CVEs related to bugs in StarlingX

Open bugs

Bug CVE(s)
Bug #1908751: mirror-check.sh failes for layered build CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Triaged, assigned to Scott Little
Bug #2049325: [Debian] High CVE: CVE-2024-0193/CVE-2023-6606/CVE-2023-6040/CVE-2024-0646 kernel : multiple CVEs CVE-2021-44879
CVE-2023-39198
CVE-2023-45863
CVE-2023-46343
CVE-2023-46838
CVE-2023-51042
CVE-2023-51043
CVE-2023-51779
CVE-2023-52433
CVE-2023-52436
CVE-2023-52438
CVE-2023-52439
CVE-2023-6040
CVE-2023-6606
CVE-2023-6915
CVE-2024-0193
CVE-2024-0584
CVE-2024-0639
CVE-2024-0641
CVE-2024-0646
CVE-2024-0775
CVE-2024-23196
StarlingX Triaged (unassigned)
Bug #2052401: [Debian] Medium CVE: CVE-2024-21626 runc CVE-2024-21626
StarlingX Triaged, assigned to Jim Gauld
Bug #2058868: [Debian] High CVE: CVE-2022-2127/CVE-2022-3437/CVE-2023-34966/CVE-2023-34967/CVE-2023-34968 samba : multiple CVEs CVE-2022-2127
CVE-2022-3437
CVE-2023-34966
CVE-2023-34967
CVE-2023-34968
CVE-2023-4091
StarlingX Triaged (unassigned)
Bug #2059877: [Debian] Medium CVE: CVE-2024-28085 util-linux CVE-2024-28085
StarlingX Triaged (unassigned)
Bug #2059901: [Debian] High CVE: CVE-2022-1050 qemu: a use-after-free condition CVE-2022-1050
StarlingX Triaged (unassigned)

Resolved bugs

Bug CVE(s)
Bug #1791835: CVE-2017-1000433: Known moderate severity security vulnerability detected in pysaml2 <= 4.5.0 CVE-2017-1000433
StarlingX Won't fix, assigned to Ken Young
Bug #1794868: lshell component is not maintained and has pending CVEs CVE-2016-6902
CVE-2016-6903
StarlingX Won't fix, assigned to Ken Young
Bug #1796941: CVE-2018-7536: Moderate Django Vulnerability in django.utils.html.urlize() CVE-2018-7536
StarlingX Won't fix, assigned to Ken Young
Bug #1801798: CVE-2018-18074: python-requests package may reveal credentials CVE-2018-18074
StarlingX Fix released, assigned to Ghada Khalil
Bug #1805759: CVE: CVE-2018-5391: kernel: IP fragment re-assembly allows DOS (FragmentSmack) CVE-2018-5391
StarlingX Fix released, assigned to Lin Shuicheng
Bug #1806749: CVE-2018-1002105 Kubernetes priviledge escalation CVE-2018-1002105
StarlingX Fix released, assigned to Frank Miller
Bug #1815641: CVE-2019-5736 affecting docker-ce 18.03 CVE-2019-5736
StarlingX Fix released, assigned to Brent Rowsell
Bug #1820756: CVE-2018-15688: systemd-network does not correctly keep track of a buffer size CVE-2018-15688
StarlingX Fix released, assigned to Mawrer Amed Ramirez Martinez
Bug #1820757: CVE-2018-18311: Perl Buffer Overflow CVE-2018-18311
StarlingX Fix released, assigned to Mawrer Amed Ramirez Martinez
Bug #1820759: CVE-2018-19115: keepalived has a Heap-based buffer overflow vulnerability CVE-2018-19115
StarlingX Fix released, assigned to Mawrer Amed Ramirez Martinez
Bug #1830487: CVEs by modern implementation of the "fill buffer" mechanism CVE-2018-12126
CVE-2018-12127
CVE-2018-12130
CVE-2019-11091
StarlingX Fix released, assigned to zhao.shuai
Bug #1836685: CVE: integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs) CVE-2019-11477
CVE-2019-11478
CVE-2019-11479
StarlingX Fix released, assigned to zhao.shuai
Bug #1840771: CVE-2018-14618:NTLM buffer overflow via integer overflow CVE-2017-8816
CVE-2018-14618
StarlingX Fix released, assigned to zhao.shuai
Bug #1840778: CVE-2019-11811:use-after-free upon attempted read access to /proc/ioports after the ipmi_si module is removed CVE-2019-11811
StarlingX Fix released, assigned to zhao.shuai
Bug #1847817: CVE-2019-14835: kernel: vhost-net: guest to host kernel escape during migration CVE-2019-14835
StarlingX Fix released, assigned to Robin Lu
Bug #1849195: CVE-2018-1000076: rubygems: Improper verification of signatures in tarball allows to install mis-signed gem CVE-2018-1000076
StarlingX Fix released, assigned to Jim Somerville
Bug #1849197: CVE-2018-12327:ntp: buffer overflow in ntpq and ntpdc CVE-2018-12327
StarlingX Fix released, assigned to Jim Somerville
Bug #1849198: CVE-2018-14599: libX11: Off-by-one error in XListExtensions in ListExt.c CVE-2018-14599
StarlingX Fix released, assigned to Robin Lu
Bug #1849199: CVE-2018-14600: libX11: Out of Bounds write in XListExtensions in ListExt.c CVE-2018-14600
StarlingX Fix released, assigned to Robin Lu
Bug #1849200: CVE-2018-15686: systemd: state injection during daemon-reexec CVE-2018-15686
StarlingX Fix released, assigned to Jim Somerville
Bug #1849201: CVE-2018-16402: elfutils: Double-free due to double decompression CVE-2018-16402
StarlingX Fix released, assigned to Jim Somerville
Bug #1849202: CVE-2018-19788: polkit: Improper handling of uid CVE-2018-19788
StarlingX Fix released, assigned to Jim Somerville
Bug #1849203: CVE-2018-8780: ruby: Unintentional directory traversal by poisoned NULL byte in Dir CVE-2018-8780
StarlingX Fix released, assigned to Jim Somerville
Bug #1849204: Fix CVE-2019-0160 CVE-2019-0160
StarlingX Fix released, assigned to Ghada Khalil
Bug #1849205: CVE-2019-0160: OVMF: overflows with long file names and invalid UDF media CVE-2019-0160
StarlingX Fix released, assigned to Robin Lu
Bug #1849206: CVE-2019-11810: kernel: a NULL pointer dereference in drivers/scsi/megaraid/megaraid_sas_base.c leading to DoS CVE-2019-11810
StarlingX Fix released, assigned to Robin Lu
Bug #1849209: CVE-2019-11811: kernel: use-after-free in IPMI CVE-2019-11811
StarlingX Fix released, assigned to Robin Lu
Bug #1849210: CVE-2019-5953: wget: do_conversion() buffer overflow CVE-2019-5953
StarlingX Fix released, assigned to Jim Somerville
Bug #1852825: CVE-2019-14287: sudo: can bypass certain policy blacklists CVE-2019-14287
StarlingX Fix released, assigned to Robin Lu
Bug #1864763: CVE-2019-10126 / CVE-2019-14895 / CVE-2019-17133 / CVE-2019-14901 / CVE-2019-16746: WiFi Driver Vulnerabilities CVE-2019-10126
CVE-2019-14895
CVE-2019-14901
CVE-2019-16746
CVE-2019-17133
StarlingX Invalid by Jim Somerville
Bug #1872979: collectd core dump generated after lock/unlock controller-0 CVE-2020-15705
StarlingX Fix released, assigned to Eric MacDonald
Bug #1881425: CVE-2015-2716: expat: Buffer overflow in the XML parser CVE-2015-2716
StarlingX Fix released, assigned to Poornima Y N
Bug #1881426: CVE-2018-18751: gettext: double free in default_add_message CVE-2018-18751
StarlingX Fix released, assigned to Poornima Y N
Bug #1881428: CVE-2018-5819: glib2: libRaw "parse_sinar_ia()" function can be exploited CVE-2018-5819
StarlingX Invalid by Poornima Y N
Bug #1881429: CVE-2019-15916: kernel: memory leak in register_queue_kobjects CVE-2019-15916
StarlingX Fix released, assigned to Jim Somerville
Bug #1886064: Upgrades are not able to add new keystone users/services/endpoints CVE-2020-15705
StarlingX Fix released, assigned to Andy
Bug #1887438: Controller-0 Not Ready after force rebooting active controller (Controller-1) CVE-2018-15473
CVE-2019-10160
CVE-2019-16056
CVE-2019-18634
CVE-2019-6470
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Chris Friesen
Bug #1887677: stx-openstack: etcd 1MB size limit will prevent scaling up openstack workers CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Angie Wang
Bug #1892768: Containerd config needs a jinja template CVE-2020-15705
StarlingX Fix released, assigned to Carmen Rata
Bug #1893669: swact is not triggered after killing dnsmasq process within 90 seconds CVE-2020-15705
StarlingX Fix released, assigned to Bin Qian
Bug #1894870: etcd instance not secured CVE-2020-15705
StarlingX Fix released, assigned to zhipeng liu
Bug #1895555: OAM IP change needs double lock/unlock controllers for IPV6 system CVE-2020-15705
StarlingX Fix released, assigned to Andre Kantek
Bug #1900920: pods do not get restarted in an AIO-DX system CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Douglas Henrique Koerich
Bug #1901449: DC: rbd mounted devices becomes read only after enabling https on system controller CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Bob Church
Bug #1902149: CVE-2019-5482: curl: heap overflow in TFTP CVE-2019-5482
StarlingX Fix released, assigned to Joe Slater
Bug #1902993: CVE-2017-12652: libpng: does not check length of chunks CVE-2017-12652
StarlingX Fix released, assigned to Michel Thebeau [WIND]
Bug #1902995: CVE-2019-12450: glib2: file_copy_fallback does not restrict file permissions CVE-2019-12450
StarlingX Fix released, assigned to Michel Thebeau [WIND]
Bug #1902997: CVE-2018-20843: expat: XML input leads to high RAM and CPU CVE-2018-20843
StarlingX Fix released, assigned to Michel Thebeau [WIND]
Bug #1903994: Retain more puppet log files to help with debugging CVE-2020-15705
StarlingX Fix released, assigned to Lu Yao Chen
Bug #1904739: kubernetes-nat rule not applied on controller following DOR CVE-2020-15705
StarlingX Fix released, assigned to Andy
Bug #1904885: Failure to connect to registry.local due to DNS resolution issues CVE-2020-15705
StarlingX Fix released, assigned to Jerry Sun
Bug #1906470: CVE-2019-11068: libxslt: bypass of protection mechanism CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Joe Slater
Bug #1906471: CVE-2019-17006: nss: crypto primitives missing length checks CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Joe Slater
Bug #1907678: New pip resolver breaks tox for some repos CVE-2020-15705
StarlingX Fix released, assigned to Al Bailey
Bug #1908088: stx-tools: yum fails in Docker with misleading error messages CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Davlet Panech
Bug #1908297: populate_downloads.sh doesn't clean/backup old content CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Scott Little
Bug #1910130: Build of 'compile' layer fails due to missing python3 dependencies CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Don Penney
Bug #1912139: CVE-2018-19519: tcpdump: a stack-based buffer over-read CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Li Zhou
Bug #1912682: tools: Dockerfile: yum install silently ignores errors CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Davlet Panech
Bug #1914291: Failure changing kube-apiserver parameters CVE-2020-15705
StarlingX Fix released, assigned to Jerry Sun
Bug #1915050: IPv6: All hosts remain offline after booting off the controller-0 CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-18634
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6470
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
CVE-2021-3156
StarlingX Fix released, assigned to Yue Tao
Bug #1915864: Nodes are in unuseble state. Possible typo "'NoneType' object has no attribute 'startswith'" CVE-2018-12404
CVE-2019-11745
StarlingX Invalid by Zhixiong Chi
Bug #1915951: Shared NIC: System doesn't retain the rate-limit config when a pod is deleted CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Steven Webster
Bug #1916620: Worker fails reboot recovery due to SRIOV timeout CVE-2020-15705
StarlingX Fix released, assigned to Douglas Henrique Koerich
Bug #1916946: CVE-2021-3156 sudo privilege escalation CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Joe Slater
Bug #1917229: worker runtime config missed system.yaml hiera CVE-2020-15705
StarlingX Fix released, assigned to John Kung
Bug #1917308: Stx-openstack apply-fail after swact standby controller, lock, unlock standby controller CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Gustavo Santos
Bug #1917781: Controller-0 showing disabled/offline in dm while it is unlocked/available in sysinv CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Mihnea Saracin
Bug #1917864: bash: shell commands are no longer logged to /var/log/bash.log CVE-2019-10160
CVE-2019-16056
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
StarlingX Fix released, assigned to Zhixiong Chi
Bug #1917901: tb.sh create fails on rmdir /var/lib/mock CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Scott Little
Bug #1918139: On AIO hosts, kuberenetes is starting before key resources are initialized CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Bin Qian
Bug #1918154: CVE-2020-10878: perl: perl before 5.30.3 has an integer overflow CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Joe Slater
Bug #1918477: download_mirror.sh is slow CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Scott Little
Bug #1919274: Adding bare-metal Ceph storage backend at runtime fails CVE-2020-15705
StarlingX Fix released, assigned to Bob Church
Bug #1919276: Bare-metal Ceph Metadata servers are not started by the Ceph runtime manifests CVE-2020-15705
StarlingX Fix released, assigned to Bob Church
Bug #1920024: linuxsoft.cern.ch is no longer responding CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Scott Little
Bug #1920245: drbd filesystems not resized during bootstrap CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to David Sullivan
Bug #1923458: basearch not always set CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Scott Little
Bug #1923510: admin endpoint certificate overwritten by expired copy CVE-2020-15705
StarlingX Fix released, assigned to Bin Qian
Bug #1923665: No LLDP information available for Fortville i40e NIC CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Cole Walker
Bug #1923879: crash kernel fails to boot with ice network hw CVE-2020-15705
StarlingX Fix released, assigned to Jim Somerville
Bug #1924209: Storage-0 went offline due to NIC driver continuousely failed to allocate memory CVE-2020-15705
StarlingX Fix released, assigned to Zhixiong Chi
Bug #1924579: armada-api container not using the correct user CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Marcus Secato
Bug #1924686: systemd excessively reads mountinfo and udev in dense container environments CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Li Zhou
Bug #1924691: systemd sends tons of useless PropertiesChanged messages when a mount happens CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-18634
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6470
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
CVE-2021-3156
StarlingX Fix released, assigned to Li Zhou
Bug #1926172: Fail to run unit tests with pepe8/flake8 CVE-2020-15705
StarlingX Fix released, assigned to Chuck Short
Bug #1926366: Two unlocks required when converting a single-nic system to enable SR-IOV on the underlying interface CVE-2020-15705
StarlingX Fix released, assigned to Steven Webster
Bug #1926372: CVE-2021-26937 screen segfault CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Joe Slater
Bug #1926591: Unlock fails after restore when trying to resize docker-lv fs CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Mihnea Saracin
Bug #1926987: Download_mirror.sh fails on 'flockflock' CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Scott Little
Bug #1927137: Docker build env fails on git-review CVE-2016-10739
CVE-2017-6519
CVE-2018-10360
CVE-2018-1116
CVE-2018-1122
CVE-2018-12404
CVE-2018-1312
CVE-2018-13139
CVE-2018-14348
CVE-2018-14498
CVE-2018-15473
CVE-2018-17199
CVE-2018-18384
CVE-2018-19519
CVE-2018-4700
CVE-2018-5741
CVE-2018-5742
CVE-2018-5743
CVE-2018-8905
CVE-2019-0220
CVE-2019-10160
CVE-2019-10218
CVE-2019-11068
CVE-2019-11745
CVE-2019-12735
CVE-2019-13232
CVE-2019-13734
CVE-2019-16056
CVE-2019-17006
CVE-2019-3813
CVE-2019-3880
CVE-2019-5482
CVE-2019-6477
CVE-2019-9636
CVE-2019-9924
CVE-2019-9948
CVE-2020-0549
CVE-2020-10772
CVE-2020-10878
CVE-2020-12049
CVE-2020-12663
CVE-2020-5208
CVE-2020-6851
CVE-2020-8112
CVE-2020-8617
CVE-2021-26937
StarlingX Fix released, assigned to Scott Little
Bug #1927153: intel-fpga/intel-gpu/intel-qat: docker images build errors CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Davlet Panech
Bug #1927224: AIO-SX migration to AIO-DX failed on standalone system CVE-2020-15705
StarlingX Fix released, assigned to Pedro Henrique Linhares
Bug #1927275: AIO-SX reboots after change OAM ip address CVE-2020-15705
StarlingX Fix released, assigned to Andre Kantek
Bug #1927515: ETCD poor latency performance and failure under load CVE-2020-15705
StarlingX Fix released, assigned to Jim Gauld
Bug #1927730: Secure boot via pxeboot fails with updated grub2 CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Don Penney
Bug #1927758: AIO-SX failed to come up due to sriov rate limit config failures in puppet CVE-2020-15705
StarlingX Fix released, assigned to Steven Webster
Bug #1927762: AIO-SX failed to start up after unlock due to lvm_global_filter. CVE-2020-15705
StarlingX Fix released, assigned to Mihnea Saracin
Bug #1928018: AIO-SX: armada pod stuck in Unknown after host-lock/unlock CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Angie Wang
Bug #1928135: During upgrade activation, system controller swact and activation failed CVE-2020-15705
StarlingX Fix released, assigned to Jessica Castelino
Bug #1928141: AIO-SX upgrade_platform playbook fails waiting for armada-api pod CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Dan Voiculeasa
Bug #1928353: Bad behaving pod not well separated from the platform CVE-2020-15705
StarlingX Fix released, assigned to Dan Voiculeasa
Bug #1928934: Storage-services loss of redundancy after lock/unlock of standby controller CVE-2018-15473
CVE-2019-18634
CVE-2019-6470
CVE-2020-13817
CVE-2020-15705
CVE-2020-15707
CVE-2021-3156
StarlingX Fix released, assigned to Mihnea Saracin
Bug #1933263: pxeboot_setup.sh copies wrong grubx64.efi CVE-2020-15705
StarlingX Fix released, assigned to Don Penney
Bug #1945997: CVE-2021-31535 libX11: missing request length checks CVE-2021-31535
StarlingX Fix released, assigned to Joe Slater
Bug #1947610: CVE-2020-29573: glibc buffer overflow CVE-2019-25013
CVE-2020-10029
CVE-2020-29573
StarlingX Fix released, assigned to Joe Slater
Bug #1954718: CVE-2016-4658 libxml2: Use after free via namespace node in XPointer ranges CVE-2016-4658
StarlingX Fix released, assigned to Joe Slater
Bug #1954722: CVE-2018-25011 / CVE-2020-36328 / CVE-2020-36329: libwebp multiple CVEs CVE-2018-25011
CVE-2020-36328
CVE-2020-36329
StarlingX Fix released, assigned to Joe Slater
Bug #1957929: CVE-2021-43527: nss: Memory corruption in decodeECorDsaSignature with DSA signatures (and RSA-PSS) CVE-2021-43527
StarlingX Fix released, assigned to Joe Slater
Bug #1960087: CVE-2021-4034 polkit privilege escalation CVE-2021-4034
StarlingX Fix released, assigned to Joe Slater
Bug #1960765: CVE-2021-26691 / CVE-2021-39275 / CVE-2021-44790: apache / httpd multiple CVEs CVE-2021-26691
CVE-2021-39275
CVE-2021-44790
CVE-2022-22720
StarlingX Fix released, assigned to Joe Slater
Bug #1964842: CVE-2021-44142 / CVE-2020-25717 / CVE-2020-25719: samba multiple CVEs CVE-2020-25717
CVE-2020-25719
CVE-2021-44142
StarlingX Fix released, assigned to Joe Slater
Bug #1969362: CVE-2021-45960 / CVE-2022-22822 / CVE-2022-22823 / CVE-2022-22824 / CVE-2022-23852 / CVE-2022-25235 / CVE-2022-25236 / CVE-2022-25315: expat multiple CVEs CVE-2021-45960
CVE-2022-22822
CVE-2022-22823
CVE-2022-22824
CVE-2022-23852
CVE-2022-25235
CVE-2022-25236
CVE-2022-25315
StarlingX Fix released, assigned to Joe Slater
Bug #1969363: CVE-2022-22720: httpd: Errors encountered during the discarding of request body lead to HTTP request smuggling CVE-2021-26691
CVE-2021-39275
CVE-2021-44790
CVE-2022-22720
StarlingX Fix released, assigned to Joe Slater
Bug #1969605: CVE: CVE-2022-0435: kernel: remote stack overflow via kernel panic on systems using TIPC may lead to DoS CVE-2022-0435
CVE-2022-0847
StarlingX Fix released, assigned to Jiping Ma
Bug #1969993: CVE-2022-23307: log4j: Unsafe deserialization flaw in Chainsaw log viewer CVE-2022-23307
StarlingX Fix released, assigned to Joe Slater
Bug #1975755: CVE-2022-23990: expat: integer overflow in the doProlog function CVE-2022-23990
StarlingX Fix released, assigned to Joe Slater
Bug #1982723: Debian: CVE-2022-29155: openldap: OpenLDAP SQL injection CVE-2022-29155
StarlingX Fix released, assigned to Zhixiong Chi
Bug #1985885: Debian: CVE-2022-28615 / CVE-2022-29404 / CVE-2022-30522 / CVE-2022-31813: apache2: A flaw was found in the mod_proxy module of httpd CVE-2022-28615
CVE-2022-29404
CVE-2022-30522
CVE-2022-31813
StarlingX Fix released, assigned to Wentao Zhang
Bug #1986485: Debian: CVE-2022-27404: freetype: Some commits can cause heap buffer overflows CVE-2022-1664
CVE-2022-27404
CVE-2022-27405
CVE-2022-27406
StarlingX Fix released, assigned to Wentao Zhang
Bug #1986486: Debian: CVE-2022-1664:dpkg package is prone to a directory traversal vulnerability CVE-2022-1664
StarlingX Fix released, assigned to Wentao Zhang
Bug #1987927: CVE: CVE-2021-3177 - python: Stack-based buffer overflow in PyCArg_repr in _ctypes/callproc.c CVE-2019-20907
CVE-2020-26116
CVE-2021-3177
CVE-2022-0391
StarlingX Fix released, assigned to Joe Slater
Bug #1994096: Debian CVE: CVE-2021-22945/CVE-2022-27781/CVE-2022-32207: curl: multiple CVEs CVE-2021-22945
CVE-2022-27781
CVE-2022-32207
StarlingX Fix released, assigned to Yue Tao
Bug #1994099: Debian CVE: CVE-2022-2795 / CVE-2022-3080 / CVE-2022-38177 / CVE-2022-38178: bind9: multiple CVEs CVE-2022-2795
CVE-2022-3080
CVE-2022-38177
CVE-2022-38178
StarlingX Fix released, assigned to Wentao Zhang
Bug #1994105: Debian CVE-2022-1586 / CVE-2022-1587: pcre2: multiple CVEs CVE-2022-1586
CVE-2022-1587
StarlingX Fix released, assigned to Yue Tao
Bug #1994107: Debian CVE-2022-40674: expat: a use-after-free in the doContent function CVE-2022-40674
StarlingX Fix released, assigned to Yue Tao
Bug #1994108: Debian CVE-2022-37434 / CVE-2018-25032 : zlib: multiple CVEs CVE-2018-25032
CVE-2022-37434
StarlingX Fix released, assigned to Zhixiong Chi
Bug #1994109: Debian CVE-2021-46828: libtirpc: lead to an svc_run infinite loop CVE-2021-46828
CVE-2022-46828
StarlingX Fix released, assigned to Zhixiong Chi
Bug #1994110: Debian CVE-2022-1552: postgresql: xecute arbitrary SQL functions under a superuser identity CVE-2022-1552
CVE-2022-2509
StarlingX Fix released, assigned to Yue Tao
Bug #1994111: Debian CVE-2022-32744 / CVE-2022-2031: samba: multiple CVEs CVE-2022-2031
CVE-2022-32744
StarlingX Fix released, assigned to Zhixiong Chi
Bug #1994112: Debian CVE-2022-2509: libgnutls30: a double free error CVE-2022-2509
StarlingX Fix released, assigned to Yue Tao
Bug #1994113: Debian CVE-2022-1271: gzip: overwrite an attacker's content to an arbitrary attacker-selected file CVE-2022-1271
StarlingX Fix released, assigned to ZhangXiao
Bug #1994115: Debian CVE-2022-26353: qemu: memory leakage CVE-2022-26353
StarlingX Fix released, assigned to Yue Tao
Bug #1996015: [Debian] CVE: CVE-2022-1012/CVE-2022-36946/CVE-2022-3621/CVE-2022-3649/CVE-2022-3594: kernel: multiple CVEs CVE-2022-1012
CVE-2022-3594
CVE-2022-3621
CVE-2022-3649
CVE-2022-36946
StarlingX Fix released, assigned to Jiping Ma
Bug #1997194: [Debian] CVE: CVE-2022-43680: libexpat: XML_ExternalEntityParserCreate in out-of-memory CVE-2022-43680
StarlingX Fix released, assigned to Yue Tao
Bug #1997197: [Debian] CVE: CVE-2022-40617: strongswan: remote attackers to cause a denial of service CVE-2022-40617
StarlingX Fix released, assigned to Yue Tao
Bug #1997198: [Debian] CVE: CVE-2022-41323/CVE-2022-34265/CVE-2022-28347/CVE-2022-28346/CVE-2022-23833: python3-django: multiple CVEs CVE-2022-23833
CVE-2022-28346
CVE-2022-28347
CVE-2022-34265
CVE-2022-41323
StarlingX Fix released, assigned to Yue Tao
Bug #1997327: [Debian] CVE: CVE-2022-37797: lighttpd : null pointer dereference CVE-2022-37797
StarlingX Fix released, assigned to Zhixiong Chi
Bug #1997328: [Debian] CVE: CVE-2022-2928: isc-dhcp : overflow and cause the server to abort CVE-2022-2928
CVE-2022-2929
StarlingX Fix released, assigned to Zhixiong Chi
Bug #1999358: [Debian] CVE: CVE-2022-41556/CVE-2022-30780: Lighttpd : multiple CVEs Edit CVE-2022-30780
CVE-2022-41556
StarlingX Won't fix, assigned to Yue Tao
Bug #1999991: [Debian] CVE: CVE-2022-40303: libxml2: leading to a segmentation fault CVE-2022-40303
StarlingX Fix released, assigned to Wentao Zhang
Bug #2002269: [Debian] CVE: CVE-2022-42898: krb5: integer overflows. CVE-2022-42898
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2002277: [Debian] CVE: CVE-2022-47629/CVE-2022-3515: libksba : integer overflow vulnerability. CVE-2022-3515
CVE-2022-47629
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2002279: [Debian] CVE: CVE-2021-46848: libtasn1 : an ETYPE_OK off-by-one CVE-2021-46848
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2002280: [Debian] CVE: CVE-2022-3643/CVE-2022-3524: kernel: multiple CVEs CVE-2022-3524
CVE-2022-3643
StarlingX Fix released, assigned to Jiping Ma
Bug #2002281: [Debian] CVE: CVE-2021-46669/CVE-2022-27376/CVE-2022-27377...CVE-2022-32089/CVE-2022-32091: mariadb: multiple CVEs CVE-2021-46669
CVE-2022-27376
CVE-2022-27377
CVE-2022-27378
CVE-2022-27379
CVE-2022-27380
CVE-2022-27381
CVE-2022-27382
CVE-2022-27383
CVE-2022-27384
CVE-2022-27385
CVE-2022-27386
CVE-2022-27387
CVE-2022-27444
CVE-2022-27445
CVE-2022-27446
CVE-2022-27447
CVE-2022-27448
CVE-2022-27449
CVE-2022-27451
CVE-2022-27452
CVE-2022-27455
CVE-2022-27456
CVE-2022-27457
CVE-2022-27458
CVE-2022-32081
CVE-2022-32082
CVE-2022-32083
CVE-2022-32084
CVE-2022-32085
CVE-2022-32086
CVE-2022-32087
CVE-2022-32088
CVE-2022-32089
CVE-2022-32091
StarlingX Fix released, assigned to Yue Tao
Bug #2006409: [Debian] CVE: CVE-2022-4337 / CVE-2022-4338: openvswitch: multiple CVEs CVE-2022-4337
CVE-2022-4338
StarlingX Fix released, assigned to Yue Tao
Bug #2006410: [Debian] CVE: CVE-2022-3094 / CVE-2022-3736 / CVE-2022-3924: bind: multiple CVEs CVE-2022-3094
CVE-2022-3736
CVE-2022-3924
StarlingX Fix released, assigned to hqbai
Bug #2006412: [Debian] CVE: CVE-2022-32221/CVE-2022-43552: curl: multi CVEs CVE-2022-32221
CVE-2022-43552
StarlingX Fix released, assigned to hqbai
Bug #2009332: [Debian] CVE: CVE-2023-23916: curl: An allocation of resources without limits or throttling vulnerability CVE-2023-23916
StarlingX Fix released, assigned to Li Zhou
Bug #2009333: [Debian] CVE: CVE-2022-25147: apr-util: Integer Overflow or Wraparound vulnerability CVE-2022-25147
StarlingX Fix released, assigned to Peng Zhang
Bug #2009334: [Debian] CVE: CVE-2023-25725: haproxy : may allow a bypass of access control CVE-2023-0056
CVE-2023-25725
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2009336: [Debian] CVE: CVE-2022-4450/CVE-2023-0215: openssl: multi CVEs CVE-2022-2097
CVE-2022-4304
CVE-2022-4450
CVE-2023-0215
CVE-2023-0286
StarlingX Fix released, assigned to Li Zhou
Bug #2009723: build-tools: latest git in debian bullseye causes docker build errors CVE-2023-22490
StarlingX Fix released, assigned to Davlet Panech
Bug #2012865: [Debian] CVE: CVE-2006-20001/CVE-2023-25690/CVE-2022-36760/CVE-2022-37436/CVE-2023-27522: apache2: multi CVEs CVE-2006-20001
CVE-2022-36760
CVE-2022-37436
CVE-2023-25690
CVE-2023-27522
StarlingX Fix released, assigned to ZhangXiao
Bug #2012866: [Debian] CVE: CVE-2022-24963: apr: Integer Overflow or Wraparound vulnerability CVE-2022-24963
StarlingX Fix released, assigned to ZhangXiao
Bug #2012868: [Debian] CVE: CVE-2022-38725: syslog-ng: An integer overflow in the RFC3164 parser CVE-2022-38725
StarlingX Fix released, assigned to ZhangXiao
Bug #2013012: [Debian] CVE: CVE-2022-42333 xen: x86/HVM pinned cache attributes mis-handling CVE-2022-42333
StarlingX Fix released, assigned to Peng Zhang
Bug #2015711: [Debian] CVE: CVE-2022-4379: kernel: A use-after-free vulnerability CVE-2022-4379
StarlingX Fix released, assigned to Peng Zhang
Bug #2018636: [Debian]: CVE: CVE-2022-37026: erlang a Client Authentication Bypass in certain client-certification situations CVE-2022-37026
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2018637: [Debian]: CVE-2022-3204/CVE-2022-30698/CVE-2022-30699: unbound multiple CVEs CVE-2022-30698
CVE-2022-30699
CVE-2022-3204
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2018638: [Debian]: CVE: CVE-2022-4904: c-ares arbitrary length stack overflow CVE-2022-4904
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2018639: [Debian]: CVE: CVE-2022-21797: python3-joblib: Arbitrary Code Execution CVE-2022-21797
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2018640: [Debian] CVE: CVE-2023-1668: openvswitch incorrect handling of other IP packets with a != 0 CVE-2023-1668
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2018641: [Debian]: CVE: CVE-2021-43612: lldpd an out-of-bounds heap read via short SONMP packets CVE-2021-43612
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2020638: [Debian] CVE: CVE-2022-24761: python3-waitress: Inconsistent Interpretation of HTTP Requests CVE-2022-24761
StarlingX Fix released, assigned to hqbai
Bug #2020639: [Debian] CVE: CVE-2021-30560: libxslt: use-after-free in xsltApplyTemplates CVE-2021-30560
StarlingX Fix released (unassigned)
Bug #2020720: [Debian] CVE: CVE-2022-41973/CVE-2022-41974: multipath-tools: multiple CVEs CVE-2022-41973
CVE-2022-41974
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2020722: [Debian] CVE: CVE-2023-0767: nss: result in execution of arbitrary code CVE-2023-0767
StarlingX Fix released (unassigned)
Bug #2020724: Debian]: CVE: CVE-2023-0361: gnutls: e able to decrypt the application data exchanged over that connection CVE-2023-0361
StarlingX Fix released (unassigned)
Bug #2020726: [Debian] CVE: CVE-2023-22809: sudo: allowing a local attacker to append arbitrary entries CVE-2023-22809
StarlingX Fix released (unassigned)
Bug #2020727: [Debian] CVE: CVE-2022-44638: pixman: an out-of-bounds write CVE-2022-44638
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2020729: [Debian] CVE: CVE-2022-24805/CVE-2022-24806/.../CVE-2022-24810: net-snmp: multiple CVE-2022-24805
CVE-2022-24806
CVE-2022-24807
CVE-2022-24808
CVE-2022-24809
CVE-2022-24810
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2020730: [Debian] CVE: CVE-2022-2601/CVE-2022-3775: grub2: multiple CVEs CVE-2022-2601
CVE-2022-3775
StarlingX Fix released, assigned to Li Zhou
Bug #2020732: [Debian] CVE: CVE-2023-0836: haproxy: 5 bytes left uninitialized in the connection buffer CVE-2023-0836
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2020741: [Debian] CVE: CVE-2023-1667/CVE-2023-2283: libssh: multiple CVEs CVE-2023-1667
CVE-2023-2283
StarlingX Fix released (unassigned)
Bug #2020742: [Debian] CVE: CVE-2023-2454/CVE-2023-2455/CVE-2022-2625: postgresql: multiple CVEs CVE-2022-2625
CVE-2023-2454
CVE-2023-2455
StarlingX Fix released (unassigned)
Bug #2021447: [Debian] Medium CVE: CVE-2021-3468: avahi: trigger an infinite loop CVE-2021-3468
StarlingX Fix released, assigned to Li Zhou
Bug #2021448: [Debian] Medium CVE: CVE-2022-3821/CVE-2022-4415: systemd: multiple CVEs CVE-2022-3821
CVE-2022-4415
StarlingX Fix released, assigned to Li Zhou
Bug #2021462: [Debian] Medium CVE: CVE-2023-28484/CVE-2023-29469: libxml2: multiple CVEs CVE-2023-28484
CVE-2023-29469
StarlingX Fix released, assigned to Li Zhou
Bug #2021465: [Debian] Medium CVE: CVE-2022-42010/CVE-2022-42011/CVE-2022-42012: dbus: multiple CVEs CVE-2022-42010
CVE-2022-42011
CVE-2022-42012
StarlingX Fix released, assigned to Li Zhou
Bug #2021469: [Debian] Medium CVE: CVE-2022-3100: barbican: an access policy bypass via a query string CVE-2022-3100
StarlingX Fix released, assigned to ZhangXiao
Bug #2021470: [Debian] Medium CVE: CVE-2021-3502: avahi: a local attacker to crash the avahi service CVE-2021-3502
StarlingX Fix released, assigned to Li Zhou
Bug #2021473: [Debian] Medium CVE: CVE-2022-1348: logrotate: allowing an unprivileged user to lock the state file CVE-2022-1348
StarlingX Fix released, assigned to ZhangXiao
Bug #2021475: [Debian] Medium CVE: CVE-2022-34903: gnupg2: allows signature forgery via injection into the status line CVE-2022-34903
StarlingX Fix released, assigned to ZhangXiao
Bug #2021476: [Debian] CVE: CVE-2022-38223: w3m: an attacker to cause Denial of Service CVE-2022-38223
StarlingX Fix released, assigned to hqbai
Bug #2021477: [Debian] CVE: CVE-2022-29458: ncurses: an out-of-bounds read CVE-2022-29458
StarlingX Fix released, assigned to hqbai
Bug #2021482: [Debian] High CVE: CVE-2022-2255: mod-wsgi: pass the X-Client-IP header to the target WSGI application CVE-2022-2255
StarlingX Fix released, assigned to hqbai
Bug #2021536: [Debian] High CVE: CVE-2022-25308/CVE-2022-25309/CVE-2022-25310: fribidi: multiple CVEs CVE-2022-25308
CVE-2022-25309
CVE-2022-25310
StarlingX Fix released, assigned to hqbai
Bug #2021541: [Debian] High CVE: CVE-2022-0135: virglrenderer a denial of service or possible code execution CVE-2022-0135
StarlingX Fix released, assigned to hqbai
Bug #2021544: [Debian] High CVE: CVE-2021-3999: glibc: An off-by-one buffer overflow and underflow CVE-2021-3999
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2021546: [Debian] High CVE: CVE-2021-38155: keystone: nformation disclosure during account locking CVE-2021-38155
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2021548: [Debian] High CVE: CVE-2022-22707: lighttpd: a stack-based buffer overflow CVE-2022-22707
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2021927: [Debian] CVE:CVE-2023-32233/CVE-2023-31436/CVE-2023-2513/CVE-2023-1859/CVE-2023-2156/CVE-2023-34256: kernel: multiple CVEs CVE-2023-1859
CVE-2023-2156
CVE-2023-2513
CVE-2023-31436
CVE-2023-32233
CVE-2023-34256
StarlingX Fix released, assigned to Peng Zhang
Bug #2022017: [Debian] High CVE: CVE-2023-0464/CVE-2023-0465/CVE-2023-0466/CVE-2023-2650: openssl: multiple CVEs CVE-2023-0464
CVE-2023-0465
CVE-2023-0466
CVE-2023-2650
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2022018: [Debian] High CVE: CVE-2023-2253: docker-registry: denial of service by a crafted malicious CVE-2023-2253
StarlingX Fix released, assigned to ZhangXiao
Bug #2025013: [Debian] High CVE: CVE-2023-2828/CVE-2023-2911: bind: multiple CVEs CVE-2023-2828
CVE-2023-2911
StarlingX Fix released, assigned to Peng Zhang
Bug #2025014: [Debian] High CVE: CVE-2023-3138: libx11: a buffer overflow CVE-2023-3138
StarlingX Fix released, assigned to Peng Zhang
Bug #2025015: [Debian] High CVE: CVE-2023-31130/CVE-2023-32067: c-ares: multiple CVEs CVE-2023-31130
CVE-2023-32067
StarlingX Fix released, assigned to Peng Zhang
Bug #2025123: [Debian] High CVE: CVE-2023-3090/CVE-2023-3212/CVE-2023-35788/CVE-2023-3141/CVE-2023-3111/CVE-2023-3338/CVE-2023-2124/CVE-2023-3609: kernel: multiple CVEs CVE-2023-2124
CVE-2023-3090
CVE-2023-3111
CVE-2023-3141
CVE-2023-3212
CVE-2023-3338
CVE-2023-35788
CVE-2023-3609
StarlingX Fix released, assigned to Peng Zhang
Bug #2026664: [Debian] High CVE: CVE-2023-30861 flask: Possible disclosure of permanent session cookie due to missing Vary: Cookie header CVE-2023-30861
StarlingX Fix released, assigned to Peng Zhang
Bug #2029210: [Debian] High CVE: CVE-2023-38403 iperf3: integer overflow and heap corruption CVE-2023-38403
StarlingX Fix released, assigned to Wentao Zhang
Bug #2029211: [Debian] High CVE: CVE-2023-4004/CVE-2023-31248/CVE-2023-35001/CVE-2023-3117/CVE-2023-3611/CVE-2023-3610/CVE-2023-3776/CVE-2023-3390/CVE-2023-2898/CVE-2023-3863/CVE-2023-20593/CVE-2023-4132 kernel: multiple CVEs CVE-2023-20593
CVE-2023-2898
CVE-2023-3117
CVE-2023-31248
CVE-2023-3390
CVE-2023-35001
CVE-2023-3610
CVE-2023-3611
CVE-2023-3776
CVE-2023-3863
CVE-2023-4004
CVE-2023-4132
StarlingX Fix released, assigned to Peng Zhang
Bug #2030472: [Debian] High CVE: CVE-2023-36053/CVE-2023-23969/CVE-2023-24580/CVE-2023-31047 python-django: multiple CVEs CVE-2023-23969
CVE-2023-24580
CVE-2023-31047
CVE-2023-36053
StarlingX Fix released, assigned to Wentao Zhang
Bug #2030473: [Debian] High CVE: CVE-2023-23934/CVE-2023-25577 python-werkzeug: multiple CVEs CVE-2023-23934
CVE-2023-25577
StarlingX Fix released, assigned to Wentao Zhang
Bug #2033580: [Debian] High CVE: CVE-2023-37328 gst-plugins-base1.0: Heap-based buffer overflow CVE-2023-37328
StarlingX Fix released, assigned to Wentao Zhang
Bug #2033581: [Debian] Critical CVE: CVE-2021-32292 json-c: a stack-buffer-overflow CVE-2021-32292
StarlingX Fix released, assigned to Wentao Zhang
Bug #2034117: [Debian] High CVE: CVE-2022-48554 file: an stack-based buffer over-read CVE-2022-48554
StarlingX Fix released, assigned to Wentao Zhang
Bug #2034119: [Debian] High CVE: CVE-2021-3695/CVE-2021-3696/CVE-2021-3697/CVE-2022-28733/CVE-2022-28734/CVE-2022-28735/CVE-2022-28736 grub2: multiple CVEs CVE-2021-3695
CVE-2021-3696
CVE-2021-3697
CVE-2022-28733
CVE-2022-28734
CVE-2022-28735
CVE-2022-28736
StarlingX Fix released, assigned to Li Zhou
Bug #2036311: [Debian] High CVE: CVE-2023-3777/CVE-2023-4015/CVE-2023-4208/CVE-2023-4206/CVE-2023-4207/CVE-2023-3772/CVE-2022-45887/CVE-2022-45886/CVE-2022-45919/CVE-2023-3773/CVE-2023-21400 kernel: multiple CVEs CVE-2022-39189
CVE-2022-40982
CVE-2022-4269
CVE-2022-45886
CVE-2022-45887
CVE-2022-45919
CVE-2023-0160
CVE-2023-1206
CVE-2023-1380
CVE-2023-2002
CVE-2023-20588
CVE-2023-21255
CVE-2023-21400
CVE-2023-2163
CVE-2023-2269
CVE-2023-31084
CVE-2023-3268
CVE-2023-3389
CVE-2023-34256
CVE-2023-34319
CVE-2023-35823
CVE-2023-35824
CVE-2023-35828
CVE-2023-35829
CVE-2023-3772
CVE-2023-3773
CVE-2023-3777
CVE-2023-4015
CVE-2023-40283
CVE-2023-4128
CVE-2023-4147
CVE-2023-4194
CVE-2023-4206
CVE-2023-4207
CVE-2023-4208
CVE-2023-4273
StarlingX Fix released, assigned to Peng Zhang
Bug #2036491: [Debian] High CVE: CVE-2023-2002/CVE-2023-21255/CVE-2023-2269/CVE-2023-31084/CVE-2023-3268/CVE-2023-3389/CVE-2023-34319/CVE-2023-4194/CVE-2023-4147/CVE-2023-4273/CVE-2022-40982/CVE-2023-4128/CVE-2023-40283/CVE-2023-1206/CVE-2023-0160 kernel: multiple CVEs CVE-2022-39189
CVE-2022-40982
CVE-2022-4269
CVE-2022-45886
CVE-2022-45887
CVE-2022-45919
CVE-2023-0160
CVE-2023-1206
CVE-2023-1380
CVE-2023-2002
CVE-2023-20588
CVE-2023-21255
CVE-2023-21400
CVE-2023-2163
CVE-2023-2269
CVE-2023-31084
CVE-2023-3268
CVE-2023-3389
CVE-2023-34256
CVE-2023-34319
CVE-2023-35823
CVE-2023-35824
CVE-2023-35828
CVE-2023-35829
CVE-2023-3772
CVE-2023-3773
CVE-2023-3777
CVE-2023-4015
CVE-2023-40283
CVE-2023-4128
CVE-2023-4147
CVE-2023-4194
CVE-2023-4206
CVE-2023-4207
CVE-2023-4208
CVE-2023-4273
StarlingX Fix released, assigned to Peng Zhang
Bug #2037162: [Debian] High CVE: CVE-2023-3341/CVE-2023-4236 bind9: multiple CVEs CVE-2023-3341
CVE-2023-4236
StarlingX Fix released, assigned to Li Zhou
Bug #2037481: [Debian] Critical CVE: CVE-2023-41910 lldpd: an out-of-bounds read on heap memory CVE-2023-41910
StarlingX Fix released, assigned to Li Zhou
Bug #2038707: [Debian] High CVE: CVE-2023-43785/CVE-2023-43786/CVE-2023-43787 libx11 CVE-2023-43785
CVE-2023-43786
CVE-2023-43787
StarlingX Fix released, assigned to Li Zhou
Bug #2038708: [Debian] High CVE: CVE-2023-4911 glibc CVE-2023-4911
StarlingX Fix released, assigned to Li Zhou
Bug #2038710: [Debian] High CVE: CVE-2023-42755/CVE-2023-42752/CVE-2023-4622/CVE-2023-37453/CVE-2023-42753/CVE-2023-4623/CVE-2023-4921 kernel: multiple CVEs CVE-2022-45884
CVE-2023-31084
CVE-2023-31085
CVE-2023-3389
CVE-2023-37453
CVE-2023-39189
CVE-2023-39192
CVE-2023-39193
CVE-2023-39194
CVE-2023-4244
CVE-2023-42752
CVE-2023-42753
CVE-2023-42754
CVE-2023-42755
CVE-2023-42756
CVE-2023-45871
CVE-2023-4622
CVE-2023-4623
CVE-2023-4921
CVE-2023-5197
StarlingX Fix released, assigned to Peng Zhang
Bug #2038742: [Debian] Critical CVE: CVE-2023-4692/CVE-2023-4693 grub2: multiple CVEs CVE-2023-4692
CVE-2023-4693
StarlingX Fix released, assigned to Li Zhou
Bug #2038793: [Debian] High CVE: CVE-2021-38185 cpio: integer overflow that triggers an out-of-bounds heap write CVE-2021-38185
StarlingX Fix released, assigned to hqbai
Bug #2038794: [Debian] Critical CVE: CVE-2023-38408 openssh: an insufficiently trustworthy search path CVE-2023-38408
StarlingX Fix released, assigned to hqbai
Bug #2038795: [Debian] High CVE: CVE-2023-36054 krb5: a remote authenticated user can trigger a kadmind crash CVE-2023-36054
StarlingX Fix released, assigned to hqbai
Bug #2038796: [Debian] High CVE: CVE-2023-4504/CVE-2023-32324/CVE-2023-32360/CVE-2023-34241 cups: multiple CVEs CVE-2023-32324
CVE-2023-32360
CVE-2023-34241
CVE-2023-4504
StarlingX Fix released, assigned to hqbai
Bug #2038877: [Debian] High CVE: CVE-2023-27533/CVE-2023-27534/CVE-2023-27535/CVE-2023-27536/CVE-2023-27538/CVE-2023-28321/CVE-2023-28322 curl: multiple CVEs CVE-2023-27533
CVE-2023-27534
CVE-2023-27535
CVE-2023-27536
CVE-2023-27538
CVE-2023-28321
CVE-2023-28322
CVE-2023-38545
CVE-2023-38546
StarlingX Fix released, assigned to hqbai
Bug #2038878: [Debian] High CVE: CVE-2023-34969 dbus: dbus-daemon crash under some circumstances CVE-2023-34969
StarlingX Fix released, assigned to hqbai
Bug #2038879: [Debian] High CVE: CVE-2021-23336/CVE-2022-0391/CVE-2022-48560/CVE-2022-48565/CVE-2022-48566/CVE-2023-24329/CVE-2023-40217 python2.7: multiple CVEs CVE-2021-23336
CVE-2022-0391
CVE-2022-48560
CVE-2022-48565
CVE-2022-48566
CVE-2023-24329
CVE-2023-40217
StarlingX Fix released, assigned to Peng Zhang
Bug #2038880: [Debian] High CVE: CVE-2022-45582 horizon: Open Redirect vulnerability CVE-2022-45582
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2038881: [Debian] High CVE: CVE-2023-29491 ncurses: trigger security-relevant memory corruption CVE-2023-29491
StarlingX Fix released, assigned to Peng Zhang
Bug #2038882: [Debian] High CVE: CVE-2017-16516/CVE-2022-24795/CVE-2023-33460 yajl: multiple CVEs CVE-2017-16516
CVE-2022-24795
CVE-2023-33460
StarlingX Fix released, assigned to Peng Zhang
Bug #2038884: [Debian] High CVE: CVE-2019-6706/CVE-2020-24370 lua5.3: multiple CVEs CVE-2019-6706
CVE-2020-24370
StarlingX Fix released, assigned to Peng Zhang
Bug #2038885: [Debian] High CVE: CVE-2023-35936 pandoc: an arbitrary file write vulnerability CVE-2023-35936
StarlingX Fix released, assigned to Peng Zhang
Bug #2038888: [Debian] High CVE: CVE-2020-14394/CVE-2021-20196/.../CVE-2023-3301/CVE-2023-3354 qemu: multiple CVEs CVE-2020-14394
CVE-2021-20196
CVE-2021-20203
CVE-2021-3507
CVE-2021-3930
CVE-2022-0216
CVE-2023-0330
CVE-2023-1544
CVE-2023-3180
CVE-2023-3301
CVE-2023-3354
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2042977: Mitigate CVE-2022-4886, CVE-2023-5043 and CVE-2023-5044 for ingress-nginx CVE-2022-4886
CVE-2023-5044
StarlingX Fix released, assigned to Reinildes Oliveira
Bug #2043434: [Debian] [Medium] CVE: CVE-2022-2929: isc-dhcp : server to run out of memory CVE-2022-2928
CVE-2022-2929
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2043435: [Debian] High CVE: CVE-2023-5868/CVE-2023-5869/CVE-2023-5870/CVE-2023-39417 postgresql-13 : multiple CVEs CVE-2023-39417
CVE-2023-5868
CVE-2023-5869
CVE-2023-5870
StarlingX Fix released, assigned to Peng Zhang
Bug #2043947: [Debian] High CVE: CVE-2023-35827/CVE-2023-5717/CVE-2023-5178/CVE-2023-46813 kernel: multiple CVEs CVE-2023-34324
CVE-2023-35827
CVE-2023-39197
CVE-2023-46813
CVE-2023-46862
CVE-2023-4881
CVE-2023-5178
CVE-2023-51780
CVE-2023-51781
CVE-2023-51782
CVE-2023-5717
CVE-2023-6121
CVE-2023-6176
CVE-2023-6531
CVE-2023-6546
CVE-2023-6817
CVE-2023-6931
CVE-2023-6932
StarlingX Fix released, assigned to Peng Zhang
Bug #2044204: [Debian] Critical CVE: CVE-2023-41913 strongswan: potential buffer overflow CVE-2023-41913
StarlingX Fix released, assigned to Peng Zhang
Bug #2045522: [Debian] High CVE: CVE-2023-46118 rabbitmq-server - denial of service (DoS) attacks CVE-2023-46118
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2045544: [Debian] High CVE: CVE-2023-44487 nghttp2 - denial of service CVE-2023-44487
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2047185: [Debian] High CVE: CVE-2023-45866 bluez: permit an unauthenticated Peripheral role CVE-2023-45866
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2047315: [Debian] Critical CVE: CVE-2023-51384/CVE-2023-28531/CVE-2023-48795/CVE-2023-51385/CVE-2021-41617 openssh : multiple CVEs CVE-2021-41617
CVE-2023-28531
CVE-2023-48795
CVE-2023-51384
CVE-2023-51385
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2047316: [Debian] High CVE: CVE-2023-46218 curl: a mixed case flaw CVE-2023-46218
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2047673: [Debian] Medium CVE: CVE-2023-6004/CVE-2023-6918/CVE-2023-48795 libssh : multiple CVEs CVE-2023-48795
CVE-2023-6004
CVE-2023-6918
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2047674: [Debian] High CVE: CVE-2023-40225/CVE-2023-45539 haproxy : multiple CVEs CVE-2023-40225
CVE-2023-45539
StarlingX Fix released, assigned to Zhixiong Chi
Bug #2052923: [Debian] Medium CVE: CVE-2022-31160 jqueryui: potentially vulnerable to cross-site scripting CVE-2022-31160
StarlingX Fix released, assigned to Wentao Zhang
Bug #2052924: [Debian] High CVE: CVE-2023-29499/CVE-2023-32611/CVE-2023-32665 glib2.0 : multiple CVEs CVE-2023-29499
CVE-2023-32611
CVE-2023-32665
StarlingX Fix released, assigned to Wentao Zhang
Bug #2052926: [Debian] Medium CVE: CVE-2022-48303/CVE-2023-39804 tar : multiple CVEs CVE-2022-48303
CVE-2023-39804
StarlingX Fix released, assigned to Wentao Zhang
Bug #2052927: [Debian] High CVE: CVE-2023-47038 perl: buffer overflow in a heap allocated buffer CVE-2023-47038
StarlingX Fix released, assigned to Wentao Zhang
Bug #2054273: [Debian] Medium CVE: CVE-2023-48733 edk2 OS-resident attacker to bypass Secure Boot CVE-2023-48733
StarlingX Fix released, assigned to Peng Zhang
Bug #2054274: [Debian] High CVE: CVE-2024-0985 postgresql-13 execute arbitrary SQL functions as the command issuer CVE-2024-0985
StarlingX Fix released, assigned to Wentao Zhang
Bug #2054275: [Debian] High CVE: CVE-2023-4408/CVE-2023-5517/.../CVE-2023-50868/CVE-2023-6516 bind9 : multiple CVEs CVE-2023-4408
CVE-2023-50387
CVE-2023-50868
CVE-2023-5517
CVE-2023-5679
CVE-2023-6516
StarlingX Fix released, assigned to Peng Zhang
Bug #2054276: [Debian] Medium CVE: CVE-2023-50387/CVE-2023-50868 unbound : multiple CVEs CVE-2023-50387
CVE-2023-50868
StarlingX Fix released, assigned to Peng Zhang
Bug #2057487: [Debian] Medium CVE: CVE-2023-5981 gnutls28: timing side-channel in the RSA-PSK authentication CVE-2023-5981
StarlingX Fix released, assigned to Wentao Zhang
Bug #2057488: [Debian] High CVE: CVE-2024-24806 libuv1: Improper Domain Lookup that potentially leads to SSRF attacks CVE-2024-24806
StarlingX Fix released, assigned to Wentao Zhang
Bug #2057984: [Debian] High CVE: CVE-2023-3966/CVE-2023-5366/CVE-2024-22563 openvswitch : multiple CVEs CVE-2023-3966
CVE-2023-5366
CVE-2024-22563
StarlingX Fix released, assigned to Wentao Zhang