></range>
	<range><ge>9.0.0</ge><lt>9.0.3</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><ge>8.3.0</ge><lt>8.3.10</lt></range>
	<range><ge>8.4.0</ge><lt>8.4.10</lt></range>
	<range><ge>8.5.0</ge><lt>8.5.9</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><lt>9.0.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2022/07/14/grafana-v9-0-3-8-5-9-8-4-10-and-8-3-10-released-with-high-severity-security-fix/">
	  <p>An attacker can exploit this vulnerability to escalate privilege from editor to admin by tricking an authenticated admin to click on a link. (Note: Grafana Alerting is activated by default in Grafana 9.0.)</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-31097</cvename>
      <url>https://github.com/grafana/grafana/security/advisories/GHSA-vw7q-p2qg-4m5f</url>
    </references>
    <dates>
      <discovery>2022-06-19</discovery>
      <entry>2022-07-15</entry>
    </dates>
  </vuln>

  <vuln vid="0859e6d5-0415-11ed-a53b-6c3be5272acd">
    <topic>Grafana -- OAuth Account Takeover</topic>
    <affects>
      <package>
	<name>grafana</name>
	<range><ge>5.3.0</ge><lt>8.3.10</lt></range>
	<range><ge>8.4.0</ge><lt>8.4.10</lt></range>
	<range><ge>8.5.0</ge><lt>8.5.9</lt></range>
	<range><ge>9.0.0</ge><lt>9.0.3</lt></range>
      </package>
      <package>
	<name>grafana7</name>
	<range><ge>7.0</ge></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><ge>8.3.0</ge><lt>8.3.10</lt></range>
	<range><ge>8.4.0</ge><lt>8.4.10</lt></range>
	<range><ge>8.5.0</ge><lt>8.5.9</lt></range>
      </package>
      <package>
	<name>grafana9</name>
	<range><lt>9.0.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2022/07/14/grafana-v9-0-3-8-5-9-8-4-10-and-8-3-10-released-with-high-severity-security-fix/">
	  <p>It is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP to take over an existing Grafana account under some conditions.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-31107</cvename>
      <url>https://github.com/grafana/grafana/security/advisories/GHSA-mx47-6497-3fv2</url>
    </references>
    <dates>
      <discovery>2022-06-27</discovery>
      <entry>2022-07-15</entry>
    </dates>
  </vuln>

  <vuln vid="a4f2416c-02a0-11ed-b817-10c37b4ac2ea">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go118</name>
	<range><lt>1.18.4</lt></range>
      </package>
      <package>
	<name>go117</name>
	<range><lt>1.17.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://go.dev/issue/53188">
	  <p>net/http: improper sanitization of Transfer-Encoding
	    header</p>
	  <p>The HTTP/1 client accepted some invalid
	    Transfer-Encoding headers as indicating a "chunked"
	    encoding. This could potentially allow for request
	    smuggling, but only if combined with an intermediate
	    server that also improperly failed to reject the header
	    as invalid.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/53423">
	  <p>When httputil.ReverseProxy.ServeHTTP was called with a
	    Request.Header map containing a nil value for the
	    X-Forwarded-For header, ReverseProxy would set the client
	    IP as the value of the X-Forwarded-For header, contrary to
	    its documentation. In the more usual case where a Director
	    function set the X-Forwarded-For header value to nil,
	    ReverseProxy would leave the header unmodified as
	    expected.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/53168">
	  <p>compress/gzip: stack exhaustion in Reader.Read</p>
	  <p>Calling Reader.Read on an archive containing a large
	    number of concatenated 0-length compressed files can
	    cause a panic due to stack exhaustion.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/53611">
	  <p>encoding/xml: stack exhaustion in Unmarshal</p>
	  <p>Calling Unmarshal on a XML document into a Go struct
	    which has a nested field that uses the any field tag can
	    cause a panic due to stack exhaustion.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/53614">
	  <p>encoding/xml: stack exhaustion in Decoder.Skip</p>
	  <p>Calling Decoder.Skip when parsing a deeply nested XML
	    document can cause a panic due to stack exhaustion.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/53615">
	  <p>encoding/gob: stack exhaustion in Decoder.Decode</p>
	  <p>Calling Decoder.Decode on a message which contains
	    deeply nested structures can cause a panic due to stack
	    exhaustion.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/53416">
	  <p>path/filepath: stack exhaustion in Glob</p>
	  <p>Calling Glob on a path which contains a large number of
	    path separators can cause a panic due to stack
	    exhaustion.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/53415">
	  <p>io/fs: stack exhaustion in Glob</p>
	  <p>Calling Glob on a path which contains a large number of
	    path separators can cause a panic due to stack
	    exhaustion.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/53616">
	  <p>go/parser: stack exhaustion in all Parse* functions</p>
	  <p>Calling any of the Parse functions on Go source code
	    which contains deeply nested types or declarations can
	    cause a panic due to stack exhaustion.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1705</cvename>
      <cvename>CVE-2022-32148</cvename>
      <cvename>CVE-2022-30631</cvename>
      <cvename>CVE-2022-30633</cvename>
      <cvename>CVE-2022-28131</cvename>
      <cvename>CVE-2022-30635</cvename>
      <cvename>CVE-2022-30632</cvename>
      <cvename>CVE-2022-30630</cvename>
      <cvename>CVE-2022-1962</cvename>
      <url>https://groups.google.com/g/golang-dev/c/frczlF8OFQ0</url>
    </references>
    <dates>
      <discovery>2022-07-12</discovery>
      <entry>2022-07-13</entry>
    </dates>
  </vuln>

  <vuln vid="b99f99f6-021e-11ed-8c6f-000c29ffbb6c">
    <topic>git -- privilege escalation</topic>
    <affects>
      <package>
	<name>git</name>
	<range><lt>2.37.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The git project reports:</p>
	<blockquote cite="https://lkml.org/lkml/2022/7/12/1137">
	  <p>Git is vulnerable to privilege escalation in all platforms.
	    An unsuspecting user could still be affected by the issue
	    reported in CVE-2022-24765, for example when navigating as
	    root into a shared tmp directory that is owned by them, but
	    where an attacker could create a git repository.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-29187</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29187</url>
    </references>
    <dates>
      <discovery>2022-07-12</discovery>
      <entry>2022-07-12</entry>
    </dates>
  </vuln>

  <vuln vid="830855f3-ffcc-11ec-9d41-d05099c8b5a7">
    <topic>mat2 -- directory traversal/arbitrary file read during ZIP file processing</topic>
    <affects>
      <package>
	<name>mat2</name>
	<range><lt>0.13.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35410">
	  <p>
	    mat2 (aka metadata anonymisation toolkit) before 0.13.0 allows ../
	    directory traversal during the ZIP archive cleaning process. This
	    primarily affects mat2 web instances, in which clients could obtain
	    sensitive information via a crafted archive.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-35410</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-35410</url>
    </references>
    <dates>
      <discovery>2022-07-08</discovery>
      <entry>2022-07-10</entry>
    </dates>
  </vuln>

  <vuln vid="d1b35142-ff4a-11ec-8be3-001b217b3468">
    <topic>Gitlab -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.1.0</ge><lt>15.1.1</lt></range>
	<range><ge>15.0.0</ge><lt>15.0.4</lt></range>
	<range><ge>0</ge><lt>14.10.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/">
	  <p>Remote Command Execution via Project Imports</p>
	  <p>XSS in ZenTao integration affecting self hosted instances without strict CSP</p>
	  <p>XSS in project settings page</p>
	  <p>Unallowed users can read unprotected CI variables</p>
	  <p>IP allow-list bypass to access Container Registries</p>
	  <p>2FA status is disclosed to unauthenticated users</p>
	  <p>CI variables provided to runners outside of a group's restricted IP range</p>
	  <p>IDOR in sentry issues</p>
	  <p>Reporters can manage issues in error tracking</p>
	  <p>Regular Expression Denial of Service via malicious web server responses</p>
	  <p>Unauthorized read for conan repository</p>
	  <p>Open redirect vulnerability</p>
	  <p>Group labels are editable through subproject</p>
	  <p>Release titles visible for any users if group milestones are associated with any project releases</p>
	  <p>Restrict membership by email domain bypass</p>
	  <p>Job information is leaked to users who previously were maintainers via the Runner Jobs API endpoint</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2185</cvename>
      <cvename>CVE-2022-2235</cvename>
      <cvename>CVE-2022-2230</cvename>
      <cvename>CVE-2022-2229</cvename>
      <cvename>CVE-2022-1983</cvename>
      <cvename>CVE-2022-1963</cvename>
      <cvename>CVE-2022-2228</cvename>
      <cvename>CVE-2022-2243</cvename>
      <cvename>CVE-2022-2244</cvename>
      <cvename>CVE-2022-1954</cvename>
      <cvename>CVE-2022-2270</cvename>
      <cvename>CVE-2022-2250</cvename>
      <cvename>CVE-2022-1999</cvename>
      <cvename>CVE-2022-2281</cvename>
      <cvename>CVE-2022-1981</cvename>
      <cvename>CVE-2022-2227</cvename>
      <url>https://about.gitlab.com/releases/2022/06/30/critical-security-release-gitlab-15-1-1-released/</url>
    </references>
    <dates>
      <discovery>2022-06-30</discovery>
      <entry>2022-07-09</entry>
    </dates>
  </vuln>

  <vuln vid="b9210706-feb0-11ec-81fa-1c697a616631">
    <topic>Node.js -- July 7th 2022 Security Releases</topic>
    <affects>
      <package>
	<name>node</name>
	<range><ge>14.0.0</ge><lt>14.20.0</lt></range>
	<range><ge>16.0.0</ge><lt>16.16.0</lt></range>
	<range><ge>18.0.0</ge><lt>18.5.0</lt></range>
      </package>
      <package>
	<name>node16</name>
	<range><lt>16.16.0</lt></range>
      </package>
      <package>
	<name>node14</name>
	<range><lt>14.20.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Node.js reports:</p>
	<blockquote cite="https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/">
	  <h1>HTTP Request Smuggling - Flawed Parsing of Transfer-Encoding
	  (Medium)(CVE-2022-32213)</h1>
	  <p>The llhttp parser in the http module does not correctly parse and
	  validate Transfer-Encoding headers. This can lead to HTTP Request
	  Smuggling (HRS).</p>
	  <h1>HTTP Request Smuggling - Improper Delimiting of Header Fields
	  (Medium)(CVE-2022-32214)</h1>
	  <p>The llhttp parser in the http module does not strictly use the CRLF
	  sequence to delimit HTTP requests. This can lead to HTTP Request
	  Smuggling (HRS).</p>
	  <h1>HTTP Request Smuggling - Incorrect Parsing of Multi-line
	  Transfer-Encoding (Medium)(CVE-2022-32215)</h1>
	  <p>The llhttp parser in the http module does not correctly handle
	  multi-line Transfer-Encoding headers. This can lead to HTTP Request
	  Smuggling (HRS).</p>
	  <h1>DNS rebinding in --inspect via invalid IP addresses
	  (High)(CVE-2022-32212)</h1>
	  <p>The IsAllowedHost check can easily be bypassed because IsIPAddress
	  does not properly check if an IP address is invalid or not. When an
	  invalid IPv4 address is provided (for instance 10.0.2.555 is
	  provided), browsers (such as Firefox) will make DNS requests to the
	  DNS server, providing a vector for an attacker-controlled DNS server
	  or a MITM who can spoof DNS responses to perform a rebinding attack
	  and hence connect to the WebSocket debugger, allowing for arbitrary
	  code execution. This is a bypass of CVE-2021-22884.</p>
	  <h1>Attempt to read openssl.cnf from /home/iojs/build/ upon startup
	  (Medium)(CVE-2022-32222)</h1>
	  <p>When Node.js starts on linux based systems, it attempts to read
	  /home/iojs/build/ws/out/Release/obj.target/deps/openssl/openssl.cnf,
	  which ordinarily doesn't exist. On some shared systems an attacker may
	  be able create this file and therefore affect the default OpenSSL
	  configuration for other users.</p>
	  <h1>OpenSSL - AES OCB fails to encrypt some bytes
	  (Medium)(CVE-2022-2097)</h1>
	  <p>AES OCB mode for 32-bit x86 platforms using the AES-NI assembly
	  optimised implementation will not encrypt the entirety of the data
	  under some circumstances. This could reveal sixteen bytes of data that
	  was preexisting in the memory that wasn't written. In the special case
	  of "in place" encryption, sixteen bytes of the plaintext would be
	  revealed.  Since OpenSSL does not support OCB based cipher suites for
	  TLS and DTLS, they are both unaffected.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-32212</cvename>
      <cvename>CVE-2022-32213</cvename>
      <cvename>CVE-2022-32214</cvename>
      <cvename>CVE-2022-32215</cvename>
      <cvename>CVE-2022-32222</cvename>
      <cvename>CVE-2022-2097</cvename>
      <url>https://nodejs.org/en/blog/vulnerability/july-2022-security-releases/</url>
    </references>
    <dates>
      <discovery>2022-07-05</discovery>
      <entry>2022-07-08</entry>
      <modified>2022-07-08</modified>
    </dates>
  </vuln>

  <vuln vid="744ec9d7-fe0f-11ec-bcd2-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>103.0.5060.114</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html">
	  <p>This release contains 4 security fixes, including:</p>
	  <ul>
	    <li>[1341043] High CVE-2022-2294: Heap buffer overflow in WebRTC. Reported by Jan Vojtesek from the Avast Threat Intelligence team on 2022-07-01</li>
	    <li>[1336869] High CVE-2022-2295: Type Confusion in V8. Reported by avaue and Buff3tts at S.S.L. on 2022-06-16</li>
	    <li>[1327087] High CVE-2022-2296: Use after free in Chrome OS Shell. Reported by Khalil Zhani on 2022-05-19</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2294</cvename>
      <cvename>CVE-2022-2295</cvename>
      <cvename>CVE-2022-2296</cvename>
      <url>https://chromereleases.googleblog.com/2022/07/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2022-07-04</discovery>
      <entry>2022-07-07</entry>
    </dates>
  </vuln>

  <vuln vid="a28e8b7e-fc70-11ec-856e-d4c9ef517024">
    <topic>OpenSSL -- AES OCB fails to encrypt some bytes</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1q,1</lt></range>
      </package>
      <package>
	<name>openssl-devel</name>
	<range><lt>3.0.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20220705.txt">
	  <p>AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimised
	    implementation will not encrypt the entirety of the data under some
	    circumstances.  This could reveal sixteen bytes of data that was
	    preexisting in the memory that wasn't written.  In the special case of
	    "in place" encryption, sixteen bytes of the plaintext would be revealed.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2097</cvename>
      <url>https://www.openssl.org/news/secadv/20220705.txt</url>
    </references>
    <dates>
      <discovery>2022-07-05</discovery>
      <entry>2022-07-05</entry>
    </dates>
  </vuln>

  <vuln vid="5be19b0d-fb85-11ec-95cd-080027b24e86">
    <topic>Django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py37-django32</name>
	<name>py38-django32</name>
	<name>py39-django32</name>
	<name>py310-django32</name>
	<range><lt>3.2.14</lt></range>
      </package>
      <package>
	<name>py38-django40</name>
	<name>py39-django40</name>
	<name>py310-django40</name>
	<range><lt>4.0.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>SO-AND-SO reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2022/jul/04/security-releases/">
	  <p>CVE-2022-34265: Potential SQL injection via Trunc(kind) and
	    Extract(lookup_name) arguments.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-34265</cvename>
      <url>https://www.djangoproject.com/weblog/2022/jul/04/security-releases/</url>
    </references>
    <dates>
      <discovery>2022-06-21</discovery>
      <entry>2022-07-04</entry>
    </dates>
  </vuln>

  <vuln vid="f0e45968-faff-11ec-856e-d4c9ef517024">
    <topic>OpenSSL -- Heap memory corruption with RSA private key operation</topic>
    <affects>
      <package>
	<name>openssl-devel</name>
	<range><ge>3.0.4</ge><lt>3.0.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://mta.openssl.org/pipermail/openssl-announce/2022-July/000229.html">
	  <p>The OpenSSL 3.0.4 release introduced a serious bug in the RSA
	    implementation for X86_64 CPUs supporting the AVX512IFMA instructions.
	    This issue makes the RSA implementation with 2048 bit private keys
	    incorrect on such machines and memory corruption will happen during
	    the computation. As a consequence of the memory corruption an attacker
	    may be able to trigger a remote code execution on the machine performing
	    the computation.</p>
	  <p>SSL/TLS servers or other servers using 2048 bit RSA private keys running
	    on machines supporting AVX512IFMA instructions of the X86_64 architecture
	    are affected by this issue.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2274</cvename>
      <url>https://www.openssl.org/news/secadv/20220705.txt</url>
    </references>
    <dates>
      <discovery>2022-07-01</discovery>
      <entry>2022-07-03</entry>
      <modified>2022-07-05</modified>
    </dates>
  </vuln>

  <vuln vid="5ab54ea0-fa94-11ec-996c-080027b24e86">
    <topic>mediawiki -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mediawiki135</name>
	<range><lt>1.35.7</lt></range>
      </package>
      <package>
	<name>mediawiki137</name>
	<range><lt>1.37.3</lt></range>
      </package>
      <package>
	<name>mediawiki138</name>
	<range><lt>1.38.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mediawiki reports:</p>
	<blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/">
	  <p>(T308471) Username is not escaped in the "welcomeuser" message.</p>
	  <p>(T308473) Username not escaped in the contributions-title message.</p>
	  <p>(T309377, CVE-2022-29248) Update "guzzlehttp/guzzle" to version 6.5.6.</p>
	  <p>(T311384, CVE-2022-27776) Update "guzzlehttp/guzzle" to 6.5.8/7.4.5.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-29248</cvename>
      <cvename>CVE-2022-27776</cvename>
      <url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/PIPYDRSHXOYW5DB7X755QDNUV5EZWPWB/</url>
    </references>
    <dates>
      <discovery>2022-05-16</discovery>
      <entry>2022-07-03</entry>
    </dates>
  </vuln>

  <vuln vid="07c0d782-f758-11ec-acaa-901b0e9408dc">
    <topic>py-matrix-synapse -- unbounded recursion in urlpreview</topic>
    <affects>
      <package>
	<name>py37-matrix-synapse</name>
	<name>py38-matrix-synapse</name>
	<name>py39-matrix-synapse</name>
	<name>py310-matrix-synapse</name>
	<name>py311-matrix-synapse</name>
	<range><lt>1.61.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Matrix developers report:</p>
	<blockquote cite="https://matrix.org/blog/2022/06/28/security-release-synapse-1-61-1">
	  <p>This release fixes a vulnerability with Synapse's URL preview feature. URL previews
	  of some web pages can lead to unbounded recursion, causing the request to either fail,
	  or in some cases crash the running Synapse process.</p>
	  <p>Note that:</p>
	  <ul>
	    <li>Homeservers with the url_preview_enabled configuration option set to false
	    (the default value) are unaffected.</li>
	    <li>Instances with the enable_media_repo configuration option set to false are
	    also unaffected, as this also disables the URL preview functionality.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-31052</cvename>
      <url>https://matrix.org/blog/2022/06/28/security-release-synapse-1-61-1</url>
    </references>
    <dates>
      <discovery>2022-06-28</discovery>
      <entry>2022-06-29</entry>
    </dates>
  </vuln>

  <vuln vid="ae5722a6-f5f0-11ec-856e-d4c9ef517024">
    <topic>cURL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><ge>7.16.4</ge><lt>7.84.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The cURL project reports:</p>
	<blockquote cite="https://curl.se/docs/security.html">
	  <ul>
	    <li>CVE-2022-32205: Set-Cookie denial of service</li>
	    <li>CVE-2022-32206: HTTP compression denial of service</li>
	    <li>CVE-2022-32207: Unpreserved file permissions</li>
	    <li>CVE-2022-32208: FTP-KRB bad message verification</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-32205</cvename>
      <cvename>CVE-2022-32206</cvename>
      <cvename>CVE-2022-32207</cvename>
      <cvename>CVE-2022-32208</cvename>
      <url>https://curl.se/docs/security.html</url>
    </references>
    <dates>
      <discovery>2022-06-27</discovery>
      <entry>2022-06-27</entry>
    </dates>
  </vuln>

  <vuln vid="25be46f0-f25d-11ec-b62a-00e081b7aa2d">
    <topic>jenkins -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.356</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.346.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2022-06-22/">
	  <h1>Description</h1>
	  <h5>(High) SECURITY-2781 / CVE-2022-34170 (SECURITY-2779), CVE-2022-34171 (SECURITY-2761), CVE-2022-34172 (SECURITY-2776), CVE-2022-34173 (SECURITY-2780)</h5>
	  <p>Multiple XSS vulnerabilities</p>
	  <h5>(Medium) SECURITY-2566 / CVE-2022-34174</h5>
	  <p>Observable timing discrepancy allows determining username validity</p>
	  <h5>(Medium) Unauthorized view fragment access</h5>
	  <p>SECURITY-2777 / CVE-2022-34175</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-34170</cvename>
      <cvename>CVE-2022-34171</cvename>
      <cvename>CVE-2022-34172</cvename>
      <cvename>CVE-2022-34173</cvename>
      <cvename>CVE-2022-34174</cvename>
      <cvename>CVE-2022-34175</cvename>
      <url>https://www.jenkins.io/security/advisory/2022-06-22/</url>
    </references>
    <dates>
      <discovery>2022-06-22</discovery>
      <entry>2022-06-22</entry>
    </dates>
  </vuln>

  <vuln vid="4eeb93bf-f204-11ec-8fbd-d4c9ef517024">
    <topic>OpenSSL -- Command injection vulnerability</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1p,1</lt></range>
      </package>
      <package>
	<name>openssl-devel</name>
	<range><lt>3.0.4</lt></range>
      </package>
      <package>
	<name>openssl-quictls</name>
	<range><lt>3.0.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20220621.txt">
	  <p>Circumstances where the c_rehash script does not properly
	    sanitise shell metacharacters to prevent command injection were
	    found by code review.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2068</cvename>
      <url>https://www.openssl.org/news/secadv/20220621.txt</url>
    </references>
    <dates>
      <discovery>2022-06-21</discovery>
      <entry>2022-06-22</entry>
    </dates>
  </vuln>

  <vuln vid="b2a4c5f1-f1fe-11ec-bcd2-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>103.0.5060.53</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html">
	  <p>This release contains 14 security fixes, including:</p>
	  <ul>
	    <li>[1335458] Critical CVE-2022-2156: Use after free in Base. Reported by Mark Brand of Google Project Zero on 2022-06-11</li>
	    <li>[1327312] High CVE-2022-2157: Use after free in Interest groups. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-19</li>
	    <li>[1321078] High CVE-2022-2158: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-04-29</li>
	    <li>[1116450] Medium CVE-2022-2160: Insufficient policy enforcement in DevTools. Reported by David Erceg on 2020-08-14</li>
	    <li>[1330289] Medium CVE-2022-2161: Use after free in WebApp Provider. Reported by Zhihua Yao of KunLun Lab on 2022-05-30</li>
	    <li>[1307930] Medium CVE-2022-2162: Insufficient policy enforcement in File System API. Reported by Abdelhamid Naceri (halov) on 2022-03-19</li>
	    <li>[1308341] Low CVE-2022-2163: Use after free in Cast UI and Toolbar. Reported by Chaoyuan Peng (@ret2happy) on 2022-03-21</li>
	    <li>[1268445] Low CVE-2022-2164: Inappropriate implementation in Extensions API. Reported by José Miguel Moreno Computer Security Lab (COSEC) at UC3M on 2021-11-10</li>
	    <li>[1250993] Low CVE-2022-2165: Insufficient data validation in URL formatting. Reported by Rayyan Bijoora on 2021-09-19</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2156</cvename>
      <cvename>CVE-2022-2157</cvename>
      <cvename>CVE-2022-2158</cvename>
      <cvename>CVE-2022-2160</cvename>
      <cvename>CVE-2022-2161</cvename>
      <cvename>CVE-2022-2162</cvename>
      <cvename>CVE-2022-2163</cvename>
      <cvename>CVE-2022-2164</cvename>
      <cvename>CVE-2022-2165</cvename>
      <url>https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop_21.html</url>
    </references>
    <dates>
      <discovery>2022-06-21</discovery>
      <entry>2022-06-22</entry>
    </dates>
  </vuln>

  <vuln vid="482456fb-e9af-11ec-93b6-318d1419ea39">
    <topic>Security Vulnerability found in ExifTool leading to RCE</topic>
    <affects>
      <package>
	<name>p5-Image-ExifTool</name>
	<range><lt>12.38</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Debian Security tracker reports:</p>
	<blockquote cite="https://security-tracker.debian.org/tracker/CVE-2022-23935">
	  <p>ExifTool.pm in ExifTool before 12.38 mishandles a file special characters check, leading to command injection</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23935</cvename>
      <url>https://www.cvedetails.com/cve/CVE-2022-23935</url>
    </references>
    <dates>
      <discovery>2022-01-25</discovery>
      <entry>2022-06-11</entry>
    </dates>
  </vuln>

  <vuln vid="ad37a349-ebb7-11ec-b9f7-21427354249d">
    <topic>mitmproxy -- Insufficient Protection against HTTP Request Smuggling</topic>
    <affects>
      <package>
	<name>mitmproxy</name>
	<range><lt>8.0.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Zeyu Zhang reports:</p>
	<blockquote cite="https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b">
	  <p>
	    In mitmproxy 7.0.4 and below, a malicious client or server is able to
	    perform HTTP request smuggling attacks through mitmproxy. This means
	    that a malicious client/server could smuggle a request/response through
	    mitmproxy as part of another request/response's HTTP message body. While
	    mitmproxy would only see one request, the target server would see
	    multiple requests. A smuggled request is still captured as part of
	    another request's body, but it does not appear in the request list and
	    does not go through the usual mitmproxy event hooks, where users may
	    have implemented custom access control checks or input sanitization.
	  </p>
	  <p>
	    Unless you use mitmproxy to protect an HTTP/1 service, no action is required.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24766</cvename>
      <url>https://github.com/mitmproxy/mitmproxy/commit/b06fb6d157087d526bd02e7aadbe37c56865c71b</url>
    </references>
    <dates>
      <discovery>2022-03-21</discovery>
      <entry>2022-06-20</entry>
    </dates>
  </vuln>

  <vuln vid="5d1e4f6a-ee4f-11ec-86c2-485b3931c969">
    <topic>Tor - Unspecified high severity vulnerability</topic>
    <affects>
      <package>
	<name>tor</name>
	<range><lt>0.4.7.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tor organization reports:</p>
	<blockquote cite="https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE">
	  <p>TROVE-2022-001</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE</url>
    </references>
    <dates>
      <discovery>2022-06-14</discovery>
      <entry>2022-06-17</entry>
    </dates>
  </vuln>

  <vuln vid="55cff5d2-e95c-11ec-ae20-001999f8d30b">
    <topic>XFCE -- Allows executing malicious .desktop files pointing to remote code</topic>
    <affects>
      <package>
	<name>libexo</name>
	<range><lt>4.16.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>XFCE Project reports:</p>
	<blockquote cite="https://gitlab.xfce.org/xfce/exo/-/commit/cc047717c3b5efded2cc7bd419c41a3d1f1e48b6">
	  <p>Prevent executing possibly malicious .desktop files
	  from online sources (ftp://, http:// etc.).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-32278</cvename>
      <url>https://gitlab.xfce.org/xfce/exo/-/commit/cc047717c3b5efded2cc7bd419c41a3d1f1e48b6</url>
    </references>
    <dates>
      <discovery>2022-06-11</discovery>
      <entry>2022-06-11</entry>
    </dates>
  </vuln>

  <vuln vid="b51cfaea-e919-11ec-9fba-080027240888">
    <topic>py-numpy -- Missing return-value validation of the function PyArray_DescrNew</topic>
    <affects>
      <package>
	<name>py38-numpy</name>
	<name>py39-numpy</name>
	<name>py310-numpy</name>
	<range><lt>1.22.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Numpy reports:</p>
	<blockquote cite="https://github.com/numpy/numpy/pull/20960">
	  <p>At most call-sites for PyArray_DescrNew, there are no validations of its return,
	    but an invalid address may be returned.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41495</cvename>
      <url>https://github.com/numpy/numpy/pull/20960</url>
    </references>
    <dates>
      <discovery>2021-05-19</discovery>
      <entry>2022-06-11</entry>
    </dates>
  </vuln>

  <vuln vid="c80ce2dd-e831-11ec-bcd2-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>102.0.5005.115</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html">
	  <p>This release contains 7 security fixes, including:</p>
	  <ul>
	    <li>[1326210] High CVE-2022-2007: Use after free in WebGPU. Reported by David Manouchehri on 2022-05-17</li>
	    <li>[1317673] High CVE-2022-2008: Out of bounds memory access in WebGL. Reported by khangkito - Tran Van Khang (VinCSS) on 2022-04-19</li>
	    <li>[1325298] High CVE-2022-2010: Out of bounds read in compositing. Reported by Mark Brand of Google Project Zero on 2022-05-13</li>
	    <li>[1330379] High CVE-2022-2011: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-05-31</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-2007</cvename>
      <cvename>CVE-2022-2008</cvename>
      <cvename>CVE-2022-2010</cvename>
      <cvename>CVE-2022-2011</cvename>
      <url>https://chromereleases.googleblog.com/2022/06/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2022-06-09</discovery>
      <entry>2022-06-09</entry>
    </dates>
  </vuln>

  <vuln vid="49adfbe5-e7d1-11ec-8fbd-d4c9ef517024">
    <topic>Apache httpd -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><lt>2.4.54</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache httpd project reports:</p>
	<blockquote cite="http://downloads.apache.org/httpd/CHANGES_2.4.54">
	  <ul>
	    <li>CVE-2022-31813: mod_proxy X-Forwarded-For dropped by hop-by-hop
	      mechanism. Apache HTTP Server 2.4.53 and earlier may not send the
	      X-Forwarded-* headers to the origin server based on client side
	      Connection header hop-by-hop mechanism. This may be used to bypass
	      IP based authentication on the origin server/application.</li>
	    <li>CVE-2022-30556: Information Disclosure in mod_lua with websockets.
	      Apache HTTP Server 2.4.53 and earlier may return lengths to
	      applications calling r:wsread() that point past the end of the
	      storage allocated for the buffer.</li>
	    <li>CVE-2022-30522: mod_sed denial of service. If Apache HTTP Server
	      2.4.53 is configured to do transformations with mod_sed in contexts
	      where the input to mod_sed may be very large, mod_sed may make
	      excessively large memory allocations and trigger an abort.</li>
	    <li>CVE-2022-29404: Denial of service in mod_lua r:parsebody. In Apache
	      HTTP Server 2.4.53 and earlier, a malicious request to a lua script
	      that calls r:parsebody(0) may cause a denial of service due to no
	      default limit on possible input size.</li>
	    <li>CVE-2022-28615: Read beyond bounds in ap_strcmp_match(). Apache
	      HTTP Server 2.4.53 and earlier may crash or disclose information due
	      to a read beyond bounds in ap_strcmp_match() when provided with an
	      extremely large input buffer.  While no code distributed with the
	      server can be coerced into such a call, third-party modules or lua
	      scripts that use ap_strcmp_match() may hypothetically be affected.
	    </li>
	    <li>CVE-2022-28614: read beyond bounds via ap_rwrite(). The ap_rwrite()
	      function in Apache HTTP Server 2.4.53 and earlier may read unintended
	      memory if an attacker can cause the server to reflect very large
	      input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts()
	      function.</li>
	    <li>CVE-2022-28330: read beyond bounds in mod_isapi. Apache HTTP Server
	      2.4.53 and earlier on Windows may read beyond bounds when configured
	      to process requests with the mod_isapi module.</li>
	    <li>CVE-2022-26377: mod_proxy_ajp: Possible request smuggling.
	      Inconsistent Interpretation of HTTP Requests ('HTTP Request
	      Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
	      allows an attacker to smuggle requests to the AJP server it forwards
	      requests to.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-31813</cvename>
      <cvename>CVE-2022-30556</cvename>
      <cvename>CVE-2022-30522</cvename>
      <cvename>CVE-2022-29404</cvename>
      <cvename>CVE-2022-28615</cvename>
      <cvename>CVE-2022-28614</cvename>
      <cvename>CVE-2022-28330</cvename>
      <cvename>CVE-2022-26377</cvename>
      <url>http://downloads.apache.org/httpd/CHANGES_2.4.54</url>
    </references>
    <dates>
      <discovery>2022-06-08</discovery>
      <entry>2022-06-09</entry>
      <modified>2022-06-10</modified>
    </dates>
  </vuln>

  <vuln vid="15888c7e-e659-11ec-b7fe-10c37b4ac2ea">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go118</name>
	<range><lt>1.18.3</lt></range>
      </package>
      <package>
	<name>go117</name>
	<range><lt>1.17.11</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://go.dev/issue/52561">
	  <p>crypto/rand: rand.Read hangs with extremely large buffers</p>
	  <p>On Windows, rand.Read will hang indefinitely if passed a
	    buffer larger than 1 &lt;&lt; 32 - 1 bytes.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/52814">
	  <p>crypto/tls: session tickets lack random ticket_age_add</p>
	  <p>Session tickets generated by crypto/tls did not contain
	    a randomly generated ticket_age_add. This allows an
	    attacker that can observe TLS handshakes to correlate
	    successive connections by comparing ticket ages during
	    session resumption.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/52574">
	  <p>os/exec: empty Cmd.Path can result in running unintended
	    binary on Windows</p>
	  <p>If, on Windows, Cmd.Run, cmd.Start, cmd.Output, or
	    cmd.CombinedOutput are executed when Cmd.Path is unset
	    and, in the working directory, there are binaries named
	    either "..com" or "..exe", they will be executed.</p>
	</blockquote>
	<blockquote cite="https://go.dev/issue/52476">
	  <p>path/filepath: Clean(`.\c:`) returns `c:` on Windows</p>
	  <p>On Windows, the filepath.Clean function could convert an
	    invalid path to a valid, absolute path. For example,
	    Clean(`.\c:`) returned `c:`.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://groups.google.com/g/golang-dev/c/DidEMYAH_n0</url>
      <cvename>CVE-2022-30634</cvename>
      <url>https://go.dev/issue/52561</url>
      <cvename>CVE-2022-30629</cvename>
      <url>https://go.dev/issue/52814</url>
      <cvename>CVE-2022-30580</cvename>
      <url>https://go.dev/issue/52574</url>
      <cvename>CVE-2022-29804</cvename>
      <url>https://go.dev/issue/52476</url>
    </references>
    <dates>
      <discovery>2022-06-01</discovery>
      <entry>2022-06-07</entry>
    </dates>
  </vuln>

  <vuln vid="a58f3fde-e4e0-11ec-8340-2d623369b8b5">
    <topic>e2fsprogs -- out-of-bounds read/write vulnerability</topic>
    <affects>
      <package>
	<name>e2fsprogs</name>
	<range><lt>1.46.5_1</lt></range>
      </package>
      <package>
	<name>e2fsprogs-nobootfsck</name>
	<range><lt>1.46.5_1</lt></range>
      </package>
      <package>
	<name>e2fsprogs-roothardlinks</name>
	<range><lt>1.46.5_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Nils Bars reports:</p>
	<blockquote cite="https://bugzilla.redhat.com/show_bug.cgi?id=2068113">
	  <p>
	    During the processing of [a specially fuzzed disk image], an
	    out-of-bounds write is triggered and causes a segmentation fault
	    (SIGSEGV).
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1304</cvename>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=2068113</url>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=2069726</url>
      <url>https://lore.kernel.org/linux-ext4/20220421173148.20193-1-lczerner@redhat.com/T/#u</url>
    </references>
    <dates>
      <discovery>2022-03-24</discovery>
      <entry>2022-06-05</entry>
    </dates>
  </vuln>

  <vuln vid="f414d69f-e43d-11ec-9ea4-001b217b3468">
    <topic>Gitlab -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>15.0.0</ge><lt>15.0.1</lt></range>
	<range><ge>14.10.0</ge><lt>14.10.4</lt></range>
	<range><ge>11.10.0</ge><lt>14.9.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/">
	  <p>Account take over via SCIM email change</p>
	  <p>Stored XSS in Jira integration</p>
	  <p>Quick action commands susceptible to XSS</p>
	  <p>IP allowlist bypass when using Trigger tokens</p>
	  <p>IP allowlist bypass when using Project Deploy Tokens</p>
	  <p>Improper authorization in the Interactive Web Terminal</p>
	  <p>Subgroup member can list members of parent group</p>
	  <p>Group member lock bypass</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1680</cvename>
      <cvename>CVE-2022-1940</cvename>
      <cvename>CVE-2022-1948</cvename>
      <cvename>CVE-2022-1935</cvename>
      <cvename>CVE-2022-1936</cvename>
      <cvename>CVE-2022-1944</cvename>
      <cvename>CVE-2022-1821</cvename>
      <cvename>CVE-2022-1783</cvename>
      <url>https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/</url>
    </references>
    <dates>
      <discovery>2022-06-01</discovery>
      <entry>2022-06-04</entry>
    </dates>
  </vuln>

  <vuln vid="204f1a7a-43df-412f-ad25-7dbe88f54fa4">
    <topic>zeek -- potential DoS vulnerabilty</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>4.0.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v4.0.7">
	  <p> Fix potential hang in the DNS analyzer when receiving
	  a specially-crafted packet. Due to the possibility of
	  this happening with packets received from the network,
	  this is a potential DoS vulnerability. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v4.0.7</url>
    </references>
    <dates>
      <discovery>2022-06-01</discovery>
      <entry>2022-06-03</entry>
    </dates>
  </vuln>

  <vuln vid="40e2c35e-db99-11ec-b0cf-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>102.0.5005.61</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html">
	  <p>This release contains 32 security fixes, including:</p>
	  <ul>
	    <li>[1324864] Critical CVE-2022-1853: Use after free in Indexed DB. Reported by Anonymous on 2022-05-12</li>
	    <li>[1320024] High CVE-2022-1854: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-27</li>
	    <li>[1228661] High CVE-2022-1855: Use after free in Messaging. Reported by Anonymous on 2021-07-13</li>
	    <li>[1323239] High CVE-2022-1856: Use after free in User Education. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06</li>
	    <li>[1227995] High CVE-2022-1857: Insufficient policy enforcement in File System API. Reported by Daniel Rhea on 2021-07-11</li>
	    <li>[1314310] High CVE-2022-1858: Out of bounds read in DevTools. Reported by EllisVlad on 2022-04-07</li>
	    <li>[1322744] High CVE-2022-1859: Use after free in Performance Manager. Reported by Guannan Wang (@Keenan7310) of Tencent Security Xuanwu Lab on 2022-05-05</li>
	    <li>[1297209] High CVE-2022-1860: Use after free in UI Foundations. Reported by @ginggilBesel on 2022-02-15</li>
	    <li>[1316846] High CVE-2022-1861: Use after free in Sharing. Reported by Khalil Zhani on 2022-04-16</li>
	    <li>[1236325] Medium CVE-2022-1862: Inappropriate implementation in Extensions. Reported by Alesandro Ortiz on 2021-08-04</li>
	    <li>[1292870] Medium CVE-2022-1863: Use after free in Tab Groups. Reported by David Erceg on 2022-02-01</li>
	    <li>[1320624] Medium CVE-2022-1864: Use after free in WebApp Installs. Reported by Yuntao You (@GraVity0) of Bytedance Wuheng Lab on 2022-04-28</li>
	    <li>[1289192] Medium CVE-2022-1865: Use after free in Bookmarks. Reported by Rong Jian of VRI on 2022-01-20</li>
	    <li>[1292264] Medium CVE-2022-1866: Use after free in Tablet Mode. Reported by @ginggilBesel on 2022-01-29</li>
	    <li>[1315563] Medium CVE-2022-1867: Insufficient validation of untrusted input in Data Transfer. Reported by Michal Bentkowski of Securitum on 2022-04-12</li>
	    <li>[1301203] Medium CVE-2022-1868: Inappropriate implementation in Extensions API. Reported by Alesandro Ortiz on 2022-02-28</li>
	    <li>[1309467] Medium CVE-2022-1869: Type Confusion in V8. Reported by Man Yue Mo of GitHub Security Lab on 2022-03-23</li>
	    <li>[1323236] Medium CVE-2022-1870: Use after free in App Service. Reported by Nan Wang(@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-05-06</li>
	    <li>[1308199] Low CVE-2022-1871: Insufficient policy enforcement in File System API. Reported by Thomas Orlita on 2022-03-21</li>
	    <li>[1310461] Low CVE-2022-1872: Insufficient policy enforcement in Extensions API. Reported by ChaobinZhang on 2022-03-26</li>
	    <li>[1305394] Low CVE-2022-1873: Insufficient policy enforcement in COOP. Reported by NDevTK on 2022-03-11</li>
	    <li>[1251588] Low CVE-2022-1874: Insufficient policy enforcement in Safe Browsing. Reported by hjy79425575 on 2021-09-21</li>
	    <li>[1306443] Low CVE-2022-1875: Inappropriate implementation in PDF. Reported by NDevTK on 2022-03-15</li>
	    <li>[1313600] Low CVE-2022-1876: Heap buffer overflow in DevTools. Reported by @ginggilBesel on 2022-04-06</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1853</cvename>
      <cvename>CVE-2022-1854</cvename>
      <cvename>CVE-2022-1855</cvename>
      <cvename>CVE-2022-1856</cvename>
      <cvename>CVE-2022-1857</cvename>
      <cvename>CVE-2022-1858</cvename>
      <cvename>CVE-2022-1859</cvename>
      <cvename>CVE-2022-1860</cvename>
      <cvename>CVE-2022-1861</cvename>
      <cvename>CVE-2022-1862</cvename>
      <cvename>CVE-2022-1863</cvename>
      <cvename>CVE-2022-1864</cvename>
      <cvename>CVE-2022-1865</cvename>
      <cvename>CVE-2022-1866</cvename>
      <cvename>CVE-2022-1867</cvename>
      <cvename>CVE-2022-1868</cvename>
      <cvename>CVE-2022-1869</cvename>
      <cvename>CVE-2022-1870</cvename>
      <cvename>CVE-2022-1871</cvename>
      <cvename>CVE-2022-1872</cvename>
      <cvename>CVE-2022-1873</cvename>
      <cvename>CVE-2022-1874</cvename>
      <cvename>CVE-2022-1875</cvename>
      <cvename>CVE-2022-1876</cvename>
      <url>https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html</url>
    </references>
    <dates>
      <discovery>2022-05-24</discovery>
      <entry>2022-05-24</entry>
    </dates>
  </vuln>

  <vuln vid="04fecc47-dad2-11ec-8fbd-d4c9ef517024">
    <topic>MariaDB -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mariadb103-client</name>
	<range><lt>10.3.35</lt></range>
      </package>
      <package>
	<name>mariadb103-server</name>
	<range><lt>10.3.35</lt></range>
      </package>
      <package>
	<name>mariadb104-client</name>
	<range><lt>10.4.25</lt></range>
      </package>
      <package>
	<name>mariadb104-server</name>
	<range><lt>10.4.25</lt></range>
      </package>
      <package>
	<name>mariadb105-client</name>
	<range><lt>10.5.16</lt></range>
      </package>
      <package>
	<name>mariadb105-server</name>
	<range><lt>10.5.16</lt></range>
      </package>
      <package>
	<name>mariadb106-client</name>
	<range><lt>10.6.8</lt></range>
      </package>
      <package>
	<name>mariadb106-server</name>
	<range><lt>10.6.8</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The MariaDB project reports:</p>
	<blockquote cite="https://mariadb.com/kb/en/security/#full-list-of-cves-fixed-in-mariadb">
	  <p>MariaDB fixed 23 vulnerabilities across all supported versions</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-46669</cvename>
      <cvename>CVE-2022-27376</cvename>
      <cvename>CVE-2022-27377</cvename>
      <cvename>CVE-2022-27378</cvename>
      <cvename>CVE-2022-27379</cvename>
      <cvename>CVE-2022-27380</cvename>
      <cvename>CVE-2022-27381</cvename>
      <cvename>CVE-2022-27382</cvename>
      <cvename>CVE-2022-27383</cvename>
      <cvename>CVE-2022-27384</cvename>
      <cvename>CVE-2022-27386</cvename>
      <cvename>CVE-2022-27387</cvename>
      <cvename>CVE-2022-27444</cvename>
      <cvename>CVE-2022-27445</cvename>
      <cvename>CVE-2022-27446</cvename>
      <cvename>CVE-2022-27447</cvename>
      <cvename>CVE-2022-27448</cvename>
      <cvename>CVE-2022-27449</cvename>
      <cvename>CVE-2022-27451</cvename>
      <cvename>CVE-2022-27452</cvename>
      <cvename>CVE-2022-27455</cvename>
      <cvename>CVE-2022-27456</cvename>
      <cvename>CVE-2022-27457</cvename>
      <cvename>CVE-2022-27458</cvename>
      <url>https://mariadb.com/kb/en/security/#full-list-of-cves-fixed-in-mariadb</url>
    </references>
    <dates>
      <discovery>2022-05-20</discovery>
      <entry>2022-05-23</entry>
    </dates>
  </vuln>

  <vuln vid="b2407db1-d79f-11ec-a15f-589cfc0f81b0">
    <topic>clamav -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>clamav</name>
	<range><lt>0.104.3,1</lt></range>
      </package>
      <package>
	<name>clamav-lts</name>
	<range><lt>0.103.6,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The ClamAV project reports:</p>
	<blockquote cite="https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html">
	  <p>Fixed a possible double-free vulnerability in the OLE2 file
	    parser. Issue affects versions 0.104.0 through 0.104.2. Issue
	    identified by OSS-Fuzz.</p>
	  <p>Fixed a possible infinite loop vulnerability in the CHM file
	    parser. Issue affects versions 0.104.0 through 0.104.2 and LTS
	    version 0.103.5 and prior versions. Thank you to Michał Dardas
	    for reporting this issue.</p>
	  <p>Fixed a possible NULL-pointer dereference crash in the scan
	    verdict cache check. Issue affects versions 0.103.4, 0.103.5,
	    0.104.1, and 0.104.2. Thank you to Alexander Patrakov and
	    Antoine Gatineau for reporting this issue.</p>
	  <p>Fixed a possible infinite loop vulnerability in the TIFF file
	    parser. Issue affects versions 0.104.0 through 0.104.2 and LTS
	    version 0.103.5 and prior versions. The issue only occurs if the
	    "--alert-broken-media" ClamScan option is enabled. For ClamD,
	    the affected option is "AlertBrokenMedia yes", and for libclamav
	    it is the "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. Thank
	    you to Michał Dardas for reporting this issue.</p>
	  <p>Fixed a possible memory leak in the HTML file parser /
	    Javascript normalizer. Issue affects versions 0.104.0 through
	    0.104.2 and LTS version 0.103.5 and prior versions. Thank you to
	    Michał Dardas for reporting this issue.</p>
	  <p>Fixed a possible multi-byte heap buffer overflow write
	    vulnerability in the signature database load module. The fix was
	    to update the vendored regex library to the latest version.
	    Issue affects versions 0.104.0 through 0.104.2 and LTS version
	    0.103.5 and prior versions. Thank you to Michał Dardas for
	    reporting this issue.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-20803</cvename>
      <cvename>CVE-2022-20770</cvename>
      <cvename>CVE-2022-20796</cvename>
      <cvename>CVE-2022-20771</cvename>
      <cvename>CVE-2022-20785</cvename>
      <cvename>CVE-2022-20792</cvename>
      <url>https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html#more</url>
    </references>
    <dates>
      <discovery>2022-05-04</discovery>
      <entry>2022-05-19</entry>
    </dates>
  </vuln>

  <vuln vid="a1360138-d446-11ec-8ea1-10c37b4ac2ea">
    <topic>go -- syscall.Faccessat checks wrong group on Linux</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.18.2,1</lt></range>
      </package>
      <package>
	<name>go117</name>
	<range><lt>1.17.10</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/52313">
	  <p>When called with a non-zero flags parameter, the
	    syscall.Faccessat function could incorrectly report that a
	    file is accessible. This bug only occurs on Linux systems.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-29526</cvename>
      <url>https://github.com/golang/go/issues/52313</url>
      <url>https://groups.google.com/g/golang-dev/c/CPU3TB6d4oY</url>
    </references>
    <dates>
      <discovery>2022-04-12</discovery>
      <entry>2022-05-15</entry>
    </dates>
  </vuln>

  <vuln vid="11e36890-d28c-11ec-a06f-d4c9ef517024">
    <topic>curl -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><lt>7.83.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The curl project reports:</p>
	<blockquote cite="https://curl.se/docs/security.html">
	  <p>CVE-2022-27778: curl removes wrong file on error</p>
	  <p>CVE-2022-27779: cookie for trailing dot TLD</p>
	  <p>CVE-2022-27780: percent-encoded path separator in URL host</p>
	  <p>CVE-2022-27781: CERTINFO never-ending busy-loop</p>
	  <p>CVE-2022-27782: TLS and SSH connection too eager reuse</p>
	  <p>CVE-2022-30115: HSTS bypass via trailing dot</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-27778</cvename>
      <cvename>CVE-2022-27779</cvename>
      <cvename>CVE-2022-27780</cvename>
      <cvename>CVE-2022-27781</cvename>
      <cvename>CVE-2022-27782</cvename>
      <cvename>CVE-2022-30115</cvename>
      <url>https://curl.se/docs/security.html</url>
    </references>
    <dates>
      <discovery>2022-05-11</discovery>
      <entry>2022-05-13</entry>
    </dates>
  </vuln>

  <vuln vid="157ce083-d145-11ec-ab9b-6cc21735f730">
    <topic>PostgreSQL Server -- execute arbitrary SQL code as DBA user</topic>
    <affects>
      <package>
	<name>postgresql14-server</name>
	<range><lt>14.3</lt></range>
      </package>
      <package>
	<name>postgresql13-server</name>
	<range><lt>13.7</lt></range>
      </package>
      <package>
	<name>postgresql12-server</name>
	<range><lt>12.11</lt></range>
      </package>
      <package>
	<name>postgresql11-server</name>
	<range><lt>11.16</lt></range>
      </package>
      <package>
	<name>postgresql10-server</name>
	<range><lt>10.21</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The PostgreSQL project reports:</p>
	<blockquote>
	  <p>
	    Confine additional operations within "security restricted
	    operation" sandboxes.
	  </p>
	  <p>
	    Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW,
	    and pg_amcheck activated the "security restricted operation" protection
	    mechanism too late, or even not at all in some code paths.
	    A user having permission to create non-temporary objects within a
	    database could define an object that would execute arbitrary SQL
	    code with superuser permissions the next time that autovacuum
	    processed the object, or that some superuser ran one of the affected
	    commands against it.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1552</cvename>
    </references>
    <dates>
      <discovery>2022-05-11</discovery>
      <entry>2022-05-11</entry>
    </dates>
  </vuln>

  <vuln vid="ac91cf5e-d098-11ec-bead-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>101.0.4951.64</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html">
	  <p>This release contains 13 security fixes, including:</p>
	  <ul>
	    <li>[1316990] High CVE-2022-1633: Use after free in Sharesheet. Reported by Khalil Zhani on 2022-04-18</li>
	    <li>[1314908] High CVE-2022-1634: Use after free in Browser UI. Reported by Khalil Zhani on 2022-04-09</li>
	    <li>[1319797] High CVE-2022-1635: Use after free in Permission Prompts. Reported by Anonymous on 2022-04-26</li>
	    <li>[1297283] High CVE-2022-1636: Use after free in Performance APIs. Reported by Seth Brenith, Microsoft on 2022-02-15</li>
	    <li>[1311820] High CVE-2022-1637: Inappropriate implementation in Web Contents. Reported by Alesandro Ortiz on 2022-03-31</li>
	    <li>[1316946] High CVE-2022-1638: Heap buffer overflow in V8 Internationalization. Reported by DoHyun Lee (@l33d0hyun) of DNSLab, Korea University on 2022-04-17</li>
	    <li>[1317650] High CVE-2022-1639: Use after free in ANGLE. Reported by SeongHwan Park (SeHwa) on 2022-04-19</li>
	    <li>[1320592] High CVE-2022-1640: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-04-28</li>
	    <li>[1305068] Medium CVE-2022-1641: Use after free in Web UI Diagnostics. Reported by Rong Jian of VRI on 2022-03-10</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1633</cvename>
      <cvename>CVE-2022-1634</cvename>
      <cvename>CVE-2022-1635</cvename>
      <cvename>CVE-2022-1636</cvename>
      <cvename>CVE-2022-1637</cvename>
      <cvename>CVE-2022-1638</cvename>
      <cvename>CVE-2022-1639</cvename>
      <cvename>CVE-2022-1640</cvename>
      <cvename>CVE-2022-1641</cvename>
      <url>https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_10.html</url>
    </references>
    <dates>
      <discovery>2022-05-10</discovery>
      <entry>2022-05-10</entry>
    </dates>
  </vuln>

  <vuln vid="b9837fa1-cd72-11ec-98f1-6805ca0b3d42">
    <topic>rsyslog8 -- heap buffer overflow on receiving TCP syslog</topic>
    <affects>
      <package>
	<name>rsyslog</name>
	<range><lt>8.2204.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Rainer Gerhards reports:</p>
	<blockquote cite="https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8">
	  <p>Modules for TCP syslog reception have a heap buffer
	  overflow when octet-counted framing is used. The attacker
	  can corrupt heap values, leading to data integrity issues
	  and availability impact. Remote code execution is unlikely
	  to happen but not impossible..</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24903</cvename>
      <url>https://github.com/rsyslog/rsyslog/security/advisories/GHSA-ggw7-xr6h-mmr8</url>
    </references>
    <dates>
      <discovery>2022-05-05</discovery>
      <entry>2022-05-06</entry>
    </dates>
  </vuln>

  <vuln vid="647ac600-cc70-11ec-9cfc-10c37b4ac2ea">
    <topic>gogs -- XSS in issue attachments</topic>
    <affects>
      <package>
	<name>gogs</name>
	<range><lt>0.12.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The gogs project reports:</p>
	<blockquote cite="https://github.com/gogs/gogs/issues/6919">
	  <p>Repository issues page allows HTML attachments with arbitrary
	    JS code.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1464</cvename>
      <url>https://github.com/gogs/gogs/issues/6919</url>
      <url>https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d/</url>
    </references>
    <dates>
      <discovery>2022-04-12</discovery>
      <entry>2022-05-05</entry>
    </dates>
  </vuln>

  <vuln vid="95ee401d-cc6a-11ec-9cfc-10c37b4ac2ea">
    <topic>gitea -- Escape git fetch remote</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.16.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Gitea team reports:</p>
	<blockquote cite="https://github.com/go-gitea/gitea/pull/19487">
	  <p>Escape git fetch remote in
	    services/migrations/gitea_uploader.go</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/go-gitea/gitea/pull/19487</url>
    </references>
    <dates>
      <discovery>2022-04-25</discovery>
      <entry>2022-05-05</entry>
    </dates>
  </vuln>

  <vuln vid="fceb2b08-cb76-11ec-a06f-d4c9ef517024">
    <topic>OpenSSL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1o,1</lt></range>
      </package>
      <package>
	<name>openssl-devel</name>
	<range><lt>3.0.3</lt></range>
      </package>
      <package>
	<name>openssl-quictls</name>
	<range><lt>3.0.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20220503.txt">
	  <ul>
	    <li>The c_rehash script allows command injection (CVE-2022-1292)
	      (Moderate) <br/>The c_rehash script does not properly sanitise shell
	      metacharacters to prevent command injection.  This script is distributed
	      by some operating systems in a manner where it is automatically
	      executed. On such operating systems, an attacker could execute arbitrary
	      commands with the privileges of the script.</li>
	    <li>OCSP_basic_verify may incorrectly verify the response signing
	      certificate (CVE-2022-1343) (Moderate)<br/>The function
	      `OCSP_basic_verify` verifies the signer certificate on an OCSP response.
	      In the case where the (non-default) flag OCSP_NOCHECKS is used then the
	      response will be positive (meaning a successful verification) even in
	      the case where the response signing certificate fails to verify.</li>
	    <li>Incorrect MAC key used in the RC4-MD5 ciphersuite (CVE-2022-1434)
	      (Low)<br/>The OpenSSL 3.0 implementation of the RC4-MD5 ciphersuite
	      incorrectly uses the AAD data as the MAC key. This makes the MAC key
	      trivially predictable.</li>
	    <li>Resource leakage when decoding certificates and keys (CVE-2022-1473)
	      (Low)<br/>The OPENSSL_LH_flush() function, which empties a hash table,
	      containsa bug that breaks reuse of the memory occuppied by the removed
	      hash table entries.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1292</cvename>
      <cvename>CVE-2022-1343</cvename>
      <cvename>CVE-2022-1434</cvename>
      <cvename>CVE-2022-1473</cvename>
      <url>https://www.openssl.org/news/secadv/20220503.txt</url>
    </references>
    <dates>
      <discovery>2022-05-03</discovery>
      <entry>2022-05-04</entry>
      <modified>2022-05-05</modified>
    </dates>
  </vuln>

  <vuln vid="a8118db0-cac2-11ec-9288-0800270512f4">
    <topic>rainloop -- cross-site-scripting (XSS) vulnerability</topic>
    <affects>
      <package>
	<name>rainloop-php74</name>
	<name>rainloop-php80</name>
	<name>rainloop-php81</name>
	<name>rainloop-community-php74</name>
	<name>rainloop-community-php80</name>
	<name>rainloop-community-php81</name>
	<range><lt>1.16.0_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Simon Scannell reports:</p>
	<blockquote cite="https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw">
	  <p>
	    The code vulnerability can be easily exploited by an
	    attacker by sending a malicious email to a victim that
	    uses RainLoop as a mail client. When the email is viewed
	    by the victim, the attacker gains full control over the
	    session of the victim and can steal any of their emails,
	    including those that contain highly sensitive information
	    such as passwords, documents, and password reset links.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-29360</cvename>
      <url>https://blog.sonarsource.com/rainloop-emails-at-risk-due-to-code-flaw</url>
      <url>https://github.com/RainLoop/rainloop-webmail/issues/2142</url>
    </references>
    <dates>
      <discovery>2022-04-19</discovery>
      <entry>2022-05-03</entry>
    </dates>
  </vuln>

  <vuln vid="61bce714-ca0c-11ec-9cfc-10c37b4ac2ea">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.18.1,1</lt></range>
      </package>
      <package>
	<name>go117</name>
	<range><lt>1.17.9</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/51853">
	  <p>encoding/pem: fix stack overflow in Decode.</p>
	  <p>A large (more than 5 MB) PEM input can cause a stack
	    overflow in Decode, leading the program to crash.</p>
	</blockquote>
	<blockquote cite="https://github.com/golang/go/issues/52075">
	  <p>crypto/elliptic: tolerate all oversized scalars in generic
	    P-256.</p>
	  <p>A crafted scalar input longer than 32 bytes can
	    cause P256().ScalarMult or P256().ScalarBaseMult to panic.
	    Indirect uses through crypto/ecdsa and crypto/tls are
	    unaffected. amd64, arm64, ppc64le, and s390x are
	    unaffected.</p>
	</blockquote>
	<blockquote cite="https://github.com/golang/go/issues/51759">
	  <p>crypto/x509: non-compliant certificates can cause a panic
	    in Verify on macOS in Go 1.18.</p>
	  <p>Verifying certificate chains containing certificates
	    which are not compliant with RFC 5280 causes
	    Certificate.Verify to panic on macOS. These chains can be
	    delivered through TLS and can cause a crypto/tls or
	    net/http client to crash.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24675</cvename>
      <url>https://github.com/golang/go/issues/51853</url>
      <cvename>CVE-2022-28327</cvename>
      <url>https://github.com/golang/go/issues/52075</url>
      <cvename>CVE-2022-27536</cvename>
      <url>https://github.com/golang/go/issues/51759</url>
    </references>
    <dates>
      <discovery>2022-04-12</discovery>
      <entry>2022-05-02</entry>
    </dates>
  </vuln>

  <vuln vid="9db93f3d-c725-11ec-9618-000d3ac47524">
    <topic>Rails -- XSS vulnerabilities</topic>
    <affects>
      <package>
	<name>rubygem-actionpack52</name>
	<range><lt>5.2.7.1</lt></range>
      </package>
      <package>
	<name>rubygem-actionpack60</name>
	<range><lt>6.0.4.8</lt></range>
      </package>
      <package>
	<name>rubygem-actionpack61</name>
	<range><lt>6.1.5.1</lt></range>
      </package>
      <package>
	<name>rubygem-actionpack70</name>
	<range><lt>7.0.2.4</lt></range>
      </package>
      <package>
	<name>rubygem-actionview52</name>
	<range><lt>5.2.7.1</lt></range>
      </package>
      <package>
	<name>rubygem-actionview60</name>
	<range><lt>6.0.4.8</lt></range>
      </package>
      <package>
	<name>rubygem-actionview61</name>
	<range><lt>6.1.5.1</lt></range>
      </package>
      <package>
	<name>rubygem-actionview70</name>
	<range><lt>7.0.2.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Ruby on Rails blog:</p>
	<blockquote cite="https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released">
	  <p>This is an announcement to let you know that Rails 7.0.2.4, 6.1.5.1,
	    6.0.4.8, and 5.2.7.1 have been released!</p>
	  <p>These are security releases so please update as soon as you can. Once
	    again we've made these releases based on the last release tag, so
	    hopefully upgrading will go smoothly.</p>
	  <p>The releases address two vulnerabilities, CVE-2022-22577, and
	    CVS-2022-27777. They are both XSS vulnerabilities, so please take a look
	    at the forum posts to see how (or if) they might possibly impact your
	    application.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-22577</cvename>
      <cvename>CVE-2022-27777</cvename>
      <url>https://rubyonrails.org/2022/4/26/Rails-7-0-2-4-6-1-5-1-6-0-4-8-and-5-2-7-1-have-been-released</url>
    </references>
    <dates>
      <discovery>2022-04-26</discovery>
      <entry>2022-04-30</entry>
    </dates>
  </vuln>

  <vuln vid="2220827b-c732-11ec-b272-901b0e934d69">
    <topic>hiredis -- integer/buffer overflow</topic>
    <affects>
      <package>
	<name>hiredis</name>
	<range><lt>1.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>hiredis maintainers report:</p>
	<blockquote cite="https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2">
	  <p>
	    Hiredis is vulnurable to integer overflow if provided maliciously crafted or corrupted RESP mult-bulk protocol data.

	    When parsing multi-bulk (array-like) replies, hiredis fails to check if count * sizeof(redisReply*) can be represented in SIZE_MAX. If it can not, and the calloc() call doesn't itself make this check, it would result in a short allocation and subsequent buffer overflow.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-32765</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32765</url>
      <url>https://github.com/redis/hiredis/security/advisories/GHSA-hfm9-39pp-55p2</url>
    </references>
    <dates>
      <discovery>2021-10-04</discovery>
      <entry>2022-04-29</entry>
    </dates>
  </vuln>

  <vuln vid="92a4d881-c6cf-11ec-a06f-d4c9ef517024">
    <topic>cURL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>curl</name>
	<range><lt>7.83.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The cURL project reports:</p>
	<blockquote cite="https://curl.se/docs/vuln-7.82.0.html">
	  <ul>
	    <li>OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)</li>
	    <li>Credential leak on redirect (CVE-2022-27774)</li>
	    <li>Bad local IPv6 connection reuse (CVE-2022-27775)</li>
	    <li>Auth/cookie leak on redirect (CVE-2022-27776)</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-22576</cvename>
      <cvename>CVE-2022-27774</cvename>
      <cvename>CVE-2022-27775</cvename>
      <cvename>CVE-2022-27776</cvename>
      <url>https://curl.se/docs/vuln-7.82.0.html</url>
    </references>
    <dates>
      <discovery>2022-04-27</discovery>
      <entry>2022-04-28</entry>
    </dates>
  </vuln>

  <vuln vid="26f2123b-c6c6-11ec-b66f-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>101.0.4951.41</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html">
	  <p>This release contains 30 security fixes, including:</p>
	  <ul>
	    <li>[1313905] High CVE-2022-1477: Use after free in Vulkan. Reported by SeongHwan Park (SeHwa) on 2022-04-06</li>
	    <li>[1299261] High CVE-2022-1478: Use after free in SwiftShader. Reported by SeongHwan Park (SeHwa) on 2022-02-20</li>
	    <li>[1305190] High CVE-2022-1479: Use after free in ANGLE. Reported by Jeonghoon Shin of Theori on 2022-03-10</li>
	    <li>[1307223] High CVE-2022-1480: Use after free in Device API. Reported by @uwu7586 on 2022-03-17</li>
	    <li>[1302949] High CVE-2022-1481: Use after free in Sharing. Reported by Weipeng Jiang (@Krace) and Guang Gong of 360 Vulnerability Research Institute on 2022-03-04</li>
	    <li>[1304987] High CVE-2022-1482: Inappropriate implementation in WebGL. Reported by Christoph Diehl, Microsoft on 2022-03-10</li>
	    <li>[1314754] High CVE-2022-1483: Heap buffer overflow in WebGPU. Reported by Mark Brand of Google Project Zero on 2022-04-08</li>
	    <li>[1297429] Medium CVE-2022-1484: Heap buffer overflow in Web UI Settings. Reported by Chaoyuan Peng (@ret2happy) on 2022-02-15</li>
	    <li>[1299743] Medium CVE-2022-1485: Use after free in File System API. Reported by Anonymous on 2022-02-22</li>
	    <li>[1314616] Medium CVE-2022-1486: Type Confusion in V8. Reported by Brendon Tiszka on 2022-04-08</li>
	    <li>[1304368] Medium CVE-2022-1487: Use after free in Ozone. Reported by Sri on 2022-03-09</li>
	    <li>[1302959] Medium CVE-2022-1488: Inappropriate implementation in Extensions API. Reported by Thomas Beverley from Wavebox.io on 2022-03-04</li>
	    <li>[1300561] Medium CVE-2022-1489: Out of bounds memory access in UI Shelf. Reported by Khalil Zhani on 2022-02-25</li>
	    <li>[1301840] Medium CVE-2022-1490: Use after free in Browser Switcher. Reported by raven at KunLun lab on 2022-03-01</li>
	    <li>[1305706] Medium CVE-2022-1491: Use after free in Bookmarks. Reported by raven at KunLun lab on 2022-03-12</li>
	    <li>[1315040] Medium CVE-2022-1492: Insufficient data validation in Blink Editing. Reported by Michal Bentkowski of Securitum on 2022-04-11</li>
	    <li>[1275414] Medium CVE-2022-1493: Use after free in Dev Tools. Reported by Zhihua Yao of KunLun Lab on 2021-12-01</li>
	    <li>[1298122] Medium CVE-2022-1494: Insufficient data validation in Trusted Types. Reported by Masato Kinugawa on 2022-02-17</li>
	    <li>[1301180] Medium CVE-2022-1495: Incorrect security UI in Downloads. Reported by Umar Farooq on 2022-02-28</li>
	    <li>[1306391] Medium CVE-2022-1496: Use after free in File Manager. Reported by Zhiyi Zhang and Zhunki from Codesafe Team of Legendsec at Qi'anxin Group on 2022-03-15</li>
	    <li>[1264543] Medium CVE-2022-1497: Inappropriate implementation in Input. Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability Research on 2021-10-29</li>
	    <li>[1297138] Low CVE-2022-1498: Inappropriate implementation in HTML Parser. Reported by SeungJu Oh (@real_as3617) on 2022-02-14</li>
	    <li>[1000408] Low CVE-2022-1499: Inappropriate implementation in WebAuthentication. Reported by Jun Kokatsu, Microsoft Browser Vulnerability Research on 2019-09-04</li>
	    <li>[1223475] Low CVE-2022-1500: Insufficient data validation in Dev Tools. Reported by Hoang Nguyen on 2021-06-25</li>
	    <li>[1293191] Low CVE-2022-1501: Inappropriate implementation in iframe. Reported by Oriol Brufau on 2022-02-02</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1477</cvename>
      <cvename>CVE-2022-1478</cvename>
      <cvename>CVE-2022-1479</cvename>
      <cvename>CVE-2022-1480</cvename>
      <cvename>CVE-2022-1481</cvename>
      <cvename>CVE-2022-1482</cvename>
      <cvename>CVE-2022-1483</cvename>
      <cvename>CVE-2022-1484</cvename>
      <cvename>CVE-2022-1485</cvename>
      <cvename>CVE-2022-1486</cvename>
      <cvename>CVE-2022-1487</cvename>
      <cvename>CVE-2022-1488</cvename>
      <cvename>CVE-2022-1489</cvename>
      <cvename>CVE-2022-1490</cvename>
      <cvename>CVE-2022-1491</cvename>
      <cvename>CVE-2022-1492</cvename>
      <cvename>CVE-2022-1493</cvename>
      <cvename>CVE-2022-1494</cvename>
      <cvename>CVE-2022-1495</cvename>
      <cvename>CVE-2022-1496</cvename>
      <cvename>CVE-2022-1497</cvename>
      <cvename>CVE-2022-1498</cvename>
      <cvename>CVE-2022-1499</cvename>
      <cvename>CVE-2022-1500</cvename>
      <cvename>CVE-2022-1501</cvename>
      <url>https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_26.html</url>
    </references>
    <dates>
      <discovery>2022-04-26</discovery>
      <entry>2022-04-28</entry>
    </dates>
  </vuln>

  <vuln vid="cc42db1c-c65f-11ec-ad96-0800270512f4">
    <topic>redis -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>redis</name>
	<range><lt>6.2.7</lt></range>
      </package>
      <package>
	<name>redis-devel</name>
	<range><lt>7.0.0.20220428</lt></range>
      </package>
      <package>
	<name>redis62</name>
	<range><lt>6.2.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Aviv Yahav reports:</p>
	<blockquote cite="https://groups.google.com/g/redis-db/c/7iWUlwtoDqU">
	  <dl>
	    <dt>CVE-2022-24735</dt>
	    <dd>
	      By exploiting weaknesses in the Lua script execution
	      environment, an attacker with access to Redis can inject
	      Lua code that will execute with the (potentially higher)
	      privileges of another Redis user.
	    </dd>
	    <dt>CVE-2022-24736</dt>
	    <dd>
	      An attacker attempting to load a specially crafted Lua
	      script can cause NULL pointer dereference which will
	      result with a crash of the redis-server process.
	    </dd>
	  </dl>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24735</cvename>
      <cvename>CVE-2022-24736</cvename>
      <url>https://groups.google.com/g/redis-db/c/7iWUlwtoDqU</url>
    </references>
    <dates>
      <discovery>2022-04-27</discovery>
      <entry>2022-04-27</entry>
    </dates>
  </vuln>

  <vuln vid="17a30a24-c579-11ec-bbbd-0800270512f4">
    <topic>eb -- Potential buffer overrun vulnerability</topic>
    <affects>
      <package>
	<name>ja-eb</name>
	<range><lt>4.4.3_5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Kazuhiro Ito reports:</p>
	<blockquote cite="mailto:edict@ring.gr.jp">
	  <p>Potential buffer overrun vulnerability is found in eb/multiplex.c.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>mailto:edict@ring.gr.jp</url>
    </references>
    <dates>
      <discovery>2022-04-25</discovery>
      <entry>2022-04-26</entry>
    </dates>
  </vuln>

  <vuln vid="a00c76d9-0c05-4d99-bef7-ae4521cb2a4d">
    <topic>zeek -- potential DoS vulnerabilty</topic>
    <affects>
      <package>
	<name>zeek</name>
	<range><lt>4.0.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tim Wojtulewicz of Corelight reports:</p>
	<blockquote cite="https://github.com/zeek/zeek/releases/tag/v4.0.6">
	  <p> Fix potential unbounded state growth in the FTP
	  analyzer when receiving a specially-crafted stream of
	  commands. This may lead to a buffer overflow and cause
	  Zeek to crash. Due to the possibility of this happening
	  with packets received from the network, this is a potential
	  DoS vulnerabilty. </p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/zeek/zeek/releases/tag/v4.0.6</url>
    </references>
    <dates>
      <discovery>2022-04-21</discovery>
      <entry>2022-04-21</entry>
    </dates>
  </vuln>

  <vuln vid="b019585a-bfea-11ec-b46c-b42e991fc52e">
    <topic>zgrep -- arbitrary file write</topic>
    <affects>
      <package>
	<name>gzip</name>
	<range><lt>1.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>RedHat reports:</p>
	<blockquote cite="https://access.redhat.com/security/cve/cve-2022-1271">
	  <p>An arbitrary file write vulnerability was found in GNU
		gzip's zgrep utility. When zgrep is applied on the
		attacker's chosen file name (for example, a crafted
		file name), this can overwrite an attacker's content
		to an arbitrary attacker-selected file. This flaw
		occurs due to insufficient validation when processing
		filenames with two or more newlines where selected
		content and the target file names are embedded in
		crafted multi-line file names. This flaw allows a
		remote, low privileged attacker to force zgrep to
		write arbitrary files on the system.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1271</cvename>
      <url>https://bugzilla.redhat.com/show_bug.cgi?id=2073310</url>
    </references>
    <dates>
      <discovery>2022-04-07</discovery>
      <entry>2022-04-19</entry>
    </dates>
  </vuln>

  <vuln vid="2a314635-be46-11ec-a06f-d4c9ef517024">
    <topic>Nextcloud Calendar -- SMTP Command Injection</topic>
    <affects>
      <package>
	<name>nextcloud-calendar</name>
	<range><lt>3.2.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p> reports:</p>
	<blockquote cite="https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8xv5-4855-24qf">
	  <p>SMTP Command Injection in Appointment Emails via Newlines: as newlines
	    and special characters are not sanitized in the email value in the JSON
	    request, a malicious attacker can inject newlines to break out of the
	    `RCPT TO:&lt;BOOKING USER'S EMAIL&gt;` SMTP command and begin injecting
	    arbitrary SMTP commands.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24838</cvename>
      <url>https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8xv5-4855-24qf</url>
    </references>
    <dates>
      <discovery>2022-04-11</discovery>
      <entry>2022-04-17</entry>
    </dates>
  </vuln>

  <vuln vid="add683be-bd76-11ec-a06f-d4c9ef517024">
    <topic>MySQL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mysql57-server</name>
	<range><lt>5.7.38</lt></range>
      </package>
      <package>
	<name>mysql80-client</name>
	<range><lt>8.0.29</lt></range>
      </package>
      <package>
	<name>mysql80-server</name>
	<range><lt>8.0.29</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpuapr2022.html">
	  <p>The 2022 April Critical Patch Update contains 43 new security
	    patches for Oracle MySQL. 11 of these vulnerabilities may be
	    remotely exploitable without authentication, i.e., may be
	    exploited over a network without requiring user credentials.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.oracle.com/security-alerts/cpuapr2022.html</url>
      <cvename>CVE-2022-0778</cvename>
      <cvename>CVE-2021-22570</cvename>
      <cvename>CVE-2022-0778</cvename>
      <cvename>CVE-2022-21454</cvename>
      <cvename>CVE-2022-21482</cvename>
      <cvename>CVE-2022-21483</cvename>
      <cvename>CVE-2022-21489</cvename>
      <cvename>CVE-2022-21490</cvename>
      <cvename>CVE-2022-21457</cvename>
      <cvename>CVE-2022-21425</cvename>
      <cvename>CVE-2022-21440</cvename>
      <cvename>CVE-2022-21459</cvename>
      <cvename>CVE-2022-21478</cvename>
      <cvename>CVE-2022-21479</cvename>
      <cvename>CVE-2022-21418</cvename>
      <cvename>CVE-2022-21417</cvename>
      <cvename>CVE-2022-21413</cvename>
      <cvename>CVE-2022-21427</cvename>
      <cvename>CVE-2022-21412</cvename>
      <cvename>CVE-2022-21414</cvename>
      <cvename>CVE-2022-21435</cvename>
      <cvename>CVE-2022-21436</cvename>
      <cvename>CVE-2022-21437</cvename>
      <cvename>CVE-2022-21438</cvename>
      <cvename>CVE-2022-21452</cvename>
      <cvename>CVE-2022-21462</cvename>
      <cvename>CVE-2022-21415</cvename>
      <cvename>CVE-2022-21451</cvename>
      <cvename>CVE-2022-21444</cvename>
      <cvename>CVE-2022-21460</cvename>
      <cvename>CVE-2022-21484</cvename>
      <cvename>CVE-2022-21485</cvename>
      <cvename>CVE-2022-21486</cvename>
      <cvename>CVE-2022-21423</cvename>
    </references>
    <dates>
      <discovery>2022-04-16</discovery>
      <entry>2022-04-16</entry>
      <modified>2022-05-23</modified>
    </dates>
  </vuln>

  <vuln vid="a25ea27b-bced-11ec-87b5-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>100.0.4896.127</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html">
	  <p>This release contains 2 security fixes, including:</p>
	  <ul>
	    <li>[1315901] High CVE-2022-1364: Type Confusion in V8. Reported by Clément Lecigne of Google's Threat Analysis Group on 2022-0-13</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1364</cvename>
      <url>https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html</url>
    </references>
    <dates>
      <discovery>2022-04-14</discovery>
      <entry>2022-04-15</entry>
    </dates>
  </vuln>

  <vuln vid="a5de43ed-bc49-11ec-b516-0897988a1c07">
    <topic>Asterisk -- func_odbc: Possible SQL Injection</topic>
    <affects>
      <package>
	<name>asterisk16</name>
	<range><lt>16.25.2</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><lt>18.11.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories/">
	  <p>Some databases can use backslashes to escape certain
	  characters, such as backticks. If input is provided to
	  func_odbc which includes backslashes it is possible for
	  func_odbc to construct a broken SQL query and the SQL
	  query to fail.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-26651</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2022-003.html</url>
    </references>
    <dates>
      <discovery>2022-04-14</discovery>
      <entry>2022-04-14</entry>
    </dates>
  </vuln>

  <vuln vid="8838abf0-bc47-11ec-b516-0897988a1c07">
    <topic>Asterisk -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>asterisk16</name>
	<range><gt>16.15.0</gt><lt>16.25.2</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><lt>18.11.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories/">
	  <p>AST-2022-001 - When using STIR/SHAKEN, its possible
	  to download files that are not certificates. These files
	  could be much larger than what you would expect to
	  download.</p>
	  <p>AST-2022-002 - When using STIR/SHAKEN, its possible
	  to send arbitrary requests like GET to interfaces such
	  as localhost using the Identity header.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-26498</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2022-001.html</url>
      <cvename>CVE-2022-26499</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2022-002.html</url>
    </references>
    <dates>
      <discovery>2022-04-14</discovery>
      <entry>2022-04-14</entry>
    </dates>
  </vuln>

  <vuln vid="24a9bd2b-bb43-11ec-af81-0897988a1c07">
    <topic>Composer -- Command injection vulnerability</topic>
    <affects>
      <package>
	<name>php74-composer</name>
	<name>php80-composer</name>
	<name>php81-composer</name>
	<range><lt>1.10.26</lt></range>
      </package>
      <package>
	<name>php74-composer2</name>
	<name>php80-composer2</name>
	<name>php81-composer2</name>
	<range><ge>2.0.0</ge><lt>2.2.12</lt></range>
	<range><ge>2.3.0</ge><lt>2.3.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Composer developers reports:</p>
	<blockquote cite="https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6">
	  <p>The Composer method VcsDriver::getFileContent() with
	  user-controlled $file or $identifier arguments is susceptible
	  to an argument injection vulnerability. It can be leveraged
	  to gain arbitrary command execution if the Mercurial or
	  the Git driver are used.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24828</cvename>
      <url>https://github.com/composer/composer/security/advisories/GHSA-x7cr-6qr6-2hh6</url>
    </references>
    <dates>
      <discovery>2022-04-13</discovery>
      <entry>2022-04-13</entry>
    </dates>
  </vuln>

  <vuln vid="3a1dc8c8-bb27-11ec-98d1-d43d7eed0ce2">
    <topic>Subversion -- Multiple vulnerabilities in server code</topic>
    <affects>
      <package>
	<name>subversion</name>
	<range><ge>1.10.0</ge><lt>1.10.8</lt></range>
	<range><ge>1.11.0</ge><lt>1.14.2</lt></range>
      </package>
      <package>
	<name>mod_dav_svn</name>
	<range><ge>1.10.0</ge><lt>1.10.8</lt></range>
	<range><ge>1.11.0</ge><lt>1.14.2</lt></range>
      </package>
      <package>
	<name>subversion-lts</name>
	<range><ge>1.10.0</ge><lt>1.10.8</lt></range>
      </package>
      <package>
	<name>mod_dav_svn-lts</name>
	<range><ge>1.10.0</ge><lt>1.10.8</lt></range>
      </package>
     </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Subversion project reports:</p>
	<blockquote cite="https://subversion.apache.org/security/CVE-2021-28544-advisory.txt">
	  <p>
	    Subversion servers reveal 'copyfrom' paths that should be hidden according
	    to configured path-based authorization (authz) rules.  When a node has been
	    copied from a protected location, users with access to the copy can see the
	    'copyfrom' path of the original.  This also reveals the fact that the node
	    was copied.  Only the 'copyfrom' path is revealed; not its contents. Both
	    httpd and svnserve servers are vulnerable.
	  </p>
	</blockquote>
	<blockquote cite="https://subversion.apache.org/security/CVE-2022-24070-advisory.txt">
	  <p>
	    While looking up path-based authorization rules, mod_dav_svn servers
	    may attempt to use memory which has already been freed.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-28544</cvename>
      <cvename>CVE-2022-24070</cvename>
      <url>https://subversion.apache.org/security/CVE-2021-28544-advisory.txt</url>
      <url>https://subversion.apache.org/security/CVE-2022-24070-advisory.txt</url>
    </references>
    <dates>
      <discovery>2022-04-12</discovery>
      <entry>2022-04-13</entry>
    </dates>
  </vuln>

  <vuln vid="06ed6a49-bad4-11ec-9cfe-0800270512f4">
    <topic>Ruby -- Buffer overrun in String-to-Float conversion</topic>
    <affects>
      <package>
	<name>ruby</name>
	<range><ge>2.7.0,1</ge><lt>2.7.6,1</lt></range>
	<range><ge>3.0.0,1</ge><lt>3.0.4,1</lt></range>
	<range><ge>3.1.0,1</ge><lt>3.1.2,1</lt></range>
	<range><ge>3.2.0.p1,1</ge><lt>3.2.0.p1_1,1</lt></range>
      </package>
      <package>
	<name>ruby27</name>
	<range><ge>2.7.0,1</ge><lt>2.7.6,1</lt></range>
      </package>
      <package>
	<name>ruby30</name>
	<range><ge>3.0.0,1</ge><lt>3.0.4,1</lt></range>
      </package>
      <package>
	<name>ruby31</name>
	<range><ge>3.1.0,1</ge><lt>3.1.2,1</lt></range>
      </package>
      <package>
	<name>ruby32</name>
	<range><ge>3.2.0.p1,1</ge><lt>3.2.0.p1_1,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>piao reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/">
	  <p>
	    Due to a bug in an internal function that converts a String
	    to a Float, some convertion methods like <code>Kernel#Float</code>
	    and <code>String#to_f</code> could cause buffer over-read.
	    A typical consequence is a process termination due to
	    segmentation fault, but in a limited circumstances, it may
	    be exploitable for illegal memory read.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-28739</cvename>
      <url>https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/</url>
    </references>
    <dates>
      <discovery>2022-04-12</discovery>
      <entry>2022-04-13</entry>
    </dates>
  </vuln>

  <vuln vid="f22144d7-bad1-11ec-9cfe-0800270512f4">
    <topic>Ruby -- Double free in Regexp compilation</topic>
    <affects>
      <package>
	<name>ruby</name>
	<range><ge>3.0.0,1</ge><lt>3.0.4,1</lt></range>
	<range><ge>3.1.0,1</ge><lt>3.1.2,1</lt></range>
	<range><ge>3.2.0.p1,1</ge><lt>3.2.0.p1_1,1</lt></range>
      </package>
      <package>
	<name>ruby30</name>
	<range><ge>3.0.0,1</ge><lt>3.0.4,1</lt></range>
      </package>
      <package>
	<name>ruby31</name>
	<range><ge>3.1.0,1</ge><lt>3.1.2,1</lt></range>
      </package>
      <package>
	<name>ruby32</name>
	<range><ge>3.2.0.p1,1</ge><lt>3.2.0.p1_1,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>piao reports:</p>
	<blockquote cite="https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/">
	  <p>
	    Due to a bug in the Regexp compilation process, creating
	    a Regexp object with a crafted source string could cause
	    the same memory to be freed twice. This is known as a
	    &quot;double free&quot; vulnerability. Note that, in general, it
	    is considered unsafe to create and use a Regexp object
	    generated from untrusted input. In this case, however,
	    following a comprehensive assessment, we treat this issue
	    as a vulnerability.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-28738</cvename>
      <url>https://www.ruby-lang.org/en/news/2022/04/12/double-free-in-regexp-compilation-cve-2022-28738/</url>
    </references>
    <dates>
      <discovery>2022-04-12</discovery>
      <entry>2022-04-13</entry>
    </dates>
  </vuln>

  <vuln vid="6eb9cf14-bab0-11ec-8f59-4437e6ad11c4">
    <topic>mutt -- mutt_decode_uuencoded() can read past the of the input line</topic>
    <affects>
      <package>
	<name>mutt</name>
	<range><lt>2.2.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Tavis Ormandy reports:</p>
	<blockquote cite="https://gitlab.com/muttmua/mutt/-/issues/404">
	  <p>mutt_decode_uuencoded(), the line length is read from the untrusted uuencoded part without validation. This could result in including private memory in message parts, for example fragments of other messages, passphrases or keys in replys</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1328</cvename>
      <url>https://gitlab.com/muttmua/mutt/-/issues/404</url>
    </references>
    <dates>
      <discovery>2022-04-04</discovery>
      <entry>2022-04-12</entry>
    </dates>
  </vuln>

  <vuln vid="b582a85a-ba4a-11ec-8d1e-3065ec8fd3ec">
    <topic>Chromium -- mulitple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>100.0.4896.88</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html">
	  <p>This release contains 11 security fixes, including:</p>
	  <ul>
	    <li>[1285234] High CVE-2022-1305: Use after free in storage. Reported by Anonymous on 2022-01-07</li>
	    <li>[1299287] High CVE-2022-1306: Inappropriate implementation in compositing. Reported by Sven Dysthe on 2022-02-21</li>
	    <li>[1301873] High CVE-2022-1307: Inappropriate implementation in full screen. Reported by Irvan Kurniawan (sourc7) on 2022-03-01</li>
	    <li>[1283050] High CVE-2022-1308: Use after free in BFCache. Reported by Samet Bekmezci (@sametbekmezci) on 2021-12-28</li>
	    <li>[1106456] High CVE-2022-1309: Insufficient policy enforcement in developer tools. Reported by David Erceg on 2020-07-17</li>
	    <li>[1307610] High CVE-2022-1310: Use after free in regular expressions. Reported by Brendon Tiszka on 2022-03-18</li>
	    <li>[1310717] High CVE-2022-1311: Use after free in Chrome OS shell. Reported by Nan Wang (@eternalsakura13) and Guang Gong of 360 Alpha Lab on 2022-03-28</li>
	    <li>[1311701] High CVE-2022-1312: Use after free in storage. Reported by Leecraso and Guang Gong of 360 Vulnerability Research Institute on 2022-03-30</li>
	    <li>[1270539] Medium CVE-2022-1313: Use after free in tab groups. Reported by Thomas Orlita on 2021-11-16</li>
	    <li>[1304658] Medium CVE-2022-1314: Type Confusion in V8. Reported by Bohan Liu (@P4nda20371774) of Tencent Security Xuanwu Lab on 2022-03-09</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1305</cvename>
      <cvename>CVE-2022-1306</cvename>
      <cvename>CVE-2022-1307</cvename>
      <cvename>CVE-2022-1308</cvename>
      <cvename>CVE-2022-1309</cvename>
      <cvename>CVE-2022-1310</cvename>
      <cvename>CVE-2022-1311</cvename>
      <cvename>CVE-2022-1312</cvename>
      <cvename>CVE-2022-1313</cvename>
      <cvename>CVE-2022-1314</cvename>
      <url>https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_11.html</url>
    </references>
    <dates>
      <discovery>2022-04-11</discovery>
      <entry>2022-04-12</entry>
    </dates>
  </vuln>

  <vuln vid="0db46f84-b9fa-11ec-89df-080027240888">
    <topic>Django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py37-django22</name>
	<name>py38-django22</name>
	<name>py39-django22</name>
	<name>py310-django22</name>
	<range><lt>2.2.28</lt></range>
      </package>
      <package>
	<name>py37-django32</name>
	<name>py38-django32</name>
	<name>py39-django32</name>
	<name>py310-django32</name>
	<range><lt>3.2.13</lt></range>
      </package>
      <package>
	<name>py38-django40</name>
	<name>py39-django40</name>
	<name>py310-django40</name>
	<range><lt>4.0.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Django Release  reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2022/apr/11/security-releases/">
	  <p>CVE-2022-28346: Potential SQL injection in QuerySet.annotate(), aggregate(), and extra().</p>
	  <p>CVE-2022-28347: Potential SQL injection via QuerySet.explain(**options) on PostgreSQL.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-28346</cvename>
      <cvename>CVE-2022-28347</cvename>
      <url>https://www.djangoproject.com/weblog/2022/apr/11/security-releases/</url>
    </references>
    <dates>
      <discovery>2022-04-02</discovery>
      <entry>2022-04-12</entry>
    </dates>
  </vuln>

  <vuln vid="38f2e3a0-b61e-11ec-9ebc-1c697aa5a594">
    <topic>FreeBSD -- zlib compression out-of-bounds write</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.0</ge><lt>13.0_11</lt></range>
	<range><ge>12.3</ge><lt>12.3_5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Certain inputs can cause zlib's compression routine to overwrite an
	internal buffer with compressed data.  This issue may require the use
	of uncommon or non-default compression parameters.</p>
	<h1>Impact:</h1>
	<p>The out-of-bounds write may result in memory corruption and an
	application crash or kernel panic.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2018-25032</cvename>
      <freebsdsa>SA-22:08.zlib</freebsdsa>
    </references>
    <dates>
      <discovery>2022-04-06</discovery>
      <entry>2022-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="d4cc994f-b61d-11ec-9ebc-1c697aa5a594">
    <topic>FreeBSD -- 802.11 heap buffer overflow</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.0</ge><lt>13.0_11</lt></range>
	<range><ge>12.3</ge><lt>12.3_5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>The 802.11 beacon handling routine failed to validate the length of
	an IEEE 802.11s Mesh ID before copying it to a heap-allocated
	buffer.</p>
	<h1>Impact:</h1>
	<p>While a FreeBSD Wi-Fi client is in scanning mode (i.e., not
	associated with a SSID) a malicious beacon frame may overwrite kernel
	memory, leading to remote code execution.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23088</cvename>
      <freebsdsa>SA-22:07.wifi_meshid</freebsdsa>
    </references>
    <dates>
      <discovery>2022-04-06</discovery>
      <entry>2022-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="703c4761-b61d-11ec-9ebc-1c697aa5a594">
    <topic>FreeBSD -- mpr/mps/mpt driver ioctl heap out-of-bounds write</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.0</ge><lt>13.0_11</lt></range>
	<range><ge>12.3</ge><lt>12.3_5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Handlers for *_CFG_PAGE read / write ioctls in the mpr, mps, and
	mpt drivers allocated a buffer of a caller-specified size, but
	copied to it a fixed size header.  Other heap content would be
	overwritten if the specified size was too small.</p>
	<h1>Impact:</h1>
	<p>Users with access to the mpr, mps or mpt device node may overwrite
	heap data, potentially resulting in privilege escalation.  Note that
	the device node is only accessible to root and members of the operator
	group.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23086</cvename>
      <freebsdsa>SA-22:06.ioctl</freebsdsa>
    </references>
    <dates>
      <discovery>2022-04-06</discovery>
      <entry>2022-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="ba796b98-b61c-11ec-9ebc-1c697aa5a594">
    <topic>FreeBSD -- Bhyve e82545 device emulation out-of-bounds write</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.0</ge><lt>13.0_11</lt></range>
	<range><ge>12.3</ge><lt>12.3_5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>The e1000 network adapters permit a variety of modifications to an
	Ethernet packet when it is being transmitted.  These include the
	insertion of IP and TCP checksums, insertion of an Ethernet VLAN
	header, and TCP segmentation offload ("TSO").  The e1000 device model
	uses an on-stack buffer to generate the modified packet header when
	simulating these modifications on transmitted packets.</p>
	<p>When checksum offload is requested for a transmitted packet, the
	e1000 device model used a guest-provided value to specify the checksum
	offset in the on-stack buffer.  The offset was not validated for
	certain packet types.</p>
	<h1>Impact:</h1>
	<p>A misbehaving bhyve guest could overwrite memory in the bhyve
	process on the host, possibly leading to code execution in the host
	context.</p>
	<p>The bhyve process runs in a Capsicum sandbox, which (depending on
	the FreeBSD version and bhyve configuration) limits the impact of
	exploiting this issue.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23087</cvename>
      <freebsdsa>SA-22:05.bhyve</freebsdsa>
    </references>
    <dates>
      <discovery>2022-04-06</discovery>
      <entry>2022-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="27d39055-b61b-11ec-9ebc-1c697aa5a594">
    <topic>FreeBSD -- Potential jail escape vulnerabilities in netmap</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.0</ge><lt>13.0_11</lt></range>
	<range><ge>12.3</ge><lt>12.3_5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>The total size of the user-provided nmreq to nmreq_copyin() was
	first computed and then trusted during the copyin.  This
	time-of-check to time-of-use bug could lead to kernel memory
	corruption.  [CVE-2022-23084]</p>
	<p>A user-provided integer option was passed to nmreq_copyin() without
	checking if it would overflow.  This insufficient bounds checking
	could lead to kernel memory corruption.  [CVE-2022-23085]</p>
	<h1>Impact:</h1>
	<p>On systems configured to include netmap in their devfs_ruleset, a
	privileged process running in a jail can affect the host
	environment.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23084</cvename>
      <cvename>CVE-2022-23085</cvename>
      <freebsdsa>SA-22:04.netmap</freebsdsa>
    </references>
    <dates>
      <discovery>2022-04-06</discovery>
      <entry>2022-04-07</entry>
    </dates>
  </vuln>

  <vuln vid="fe15f30a-b4c9-11ec-94a3-3065ec8fd3ec">
    <topic>chromium -- Type confusion in V8</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>100.0.4896.75</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html">
	  <p>This release includes one security fix:</p>
	  <ul>
	    <li>[1311641] High CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1232</cvename>
      <url>https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2022-04-04</discovery>
      <entry>2022-04-05</entry>
    </dates>
  </vuln>

  <vuln vid="8657eedd-b423-11ec-9559-001b217b3468">
    <topic>Gitlab -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>14.9.0</ge><lt>14.9.2</lt></range>
	<range><ge>14.8.0</ge><lt>14.8.5</lt></range>
	<range><ge>0</ge><lt>14.7.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/">
	  <p>Static passwords inadvertently set during OmniAuth-based registration</p>
	  <p>Stored XSS in notes</p>
	  <p>Stored XSS on Multi-word milestone reference</p>
	  <p>Denial of service caused by a specially crafted RDoc file</p>
	  <p>GitLab Pages access tokens can be reused on multiple domains</p>
	  <p>GitLab Pages uses default (disabled) server Timeouts and a weak TCP Keep-Alive timeout</p>
	  <p>Incorrect include in pipeline definition exposes masked CI variables in UI</p>
	  <p>Regular expression denial of service in release asset link</p>
	  <p>Latest Commit details from private projects leaked to guest users via Merge Requests</p>
	  <p>CI/CD analytics are available even when public pipelines are disabled</p>
	  <p>Absence of limit for the number of tags that can be added to a runner can cause performance issues</p>
	  <p>Client DoS through rendering crafted comments</p>
	  <p>Blind SSRF Through Repository Mirroring</p>
	  <p>Bypass of branch restriction in Asana integration</p>
	  <p>Readable approval rules by Guest user</p>
	  <p>Redact InvalidURIError error messages</p>
	  <p>Project import maps members' created_by_id users based on source user ID</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1162</cvename>
      <cvename>CVE-2022-1175</cvename>
      <cvename>CVE-2022-1190</cvename>
      <cvename>CVE-2022-1185</cvename>
      <cvename>CVE-2022-1148</cvename>
      <cvename>CVE-2022-1121</cvename>
      <cvename>CVE-2022-1120</cvename>
      <cvename>CVE-2022-1100</cvename>
      <cvename>CVE-2022-1193</cvename>
      <cvename>CVE-2022-1105</cvename>
      <cvename>CVE-2022-1099</cvename>
      <cvename>CVE-2022-1174</cvename>
      <cvename>CVE-2022-1188</cvename>
      <cvename>CVE-2022-0740</cvename>
      <cvename>CVE-2022-1189</cvename>
      <cvename>CVE-2022-1157</cvename>
      <cvename>CVE-2022-1111</cvename>
      <url>https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/</url>
    </references>
    <dates>
      <discovery>2022-03-31</discovery>
      <entry>2022-04-04</entry>
    </dates>
  </vuln>

  <vuln vid="79ea6066-b40e-11ec-8b93-080027b24e86">
    <topic>mediawiki -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mediawiki135</name>
	<range><lt>1.35.6</lt></range>
      </package>
      <package>
	<name>mediawiki136</name>
	<range><lt>1.36.4</lt></range>
      </package>
      <package>
	<name>mediawiki137</name>
	<range><lt>1.37.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Mediawiki reports:</p>
	<blockquote cite="https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/">
	  <p>(T297543, CVE-2022-28202) Messages widthheight/widthheightpage/nbytes not
	    escaped when used in galleries or Special:RevisionDelete.</p>
	  <p>(T297571, CVE-2022-28201) Title::newMainPage() goes into an infinite
	    recursion loop if it points to a local interwiki.</p>
	  <p>(T297731, CVE-2022-28203) Requesting Special:NewFiles on a wiki with many
	    file uploads with actor as a condition can result in a DoS.</p>
	  <p>(T297754, CVE-2022-28204) Special:WhatLinksHere can result in a DoS when
	    a page is used on a extremely large number of other pages.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-28201</cvename>
      <cvename>CVE-2022-28202</cvename>
      <cvename>CVE-2022-28203</cvename>
      <cvename>CVE-2022-28204</cvename>
      <url>https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/YJNXKPV5Z56NSUQ4G3SXPDUIZG5EQ7UR/</url>
    </references>
    <dates>
      <discovery>2021-12-12</discovery>
      <entry>2022-04-04</entry>
    </dates>
  </vuln>

  <vuln vid="3f321a5a-b33b-11ec-80c2-1bb2c6a00592">
    <topic>dnsmasq -- heap use-after-free in dhcp6_no_relay</topic>
    <affects>
      <package>
	<name>dnsmasq</name>
	<range><lt>2.86_4,1</lt></range>
      </package>
      <package>
	<name>dnsmasq-devel</name>
	<range><lt>2.86_4,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Petr Menšík reports:</p>
	<blockquote cite="https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html">
	  <p>Possible vulnerability [...] found in latest dnsmasq. It [was] found
	    with help of oss-fuzz Google project by me and short after that
	    independently also by Richard Johnson of Trellix Threat Labs.</p>
	  <p>It is affected only by DHCPv6 requests, which could be crafted to
	    modify already freed memory. [...] We think it might be triggered
	    remotely, but we do not think it could be used to execute remote
	    code.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0934</cvename>
      <url>https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html</url>
    </references>
    <dates>
      <discovery>2022-03-31</discovery>
      <entry>2022-04-03</entry>
    </dates>
  </vuln>

  <vuln vid="83466f76-aefe-11ec-b4b6-d05099c0c059">
    <topic>gitea -- Open Redirect on login</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.16.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Andrew Thornton reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1058">
	  <p>
	    When a location containing backslashes is presented, the existing
	    protections against open redirect are bypassed, because browsers
	    will convert adjacent forward and backslashes within the location
	    to double forward slashes.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1058</cvename>
      <url>https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d/</url>
    </references>
    <dates>
      <discovery>2022-03-23</discovery>
      <entry>2022-03-29</entry>
    </dates>
  </vuln>

  <vuln vid="0ff80f41-aefe-11ec-b4b6-d05099c0c059">
    <topic>gitea -- Improper/incorrect authorization</topic>
    <affects>
      <package>
	<name>gitea</name>
	<range><lt>1.16.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Youssef Rebahi-Gilbert reports:</p>
	<blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0905">
	  <p>
	    When Gitea is built and configured for PAM authentication
	    it skips checking authorization completely. Therefore expired
	    accounts and accounts with expired passwords can still login.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0905</cvename>
      <url>https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb</url>
    </references>
    <dates>
      <discovery>2022-03-06</discovery>
      <entry>2022-03-29</entry>
    </dates>
  </vuln>

  <vuln vid="ab2d7f62-af9d-11ec-a0b8-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>100.0.4896.60</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html">
	  <p>This release contains 28 security fixes, including:</p>
	  <ul>
	    <li>[1292261] High CVE-2022-1125: Use after free in Portals.
	      Reported by Khalil Zhani on 2022-01-29</li>
	    <li>[1291891] High CVE-2022-1127: Use after free in QR Code
	      Generator. Reported by anonymous on 2022-01-28</li>
	    <li>[1301920] High CVE-2022-1128: Inappropriate implementation in
	      Web Share API. Reported by Abdel Adim (@smaury92) Oisfi of
	      Shielder on 2022-03-01</li>
	    <li>[1300253] High CVE-2022-1129: Inappropriate implementation in
	      Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on
	      2022-02-24</li>
	    <li>[1142269] High CVE-2022-1130: Insufficient validation of
	      untrusted input in WebOTP. Reported by Sergey Toshin of
	      Oversecurity Inc. on 2020-10-25</li>
	    <li>[1297404] High CVE-2022-1131: Use after free in Cast UI.
	      Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
	      Research on 2022-02-15</li>
	    <li>[1303410] High CVE-2022-1132: Inappropriate implementation in
	      Virtual Keyboard. Reported by Andr.Ess on 2022-03-07</li>
	    <li>[1305776] High CVE-2022-1133: Use after free in WebRTC.
	      Reported by Anonymous on 2022-03-13</li>
	    <li>[1308360] High CVE-2022-1134: Type Confusion in V8. Reported by
	      Man Yue Mo of GitHub Security Lab on 2022-03-21</li>
	    <li>[1285601] Medium CVE-2022-1135: Use after free in Shopping Cart.
	      Reported by Wei Yuan of MoyunSec VLab on 2022-01-09</li>
	    <li>[1280205] Medium CVE-2022-1136: Use after free in Tab Strip.
	      Reported by Krace on 2021-12-15</li>
	    <li>[1289846] Medium CVE-2022-1137: Inappropriate implementation in
	      Extensions. Reported by Thomas Orlita on 2022-01-22</li>
	    <li>[1246188] Medium CVE-2022-1138: Inappropriate implementation in
	      Web Cursor. Reported by Alesandro Ortiz on 2021-09-03</li>
	    <li>[1268541] Medium CVE-2022-1139: Inappropriate implementation in
	      Background Fetch API. Reported by Maurice Dauer on 2021-11-10</li>
	    <li>[1303253] Medium CVE-2022-1141: Use after free in File Manager.
	      Reported by raven at KunLun lab on 2022-03-05</li>
	    <li>[1303613] Medium CVE-2022-1142: Heap buffer overflow in WebUI.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2022-03-07</li>
	    <li>[1303615] Medium CVE-2022-1143: Heap buffer overflow in WebUI.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2022-03-07</li>
	    <li>[1304145] Medium CVE-2022-1144: Use after free in WebUI.
	      Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2022-03-08</li>
	    <li>[1304545] Medium CVE-2022-1145: Use after free in Extensions.
	      Reported by Yakun Zhang of Baidu Security on 2022-03-09</li>
	    <li>[1290150] Low CVE-2022-1146: Inappropriate implementation in
	      Resource Timing. Reported by Sohom Datta on 2022-01-23</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1125</cvename>
      <cvename>CVE-2022-1127</cvename>
      <cvename>CVE-2022-1128</cvename>
      <cvename>CVE-2022-1129</cvename>
      <cvename>CVE-2022-1130</cvename>
      <cvename>CVE-2022-1131</cvename>
      <cvename>CVE-2022-1132</cvename>
      <cvename>CVE-2022-1133</cvename>
      <cvename>CVE-2022-1134</cvename>
      <cvename>CVE-2022-1135</cvename>
      <cvename>CVE-2022-1136</cvename>
      <cvename>CVE-2022-1137</cvename>
      <cvename>CVE-2022-1138</cvename>
      <cvename>CVE-2022-1139</cvename>
      <cvename>CVE-2022-1141</cvename>
      <cvename>CVE-2022-1142</cvename>
      <cvename>CVE-2022-1143</cvename>
      <cvename>CVE-2022-1144</cvename>
      <cvename>CVE-2022-1145</cvename>
      <cvename>CVE-2022-1146</cvename>
      <url>https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_29.html</url>
    </references>
    <dates>
      <discovery>2022-03-29</discovery>
      <entry>2022-03-29</entry>
    </dates>
  </vuln>

  <vuln vid="cb84b940-add5-11ec-9bc8-6805ca2fa271">
    <topic>powerdns-recursor -- denial of service</topic>
    <affects>
      <package>
	<name>powerdns-recursor</name>
	<range><eq>4.6.0</eq></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PowerDNS Team reports:</p>
	<blockquote cite="https://www.powerdns.com/news.html#20220325">
	  <p>PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-27227</cvename>
      <url>https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html</url>
    </references>
    <dates>
      <discovery>2022-03-25</discovery>
      <entry>2022-03-27</entry>
    </dates>
  </vuln>

  <vuln vid="2cda5c88-add4-11ec-9bc8-6805ca2fa271">
    <topic>powerdns -- denial of service</topic>
    <affects>
      <package>
	<name>powerdns</name>
	<range><eq>4.6.0</eq></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>PowerDNS Team reports:</p>
	<blockquote cite="https://www.powerdns.com/news.html#20220325">
	  <p>PowerDNS Security Advisory 2022-01: incomplete validation of incoming IXFR transfer in Authoritative Server and Recursor.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-27227</cvename>
      <url>https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2022-01.html</url>
    </references>
    <dates>
      <discovery>2022-03-25</discovery>
      <entry>2022-03-27</entry>
    </dates>
  </vuln>

  <vuln vid="323f900d-ac6d-11ec-a0b8-3065ec8fd3ec">
    <topic>chromium -- V8 type confusion</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>99.0.4844.84</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html">
	  <p>This release contains 1 security fix:</p>
	  <ul>
	    <li>[1309225] High CVE-2022-1096: Type Confusion in V8. Reported by
	      anonymous on 2022-03-23</li>
	  </ul>
	  <p>Google is aware that an exploit for CVE-2022-1096 exists in the wild.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-1096</cvename>
      <url>https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html</url>
    </references>
    <dates>
      <discovery>2022-03-25</discovery>
      <entry>2022-03-25</entry>
    </dates>
  </vuln>

  <vuln vid="955f377e-7bc3-11ec-a51c-7533f219d428">
    <topic>Security Vulnerability found in ExifTool</topic>
    <affects>
      <package>
	<name>p5-Image-ExifTool</name>
	<range><ge>7.44</ge><lt>12.24</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Debian Security Advisory reports:</p>
	<blockquote cite="https://www.debian.org/security/2021/dsa-4910">
	  <p>A vulnerability was discovered in libimage-exiftool-perl, a library and program to read and write meta information in multimedia files, which may result in execution of arbitrary code if a malformed DjVu file is processed.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-22204</cvename>
      <url>https://www.cvedetails.com/cve/CVE-2021-22204/</url>
    </references>
    <dates>
      <discovery>2021-01-04</discovery>
      <entry>2022-03-25</entry>
    </dates>
  </vuln>

  <vuln vid="61f416ff-aa00-11ec-b439-000d3a450398">
    <topic>tcpslice -- heap-based use-after-free in extract_slice()</topic>
    <affects>
      <package>
	<name>tcpslice</name>
	<range><lt>1.5,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Tcpdump Group reports:</p>
	<blockquote cite="https://github.com/the-tcpdump-group/tcpslice/commit/030859fce9c77417de657b9bb29c0f78c2d68f4a">
	  <p>heap-based use-after-free in extract_slice()</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41043</cvename>
      <url>https://github.com/the-tcpdump-group/tcpslice/issues/11</url>
    </references>
    <dates>
      <discovery>2021-09-13</discovery>
      <entry>2022-03-22</entry>
    </dates>
  </vuln>

  <vuln vid="e2af876f-a7c8-11ec-9a2a-002324b2fba8">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.17.8,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/51112">
	  <p>regexp: stack exhaustion compiling deeply nested expressions</p>
	  <p>On 64-bit platforms, an extremely deeply nested expression can
	    cause regexp.Compile to cause goroutine stack exhaustion, forcing
	    the program to exit. Note this applies to very large expressions, on
	    the order of 2MB.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24921</cvename>
      <url>https://github.com/golang/go/issues/51112</url>
    </references>
    <dates>
      <discovery>2022-02-09</discovery>
      <entry>2022-03-19</entry>
    </dates>
  </vuln>

  <vuln vid="45a72180-a640-11ec-a08b-85298243e224">
    <topic>openvpn -- Potential authentication by-pass with multiple deferred authentication plug-ins</topic>
    <affects>
      <package>
	<name>openvpn</name>
	<range><lt>2.5.6</lt></range>
      </package>
      <package>
	<name>openvpn-mbedtls</name>
	<range><lt>2.5.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>David Sommerseth reports:</p>
	<blockquote cite="https://community.openvpn.net/openvpn/wiki/CVE-2022-0547">
	  <p>OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication plug-ins when more than one of them makes use of deferred authentication replies, which allows an external user to be granted access with only partially correct credentials.  This issue is resolved in OpenVPN 2.4.12 and v2.5.6.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0547</cvename>
      <url>https://community.openvpn.net/openvpn/wiki/CVE-2022-0547</url>
      <url>https://github.com/OpenVPN/openvpn/blob/release/2.5/Changes.rst#overview-of-changes-in-256</url>
    </references>
    <dates>
      <discovery>2022-03-10</discovery>
      <entry>2022-03-17</entry>
    </dates>
  </vuln>

  <vuln vid="5df757ef-a564-11ec-85fa-a0369f7f7be0">
    <topic>wordpress -- multiple issues</topic>
    <affects>
      <package>
	<name>wordpress</name>
	<name>fr-wordpress</name>
	<range><lt>5.9.2,1</lt></range>
      </package>
      <package>
	<name>de-wordpress</name>
	<name>zh_CN-wordpress</name>
	<name>th_TW-wordpress</name>
	<name>ja-wordpress</name>
	<name>ru-wordpress</name>
	<range><lt>5.9.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>wordpress developers reports:</p>
	<blockquote cite="https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/">
	  <p>This security and maintenance release features 1 bug fix in addition to 3 security fixes.
	    Because this is a security release, it is recommended that you update your sites immediately.
	    All versions since WordPress 3.7 have also been updated.
	    The security team would like to thank the following people for responsively reporting
	    vulnerabilities, allowing them to be fixed in this release:
	    -Melar Dev, for finding a Prototype Pollution Vulnerability in a jQuery dependency
	    -Ben Bidner of the WordPress security team, for finding a Stored Cross Site Scripting Vulnerability
	    -Researchers from Johns Hopkins University, for finding a Prototype Pollution Vulnerability in the block editor</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/</url>
    </references>
    <dates>
      <discovery>2022-03-11</discovery>
      <entry>2022-03-16</entry>
    </dates>
  </vuln>

  <vuln vid="3ba1ca94-a563-11ec-8be6-d4c9ef517024">
    <topic>Weechat -- Possible man-in-the-middle attack in TLS connection to servers</topic>
    <affects>
      <package>
	<name>weechat</name>
	<range><lt>3.4.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Weechat project reports:</p>
	<blockquote cite="https://weechat.org/doc/security/WSA-2022-1/">
	  <p>After changing the options weechat.network.gnutls_ca_system or
	    weechat.network.gnutls_ca_user, the TLS verification function is lost.
	    Consequently, any connection to a server with TLS is made without
	    verifying the certificate, which could lead to a man-in-the-middle
	    attack. Connection to IRC servers with TLS is affected, as well as any
	    connection a server made by a plugin or a script using the function
	    hook_connect.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://weechat.org/doc/security/WSA-2022-1/</url>
    </references>
    <dates>
      <discovery>2022-03-13</discovery>
      <entry>2022-03-16</entry>
    </dates>
  </vuln>

  <vuln vid="ea05c456-a4fd-11ec-90de-1c697aa5a594">
    <topic>OpenSSL -- Infinite loop in BN_mod_sqrt parsing certificates</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1n,1</lt></range>
      </package>
      <package>
	<name>openssl-devel</name>
	<range><lt>3.0.2</lt></range>
      </package>
      <package>
	<name>openssl-quictls</name>
	<range><lt>3.0.2</lt></range>
      </package>
      <package>
	<name>libressl</name>
	<range><lt>3.4.3</lt></range>
      </package>
      <package>
	<name>libressl-devel</name>
	<range><lt>3.5.1</lt></range>
      </package>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.0</ge><lt>13.0_8</lt></range>
	<range><ge>12.3</ge><lt>12.3_3</lt></range>
	<range><ge>12.2</ge><lt>12.2_14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20220315.txt">
	<p>Infinite loop in BN_mod_sqrt() reachable when parsing certificates
	  (High)</p>
	<p>The BN_mod_sqrt() function, which computes a modular square root,
	  contains a bug that can cause it to loop forever for non-prime
	  moduli.</p>
	<p>Internally this function is used when parsing certificates that
	  contain elliptic curve public keys in compressed form or explicit
	  elliptic curve parameters with a base point encoded in compressed
	  form.</p>
	<p>It is possible to trigger the infinite loop by crafting a
	  certificate that has invalid explicit curve parameters.</p>
	<p>Since certificate parsing happens prior to verification of the
	  certificate signature, any process that parses an externally
	  supplied certificate may thus be subject to a denial of service
	  attack. The infinite loop can also be reached when parsing crafted
	  private keys as they can contain explicit elliptic curve
	  parameters.</p>
	<p>Thus vulnerable situations include:</p>
	<ul>
	  <li>TLS clients consuming server certificates</li>
	  <li>TLS servers consuming client certificates</li>
	  <li>Hosting providers taking certificates or private keys from
	    customers</li>
	  <li>Certificate authorities parsing certification requests from
	    subscribers</li>
	  <li>Anything else which parses ASN.1 elliptic curve parameters</li>
	</ul>
	<p>Also any other applications that use the BN_mod_sqrt() where the
	  attacker can control the parameter values are vulnerable to this DoS
	  issue.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0778</cvename>
      <url>https://www.openssl.org/news/secadv/20220315.txt</url>
      <freebsdsa>SA-22:03.openssl</freebsdsa>
    </references>
    <dates>
      <discovery>2022-03-15</discovery>
      <entry>2022-03-16</entry>
      <modified>2022-03-16</modified>
    </dates>
  </vuln>

  <vuln vid="8d20bd48-a4f3-11ec-90de-1c697aa5a594">
    <topic>FreeBSD-kernel -- Multiple WiFi issues</topic>
    <affects>
      <package>
	<name>FreeBSD-kernel</name>
	<range><ge>13.0</ge><lt>13.0_8</lt></range>
	<range><ge>12.3</ge><lt>12.3_3</lt></range>
	<range><ge>12.2</ge><lt>12.2_14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>The paper "Fragment and Forge: Breaking Wi-Fi Through Frame
	Aggregation and Fragmentation" reported a number of security
	vulnerabilities in the 802.11 specification related to frame
	aggregation and fragmentation.</p>
	<p>Additionally, FreeBSD 12.x missed length validation of SSIDs and
	Information Elements (IEs).</p>
	<h1>Impact:</h1>
	<p>As reported on the FragAttacks website, the "design flaws are hard
	to abuse because doing so requires user interaction or is only
	possible when using uncommon network settings."  Under suitable
	conditions an attacker may be able to extract sensitive data or inject
	data.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-26147</cvename>
      <cvename>CVE-2020-24588</cvename>
      <cvename>CVE-2020-26144</cvename>
      <freebsdsa>SA-22:02.wifi</freebsdsa>
    </references>
    <dates>
      <discovery>2022-03-15</discovery>
      <entry>2022-03-16</entry>
    </dates>
  </vuln>

  <vuln vid="857be71a-a4b0-11ec-95fc-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>98.0.4844.74</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html">
	  <p>This release contains 11 security fixes, including:</p>
	  <ul>
	    <li>[1299422] Critical CVE-2022-0971: Use after free in Blink
	      Layout. Reported by Sergei Glazunov of Google Project Zero on
	      2022-02-21</li>
	    <li>[1301320] High CVE-2022-0972: Use after free in Extensions.
	      Reported by Sergei Glazunov of Google Project Zero on
	      2022-02-28</li>
	    <li>[1297498] High CVE-2022-0973: Use after free in Safe Browsing.
	      Reported by avaue and Buff3tts at S.S.L. on 2022-02-15</li>
	    <li>[1291986] High CVE-2022-0974: Use after free in Splitscreen.
	      Reported by @ginggilBesel on 2022-01-28</li>
	    <li>[1295411] High CVE-2022-0975: Use after free in ANGLE. Reported
	      by SeongHwan Park (SeHwa) on 2022-02-09</li>
	    <li>[1296866] High CVE-2022-0976: Heap buffer overflow in GPU.
	      Reported by Omair on 2022-02-13</li>
	    <li>[1299225] High CVE-2022-0977: Use after free in Browser UI.
	      Reported by Khalil Zhani on 2022-02-20</li>
	    <li>[1299264] High CVE-2022-0978: Use after free in ANGLE. Reported
	      by Cassidy Kim of Amber Security Lab, OPPO Mobile
	      Telecommunications Corp. Ltd. on 2022-02-20</li>
	    <li>[1302644] High CVE-2022-0979: Use after free in Safe Browsing.
	      Reported by anonymous on 2022-03-03</li>
	    <li>[1302157] Medium CVE-2022-0980: Use after free in New Tab Page.
	      Reported by Krace on 2022-03-02</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0971</cvename>
      <cvename>CVE-2022-0972</cvename>
      <cvename>CVE-2022-0973</cvename>
      <cvename>CVE-2022-0974</cvename>
      <cvename>CVE-2022-0975</cvename>
      <cvename>CVE-2022-0976</cvename>
      <cvename>CVE-2022-0977</cvename>
      <cvename>CVE-2022-0978</cvename>
      <cvename>CVE-2022-0979</cvename>
      <cvename>CVE-2022-0980</cvename>
      <url>https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_15.html</url>
    </references>
    <dates>
      <discovery>2022-03-15</discovery>
      <entry>2022-03-15</entry>
    </dates>
  </vuln>

  <vuln vid="6601c08d-a46c-11ec-8be6-d4c9ef517024">
    <topic>Apache httpd -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>apache24</name>
	<range><lt>2.4.53</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Apache httpd project reports:</p>
	<blockquote cite="https://httpd.apache.org/security/vulnerabilities_24.html">
	  <ul>
	    <li><p>mod_lua: Use of uninitialized value of in r:parsebody (moderate)
	      (CVE-2022-22719)</p><p>A carefully crafted request body can cause a
	      read to a random memory area which could cause the process to crash.
	    </p></li>
	    <li><p>HTTP request smuggling vulnerability (important) (CVE-2022-22720)
	      </p><p>httpd fails to close inbound connection when errors are
	      encountered discarding the request body, exposing the server to HTTP
	      Request Smuggling</p></li>
	    <li><p>core: Possible buffer overflow with very large or unlimited
	      LimitXMLRequestBody (low) (CVE-2022-22721)</p><p>If LimitXMLRequestBody
	      is set to allow request bodies larger than 350MB (defaults to 1M) on 32
	      bit systems an integer overflow happens which later causes out of
	      bounds writes.</p></li>
	    <li><p>mod_sed: Read/write beyond bounds (important) (CVE-2022-23924)</p>
	      <p>Out-of-bounds Write vulnerability in mod_sed of Apache HTTP Server
		allows an attacker to overwrite heap memory with possibly attacker
		provided data.</p></li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-22719</cvename>
      <cvename>CVE-2022-22720</cvename>
      <cvename>CVE-2022-22721</cvename>
      <cvename>CVE-2022-23943</cvename>
      <url>https://httpd.apache.org/security/vulnerabilities_24.html</url>
    </references>
    <dates>
      <discovery>2022-03-14</discovery>
      <entry>2022-03-15</entry>
    </dates>
  </vuln>

  <vuln vid="5aaf534c-a069-11ec-acdc-14dae9d5a9d2">
    <topic>Teeworlds -- Buffer Overflow</topic>
    <affects>
      <package>
	<name>teeworlds</name>
	<range><lt>0.7.5_2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NVD reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2021-43518">
	  <p>Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-43518</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-43518</url>
    </references>
    <dates>
      <discovery>2021-10-23</discovery>
      <entry>2022-03-10</entry>
    </dates>
  </vuln>

  <vuln vid="2823048d-9f8f-11ec-8c9c-001b217b3468">
    <topic>Gitlab -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>14.8.0</ge><lt>14.8.2</lt></range>
	<range><ge>14.7.0</ge><lt>14.7.4</lt></range>
	<range><ge>0</ge><lt>14.6.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/">
	  <p>Runner registration token disclosure through Quick Actions</p>
	  <p>Unprivileged users can add other users to groups through an API endpoint</p>
	  <p>Inaccurate display of Snippet contents can be potentially misleading to users</p>
	  <p>Environment variables can be leaked via the sendmail delivery method</p>
	  <p>Unauthenticated user enumeration on GraphQL API</p>
	  <p>Adding a mirror with SSH credentials can leak password</p>
	  <p>Denial of Service via user comments</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0735</cvename>
      <cvename>CVE-2022-0549</cvename>
      <cvename>CVE-2022-0751</cvename>
      <cvename>CVE-2022-0741</cvename>
      <cvename>CVE-2021-4191</cvename>
      <cvename>CVE-2022-0738</cvename>
      <cvename>CVE-2022-0489</cvename>
      <url>https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/</url>
    </references>
    <dates>
      <discovery>2022-02-25</discovery>
      <entry>2022-03-09</entry>
    </dates>
  </vuln>

  <vuln vid="964c5460-9c66-11ec-ad3a-001999f8d30b">
    <topic>asterisk -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>asterisk16</name>
	<range><lt>16.24.1</lt></range>
      </package>
      <package>
	<name>asterisk18</name>
	<range><lt>18.10.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Asterisk project reports:</p>
	<blockquote cite="https://www.asterisk.org/downloads/security-advisories/">
	  <p>AST-2022-004 - The header length on incoming STUN
	  messages that contain an ERROR-CODE attribute is not
	  properly checked. This can result in an integer underflow.
	  Note, this requires ICE or WebRTC support to be in use
	  with a malicious remote party.</p>
	  <p>AST-2022-005 - When acting as a UAC, and when placing
	  an outgoing call to a target that then forks Asterisk may
	  experience undefined behavior (crashes, hangs, etc) after
	  a dialog set is prematurely freed.</p>
	  <p>AST-2022-006 - If an incoming SIP message contains a
	  malformed multi-part body an out of bounds read access
	  may occur, which can result in undefined behavior. Note,
	  its currently uncertain if there is any externally
	  exploitable vector within Asterisk for this issue, but
	  providing this as a security issue out of caution.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-37706</cvename>
      <cvename>CVE-2022-23608</cvename>
      <cvename>CVE-2022-21723</cvename>
      <url>https://downloads.asterisk.org/pub/security/AST-2022-004.html</url>
      <url>https://downloads.asterisk.org/pub/security/AST-2022-005.html</url>
      <url>https://downloads.asterisk.org/pub/security/AST-2022-006.html</url>
    </references>
    <dates>
      <discovery>2022-03-03</discovery>
      <entry>2022-03-05</entry>
    </dates>
  </vuln>

  <vuln vid="e0914087-9a09-11ec-9e61-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>99.0.4844.51</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html">
	  <p>This release contains 28 security fixes, including:</p>
	  <ul>
	    <li>[1289383] High CVE-2022-0789: Heap buffer overflow in ANGLE.
	      Reported by SeongHwan Park (SeHwa) on 2022-01-21</li>
	    <li>[1274077] High CVE-2022-0790: Use after free in Cast UI.
	      Reported by Anonymous on 2021-11-26</li>
	    <li>[1278322] High CVE-2022-0791: Use after free in Omnibox.
	      Reported by Zhihua Yao of KunLun Lab on 2021-12-09</li>
	    <li>[1285885] High CVE-2022-0792: Out of bounds read in ANGLE.
	      Reported by Jaehun Jeong (@n3sk) of Theori on 2022-01-11</li>
	    <li>[1291728] High CVE-2022-0793: Use after free in Views. Reported
	      by Thomas Orlita on 2022-01-28</li>
	    <li>[1294097] High CVE-2022-0794: Use after free in WebShare.
	      Reported by Khalil Zhani on 2022-02-04</li>
	    <li>[1282782] High CVE-2022-0795: Type Confusion in Blink Layout.
	      Reported by 0x74960 on 2021-12-27</li>
	    <li>[1295786] High CVE-2022-0796: Use after free in Media. Reported
	      by Cassidy Kim of Amber Security Lab, OPPO Mobile
	      Telecommunications Corp. Ltd. on 2022-02-10</li>
	    <li>[1281908] High CVE-2022-0797: Out of bounds memory access in
	      Mojo. Reported by Sergei Glazunov of Google Project Zero on
	      2021-12-21</li>
	    <li>[1283402] Medium CVE-2022-0798: Use after free in MediaStream.
	      Reported by Samet Bekmezci @sametbekmezci on 2021-12-30</li>
	    <li>[1279188] Medium CVE-2022-0799: Insufficient policy enforcement
	      in Installer. Reported by Abdelhamid Naceri (halov) on
	      2021-12-12</li>
	    <li>[1242962] Medium CVE-2022-0800: Heap buffer overflow in Cast UI.
	      Reported by Khalil Zhani on 2021-08-24</li>
	    <li>[1231037] Medium CVE-2022-0801: Inappropriate implementation in
	      HTML parser. Reported by Michal Bentkowski of Securitum on
	      2021-07-20</li>
	    <li>[1270052] Medium CVE-2022-0802: Inappropriate implementation in
	      Full screen mode. Reported by Irvan Kurniawan (sourc7) on
	      2021-11-14</li>
	    <li>[1280233] Medium CVE-2022-0803: Inappropriate implementation in
	      Permissions. Reported by Abdulla Aldoseri on 2021-12-15</li>
	    <li>[1264561] Medium CVE-2022-0804: Inappropriate implementation in
	      Full screen mode. Reported by Irvan Kurniawan (sourc7) on
	      2021-10-29</li>
	    <li>[1290700] Medium CVE-2022-0805: Use after free in Browser
	      Switcher. Reported by raven at KunLun Lab on 2022-01-25</li>
	    <li>[1283434] Medium CVE-2022-0806: Data leak in Canvas. Reported by
	      Paril on 2021-12-31</li>
	    <li>[1287364] Medium CVE-2022-0807: Inappropriate implementation in
	      Autofill. Reported by Alesandro Ortiz on 2022-01-14</li>
	    <li>[1292271] Medium CVE-2022-0808: Use after free in Chrome OS
	      Shell. Reported by @ginggilBesel on 2022-01-29</li>
	    <li>[1293428] Medium CVE-2022-0809: Out of bounds memory access in
	      WebXR. Reported by @uwu7586 on 2022-02-03</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0789</cvename>
      <cvename>CVE-2022-0790</cvename>
      <cvename>CVE-2022-0791</cvename>
      <cvename>CVE-2022-0792</cvename>
      <cvename>CVE-2022-0793</cvename>
      <cvename>CVE-2022-0794</cvename>
      <cvename>CVE-2022-0795</cvename>
      <cvename>CVE-2022-0796</cvename>
      <cvename>CVE-2022-0797</cvename>
      <cvename>CVE-2022-0798</cvename>
      <cvename>CVE-2022-0799</cvename>
      <cvename>CVE-2022-0800</cvename>
      <cvename>CVE-2022-0801</cvename>
      <cvename>CVE-2022-0802</cvename>
      <cvename>CVE-2022-0803</cvename>
      <cvename>CVE-2022-0804</cvename>
      <cvename>CVE-2022-0805</cvename>
      <cvename>CVE-2022-0806</cvename>
      <cvename>CVE-2022-0807</cvename>
      <cvename>CVE-2022-0808</cvename>
      <cvename>CVE-2022-0809</cvename>
      <url>https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2022-03-01</discovery>
      <entry>2022-03-02</entry>
    </dates>
  </vuln>

  <vuln vid="a80c6273-988c-11ec-83ac-080027415d17">
    <topic>cyrus-sasl -- Fix off by one error</topic>
    <affects>
      <package>
	<name>cyrus-sasl</name>
	<range><ge>2.1.27</ge><lt>2.1.28</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cyrus SASL 2.1.x Release Notes New in 2.1.28 reports:</p>
	<blockquote cite="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">
	  <p>Fix off by one error</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2019-19906</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19906</url>
    </references>
    <dates>
      <discovery>2019-12-19</discovery>
      <entry>2022-02-28</entry>
    </dates>
  </vuln>

  <vuln vid="0eab001a-9708-11ec-96c9-589cfc0f81b0">
    <topic>typo3 -- XSS vulnerability in svg-sanitize</topic>
    <affects>
      <package>
       <name>typo3-10-php74</name>
       <range><lt>10.4.25</lt></range>
      </package>
      <package>
       <name>typo3-11-php74</name>
       <name>typo3-11-php80</name>
       <name>typo3-11-php81</name>
       <range><lt>11.5.7</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
       <p>The TYPO3 project reports:</p>
       <blockquote cite="https://typo3.org/article/typo3-psa-2022-001">
	 <p>The SVG sanitizer library enshrined/svg-sanitize before version
	 0.15.0 did not remove HTML elements wrapped in a CDATA section.
	 As a result, SVG content embedded in HTML (fetched as text/html)
	 was susceptible to cross-site scripting. Plain SVG files
	 (fetched as image/svg+xml) were not affected.</p>
       </blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23638</cvename>
      <url>https://github.com/typo3/typo3/commit/9940defb21</url>
      <url>https://typo3.org/article/typo3-psa-2022-001</url>
    </references>
    <dates>
      <discovery>2022-02-22</discovery>
      <entry>2022-02-27</entry>
    </dates>
  </vuln>

  <vuln vid="d71d154a-8b83-11ec-b369-6c3be5272acd">
    <topic>Grafana -- Teams API IDOR</topic>
    <affects>
      <package>
	<name>grafana6</name>
	<range><ge>6.0.0</ge></range>
      </package>
      <package>
	<name>grafana7</name>
	<range><lt>7.5.15</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><lt>8.3.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/">
	  <p>On Jan. 18, an external security researcher, Kürşad ALSAN from <a href="https://www.nspect.io/">NSPECT.IO</a> (<a href="https://twitter.com/nspectio">@nspectio</a> on Twitter), contacted Grafana to disclose an IDOR (Insecure Direct Object Reference) vulnerability on Grafana Teams APIs. This vulnerability only impacts the following API endpoints:</p>
	  <ul>
	    <li><strong>/teams/:teamId</strong> - an authenticated attacker can view unintended data by querying for the specific team ID.</li>
	    <li><strong>/teams/:search</strong> - an authenticated attacker can search for teams and see the total number of available teams, including for those teams that the user does not have access to.</li>
	    <li><strong>/teams/:teamId/members</strong> - when editors_can_admin flag is enabled, an authenticated attacker can see unintended data by querying for the specific team ID.</li>
	  </ul>
	  <p>We believe that this vulnerability is rated at CVSS 4.3 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-21713</cvename>
      <url>https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/</url>
    </references>
    <dates>
      <discovery>2022-01-18</discovery>
      <entry>2022-02-12</entry>
    </dates>
  </vuln>

  <vuln vid="d4284c2e-8b83-11ec-b369-6c3be5272acd">
    <topic>Grafana -- CSRF</topic>
    <affects>
      <package>
	<name>grafana6</name>
	<range><ge>6.0.0</ge></range>
      </package>
      <package>
	<name>grafana7</name>
	<range><lt>7.5.15</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><lt>8.3.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/">
	  <p>On Jan. 18, security researchers <a href="https://twitter.com/jub0bs">@jub0bs</a> and <a href="https://twitter.com/theabrahack">@abrahack</a> contacted Grafana to <a href="https://jub0bs.com/posts/2022-02-08-cve-2022-21703-writeup/">disclose a CSRF vulnerability</a> which allows anonymous attackers to elevate their privileges by mounting cross-origin attacks against authenticated high-privilege Grafana users (for example, Editors or Admins). An attacker can exploit this vulnerability for privilege escalation by tricking an authenticated user into inviting the attacker as a new user with high privileges. We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-21703</cvename>
      <url>https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/</url>
    </references>
    <dates>
      <discovery>2022-01-18</discovery>
      <entry>2022-02-12</entry>
    </dates>
  </vuln>

  <vuln vid="cecbc674-8b83-11ec-b369-6c3be5272acd">
    <topic>Grafana -- XSS</topic>
    <affects>
      <package>
	<name>grafana6</name>
	<range><ge>6.0.0</ge></range>
      </package>
      <package>
	<name>grafana7</name>
	<range><lt>7.5.15</lt></range>
      </package>
      <package>
	<name>grafana8</name>
	<range><lt>8.3.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Grafana Labs reports:</p>
	<blockquote cite="https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/">
	  <p>On Jan. 16, an external security researcher, Jasu Viding contacted Grafana to disclose an XSS vulnerability in the way that Grafana handles data sources. Should an existing data source connected to Grafana be compromised, it could be used to inappropriately gain access to other data sources connected to the same Grafana org. We believe that this vulnerability is rated at CVSS 6.8 (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-21702</cvename>
      <url>https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/</url>
    </references>
    <dates>
      <discovery>2022-01-16</discovery>
      <entry>2022-02-12</entry>
    </dates>
  </vuln>

  <vuln vid="7695b0af-958f-11ec-9aa3-4ccc6adda413">
    <topic>cryptopp -- ElGamal implementation allows plaintext recovery</topic>
    <affects>
      <package>
	<name>cryptopp</name>
	<range><lt>8.6.0</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Crypto++ 8.6 release notes reports:</p>
	<blockquote cite="https://www.cryptopp.com/release860.html">
	  <p>The ElGamal implementation in Crypto++ through 8.5 allows plaintext
	    recovery because, during interaction between two cryptographic
	    libraries, a certain dangerous combination of the prime defined by
	    the receiver's public key, the generator defined by the receiver's
	    public key, and the sender's ephemeral exponents can lead to a
	    cross-configuration attack against OpenPGP.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-40530</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-40530</url>
    </references>
    <dates>
      <discovery>2021-09-06</discovery>
      <entry>2022-02-24</entry>
    </dates>
  </vuln>

  <vuln vid="5e1440c6-95af-11ec-b320-f8b156b6dcc8">
    <topic>flac -- fix encoder bug</topic>
    <affects>
      <package>
	<name>flac</name>
	<range><lt>1.3.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The FLAC 1.3.4 release reports:</p>
	<blockquote cite="https://xiph.org/flac/changelog.html">
	  <p>Fix 12 decoder bugs found by oss-fuzz.</p>
	  <p>Fix encoder bug CVE-2021-0561.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-0561</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0561</url>
    </references>
    <dates>
      <discovery>2022-02-20</discovery>
      <entry>2022-02-24</entry>
    </dates>
  </vuln>

  <vuln vid="022dde12-8f4a-11ec-83ac-080027415d17">
    <topic>cyrus-sasl -- Escape password for SQL insert/update commands</topic>
    <affects>
      <package>
	<name>cyrus-sasl-sql</name>
	<range><ge>2.1.27</ge><lt>2.1.27_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cyrus SASL 2.1.x Release Notes New in 2.1.28 reports:</p>
	<blockquote cite="https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28">
	  <p>Escape password for SQL insert/update commands.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24407</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24407</url>
    </references>
    <dates>
      <discovery>2022-02-04</discovery>
      <entry>2022-02-23</entry>
    </dates>
  </vuln>

  <vuln vid="85d976be-93e3-11ec-aaad-14dae9d5a9d2">
    <topic>The Update Framwork -- path traversal vulnerability</topic>
    <affects>
      <package>
	<name>py37-tuf</name>
	<name>py38-tuf</name>
	<name>py39-tuf</name>
	<name>py310-tuf</name>
	<name>py311-tuf</name>
	<range><le>0.18.1</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>NVD reports:</p>
	<blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2021-41131">
	  <p>python-tuf is a Python reference implementation of The Update Framework (TUF). In both clients (`tuf/client` and `tuf/ngclient`), there is a path traversal vulnerability that in the worst case can overwrite files ending in `.json` anywhere on the client system on a call to `get_one_valid_targetinfo()`. It occurs because the rolename is used to form the filename, and may contain path traversal characters (ie `../../name.json`). The impact is mitigated by a few facts: It only affects implementations that allow arbitrary rolename selection for delegated targets metadata, The attack requires the ability to A) insert new metadata for the path-traversing role and B) get the role delegated by an existing targets metadata, The written file content is heavily restricted since it needs to be a valid, signed targets file. The file extension is always .json. A fix is available in version 0.19 or newer. There are no workarounds that do not require code changes. Clients can restrict the allowed character set for rolenames, or they can store metadata in files named in a way that is not vulnerable: neither of these approaches is possible without modifying python-tuf.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41131</cvename>
      <url>https://nvd.nist.gov/vuln/detail/CVE-2021-41131</url>
    </references>
    <dates>
      <discovery>2021-10-22</discovery>
      <entry>2022-02-22</entry>
    </dates>
  </vuln>

  <vuln vid="1cd565da-455e-41b7-a5b9-86ad8e81e33e">
    <topic>seatd-launch -- remove files with escalated privileges with SUID</topic>
    <affects>
      <package>
	<name>seatd</name>
	<range><ge>0.6.0</ge><lt>0.6.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Kenny Levinsen reports:</p>
	<blockquote cite="https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E">
	  <p>seatd-launch could use a user-specified socket path instead of the
	    internally generated socket path, and would unlink the socket path
	    before use to guard against collision with leftover sockets. This
	    meant that a caller could freely control what file path would be
	    unlinked and replaced with a user-owned seatd socket for the duration
	    of the session.</p>
	  <p>If seatd-launch had the SUID bit set, this could be used by a
	    malicious user to remove files with the privileges of the owner of
	    seatd-launch, which is likely root, and replace it with a user-owned
	    domain socket.</p>
	  <p>This does not directly allow retrieving the contents of existing
	    files, and the user-owned socket file is at the current time not
	    believed to be directly useful for further exploitation.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E</url>
      <cvename>CVE-2022-25643</cvename>
    </references>
    <dates>
      <discovery>2022-02-21</discovery>
      <entry>2022-02-21</entry>
      <modified>2022-02-22</modified>
    </dates>
  </vuln>

  <vuln vid="43ae57f6-92ab-11ec-81b4-2cf05d620ecc">
    <topic>Qt5 -- QProcess unexpected search path</topic>
    <affects>
      <package>
	<name>qt5-core</name>
	<range><lt>5.15.2p263_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Qt Company reports:</p>
	<blockquote cite="https://lists.qt-project.org/pipermail/announce/2022-February/000333.html">
	  <p>Recently, the Qt Project's security team was made aware of an issue regarding QProcess and determined it to be a security issue on Unix-based platforms only. We do not believe this to be a considerable risk for applications as the likelihood of it being triggered is minimal.
</p>
<p>Specifically, the problem is around using QProcess to start an application without having an absolute path, and as a result, it depends on it finding it in the PATH environment variable. As a result, it may be possible for an attacker to place their copy of the executable in question inside the working/current directory for the QProcess and have it invoked that instead.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-25255</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25255</url>
    </references>
    <dates>
      <discovery>2022-02-17</discovery>
      <entry>2022-02-21</entry>
    </dates>
  </vuln>

  <vuln vid="4d763c65-9246-11ec-9aa3-4ccc6adda413">
    <topic>libmysoft -- Heap-based buffer overflow vulnerability</topic>
    <affects>
      <package>
	<name>libmysofa</name>
	<range><lt>1.2.1.13</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Zhengjie Du reports:</p>
	<blockquote cite="https://huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/">
	  <p>There are some heap-buffer-overflows in mysofa2json of
	    libmysofa. They are in function loudness, mysofa_check and
	    readOHDRHeaderMessageDataLayout.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-3756</cvename>
      <url>https://www.huntr.dev/bounties/7ca8d9ea-e2a6-4294-af28-70260bb53bc1/</url>
    </references>
    <dates>
      <discovery>2021-09-27</discovery>
      <entry>2022-02-20</entry>
    </dates>
  </vuln>

  <vuln vid="27bf9378-8ffd-11ec-8be6-d4c9ef517024">
    <topic>MariaDB -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mariadb103-client</name>
	<range><lt>10.3.34</lt></range>
      </package>
      <package>
	<name>mariadb103-server</name>
	<range><lt>10.3.34</lt></range>
      </package>
      <package>
	<name>mariadb104-client</name>
	<range><lt>10.4.24</lt></range>
      </package>
      <package>
	<name>mariadb104-server</name>
	<range><lt>10.4.24</lt></range>
      </package>
      <package>
	<name>mariadb105-client</name>
	<range><lt>10.5.15</lt></range>
      </package>
      <package>
	<name>mariadb105-server</name>
	<range><lt>10.5.15</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MariaDB reports:</p>
	<blockquote cite="https://mariadb.com/kb/en/cve/">
	  <p>MariaDB reports 5 vulnerabilities in supported versions
	    resulting from fuzzing tests</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-46661</cvename>
      <cvename>CVE-2021-46663</cvename>
      <cvename>CVE-2021-46664</cvename>
      <cvename>CVE-2021-46665</cvename>
      <cvename>CVE-2021-46668</cvename>
      <url>https://mariadb.com/kb/en/cve/</url>
      <url>https://mariadb.com/kb/en/mdb-10334-rn/</url>
      <url>https://mariadb.com/kb/en/mdb-10424-rn/</url>
      <url>https://mariadb.com/kb/en/mdb-10515-rn/</url>
    </references>
    <dates>
      <discovery>2022-02-12</discovery>
      <entry>2022-02-18</entry>
    </dates>
  </vuln>

  <vuln vid="096ab080-907c-11ec-bb14-002324b2fba8">
    <topic>go -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>go</name>
	<range><lt>1.17.7,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Go project reports:</p>
	<blockquote cite="https://github.com/golang/go/issues/50974">
	  <p>crypto/elliptic: fix IsOnCurve for big.Int values that are not
	    valid coordinates</p>
	  <p>Some big.Int values that are not valid field elements (negative or
	    overflowing) might cause Curve.IsOnCurve to incorrectly return true.
	    Operating on those values may cause a panic or an invalid curve
	    operation. Note that Unmarshal will never return such values.</p>
	</blockquote>
	<blockquote cite="https://github.com/golang/go/issues/50699">
	  <p>math/big: prevent large memory consumption in Rat.SetString</p>
	  <p>An attacker can cause unbounded memory growth in a program using
	    (*Rat).SetString due to an unhandled overflow.</p>
	</blockquote>
	<blockquote cite="https://github.com/golang/go/issues/35671">
	  <p>cmd/go: prevent branches from materializing into versions</p>
	  <p>A branch whose name resembles a version tag (such as "v1.0.0" or
	    "subdir/v2.0.0-dev") can be considered a valid version by the go
	    command. Materializing versions from branches might be unexpected
	    and bypass ACLs that limit the creation of tags but not branches.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23806</cvename>
      <url>https://github.com/golang/go/issues/50974</url>
      <cvename>CVE-2022-23772</cvename>
      <url>https://github.com/golang/go/issues/50699</url>
      <cvename>CVE-2022-23773</cvename>
      <url>https://github.com/golang/go/issues/35671</url>
    </references>
    <dates>
      <discovery>2022-02-10</discovery>
      <entry>2022-02-18</entry>
    </dates>
  </vuln>

  <vuln vid="e12432af-8e73-11ec-8bc4-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>98.0.4758.102</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html">
	  <p>This release contains 11 security fixes, including:</p>
	  <ul>
	    <li>[1290008] High CVE-2022-0603: Use after free in File Manager.
	      Reported by Chaoyuan Peng (@ret2happy) on 2022-01-22</li>
	    <li>[1273397] High CVE-2022-0604: Heap buffer overflow in Tab
	      Groups. Reported by Krace on 2021-11-24</li>
	    <li>[1286940] High CVE-2022-0605: Use after free in Webstore API.
	      Reported by Thomas Orlita on 2022-01-13</li>
	    <li>[1288020] High CVE-2022-0606: Use after free in ANGLE. Reported
	      by Cassidy Kim of Amber Security Lab, OPPO Mobile
	      Telecommunications Corp. Ltd. on 2022-01-17</li>
	    <li>[1250655] High CVE-2022-0607: Use after free in GPU. Reported by
	      0x74960 on 2021-09-17</li>
	    <li>[1270333] High CVE-2022-0608: Integer overflow in Mojo. Reported
	      by Sergei Glazunov of Google Project Zero on 2021-11-16</li>
	    <li>[1296150] High CVE-2022-0609: Use after free in Animation.
	      Reported by Adam Weidemann and Clément Lecigne of Google'
	      Threat Analysis Group on 2022-02-10</li>
	    <li>[1285449] Medium CVE-2022-0610: Inappropriate implementation in
	      Gamepad API. Reported by Anonymous on 2022-01-08</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0603</cvename>
      <cvename>CVE-2022-0604</cvename>
      <cvename>CVE-2022-0605</cvename>
      <cvename>CVE-2022-0606</cvename>
      <cvename>CVE-2022-0607</cvename>
      <cvename>CVE-2022-0608</cvename>
      <cvename>CVE-2022-0609</cvename>
      <cvename>CVE-2022-0610</cvename>
      <url>https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html</url>
    </references>
    <dates>
      <discovery>2022-02-14</discovery>
      <entry>2022-02-15</entry>
    </dates>
  </vuln>

  <vuln vid="24049967-88ec-11ec-88f5-901b0e934d69">
    <topic>py-twisted -- cookie and authorization headers are leaked when following cross-origin redirects</topic>
      <affects>
	<package>
	  <name>py37-twisted</name>
	  <name>py38-twisted</name>
	  <name>py39-twisted</name>
	  <name>py310-twisted</name>
	  <range><lt>22.1.0</lt></range>
	</package>
      </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Twisted developers report:</p>
	<blockquote cite="https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx">
	  <p> Cookie and Authorization headers are leaked when following cross-origin redirects in <code>twited.web.client.RedirectAgent</code> and <code>twisted.web.client.BrowserLikeRedirectAgent</code>.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://github.com/twisted/twisted/security/advisories/GHSA-92x2-jw7w-xvvx</url>
    </references>
    <dates>
      <discovery>2022-02-07</discovery>
      <entry>2022-02-13</entry>
    </dates>
  </vuln>

  <vuln vid="d923fb0c-8c2f-11ec-aa85-0800270512f4">
    <topic>zsh -- Arbitrary command execution vulnerability</topic>
    <affects>
      <package>
	<name>zsh</name>
	<range><lt>5.8.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p> Marc Cornellà reports:</p>
	<blockquote cite="https://zsh.sourceforge.io/releases.html">
	  <p>
	    Some prompt expansion sequences, such as %F, support 'arguments'
	    which are themselves expanded in case they contain colour values,
	    etc. This additional expansion would trigger PROMPT_SUBST evaluation,
	    if enabled. This could be abused to execute code the user didn't
	    expect. e.g., given a certain prompt configuration, an attacker
	    could trick a user into executing arbitrary code by having them
	    check out a Git branch with a specially crafted name.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-45444</cvename>
      <url>https://zsh.sourceforge.io/releases.html</url>
    </references>
    <dates>
      <discovery>2022-02-12</discovery>
      <entry>2022-02-12</entry>
    </dates>
  </vuln>

  <vuln vid="972ba0e8-8b8a-11ec-b369-6c3be5272acd">
    <topic>Node.js -- January 2022 Security Releases</topic>
    <affects>
      <package>
	<name>node</name>
	<range><ge>12.0.0</ge><lt>12.22.9</lt></range>
	<range><ge>14.0.0</ge><lt>14.18.3</lt></range>
	<range><ge>16.0.0</ge><lt>16.13.2</lt></range>
	<range><ge>17.0.0</ge><lt>17.3.1</lt></range>
      </package>
      <package>
	<name>node16</name>
	<range><lt>16.13.2</lt></range>
      </package>
      <package>
	<name>node14</name>
	<range><lt>14.18.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Node.js reports:</p>
	<blockquote cite="https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/">
	  <h1>Improper handling of URI Subject Alternative Names (Medium)(CVE-2021-44531)</h1>
	  <p>Accepting arbitrary Subject Alternative Name (SAN) types, unless a PKI is specifically defined to use a particular SAN type, can result in bypassing name-constrained intermediates. Node.js was accepting URI SAN types, which PKIs are often not defined to use. Additionally, when a protocol allows URI SANs, Node.js did not match the URI correctly.</p>
	  <h1>Certificate Verification Bypass via String Injection (Medium)(CVE-2021-44532)</h1>
	  <p>Node.js converts SANs (Subject Alternative Names) to a string format. It uses this string to check peer certificates against hostnames when validating connections. The string format was subject to an injection vulnerability when name constraints were used within a certificate chain, allowing the bypass of these name constraints.</p>
	  <h1>Incorrect handling of certificate subject and issuer fields (Medium)(CVE-2021-44533)</h1>
	  <p>Node.js did not handle multi-value Relative Distinguished Names correctly. Attackers could craft certificate subjects containing a single-value Relative Distinguished Name that would be interpreted as a multi-value Relative Distinguished Name, for example, in order to inject a Common Name that would allow bypassing the certificate subject verification.</p>
	  <h1>Prototype pollution via <code>console.table</code> properties (Low)(CVE-2022-21824)</h1>
	  <p>Due to the formatting logic of the <code>console.table()</code> function it was not safe to allow user controlled input to be passed to the <code>properties</code> parameter while simultaneously passing a plain object with at least one property as the first parameter, which could be <code>__proto__</code>. The prototype pollution has very limited control, in that it only allows an empty string to be assigned to numerical keys of the object prototype.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-44531</cvename>
      <cvename>CVE-2021-44532</cvename>
      <cvename>CVE-2021-44533</cvename>
      <cvename>CVE-2022-21824</cvename>
      <url>https://nodejs.org/en/blog/vulnerability/jan-2022-security-releases/</url>
    </references>
    <dates>
      <discovery>2022-01-10</discovery>
      <entry>2022-02-12</entry>
    </dates>
  </vuln>

  <vuln vid="0b0ad196-1ee8-4a98-89b1-4d5d82af49a9">
    <topic>jenkins -- DoS vulnerability in bundled XStream library</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.334</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.319.3</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2022-02-09/">
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-2602 / CVE-2021-43859 (upstream issue), CVE-2022-0538 (Jenkins-specific converters)</h5>
	  <p>DoS vulnerability in bundled XStream library</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-43859</cvename>
      <cvename>CVE-2022-0538</cvename>
      <url>https://www.jenkins.io/security/advisory/2022-02-09/</url>
    </references>
    <dates>
      <discovery>2022-02-09</discovery>
      <entry>2022-02-10</entry>
    </dates>
  </vuln>

  <vuln vid="ff5606f7-8a45-11ec-8be6-d4c9ef517024">
    <topic>MariaDB -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mariadb103-client</name>
	<range><lt>10.3.33</lt></range>
      </package>
      <package>
	<name>mariadb103-server</name>
	<range><lt>10.3.33</lt></range>
      </package>
      <package>
	<name>mariadb104-client</name>
	<range><lt>10.4.23</lt></range>
      </package>
      <package>
	<name>mariadb104-server</name>
	<range><lt>10.4.23</lt></range>
      </package>
      <package>
	<name>mariadb105-client</name>
	<range><lt>10.5.14</lt></range>
      </package>
      <package>
	<name>mariadb105-server</name>
	<range><lt>10.5.14</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>MariaDB reports:</p>
	<blockquote cite="https://mariadb.com/kb/en/cve/">
	  <p>MariaDB reports 5 vulnerabilities in supported versions
	    without further detailed information.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-24052</cvename>
      <cvename>CVE-2022-24051</cvename>
      <cvename>CVE-2022-24050</cvename>
      <cvename>CVE-2022-24048</cvename>
      <cvename>CVE-2021-46659</cvename>
      <url>https://mariadb.com/kb/en/cve/</url>
      <url>https://mariadb.com/kb/en/mdb-10333-rn/</url>
      <url>https://mariadb.com/kb/en/mdb-10423-rn/</url>
      <url>https://mariadb.com/kb/en/mdb-10514-rn/</url>
    </references>
    <dates>
      <discovery>2022-02-10</discovery>
      <entry>2022-02-10</entry>
      <modified>2022-02-17</modified>
    </dates>
  </vuln>

  <vuln vid="fc2a9541-8893-11ec-9d01-80ee73419af3">
    <topic>xrdp -- privilege escalation</topic>
    <affects>
      <package>
	<name>xrdp</name>
	<range><ge>0.9.17,1</ge><lt>0.9.18.1,1</lt></range>
      </package>
      <package>
	<name>xrdp-devel</name>
	<range><ge>0.9.17,1</ge><lt>0.9.18.1,1</lt></range>
      </package>

    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>xrdp project reports:</p>
	<blockquote cite="https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32">
	  <p>An integer underflow leading to a heap overflow in the sesman server allows any unauthenticated attacker which is accessible to a sesman server (listens by default on localhost when installing xrdp, but can be remote if configured otherwise) to execute code as root.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23613</cvename>
      <url>https://github.com/neutrinolabs/xrdp/security/advisories/GHSA-8h98-h426-xf32</url>
    </references>
    <dates>
      <discovery>2022-01-23</discovery>
      <entry>2022-02-08</entry>
      <modified>2022-02-15</modified>
    </dates>
  </vuln>

  <vuln vid="3507bfb3-85d5-11ec-8c9c-001b217b3468">
    <topic>Gitlab -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>14.7.0</ge><lt>14.7.1</lt></range>
	<range><ge>14.6.0</ge><lt>14.6.4</lt></range>
	<range><ge>0</ge><lt>14.5.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2022/02/03/security-release-gitlab-14-7-1-released/">
	  <p>Arbitrary POST requests via special HTML attributes in Jupyter Notebooks</p>
	  <p>DNS Rebinding vulnerability in Irker IRC Gateway integration</p>
	  <p>Missing certificate validation for external CI services</p>
	  <p>Blind SSRF Through Project Import</p>
	  <p>Open redirect vulnerability in Jira Integration</p>
	  <p>Issue link was disclosing the linked issue</p>
	  <p>Service desk email accessible by project non-members</p>
	  <p>Authenticated users can search other users by their private email</p>
	  <p>"External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge request</p>
	  <p>Deleting packages in bulk from package registries may cause table locks</p>
	  <p>Autocomplete enabled on specific pages</p>
	  <p>Possible SSRF due to not blocking shared address space</p>
	  <p>System notes reveals private project path when Issue is moved to a public project</p>
	  <p>Timeout for pages using Markdown</p>
	  <p>Certain branch names could not be protected</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0427</cvename>
      <cvename>CVE-2022-0425</cvename>
      <cvename>CVE-2022-0123</cvename>
      <cvename>CVE-2022-0136</cvename>
      <cvename>CVE-2022-0283</cvename>
      <cvename>CVE-2022-0390</cvename>
      <cvename>CVE-2022-0373</cvename>
      <cvename>CVE-2022-0371</cvename>
      <cvename>CVE-2021-39943</cvename>
      <cvename>CVE-2022-0477</cvename>
      <cvename>CVE-2022-0167</cvename>
      <cvename>CVE-2022-0249</cvename>
      <cvename>CVE-2022-0344</cvename>
      <cvename>CVE-2022-0488</cvename>
      <cvename>CVE-2021-39931</cvename>
      <url>https://about.gitlab.com/releases/2022/02/03/security-release-gitlab-14-7-1-released/</url>
    </references>
    <dates>
      <discovery>2022-02-03</discovery>
      <entry>2022-02-04</entry>
    </dates>
  </vuln>

  <vuln vid="e852f43c-846e-11ec-b043-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>98.0.4758.80</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html">
	  <p>This release contains 27 security fixes, including:</p>
	  <ul>
	    <li>[1284584] High CVE-2022-0452: Use after free in Safe Browsing.
	      Reported by avaue at S.S.L. on 2022-01-05</li>
	    <li>[1284916] High CVE-2022-0453: Use after free in Reader Mode.
	      Reported by Rong Jian of VRI on 2022-01-06</li>
	    <li>[1287962] High CVE-2022-0454: Heap buffer overflow in ANGLE.
	      Reported by Seong-Hwan Park (SeHwa) of SecunologyLab on
	      2022-01-17</li>
	    <li>[1270593] High CVE-2022-0455: Inappropriate implementation in
	      Full Screen Mode. Reported by Irvan Kurniawan (sourc7) on
	      2021-11-16</li>
	    <li>[1289523] High CVE-2022-0456: Use after free in Web Search.
	      Reported by Zhihua Yao of KunLun Lab on 2022-01-21</li>
	    <li>[1274445] High CVE-2022-0457: Type Confusion in V8. Reported by
	      rax of the Group0x58 on 2021-11-29</li>
	    <li>[1267060] High CVE-2022-0458: Use after free in Thumbnail Tab
	      Strip. Reported by Leecraso and Guang Gong of 360 Alpha Lab on
	      2021-11-05</li>
	    <li>[1244205] High CVE-2022-0459: Use after free in Screen Capture.
	      Reported by raven (@raid_akame) on 2021-08-28</li>
	    <li>[1250227] Medium CVE-2022-0460: Use after free in Window Dialog.
	      Reported by 0x74960 on 2021-09-16</li>
	    <li>[1256823] Medium CVE-2022-0461: Policy bypass in COOP. Reported
	      by NDevTK on 2021-10-05</li>
	    <li>[1270470] Medium CVE-2022-0462: Inappropriate implementation in
	      Scroll. Reported by Youssef Sammouda on 2021-11-16</li>
	    <li>[1268240] Medium CVE-2022-0463: Use after free in Accessibility.
	      Reported by Zhihua Yao of KunLun Lab on 2021-11-09</li>
	    <li>[1270095] Medium CVE-2022-0464: Use after free in Accessibility.
	      Reported by Zhihua Yao of KunLun Lab on 2021-11-14</li>
	    <li>[1281941] Medium CVE-2022-0465: Use after free in Extensions.
	      Reported by Samet Bekmezci @sametbekmezci on 2021-12-22</li>
	    <li>[1115460] Medium CVE-2022-0466: Inappropriate implementation in
	      Extensions Platform. Reported by David Erceg on 2020-08-12</li>
	    <li>[1239496] Medium CVE-2022-0467: Inappropriate implementation in
	      Pointer Lock. Reported by Alesandro Ortiz on 2021-08-13</li>
	    <li>[1252716] Medium CVE-2022-0468: Use after free in Payments.
	      Reported by Krace on 2021-09-24</li>
	    <li>[1279531] Medium CVE-2022-0469: Use after free in Cast. Reported
	      by Thomas Orlita on 2021-12-14</li>
	    <li>[1269225] Low CVE-2022-0470: Out of bounds memory access in V8.
	      Reported by Looben Yang on 2021-11-11</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0452</cvename>
      <cvename>CVE-2022-0453</cvename>
      <cvename>CVE-2022-0454</cvename>
      <cvename>CVE-2022-0455</cvename>
      <cvename>CVE-2022-0456</cvename>
      <cvename>CVE-2022-0457</cvename>
      <cvename>CVE-2022-0458</cvename>
      <cvename>CVE-2022-0459</cvename>
      <cvename>CVE-2022-0460</cvename>
      <cvename>CVE-2022-0461</cvename>
      <cvename>CVE-2022-0462</cvename>
      <cvename>CVE-2022-0463</cvename>
      <cvename>CVE-2022-0464</cvename>
      <cvename>CVE-2022-0465</cvename>
      <cvename>CVE-2022-0466</cvename>
      <cvename>CVE-2022-0467</cvename>
      <cvename>CVE-2022-0468</cvename>
      <cvename>CVE-2022-0469</cvename>
      <cvename>CVE-2022-0470</cvename>
      <url>https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2022-02-01</discovery>
      <entry>2022-02-02</entry>
    </dates>
  </vuln>

  <vuln vid="1d3677a8-9143-42d8-84a3-0585644dff4b">
    <topic>h2o -- uninitialised memory access in HTTP3</topic>
    <affects>
      <package>
	<name>h2o-devel</name>
	<range><lt>2.3.0.d.20220131</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Emil Lerner reports:</p>
	<blockquote cite="https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4">
       <p>When receiving QUIC frames in certain order, HTTP/3 server-side
       implementation of h2o can be misguided to treat uninitialized
       memory as HTTP/3 frames that have been received. When h2o is
       used as a reverse proxy, an attacker can abuse this vulnerability
       to send internal state of h2o to backend servers controlled by
       the attacker or third party. Also, if there is an HTTP endpoint
       that reflects the traffic sent from the client, an attacker can
       use that reflector to obtain internal state of h2o.</p>
       <p>This internal state includes traffic of other connections in
       unencrypted form and TLS session tickets.</p>
       <p>This vulnerability exists in h2o server with HTTP/3
       support, between commit 93af138 and d1f0f65. None of the
       released versions of h2o are affected by this vulnerability.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-43848</cvename>
      <url>https://github.com/h2o/h2o/security/advisories/GHSA-f9xw-j925-m4m4</url>
    </references>
    <dates>
      <discovery>2021-01-31</discovery>
      <entry>2022-02-02</entry>
    </dates>
  </vuln>

  <vuln vid="b1b6d623-83e4-11ec-90de-1c697aa5a594">
    <topic>FreeBSD -- vt console buffer overflow</topic>
    <affects>
      <package>
	<name>FreeBSD</name>
	<range><ge>13.0</ge><lt>13.0_6</lt></range>
	<range><ge>12.2</ge><lt>12.2_12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<h1>Problem Description:</h1>
	<p>Under certain conditions involving use of the highlight buffer
	while text is scrolling on the console, console data may overwrite
	data structures associated with the system console or other kernel
	memory.</p>
	<h1>Impact:</h1>
	<p>Users with access to the system console may be able to cause system
	misbehaviour.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-29632</cvename>
      <freebsdsa>SA-22:01.vt</freebsdsa>
    </references>
    <dates>
      <discovery>2022-01-11</discovery>
      <entry>2022-02-02</entry>
    </dates>
  </vuln>

  <vuln vid="8579074c-839f-11ec-a3b2-005056a311d1">
    <topic>samba -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>samba413</name>
	<range><lt>4.13.17</lt></range>
      </package>
      <package>
	<name>samba414</name>
	<range><lt>4.14.12</lt></range>
      </package>
      <package>
	<name>samba415</name>
	<range><lt>4.15.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Samba Team reports:</p>
	<blockquote cite="https://www.samba.org/samba/history/security.html">
	  <ul>
	  <li>CVE-2021-43566: Malicious client using an SMB1 or NFS race to allow
	      a directory to be created in an area of the server file system not
	      exported under the share definition.</li>
	  <li>CVE-2021-44141: Information leak via symlinks of existance of files
	      or directories outside of the exported share.</li>
	  <li>CVE-2021-44142: Out-of-bounds heap read/write vulnerability
	      in VFS module vfs_fruit allows code execution.</li>
	  <li>CVE-2022-0336: Samba AD users with permission to write to
	      an account can impersonate arbitrary services.</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-43566</cvename>
      <cvename>CVE-2021-44141</cvename>
      <cvename>CVE-2021-44142</cvename>
      <cvename>CVE-2022-0336</cvename>
      <url>https://www.samba.org/samba/security/CVE-2021-43566.html</url>
      <url>https://www.samba.org/samba/security/CVE-2021-44141.html</url>
      <url>https://www.samba.org/samba/security/CVE-2021-44142.html</url>
      <url>https://www.samba.org/samba/security/CVE-2022-0336.html</url>
    </references>
    <dates>
      <discovery>2022-01-31</discovery>
      <entry>2022-02-01</entry>
    </dates>
  </vuln>

  <vuln vid="ee26f513-826e-11ec-8be6-d4c9ef517024">
    <topic>Rust -- Race condition enabling symlink following</topic>
    <affects>
      <package>
	<name>rust</name>
	<range><lt>1.58.1</lt></range>
      </package>
      <package>
	<name>rust-nightly</name>
	<range><lt>1.60.0.20220202</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<blockquote cite="https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html">
	  <p>The Rust Security Response WG was notified that the
	    std::fs::remove_dir_all standard library function is vulnerable to a
	    race condition enabling symlink following (CWE-363). An attacker could
	    use this security issue to trick a privileged program into deleting
	    files and directories the attacker couldn't otherwise access or
	    delete.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-21658</cvename>
      <url>https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html</url>
    </references>
    <dates>
      <discovery>2022-01-20</discovery>
      <entry>2022-01-31</entry>
      <modified>2022-02-03</modified>
    </dates>
  </vuln>

  <vuln vid="b0c83e1a-8153-11ec-84f9-641c67a117d8">
    <topic>varnish -- Request Smuggling Vulnerability</topic>
    <affects>
      <package>
	<name>varnish6</name>
	<range><lt>6.6.2</lt></range>
      </package>
      <package>
	<name>varnish4</name>
	<range><lt>4.1.11r6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Varnish Cache Project reports:</p>
	<blockquote cite="https://varnish-cache.org/security/VSV00008.html">
	  <p>A request smuggling attack can be performed on HTTP/1 connections on
	    Varnish Cache servers. The smuggled request would be treated as an additional
	    request by the Varnish server, go through normal VCL processing, and injected
	    as a spurious response on the client connection.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-23959</cvename>
      <url>https://varnish-cache.org/security/VSV00008.html</url>
      <url>https://docs.varnish-software.com/security/VSV00008/</url>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23959</url>
    </references>
    <dates>
      <discovery>2022-01-25</discovery>
      <entry>2022-01-29</entry>
    </dates>
  </vuln>

  <vuln vid="b6ef8a53-8062-11ec-9af3-fb232efe4d2e">
    <topic>OpenEXR -- Heap-buffer-overflow in Imf_3_1::LineCompositeTask::execute</topic>
    <affects>
      <package>
	<name>openexr</name>
	<range><lt>3.1.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Cary Phillips reports:</p>
	<blockquote cite="https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022">
	  <p>[OpenEXR Version 3.1.4 is a] patch release that [...]
	    addresses one public security vulnerability:
	    CVE-2021-45942 Heap-buffer-overflow in
	    Imf_3_1::LineCompositeTask::execute [and several]
	    specific OSS-fuzz issues [...].</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-45942</cvename>
      <url>https://github.com/AcademySoftwareFoundation/openexr/blob/v3.1.4/CHANGES.md#version-314-january-26-2022</url>
      <url>https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41416</url> <!-- reported for dates.discovery below -->
      <url>https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=41999</url> <!-- reported 2021-12-04 -->
      <url>https://github.com/AcademySoftwareFoundation/openexr/pull/1209</url> <!-- fix for CVE-inducing issue -->
    </references>
    <dates>
      <discovery>2021-11-26</discovery>
      <entry>2022-01-28</entry>
    </dates>
  </vuln>

  <vuln vid="1aaaa5c6-804d-11ec-8be6-d4c9ef517024">
    <topic>OpenSSL -- BN_mod_exp incorrect results on MIPS</topic>
    <affects>
      <package>
	<name>openssl</name>
	<range><lt>1.1.1m,1</lt></range>
      </package>
      <package>
	<name>openssl-devel</name>
	<range><lt>3.0.1</lt></range>
      </package>
      <package>
	<name>openssl-quictls</name>
	<range><lt>3.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The OpenSSL project reports:</p>
	<blockquote cite="https://www.openssl.org/news/secadv/20220128.txt">
	  <p>BN_mod_exp may produce incorrect results on MIPS (Moderate)</p>
	  <p>There is a carry propagation bug in the MIPS32 and MIPS64 squaring
	    procedure. Many EC algorithms are affected, including some of the
	    TLS 1.3 default curves. Impact was not analyzed in detail, because the
	    pre-requisites for attack are considered unlikely and include reusing
	    private keys. Analysis suggests that attacks against RSA and DSA as a
	    result of this defect would be very difficult to perform and are not
	    believed likely. Attacks against DH are considered just feasible
	    (although very difficult) because most of the work necessary to deduce
	    information about a private key may be performed offline. The amount
	    of resources required for such an attack would be significant.
	    However, for an attack on TLS to be meaningful, the server would have
	    to share the DH private key among multiple clients, which is no longer
	    an option since CVE-2016-0701.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-4160</cvename>
      <url>https://www.openssl.org/news/secadv/20220128.txt</url>
    </references>
    <dates>
      <discovery>2022-01-28</discovery>
      <entry>2022-01-28</entry>
    </dates>
  </vuln>

  <vuln vid="65847d9d-7f3e-11ec-8624-b42e991fc52e">
    <topic>mustache - Possible Remote Code Execution</topic>
    <affects>
      <package>
	<name>phpmustache</name>
	<range><lt>2.14.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>huntr.dev reports:</p>
	<blockquote cite="https://huntr.dev/bounties/a5f5a988-aa52-4443-839d-299a63f44fb7/">
	  <p>In Mustache.php v2.0.0 through v2.14.0, Sections tag can
	    lead to arbitrary php code execution even if
	    strict_callables is true when section value is
	    controllable.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0323</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-0323</url>
    </references>
    <dates>
      <discovery>2022-01-20</discovery>
      <entry>2022-01-27</entry>
    </dates>
  </vuln>

  <vuln vid="0f8bf913-7efa-11ec-8c04-2cf05d620ecc">
    <topic>polkit -- Local Privilege Escalation</topic>
    <affects>
      <package>
	<name>polkit</name>
	<range><lt>0.120_1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Qualys reports:</p>
	<blockquote cite="https://seclists.org/oss-sec/2022/q1/80">
	  <p>We discovered a Local Privilege Escalation (from any user to root) in
polkit's pkexec, a SUID-root program that is installed by default on
every major Linux distribution.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-4034</cvename>
      <url>https://seclists.org/oss-sec/2022/q1/80</url>
      <freebsdpr>ports/261482</freebsdpr>
    </references>
    <dates>
      <discovery>2022-01-25</discovery>
      <entry>2022-01-26</entry>
    </dates>
  </vuln>

  <vuln vid="ccaea96b-7dcd-11ec-93df-00224d821998">
    <topic>strongswan - Incorrect Handling of Early EAP-Success Messages</topic>
    <affects>
      <package>
	<name>strongswan</name>
	<range><lt>5.9.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Strongswan Release Notes reports:</p>
	<blockquote cite="https://github.com/strongswan/strongswan/releases/tag/5.9.5">
	  <p>Fixed a vulnerability in the EAP client implementation
	    that was caused by incorrectly handling early EAP-Success
	    messages. It may allow to bypass the client and in some
	    scenarios even the server authentication, or could lead to
	    a denial-of-service attack. This vulnerability has been
	    registered as CVE-2021-45079.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-45079</cvename>
      <url>https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html</url>
    </references>
    <dates>
      <discovery>2021-12-16</discovery>
      <entry>2022-01-25</entry>
    </dates>
  </vuln>

  <vuln vid="58528a94-5100-4208-a04d-edc01598cf01">
    <topic>strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache</topic>
    <affects>
      <package>
	<name>strongswan</name>
	<range><lt>5.9.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Strongswan Release Notes reports:</p>
	<blockquote cite="https://github.com/strongswan/strongswan/releases/tag/5.9.4">
	  <p>Fixed a denial-of-service vulnerability in the gmp plugin that
	     was caused by an integer overflow when processing RSASSA-PSS
	     signatures with very large salt lengths. This vulnerability has
	     been registered as CVE-2021-41990.</p>
	  <p>Fixed a denial-of-service vulnerability in the in-memory
	     certificate cache if certificates are replaced and a very large
	     random value caused an integer overflow. This vulnerability has
	     been registered as CVE-2021-41991.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-41990</cvename>
      <cvename>CVE-2021-41991</cvename>
      <url>https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html</url>
      <url>https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html</url>
    </references>
    <dates>
      <discovery>2021-10-04</discovery>
      <entry>2022-01-25</entry>
    </dates>
  </vuln>

  <vuln vid="309c35f4-7c9f-11ec-a739-206a8a720317">
    <topic>aide -- heap-based buffer overflow</topic>
    <affects>
      <package>
	<name>aide</name>
	<range><lt>0.17.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>David Bouman reports:</p>
	<blockquote cite="INSERT URL HERE">
	  <p>AIDE before 0.17.4 allows local users to obtain root privileges
	     via crafted file metadata (such as XFS extended attributes or
	     tmpfs ACLs), because of a heap-based buffer overflow.</p>
	  <p>Aide uses a fixed size (16k bytes) for the return buffer in
	     encode_base64/decode_base64 functions. This results in a segfault
	     if aide processes a file with too large extended attribute value
	     or ACL.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-45417</cvename>
      <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45417</url>
    </references>
    <dates>
      <discovery>2022-01-15</discovery>
      <entry>2022-01-23</entry>
    </dates>
  </vuln>

  <vuln vid="51496cbc-7a0e-11ec-a323-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>97.0.4692.99</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html">
	  <p>This release contains 26 security fixes, including:</p>
	  <ul>
	    <li>[1284367] Critical CVE-2022-0289: Use after free in Safe
	      browsing. Reported by Sergei Glazunov of Google Project Zero on
	      2022-01-05</li>
	    <li>[1260134][1260007] High CVE-2022-0290: Use after free in Site
	      isolation. Reported by Brendon Tiszka and Sergei Glazunov of
	      Google Project Zero on 2021-10-15</li>
	    <li>[1281084] High CVE-2022-0291: Inappropriate implementation in
	      Storage. Reported by Anonymous on 2021-12-19</li>
	    <li>[1270358] High CVE-2022-0292: Inappropriate implementation in
	      Fenced Frames. Reported by Brendon Tiszka  on 2021-11-16</li>
	    <li>[1283371] High CVE-2022-0293: Use after free in Web packaging.
	      Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
	      2021-12-30</li>
	    <li>[1273017] High CVE-2022-0294: Inappropriate implementation in
	      Push messaging. Reported by Rong Jian and Guang Gong of 360 Alpha
	      Lab on 2021-11-23</li>
	    <li>[1278180] High CVE-2022-0295: Use after free in Omnibox.
	      Reported by Weipeng Jiang (@Krace) and Guang Gong of 360
	      Vulnerability Research Institute on 2021-12-09</li>
	    <li>[1283375] High CVE-2022-0296: Use after free in Printing.
	      Reported by koocola(@alo_cook) and Guang Gong of 360 Vulnerability
	      Research Institute on 2021-12-30</li>
	    <li>[1274316] High CVE-2022-0297: Use after free in Vulkan. Reported
	      by Cassidy Kim of Amber Security Lab, OPPO Mobile
	      Telecommunications Corp. Ltd. on 2021-11-28</li>
	    <li>[1212957] High CVE-2022-0298: Use after free in Scheduling.
	      Reported by Yangkang (@dnpushme) of 360 ATA on 2021-05-25</li>
	    <li>[1275438] High CVE-2022-0300: Use after free in Text Input
	      Method Editor. Reported by Rong Jian and Guang Gong of 360 Alpha
	      Lab on 2021-12-01</li>
	    <li>[1276331] High CVE-2022-0301: Heap buffer overflow in DevTools.
	      Reported by Abdulrahman Alqabandi, Microsoft Browser Vulnerability
	      Research on 2021-12-03</li>
	    <li>[1278613] High CVE-2022-0302: Use after free in Omnibox.
	      Reported by Weipeng Jiang (@Krace) and Guang Gong of 360
	      Vulnerability Research Institute on 2021-12-10</li>
	    <li>[1281979] High CVE-2022-0303: Race in GPU Watchdog. Reported by
	      Yigit Can YILMAZ (@yilmazcanyigit) on 2021-12-22</li>
	    <li>[1282118] High CVE-2022-0304: Use after free in Bookmarks.
	      Reported by Rong Jian and Guang Gong of 360 Alpha Lab on
	      2021-12-22</li>
	    <li>[1282354] High CVE-2022-0305: Inappropriate implementation in
	      Service Worker API. Reported by @uwu7586 on 2021-12-23</li>
	    <li>[1283198] High CVE-2022-0306: Heap buffer overflow in PDFium.
	      Reported by Sergei Glazunov of Google Project Zero on
	      2021-12-29</li>
	    <li>[1281881] Medium CVE-2022-0307: Use after free in Optimization
	      Guide. Reported by Samet Bekmezci @sametbekmezci on
	      2021-12-21</li>
	    <li>[1282480] Medium CVE-2022-0308: Use after free in Data Transfer.
	      Reported by @ginggilBesel on 2021-12-24</li>
	    <li>[1240472] Medium CVE-2022-0309: Inappropriate implementation in
	      Autofill. Reported by Alesandro Ortiz on 2021-08-17</li>
	    <li>[1283805] Medium CVE-2022-0310: Heap buffer overflow in Task
	      Manager. Reported by Samet Bekmezci @sametbekmezci on
	      2022-01-03</li>
	    <li>[1283807] Medium CVE-2022-0311: Heap buffer overflow in Task
	      Manager. Reported by Samet Bekmezci @sametbekmezci on
	      2022-01-03</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0289</cvename>
      <cvename>CVE-2022-0290</cvename>
      <cvename>CVE-2022-0291</cvename>
      <cvename>CVE-2022-0292</cvename>
      <cvename>CVE-2022-0293</cvename>
      <cvename>CVE-2022-0294</cvename>
      <cvename>CVE-2022-0295</cvename>
      <cvename>CVE-2022-0296</cvename>
      <cvename>CVE-2022-0297</cvename>
      <cvename>CVE-2022-0298</cvename>
      <cvename>CVE-2022-0300</cvename>
      <cvename>CVE-2022-0301</cvename>
      <cvename>CVE-2022-0302</cvename>
      <cvename>CVE-2022-0303</cvename>
      <cvename>CVE-2022-0304</cvename>
      <cvename>CVE-2022-0305</cvename>
      <cvename>CVE-2022-0306</cvename>
      <cvename>CVE-2022-0307</cvename>
      <cvename>CVE-2022-0308</cvename>
      <cvename>CVE-2022-0309</cvename>
      <cvename>CVE-2022-0310</cvename>
      <cvename>CVE-2022-0311</cvename>
      <url>https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop_19.html</url>
    </references>
    <dates>
      <discovery>2022-01-19</discovery>
      <entry>2022-01-20</entry>
    </dates>
  </vuln>

  <vuln vid="7262f826-795e-11ec-8be6-d4c9ef517024">
    <topic>MySQL -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>mysql-connector-odbc</name>
	<range><lt>8.0.28</lt></range>
      </package>
      <package>
	<name>mysql-connector-c++</name>
	<range><lt>8.0.28</lt></range>
      </package>
      <package>
	<name>mysql-connector-java</name>
	<range><lt>8.0.28</lt></range>
      </package>
      <package>
	<name>mysql-connector-java51</name>
	<range><lt>8.0.28</lt></range>
      </package>
      <package>
	<name>mysql-server55</name>
	<range><lt>5.5.63</lt></range>
      </package>
      <package>
	<name>mysql-server56</name>
	<range><lt>5.6.52</lt></range>
      </package>
      <package>
	<name>mysql-server57</name>
	<range><lt>5.7.37</lt></range>
      </package>
      <package>
	<name>mysql-server80</name>
	<range><lt>8.0.27</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Oracle reports:</p>
	<blockquote cite="https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL">
	  <p>This Critical Patch Update contains 78 new security patches for
	    Oracle MySQL. 3 of these vulnerabilities may be remotely exploitable
	    without authentication, i.e., may be exploited over a network without
	    requiring user credentials.<br/>
	    The highest CVSS v3.1 Base Score of vulnerabilities affecting Oracle
	    MySQL is 7.4</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-22946</cvename>
      <cvename>CVE-2021-3712</cvename>
      <cvename>CVE-2022-21278</cvename>
      <cvename>CVE-2022-21351</cvename>
      <cvename>CVE-2022-21363</cvename>
      <cvename>CVE-2022-21358</cvename>
      <cvename>CVE-2022-21352</cvename>
      <cvename>CVE-2022-21367</cvename>
      <cvename>CVE-2022-21301</cvename>
      <cvename>CVE-2022-21378</cvename>
      <cvename>CVE-2022-21302</cvename>
      <cvename>CVE-2022-21254</cvename>
      <cvename>CVE-2022-21348</cvename>
      <cvename>CVE-2022-21270</cvename>
      <cvename>CVE-2022-21256</cvename>
      <cvename>CVE-2022-21379</cvename>
      <cvename>CVE-2022-21362</cvename>
      <cvename>CVE-2022-21374</cvename>
      <cvename>CVE-2022-21253</cvename>
      <cvename>CVE-2022-21264</cvename>
      <cvename>CVE-2022-21297</cvename>
      <cvename>CVE-2022-21339</cvename>
      <cvename>CVE-2022-21342</cvename>
      <cvename>CVE-2022-21370</cvename>
      <cvename>CVE-2022-21304</cvename>
      <cvename>CVE-2022-21344</cvename>
      <cvename>CVE-2022-21303</cvename>
      <cvename>CVE-2022-21368</cvename>
      <cvename>CVE-2022-21245</cvename>
      <cvename>CVE-2022-21265</cvename>
      <cvename>CVE-2022-21249</cvename>
      <cvename>CVE-2022-21372</cvename>
      <url>https://www.oracle.com/security-alerts/cpujan2022.html#AppendixMSQL</url>
    </references>
    <dates>
      <discovery>2022-01-18</discovery>
      <entry>2022-01-19</entry>
    </dates>
  </vuln>

  <vuln vid="e3ec8b30-757b-11ec-922f-654747404482">
    <topic>Prosody XMPP server advisory 2022-01-13</topic>
    <affects>
      <package>
	<name>prosody</name>
	<range><lt>0.11.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The Prosody teaM reports:</p>
	<blockquote cite="https://prosody.im/security/advisory_20220113/">
	  <p>It was discovered that an internal Prosody library to load XML based on
	  does not properly restrict the XML features allowed in parsed
	  XML data. Given suitable attacker input, this results in expansion of
	  recursive entity references from DTDs (CWE-776). In addition,
	  depending on the libexpat version used, it may also allow injections
	  using XML External Entity References (CWE-611).</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0217</cvename>
      <url>https://prosody.im/security/advisory_20220113/</url>
    </references>
    <dates>
      <discovery>2022-01-10</discovery>
      <entry>2022-01-14</entry>
    </dates>
  </vuln>

  <vuln vid="79b65dc5-749f-11ec-8be6-d4c9ef517024">
    <topic>WordPress -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>wordpress</name>
	<range><lt>5.8.3,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The WordPress project reports:</p>
	<blockquote cite="https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/">
	  <ul><li>Issue with stored XSS through post slugs</li>
	    <li>Issue with Object injection in some multisite installations</li>
	    <li>SQL injection vulnerability in WP_Query</li>
	    <li>SQL injection vulnerability in WP_Meta_Query</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://wordpress.org/news/2022/01/wordpress-5-8-3-security-release/</url>
    </references>
    <dates>
      <discovery>2022-01-06</discovery>
      <entry>2022-01-13</entry>
    </dates>
  </vuln>

  <vuln vid="2a6106c6-73e5-11ec-8fa2-0800270512f4">
    <topic>clamav -- invalid pointer read that may cause a crash</topic>
    <affects>
      <package>
	<name>clamav</name>
	<range><lt>0.104.2,1</lt></range>
      </package>
      <package>
	<name>clamav-lts</name>
	<range><lt>0.103.5,1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Laurent Delosieres reports:</p>
	<blockquote cite="https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html">
	  <p>
	    Fix for invalid pointer read that may cause a crash. This issue affects
	    0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the
	    <code>CL_SCAN_GENERAL_COLLECT_METADATA</code> scan option
	    (the <code>clamscan --gen-json</code> option) is enabled.
	  </p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-20698</cvename>
      <url>https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html</url>
    </references>
    <dates>
      <discovery>2022-01-12</discovery>
      <entry>2022-01-12</entry>
    </dates>
  </vuln>

  <vuln vid="672eeea9-a070-4f88-b0f1-007e90a2cbc3">
    <topic>jenkins -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>jenkins</name>
	<range><lt>2.330</lt></range>
      </package>
      <package>
	<name>jenkins-lts</name>
	<range><lt>2.319.2</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Jenkins Security Advisory:</p>
	<blockquote cite="https://www.jenkins.io/security/advisory/2021-11-04/">
	  <h1>Description</h1>
	  <h5>(Medium) SECURITY-2558 / CVE-2022-20612</h5>
	  <p>CSRF vulnerability in build triggers</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-20612</cvename>
      <url>https://www.jenkins.io/security/advisory/2022-01-12/</url>
    </references>
    <dates>
      <discovery>2022-01-12</discovery>
      <entry>2022-01-12</entry>
    </dates>
  </vuln>

  <vuln vid="43f84437-73ab-11ec-a587-001b217b3468">
    <topic>Gitlab -- Multiple Vulnerabilities</topic>
    <affects>
      <package>
	<name>gitlab-ce</name>
	<range><ge>14.6.0</ge><lt>14.6.2</lt></range>
	<range><ge>14.5.0</ge><lt>14.5.3</lt></range>
	<range><ge>7.7</ge><lt>14.4.5</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Gitlab reports:</p>
	<blockquote cite="https://about.gitlab.com/releases/2022/01/11/security-release-gitlab-14-6-2-released/">
	  <p>Arbitrary file read via group import feature</p>
	  <p>Stored XSS in notes</p>
	  <p>Lack of state parameter on GitHub import project OAuth</p>
	  <p>Vulnerability related fields are available to unauthorized users on GraphQL API</p>
	  <p>Deleting packages may cause table locks</p>
	  <p>IP restriction bypass via GraphQL</p>
	  <p>Repository content spoofing using Git replacement references</p>
	  <p>Users can import members from projects that they are not a maintainer on through API</p>
	  <p>Possibility to direct user to malicious site through Slack integration</p>
	  <p>Bypassing file size limits to the NPM package repository</p>
	  <p>User with expired password can still access sensitive information</p>
	  <p>Incorrect port validation allows access to services on ports 80 and 443 if GitLab is configured to run on another port</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-39946</cvename>
      <cvename>CVE-2022-0154</cvename>
      <cvename>CVE-2022-0152</cvename>
      <cvename>CVE-2022-0151</cvename>
      <cvename>CVE-2022-0172</cvename>
      <cvename>CVE-2022-0090</cvename>
      <cvename>CVE-2022-0125</cvename>
      <cvename>CVE-2022-0124</cvename>
      <cvename>CVE-2021-39942</cvename>
      <cvename>CVE-2022-0093</cvename>
      <cvename>CVE-2021-39927</cvename>
      <url>https://about.gitlab.com/releases/2022/01/11/security-release-gitlab-14-6-2-released/</url>
    </references>
    <dates>
      <discovery>2022-01-11</discovery>
      <entry>2022-01-12</entry>
    </dates>
  </vuln>

  <vuln vid="b927b654-7146-11ec-ad4b-5404a68ad561">
    <topic>uriparser -- Multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>uriparser</name>
	<range><lt>0.9.6</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Upstream project reports:</p>
	<blockquote cite="https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog">
	  <p>Fix a bug affecting both uriNormalizeSyntax* and uriMakeOwner*
	     functions where the text range in .hostText would not be duped using
	     malloc but remain unchanged (and hence "not owned") for URIs with
	     an IPv4 or IPv6 address hostname; depending on how an application
	     uses uriparser, this could lead the application into a use-after-free
	     situation.
	     As the second half, fix uriFreeUriMembers* functions that would not
	     free .hostText memory for URIs with an IPv4 or IPv6 address host;
	     also, calling uriFreeUriMembers* multiple times on a URI of this
	     very nature would result in trying to free pointers to stack
	     (rather than heap) memory.
	     Fix functions uriNormalizeSyntax* for out-of-memory situations
	     (i.e. malloc returning NULL) for URIs containing empty segments
	     (any of user info, host text, query, or fragment) where previously
	     pointers to stack (rather than heap) memory were freed.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-46141</cvename>
      <cvename>CVE-2021-46142</cvename>
      <url>https://github.com/uriparser/uriparser/blob/uriparser-0.9.6/ChangeLog</url>
    </references>
    <dates>
      <discovery>2022-01-06</discovery>
      <entry>2022-01-09</entry>
    </dates>
  </vuln>

  <vuln vid="d3e023fb-6e88-11ec-b948-080027240888">
    <topic>Django -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>py37-django22</name>
	<name>py38-django22</name>
	<name>py39-django22</name>
	<range><lt>2.2.26</lt></range>
      </package>
      <package>
	<name>py37-django32</name>
	<name>py38-django32</name>
	<name>py39-django32</name>
	<range><lt>3.2.11</lt></range>
      </package>
      <package>
	<name>py37-django40</name>
	<name>py38-django40</name>
	<name>py39-django40</name>
	<range><lt>4.0.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Django Release  reports:</p>
	<blockquote cite="https://www.djangoproject.com/weblog/2022/jan/04/security-releases/">
	  <p>CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator.</p>
	  <p>CVE-2021-45116: Potential information disclosure in dictsort template filter.</p>
	  <p>CVE-2021-45452: Potential directory-traversal via Storage.save().</p>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-45115</cvename>
      <cvename>CVE-2021-45116</cvename>
      <cvename>CVE-2021-45452</cvename>
      <url>https://www.djangoproject.com/weblog/2022/jan/04/security-releases/</url>
    </references>
    <dates>
      <discovery>2021-12-20</discovery>
      <entry>2022-01-06</entry>
    </dates>
  </vuln>

  <vuln vid="9c990e67-6e30-11ec-82db-b42e991fc52e">
    <topic>routinator -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>routinator</name>
	<range><lt>0.10.1</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>nlnetlabs reports:</p>
	<blockquote cite="https://nlnetlabs.nl/projects/rpki/security-advisories/">
	  <p>Release 0.10.2 contains fixes for the following issues:</p>
	  <ul>
	    <li>Medium CVE-2021-43172: Infinite length chain of RRDP
	      repositories. Credit: Koen van Hove. Date: 2021-11-09</li>
	    <li>Medium CVE-2021-43173: Hanging RRDP request.
	      Credit: Koen van Hove. Date: 2021-11-09</li>
	    <li>Medium	CVE-2021-43174: gzip transfer encoding caused
	      out-of-memory crash. Credit Koen van Hove. Date: 2021-11-09</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2021-43172</cvename>
      <cvename>CVE-2021-43173</cvename>
      <cvename>CVE-2021-43174</cvename>
      <url>https://nlnetlabs.nl/projects/rpki/security-advisories/</url>
    </references>
    <dates>
      <discovery>2021-11-09</discovery>
      <entry>2022-01-05</entry>
    </dates>
  </vuln>

  <vuln vid="9eeccbf3-6e26-11ec-bb10-3065ec8fd3ec">
    <topic>chromium -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>chromium</name>
	<range><lt>97.0.4692.71</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Chrome Releases reports:</p>
	<blockquote cite="https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html">
	  <p>This release contains 37 security fixes, including:</p>
	  <ul>
	    <li>[$TBD][1275020] Critical CVE-2022-0096: Use after free in
	      Storage. Reported by Yangkang (@dnpushme) of 360 ATA on
	      2021-11-30</li>
	    <li>[1117173] High CVE-2022-0097: Inappropriate implementation in
	      DevTools. Reported by David Erceg on 2020-08-17</li>
	    <li>[1273609] High CVE-2022-0098: Use after free in Screen Capture.
	      Reported by @ginggilBesel on 2021-11-24</li>
	    <li>[1245629] High CVE-2022-0099: Use after free in Sign-in.
	      Reported by Rox on 2021-09-01</li>
	    <li>[1238209] High CVE-2022-0100: Heap buffer overflow in Media
	      streams API. Reported by Cassidy Kim of Amber Security Lab, OPPO
	      Mobile Telecommunications Corp. Ltd. on 2021-08-10</li>
	    <li>[1249426] High CVE-2022-0101: Heap buffer overflow in Bookmarks.
	      Reported by raven (@raid_akame) on 2021-09-14</li>
	    <li>[1260129] High CVE-2022-0102: Type Confusion in V8 . Reported by
	      Brendon Tiszka on 2021-10-14</li>
	    <li>[1272266] High CVE-2022-0103: Use after free in SwiftShader.
	      Reported by Abraruddin Khan and Omair on 2021-11-21</li>
	    <li>[1273661] High CVE-2022-0104: Heap buffer overflow in ANGLE.
	      Reported by Abraruddin Khan and Omair on 2021-11-25</li>
	    <li>[1274376] High CVE-2022-0105: Use after free in PDF. Reported by
	      Cassidy Kim of Amber Security Lab, OPPO Mobile Telecommunications
	      Corp. Ltd. on 2021-11-28</li>
	    <li>[1278960] High CVE-2022-0106: Use after free in Autofill.
	      Reported by Khalil Zhani on 2021-12-10</li>
	    <li>[1248438] Medium CVE-2022-0107: Use after free in File Manager
	      API. Reported by raven (@raid_akame) on 2021-09-10</li>
	    <li>[1248444] Medium CVE-2022-0108: Inappropriate implementation in
	      Navigation. Reported by Luan Herrera (@lbherrera_) on
	      2021-09-10</li>
	    <li>[1261689] Medium CVE-2022-0109: Inappropriate implementation in
	      Autofill. Reported by Young Min Kim (@ylemkimon), CompSec Lab at
	      Seoul National University on 2021-10-20</li>
	    <li>[1237310] Medium CVE-2022-0110: Incorrect security UI in
	      Autofill. Reported by Alesandro Ortiz on 2021-08-06</li>
	    <li>[1241188] Medium CVE-2022-0111: Inappropriate implementation in
	      Navigation. Reported by garygreen on 2021-08-18</li>
	    <li>[1255713] Medium CVE-2022-0112: Incorrect security UI in Browser
	      UI. Reported by Thomas Orlita on 2021-10-04</li>
	    <li>[1039885] Medium CVE-2022-0113: Inappropriate implementation in
	      Blink. Reported by Luan Herrera (@lbherrera_) on 2020-01-07</li>
	    <li>[1267627] Medium CVE-2022-0114: Out of bounds memory access in
	      Web Serial. Reported by Looben Yang on 2021-11-06</li>
	    <li>[1268903] Medium CVE-2022-0115: Uninitialized Use in File API.
	      Reported by Mark Brand of Google Project Zero on 2021-11-10</li>
	    <li>[1272250] Medium CVE-2022-0116: Inappropriate implementation in
	      Compositing. Reported by Irvan Kurniawan (sourc7) on
	      2021-11-20</li>
	    <li>[1115847] Low CVE-2022-0117: Policy bypass in Service Workers.
	      Reported by Dongsung Kim (@kid1ng) on 2020-08-13</li>
	    <li>[1238631] Low CVE-2022-0118: Inappropriate implementation in
	      WebShare. Reported by Alesandro Ortiz on 2021-08-11</li>
	    <li>[1262953] Low CVE-2022-0120: Inappropriate implementation in
	      Passwords. Reported by CHAKRAVARTHI (Ruler96) on 2021-10-25</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <cvename>CVE-2022-0096</cvename>
      <cvename>CVE-2022-0097</cvename>
      <cvename>CVE-2022-0098</cvename>
      <cvename>CVE-2022-0099</cvename>
      <cvename>CVE-2022-0100</cvename>
      <cvename>CVE-2022-0101</cvename>
      <cvename>CVE-2022-0102</cvename>
      <cvename>CVE-2022-0103</cvename>
      <cvename>CVE-2022-0104</cvename>
      <cvename>CVE-2022-0105</cvename>
      <cvename>CVE-2022-0106</cvename>
      <cvename>CVE-2022-0107</cvename>
      <cvename>CVE-2022-0108</cvename>
      <cvename>CVE-2022-0109</cvename>
      <cvename>CVE-2022-0110</cvename>
      <cvename>CVE-2022-0111</cvename>
      <cvename>CVE-2022-0112</cvename>
      <cvename>CVE-2022-0113</cvename>
      <cvename>CVE-2022-0114</cvename>
      <cvename>CVE-2022-0115</cvename>
      <cvename>CVE-2022-0116</cvename>
      <cvename>CVE-2022-0117</cvename>
      <cvename>CVE-2022-0118</cvename>
      <cvename>CVE-2022-0120</cvename>
      <url>https://chromereleases.googleblog.com/2022/01/stable-channel-update-for-desktop.html</url>
    </references>
    <dates>
      <discovery>2022-01-04</discovery>
      <entry>2022-01-05</entry>
    </dates>
  </vuln>