Branch p9_e2k update bulletin.

Package vim updated to version 8.2.5172-alt1 for branch p9_e2k.

Published: 2022-06-28

BDU:2022-04025

Уязвимость функции skipwhite текстового редактора Vim, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-2231

Published: 2022-06-27

BDU:2022-04208

Уязвимость функции skipwhite() текстового редактора Vim, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-2042

Published: 2022-06-27

BDU:2022-04209

Уязвимость компонента diff.c текстового редактора Vim, позволяющая нарушителю выполнить атаку типа «отказ в обслуживании» (DoS)

Severity: LOW (3.1) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L

References:

CVE-2022-2208

Published: 2022-06-27

BDU:2022-04214

Уязвимость функции ins_bs() текстового редактора Vim, позволяющая нарушителю выполнить произвольный код в целевой системе

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-2207

Published: 2022-06-27

BDU:2022-04215

Уязвимость функции get_lisp_indent() текстового редактора Vim, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

Severity: LOW (3.1) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

CVE-2022-2183

Published: 2022-06-27

BDU:2022-04216

Уязвимость функции parse_cmd_address() текстового редактора Vim, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-2182

Published: 2022-06-27

BDU:2022-04219

Уязвимость функции ml_append_int() текстового редактора Vim, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-2210

Published: 2022-06-27

BDU:2022-04220

Уязвимость функции suggest_trie_walk() текстового редактора Vim, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации или оказать другое воздействие

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-2126

Published: 2022-06-27

BDU:2022-04221

Уязвимость функции get_lisp_indent() текстового редактора Vim, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-2125

Published: 2022-06-27

BDU:2022-04222

Уязвимость функции current_quote() текстового редактора Vim, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-2124

Published: 2022-06-27

BDU:2022-04223

Уязвимость функции append_command() (ex_docmd.c) текстового редактора Vim, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-2000

Published: 2022-06-27

BDU:2022-04224

Уязвимость компонента search.c текстового редактора Vim, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-1968

Published: 2022-06-27

BDU:2022-04225

Уязвимость функции vim_regsub_both() текстового редактора Vim, позволяющая нарушителю выполнить произвольный код

Severity: HIGH (7.5) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-1942

Published: 2022-06-27

BDU:2022-04226

Уязвимость функции cmdline_insert_reg() текстового редактора Vim, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность, доступность защищаемой информации

Severity: LOW (3.1) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

References:

CVE-2022-2175

Published: 2022-06-26

BDU:2022-04572

Уязвимость компонента edit.c текстового редактора Vim, позволяющая нарушителю выполнить произвольный код в целевой системе

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-2206

Published: 2022-05-29

BDU:2022-05523

Уязвимость функции utf_ptr2char() текстового редактора Vim, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-1927

Published: 2022-05-25

BDU:2022-05981

Уязвимость функции find_pattern_in_path текстового редактора Vim, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-1898

Published: 2022-06-16

BDU:2022-06480

Уязвимость функции vim_regsub_both компонента regexp.c текстового редактора Vim, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

Severity: HIGH (8.8) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2022-2129

Published: 2022-05-27
Modified: 2024-11-21

CVE-2022-1898

Use After Free in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-05-29
Modified: 2024-11-21

CVE-2022-1927

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-05-31
Modified: 2024-11-21

CVE-2022-1942

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-06-02
Modified: 2024-11-21

CVE-2022-1968

Use After Free in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-06-09
Modified: 2024-11-21

CVE-2022-2000

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-06-10
Modified: 2024-11-21

CVE-2022-2042

Use After Free in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-06-19
Modified: 2024-11-21

CVE-2022-2124

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-06-19
Modified: 2024-11-21

CVE-2022-2125

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-06-19
Modified: 2024-11-21

CVE-2022-2126

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-06-19
Modified: 2024-11-21

CVE-2022-2129

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-06-23
Modified: 2024-11-21

CVE-2022-2175

Buffer Over-read in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-06-23
Modified: 2024-11-21

CVE-2022-2182

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-06-23
Modified: 2024-11-21

CVE-2022-2183

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-06-26
Modified: 2024-11-21

CVE-2022-2206

Out-of-bounds Read in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-06-27
Modified: 2024-11-21

CVE-2022-2207

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-06-27
Modified: 2024-11-21

CVE-2022-2208

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Published: 2022-06-27
Modified: 2024-11-21

CVE-2022-2210

Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

Published: 2022-06-28
Modified: 2024-11-21

CVE-2022-2231

NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.

Severity: MEDIUM (5.5) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

Package glpi updated to version 9.5.8-alt1 for branch p9_e2k.

Published: 2022-06-28

BDU:2022-04910

Уязвимость системы работы с заявками и инцидентами GLPI, связанная с непринятием мер по защите структуры веб-страницы, позволяющая нарушителю осуществлять межсайтовые сценарные атаки

Severity: CRITICAL (9.8) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

CVE-2022-31061

Published: 2022-04-21
Modified: 2024-11-21

CVE-2022-24868

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can exploit a lack of sanitization on SVG file uploads and inject javascript into their user avatar. As a result any user viewing the avatar will be subject to a cross site scripting attack. Users of GLPI are advised to upgrade. Users unable to upgrade should disallow SVG avatars.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2022-04-21
Modified: 2024-11-21

CVE-2022-24869

GLPI is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions prior to 10.0.0 one can use ticket's followups or setup login messages with a stylesheet link. This may allow for a cross site scripting attack vector. This issue is partially mitigated by cors security of browsers, though users are still advised to upgrade.

Severity: MEDIUM (5.4) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2022-06-28
Modified: 2024-11-21

CVE-2022-31061

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions there is a SQL injection vulnerability which is possible on login page. No user credentials are required to exploit this vulnerability. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Package nginx updated to version 1.22.0-alt1 for branch p9_e2k.

Published: 2022-03-23
Modified: 2024-11-21

CVE-2021-3618

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

Severity: HIGH (7.4) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Package gnutls30 updated to version 3.6.16-alt2 for branch p9_e2k.

Published: 2022-08-01
Modified: 2024-11-21

CVE-2022-2509

A vulnerability found in gnutls. This security flaw happens because of a double free error occurs during verification of pkcs7 signatures in gnutls_pkcs7_verify function.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Package libteam updated to version 1.31-alt2.g69a7494 for branch p9_e2k.

teamd@.service безполезен

Не работает NetworkManager + teamd

teamd 100% CPU usage

Version: 2.1.0

ALT-BU-2022-6122-1

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed vulnerabilities

Closed bugs