SB2024080829 - Multiple vulnerabilities in Dell ObjectScale
Published: August 8, 2024 Updated: January 9, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 409 secuirty vulnerabilities.
1) Use-after-free (CVE-ID: CVE-2023-5345)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb3_fs_context_parse_param() function in fs/smb/client component. A remote attacker can execute arbitrary code with elevated privileges.
2) Input validation error (CVE-ID: CVE-2023-5158)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the vringh_kiov_advance() function in drivers/vhost/vringh.c in the host side of a virtio ring. A malicious guest can crash the host OS via zero length descriptor.
3) NULL pointer dereference (CVE-ID: CVE-2023-46862)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the io_uring_show_fdinfo() function in io_uring/fdinfo.c. A local user can trigger a race with SQ thread exit and perform a denial of service (DoS) attack.
4) Buffer overflow (CVE-ID: CVE-2023-45871)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the IGB driver in drivers/net/ethernet/intel/igb/igb_main.c when handling frames larger than the MTU. A remote attacker can send specially crafted traffic to the system, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Out-of-bounds write (CVE-ID: CVE-2023-45863)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the fill_kobj_path() function in lib/kobject.c. A local user can can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
6) Use-after-free (CVE-ID: CVE-2023-4244)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Linux kernel netfilter: nf_tables component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
7) Use-after-free (CVE-ID: CVE-2023-39198)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the QXL driver in the Linux kernel. A local privileged user can trigger a use-after-free error and escalate privileges on the system.
8) Out-of-bounds read (CVE-ID: CVE-2023-39197)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Netfilter Connection Tracking (conntrack) in the Linux kernel in the nf_conntrack_dccp_packet() function in net/netfilter/nf_conntrack_proto_dccp.c. A remote attacker can send specially crafted DCCP packets to the system, trigger an out-of-bounds read error and read contents of memory on the system.
9) Improper access control (CVE-ID: CVE-2023-25775)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper access restrictions in the Intel Ethernet Controller RDMA driver for Linux. A remote non-authenticated attacker can bypass implemented security restrictions and gain access to sensitive information.
10) Race condition (CVE-ID: CVE-2023-2006)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the processing of RxRPC bundles in net/rxrpc/ar-internal.h. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
11) Use-after-free (CVE-ID: CVE-2023-4921)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the qfq_dequeue() function within the the Linux kernel's net/sched: sch_qfq component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
12) Use-after-free (CVE-ID: CVE-2023-6039)
The vulnerability allows a local user to perform a denial of service (DoS) atack.
The vulnerability exists due to a use-after-free error within the lan78xx_disconnect() function in drivers/net/usb/lan78xx.c. A local user can trigger a use-after-free error and crash the kernel.
13) Use-after-free (CVE-ID: CVE-2023-4623)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: sch_hfsc (HFSC qdisc traffic control) component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
14) Use-after-free (CVE-ID: CVE-2023-4622)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the unix_stream_sendpage() function in af_unix component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
15) Use-after-free (CVE-ID: CVE-2023-4563)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the nft_verdict_dump() function of the nftables sub-component. A local user can trigger a race condition between set GC and transaction and perform a DoS attack.
16) Use-after-free (CVE-ID: CVE-2023-4389)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the btrfs_get_root_ref() function in fs/btrfs/disk-io.c. A local user can trigger a use-after-free error and execute arbitrary code on the system.
17) NULL pointer dereference (CVE-ID: CVE-2023-42754)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ipv4_send_dest_unreach() function in net/ipv4/route.c. A local user with CAP_NET_ADMIN permissions can perform a denial of service (DoS) attack.
18) Out-of-bounds write (CVE-ID: CVE-2023-42753)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
19) Race condition (CVE-ID: CVE-2023-4155)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition in KVM AMD Secure Encrypted Virtualization (SEV) in Linux kernel. A local user can exploit the race and escalate privileges on the system.
20) Out-of-bounds read (CVE-ID: CVE-2023-39194)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the XFRM subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
21) Out-of-bounds read (CVE-ID: CVE-2023-39193)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the sctp_mt_check() function in Netfilter subsystem in Linux kernel. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and read contents of memory on the system.
22) Out-of-bounds read (CVE-ID: CVE-2023-39192)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary condition within the the u32_match_it() function in Netfilter subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and gain access to sensitive information.
23) Out-of-bounds write (CVE-ID: CVE-2023-5717)
The vulnerability local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the Linux kernel's Linux Kernel Performance Events (perf) component. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
24) NULL pointer dereference (CVE-ID: CVE-2023-6176)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel API for the cryptographic algorithm scatterwalk functionality in scatterwalk_copychunks(). A local user can send a malicious packet with specific socket configuration and crash the OS kernel.
25) Use-after-free (CVE-ID: CVE-2023-1859)
The vulnerability allows a malicious guest to gain access to sensitive information or perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the xen_9pfs_front_removet() function in net/9p/trans_xen.c in Xen transport for 9pfs. A malicious guest VM can trigger a use-after-free error and gain access to sensitive information of the hypervisor or crash it.
26) Input validation error (CVE-ID: CVE-2022-35252)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to the way curl handles cookies with control codes (byte values below 32). When cookies that contain such control codes are later sent back to an
HTTP(S) server, it might make the server return a 400 response, effectively allowing a "sister site" to deny service to siblings.
27) NULL pointer dereference (CVE-ID: CVE-2023-2953)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the ber_memalloc_x() function. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
28) Integer overflow (CVE-ID: CVE-2022-47629)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in the CRL signature parser. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
29) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2023-5981)
The vulnerability allows a remote attacker to perform timing attack.
The vulnerability exists due to the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. A remote attacker can perform timing sidechannel attack in RSA-PSK key exchange.
30) Security features bypass (CVE-ID: CVE-2023-4039)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the GCC's stack smashing protection does not detect or defend against overflows of dynamically-sized local variables on AArch64 targets. A remote attacker can bypass expected security restrictions and successfully exploit buffer overflow vulnerabilities.
31) Out-of-bounds write (CVE-ID: CVE-2020-12762)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in the "printbuf_memappend". A remote attacker can create a specially crafted JSON file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
32) Stack-based buffer overflow (CVE-ID: CVE-2023-32181)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "econf_writeFile" function. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
33) Stack-based buffer overflow (CVE-ID: CVE-2023-30078)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the econf_writeFile() function in atlibeconf/lib/libeconf.c. A remote unauthenticated attacker can trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
34) Stack-based buffer overflow (CVE-ID: CVE-2023-30079)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the read_file() function in atlibeconf/lib/getfilecontents.c. A remote unauthenticated attacker can trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
35) Stack-based buffer overflow (CVE-ID: CVE-2023-22652)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the "read_file" function. A remote attacker can trigger stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
36) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-32208)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper handling of message verification failures when performing FTP transfers secured by krb5. A remote attacker can perform MitM attack and manipulate data.
37) Out-of-bounds write (CVE-ID: CVE-2022-1304)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input. A local attacker can use a specially crafted filesystem, trigger out-of-bounds write and execute arbitrary code on the target system.
38) Out-of-bounds write (CVE-ID: CVE-2023-2163)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in BPF verifier caused by improper marking of
registers for precision tracking in certain situations. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
39) PHP file inclusion (CVE-ID: CVE-2023-2603)
The vulnerability allows a remote attacker to include and execute arbitrary PHP files on the server.
The vulnerability exists due to incorrect input validation when including PHP files in web/ajax/modal.php. A remote non-authenticated attacker can send a specially crafted HTTP request to the affected application, include and execute arbitrary PHP code on the system with privileges of the web server.
40) Memory leak (CVE-ID: CVE-2023-2602)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in the error handling in the __wrap_pthread_create() function. A remote attacker can send a specially crafted request, exploit vulnerability to exhaust the process memory and cause a denial of service condition.
41) Input validation error (CVE-ID: CVE-2022-46663)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of the ANSI escape sequences in the "less -R" output. A remote attacker can trick the victim to run the command against the specially crafted data and perform a denial of service (DoS) attack.
42) Access of Uninitialized Pointer (CVE-ID: CVE-2023-36054)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to the _xdr_kadm5_principal_ent_rec() function in lib/kadm5/kadm_rpc_xdr.c does not validate the relationship between n_key_data and the key_data array count and frees an uninitialized pointer. A remote user can send a specially crafted request to the application and perform a denial of service (DoS) attack.
43) Integer overflow (CVE-ID: CVE-2022-42898)
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to an integer overflow within the S4U2Proxy handler on 32-bit systems. A remote user can send specially crafted request to the KDC server, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
44) Use-after-free (CVE-ID: CVE-2023-5178)
The vulnerability allows a local authenticated user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the drivers/nvme/target/tcp.c in nvmet_tcp_free_crypto due to a logical bug in the NVMe-oF/TCP subsystem in the Linux kernel. A local authenticated user can trigger a use-after-free error and escalate privileges on the system.
45) Out-of-bounds read (CVE-ID: CVE-2023-39189)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the nfnl_osf_add_callback() function in Linux kernel Netfilter. A local user with CAP_NET_ADMIN capability can trigger an out-of-bounds read error and execute arbitrary code with elevated privileges.
46) Resource management error (CVE-ID: CVE-2023-3777)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper handling of table rules flush in certain circumstances within the netfilter subsystem in net/netfilter/nf_tables_api.c. A local user can perform a denial of service (DoS) attack or execute arbitrary code with elevated privileges.
47) Deadlock (CVE-ID: CVE-2023-34324)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper event handling in Linux kernel. A malicious guest can disable paravirtualized device to cause a deadlock in a backend domain (other than dom0).
48) Division by zero (CVE-ID: CVE-2023-31085)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide by zero error within the drivers/mtd/ubi/cdev.c driver. A local user can perform a denial of service (DoS) attack.
49) NULL pointer dereference (CVE-ID: CVE-2023-2177)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the net/sctp/stream_sched.c in Linux kernel. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
50) Resource exhaustion (CVE-ID: CVE-2023-1206)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a hash collision flaw in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when an attacker makes a new kind of SYN flood attack. A remote attacker can increase the CPU usage of the server that accepts IPV6 connections up to 95%.
51) Input validation error (CVE-ID: CVE-2023-50495)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the _nc_wrap_entry() function. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
52) Race condition (CVE-ID: CVE-2023-35828)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the renesas_usb3_remove() function in drivers/usb/gadget/udc/renesas_usb3.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
53) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2023-0459)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper implementation of speculative execution barriers in usercopy functions
in certain situations. A local user can gain access to sensitive information.
54) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2022-40982)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to the way data is shared between threads whereby the AVX GATHER instructions on Intel processors can forward the content of stale vector registers to dependent instructions. A malicious guest can infer data from different contexts on the same core and execute arbitrary code with elevated privileges.
55) Out-of-bounds write (CVE-ID: CVE-2023-3812)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the TUN/TAP device driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
56) Out-of-bounds write (CVE-ID: CVE-2023-35001)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the nft_byteorder() function. A local user can trigger an out-of-bounds write and execute arbitrary code on the target system.
57) Use-after-free (CVE-ID: CVE-2023-3390)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within net/netfilter/nf_tables_api.c in the Linux kernel netfilter subsystem. A local user can trigger a use-after-fee error and escalate privileges on the system.
58) Use-after-free (CVE-ID: CVE-2023-31248)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in nft_chain_lookup_byid() function, which failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace. A local user ca trigger a use-after-free error and execute arbitrary code with elevated privileges.
59) Use-after-free (CVE-ID: CVE-2023-3117)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Netfilter subsystem. A local user with CAP_NET_ADMIN capability can trigger the use-after-free error and execute arbitrary code on the system.
60) Use-after-free (CVE-ID: CVE-2023-2985)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the hfsplus_put_super() function in fs/hfsplus/super.c. A local user can trigger a use-after-free error and crash the kernel.
61) Use-after-free (CVE-ID: CVE-2023-20593)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in AMD Zen2 processors. A local user can trigger a use-after-free error and execute arbitrary code on the system.
Note, the vulnerability was dubbed Zenbleed.
62) Use-after-free (CVE-ID: CVE-2023-35829)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the rkvdec_remove() function in drivers/staging/media/rkvdec/rkvdec.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
63) Race condition (CVE-ID: CVE-2023-35823)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the saa7134_finidev() function in drivers/media/pci/saa7134/saa7134-core.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
64) Improper input validation (CVE-ID: CVE-2023-21400)
The vulnerability allows a local application to execute arbitrary code.
The vulnerability exists due to improper input validation within the Kernel io_uring subcomponent in Kernel components. A local application can execute arbitrary code.
65) Out-of-bounds write (CVE-ID: CVE-2023-35788)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the fl_set_geneve_opt() function in net/sched/cls_flower.c in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
66) Use-after-free (CVE-ID: CVE-2023-3389)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux Kernel io_uring subsystem. A local user can exploit a race condition and execute arbitrary code with elevated privileges.
67) NULL pointer dereference (CVE-ID: CVE-2023-3358)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's Integrated Sensor Hub (ISH) driver. A local user and perform a denial of service (DoS) attack.
68) NULL pointer dereference (CVE-ID: CVE-2023-3357)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the Linux kernel AMD Sensor Fusion Hub driver. A local user can perform a denial of service (DoS) attack.
69) NULL pointer dereference (CVE-ID: CVE-2023-3212)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the gfs2 file system in the Linux kernel. A local user can perform a denial of service (DoS) attack.
70) Incorrect calculation (CVE-ID: CVE-2023-3161)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect calculation in the Framebuffer Console (fbcon) in the Linux kernel. A local user can perform a denial of service (DoS) attack.
71) Use-after-free (CVE-ID: CVE-2023-3141)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the r592_remove() function of drivers/memstick/host/r592.c in media access in the Linux kernel. A local user can trigger a use-after-free error and escalate privileges on the system.
72) Use-after-free (CVE-ID: CVE-2023-3111)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the prepare_to_relocate() function in fs/btrfs/relocation.c in btrfs in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
73) Out-of-bounds write (CVE-ID: CVE-2023-3090)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the ipvlan network driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
74) Security features bypass (CVE-ID: CVE-2023-21102)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists die to a logic error within the __efi_rt_asm_wrapper() function in efi-rt-wrapper.S. A local application can bypass the shadow stack protection and execute arbitrary code with elevated privileges.
75) Information disclosure (CVE-ID: CVE-2023-20569)
The vulnerability allows a remote user to gain access to potentially sensitive information.
The vulnerability exists due to a side channel issue in AMD CPUs. A remote user can influence the return address prediction and gain unauthorized access to sensitive information on the system.
76) NULL pointer dereference (CVE-ID: CVE-2023-2166)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in net/can/af_can.c when processing CAN frames. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
77) Use-after-free (CVE-ID: CVE-2023-1192)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the smb2_is_status_io_timeout() function in Linux kernel. A local user can set environment variable to a specific value, trigger a use-after-free error and execute arbitrary code with elevated privileges.
78) NULL pointer dereference (CVE-ID: CVE-2023-3772)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the xfrm_update_ae_params() function in the IP framework for transforming packets (XFRM subsystem). A local user with CAP_NET_ADMIN privileges can perform a denial of service (DoS) attack.
79) Memory leak (CVE-ID: CVE-2023-4569)
The vulnerability allows a local user to perform DoS attack on the target system.
The vulnerability exists due memory leak within the nft_set_catchall_flush() function in net/netfilter/nf_tables_api.c. A local user can perform a denial of service attack.
80) NULL pointer dereference (CVE-ID: CVE-2023-4459)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the vmxnet3_rq_cleanup() function in drivers/net/vmxnet3/vmxnet3_drv.c. A local user can perform a denial of service (DoS) attack.
81) Double Free (CVE-ID: CVE-2023-4387)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a boundary error within the vmxnet3_rq_alloc_rx_buf() function in drivers/net/vmxnet3/vmxnet3_drv.c in VMware vmxnet3 ethernet NIC driver. A local user can trigger a double free error and gain access to sensitive information or crash the kernel.
82) Stack-based buffer overflow (CVE-ID: CVE-2023-4273)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the implementation of the file name reconstruction function in the exFAT driver in Linux kernel. A local user can trigger a stack overflow and execute arbitrary code with elevated privileges.
83) Type Confusion (CVE-ID: CVE-2023-4194)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to a type confusion error in TUN/TAP functionality. A local user can bypass network filters and gain unauthorized access to some resources.
The vulnerability exists due to incomplete fix for #VU72742 (CVE-2023-1076).
84) Use-after-free (CVE-ID: CVE-2023-4147)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
85) Use-after-free (CVE-ID: CVE-2023-4134)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cyttsp4_watchdog_work() in cyttsp4_core driver. A local user can trigger memory corruption and crash the kernel.
86) Use-after-free (CVE-ID: CVE-2023-4133)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the cxgb4 driver in the Linux kernel. A local user can trigger a use-after-free and crash the kernel.
87) Use-after-free (CVE-ID: CVE-2023-4128)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
88) Use-after-free (CVE-ID: CVE-2023-3863)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfc_llcp_find_local() function in net/nfc/llcp_core.c in NFC implementation in Linux kernel. A local user can execute arbitrary code with elevated privileges.
89) Out-of-bounds read (CVE-ID: CVE-2023-37453)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the read_descriptors() function in drivers/usb/core/sysfs.c. An attacker with physical access to the system can attach a malicious USB device, trigger an out-of-bounds read error and crash the kernel.
90) NULL pointer dereference (CVE-ID: CVE-2023-31083)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the hci_uart_tty_ioctl() function in drivers/bluetooth/hci_ldisc.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
91) Use-after-free (CVE-ID: CVE-2023-3610)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nf_tables component in Linux kernel netfilter. A local user with CAP_NET_ADMIN capability can trigger a use-after-free error and execute arbitrary code with elevated privileges.
92) Buffer overflow (CVE-ID: CVE-2023-34319)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in netback when processing certain packets. A malicious guest can send specially crafted packets to the backend, trigger memory corruption and crash the hypervisor.
93) Division by zero (CVE-ID: CVE-2023-20588)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a divide by zero error that can return speculative data. A local user can gain access to potentially sensitive information.
94) Time-of-check Time-of-use (TOCTOU) Race Condition (CVE-ID: CVE-2023-2007)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a race condition in dpt_i2o driver. A local privileged user can gain access to sensitive kernel information.
95) Use-after-free (CVE-ID: CVE-2023-4004)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. A local user can execute arbitrary code with elevated privileges.
96) Use-after-free (CVE-ID: CVE-2023-3776)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel's net/sched: cls_fw component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
97) Out-of-bounds write (CVE-ID: CVE-2023-3611)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in the qfq_change_agg() function in net/sched/sch_qfq.c within the Linux kernel net/sched: sch_qfq component. A local user trigger an out-of-bounds write and execute arbitrary code on the target system.
98) Use-after-free (CVE-ID: CVE-2023-3609)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the the Linux kernel net/sched: cls_u32 component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
99) Use-after-free (CVE-ID: CVE-2023-3567)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the vc_screen() function in vcs_read in drivers/tty/vt/vc_screen.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
100) Out-of-bounds read (CVE-ID: CVE-2023-3268)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the relay_file_read_start_pos() function in kernel/relay.c in the relayfs. A local user can trigger an out-of-bounds read error and read contents of memory on the system or crash the kernel.
101) Buffer overflow (CVE-ID: CVE-2023-29491)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing malformed data in a terminfo database file. A local user can trigger memory corruption and execute arbitrary code on the target system.
102) Memory leak (CVE-ID: CVE-2023-35945)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak when handling HTTP/2 requests within the nghttp2 codec. A remote attacker can send RST_STREAM immediately followed by the GOAWAY frames to the application and force memory leak.
103) Use-after-free (CVE-ID: CVE-2023-1249)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the core dump subsystem in Linux kernel. A local user can trigger a use-after-free error and crash the kernel.
104) Resource exhaustion (CVE-ID: CVE-2023-34455)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
105) Improper Privilege Management (CVE-ID: CVE-2023-26604)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
106) OS Command Injection (CVE-ID: CVE-2023-28487)
The vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing control characters in the sudoreplay output. A local user can inject specially crafted characters to the log messages and execute arbitrary OS commands on the system.107) OS Command Injection (CVE-ID: CVE-2023-28486)
The vulnerability allows a local user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing control characters in the log messages. A local user can inject specially crafted characters to the log messages and execute arbtirary OS commands on the system when the command is executed from the log (e.g. via the "sudoreplay -l").
108) Double Free (CVE-ID: CVE-2023-27320)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when matching a sudoers rule that contains a per-command chroot directive (CHROOT=dir). A local user can trigger a double free error and execute arbitrary code with elevated privileges.
109) Out-of-bounds read (CVE-ID: CVE-2020-35527)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when handling ALTER TABLE for views that have a nested FROM clause. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and read contents of memory on the system.
110) NULL pointer dereference (CVE-ID: CVE-2020-35525)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the INTERSEC query processing. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
111) Security features bypass (CVE-ID: CVE-2023-34034)
The vulnerability allows a remote attacker to bypass security restrictions.
The vulnerability exists due to the usage of "**" as a pattern in Spring Security configuration for WebFlux creates a mismatch in pattern matching between Spring Security and Spring WebFlux. A remote unauthenticated attacker can trigger the vulnerability to bypass security restrictions.
112) Incorrect authorization (CVE-ID: CVE-2023-34035)
The vulnerability allows a remote attacker to bypass authorization process.
The vulnerability exists due to authorization rule misconfiguration if the application uses requestMatchers(String) or requestMatchers(HttpMethod, String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. A remote attacker can bypass authorization rules and gain unauthorized access to the application.
113) Integer overflow (CVE-ID: CVE-2023-34453)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in shuffle. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
114) Integer overflow (CVE-ID: CVE-2023-34454)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in compress. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.
115) Overly permissive cross-domain whitelist (CVE-ID: CVE-2022-1996)
The vulnerability allows a remote attacker to bypass the CORS protection mechanism.
The vulnerability exists due to incorrect processing of the "Origin" HTTP header that is supplied within HTTP request. A remote attacker can supply arbitrary value via the "Origin" HTTP header, bypass implemented CORS protection mechanism and perform cross-site scripting attacks against the vulnerable application.
116) Heap-based buffer overflow (CVE-ID: CVE-2022-48303)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the from_header() function in list.c when handling V7 archives. A remote attacker can trick the victim to open a specially crafted V7 archive, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
117) Improper Preservation of Permissions (CVE-ID: CVE-2023-28642)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper preservation of permissions in the AppArmor and SELinux when /proc inside the container is symlinked with a specific mount configuration. A remote attacker can gain access to the target application.
118) Improper access control (CVE-ID: CVE-2023-27561)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to improper access restrictions in the libcontainer/rootfs_linux.go. A local user can gain elevated privileges on the target system.
119) Improper Preservation of Permissions (CVE-ID: CVE-2023-25809)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to the rootless "/sys/fs/cgroup" is writable when cgroupns is not unshared. A local administrator can gain the write access to user-owned cgroup hierarchy "/sys/fs/cgroup/user.slice/..." on the host.
120) Information disclosure (CVE-ID: CVE-2023-32681)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.
121) Incorrect Regular Expression (CVE-ID: CVE-2022-42969)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation in Subversion repository caused by a mishandled InfoSvnCommand argument. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
122) NULL pointer dereference (CVE-ID: CVE-2023-49083)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when calling the load_pem_pkcs7_certificates() or load_der_pkcs7_certificates() functions. A remote attacker can pass specially crafted PKCS7 blob/certificate certificate to the application and perform a denial of service (DoS) attack.
123) Error Handling (CVE-ID: CVE-2023-23931)
The vulnerability allows an attacker to misuse Python API.
The vulnerability exists due to a soundness bug within the Cipher.update_into function, which can allow immutable objects (such as bytes) to be mutated. A malicious programmer can misuse Python API to introduce unexpected behavior into the application.
124) Insufficient verification of data authenticity (CVE-ID: CVE-2022-23491)
The vulnerability allows a remote attacker to bypass certificate validation checks.
The vulnerability exists due to presence of the TrustCor certificate in the Root Certificates list. the certificate is removed due to TrustCor's ownership also operated a business that produced spyware. Therefore, any checks that rely on digital signatures of trusted certificates were compromised.
125) Use-after-free (CVE-ID: CVE-2023-45322)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the xmlUnlinkNode() function in tree.c. A remote attacker can pass a specially crafted input to the application and perform a denial of service (DoS) attack.
126) Incorrect Regular Expression (CVE-ID: CVE-2022-40897)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing HTML content. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
127) Improper Privilege Management (CVE-ID: CVE-2022-4415)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper privilege management when handling coredumps in coredump/coredump.c. A local user can gain access to sensitive information.
The vulnerability affects systems with libacl support.
128) Stack-based buffer overflow (CVE-ID: CVE-2023-39804)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the xattr_decoder() function in xheader.c. A remote attacker can trick the victim to open a specially crafted tar/pax archive with an overly long xattr key, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
129) UNIX symbolic link following (CVE-ID: CVE-2023-34049)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue in Salt-SSH pre-flight option. A local user can create a specially crafted symbolic link to an empty file on the system, wait for the salt to create the file for further execution, update the symbolic link and point it to another file that is under attacker's control and execute the file with root privileges.
130) NULL pointer dereference (CVE-ID: CVE-2023-1264)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the utfc_ptr2len() function in mbyte.c.c. A remote attacker can trick the victim to open a specially crafted file and crash the editor.
131) Heap-based buffer overflow (CVE-ID: CVE-2022-37434)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing a large gzip header within inflateGetHeader in inflate.c. A remote attacker can pass a specially crafted file to the affected application, trigger heap-based buffer overflow and execute arbitrary code on the target system.
132) Heap-based buffer overflow (CVE-ID: CVE-2023-45853)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the zipOpenNewFileInZip4_64() function from MiniZip. A remote attacker can create a specially crafted archive, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
133) Security features bypass (CVE-ID: CVE-2023-46836)
The vulnerability allows a remote guest to bypass implemented security restrictions.
The vulnerability exists due to improper implementation of mitigations against BTC/SRSO. A malicious guest can bypass BTC/SRSO protections and launch a BTC/SRSO attack against Xen, which can result in memory access to other guests.
134) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-46835)
The vulnerability allows a remote guest to gain access to sensitive information.
The vulnerability exists due to improperly imposed security restrictions caused by a mismatch in IOMMU quarantine page table levels. A device in quarantine mode can access data from previous quarantine page table usages, possibly leaking data used by previous domains that also had the device assigned.
135) State Issues (CVE-ID: CVE-2023-34328)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of guest state in PV vCPU. A malicious guest place a breakpoint over the live GDT and perform a denial of service (DoS) attack against the host.136) State Issues (CVE-ID: CVE-2023-34327)
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to improper validation of guest state when using Debug Masks in HVM vCPU. A malicious guest can perform a denial of service (DoS) attack against the guest OS.
137) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-34326)
The vulnerability allows a remote guest to escalate privileges on the system.
The vulnerability exists due to missing IOMMU TLB flushing on x86/AMD systems. A malicious guest can access memory not owned by the guest and escalate privileges on the system.
138) Stack-based buffer overflow (CVE-ID: CVE-2023-34325)
The vulnerability allows a remote guest to escalate privileges on the system.
139) Resource management error (CVE-ID: CVE-2023-34322)
The vulnerability allows a malicious guest to escalate privileges on the system.
The vulnerability exists due to improper management of internal resources when running PV guests in shadow paging mode. A malicious guest can run a specially crafted application on the system that causes shortage of memory in the associated with the domain shadow pool and forces Xen to tear down page tables. This can result in memory leak, denial of service or privilege escalation.
The vulnerability can be exploited by 64-bit PV guests on x86 systems.
140) NULL pointer dereference (CVE-ID: CVE-2023-1355)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in within the class_object_index() function in vim9class.c in Vim. A remote attacker can perform a denial of service (DoS) attack.
141) Division by zero (CVE-ID: CVE-2023-1127)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide by zero error within the scrolldown() function in move.c. A remote attacker can trick the victim to open a specially crafted file and crash the editor.
142) Heap-based buffer overflow (CVE-ID: CVE-2023-4781)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error within the vim_regsub_both() function. A remote attacker can trick the victim to open a specially crafted file, trigger a heap-based buffer overflow and crash the application.
143) Use-after-free (CVE-ID: CVE-2023-5535)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error within the editing_arg_idx() function. A remote attacker can trick the victim to open a specially crafted file, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
144) Integer overflow (CVE-ID: CVE-2023-2610)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the regtilde() function in regexp.c. A remote attacker can trick the victim to open a specially crafted file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
145) Use of Out-of-range Pointer Offset (CVE-ID: CVE-2023-2426)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to an out-of-range pointer offset within the mb_charlen() function in mbyte.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
146) NULL pointer dereference (CVE-ID: CVE-2023-2609)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the get_register() function in register.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
147) Integer overflow (CVE-ID: CVE-2023-4734)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the f_fullcommand() function in ex_docmd.c. A remote attacker can trick the victim to open a specially crafted file, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
148) Out-of-bounds read (CVE-ID: CVE-2023-4735)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the do_addsub() function in ops.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger an out-of-bounds read error and read contents of memory on the system.
149) Buffer overflow (CVE-ID: CVE-2023-4738)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a boundary error within the vim_regsub_both() function in src/regexp.c. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and crash the application.
150) Use-after-free (CVE-ID: CVE-2023-4733)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error within the do_ecmd() function in ex_cmds.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
151) Use-after-free (CVE-ID: CVE-2023-4750)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error within the is_qf_win() function in quickfix.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
152) Use-after-free (CVE-ID: CVE-2023-4752)
The vulnerability allows a remote attacker to crash the application.
The vulnerability exists due to a use-after-free error within the ins_compl_get_exp() function in insexpand.c. A remote attacker can trick the victim to open a specially crafted file and crash the application.
153) Information disclosure (CVE-ID: CVE-2023-45803)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to urllib3 does not remove the HTTP request body when redirecting HTTP response using status codes 301, 302, or 303, after the request had its method changed from one that could accept a request body (e.g. from POST to GET). A remote attacker can gain access to potentially sensitive information.
154) Resource exhaustion (CVE-ID: CVE-2022-45061)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of an unnecessary quadratic algorithm in one path when processing some inputs to the IDNA (RFC 3490) decoder. A remote attacker can pass a specially crafted name to he decoder, trigger resource excessive CPU consumption and perform a denial of service (DoS) attack.
155) Resource management error (CVE-ID: CVE-2023-5678)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within DH_generate_key() and DH_check_pub_key() functions. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
156) NULL pointer dereference (CVE-ID: CVE-2023-28484)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in xmlSchemaFixupComplexType. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
157) Inadequate encryption strength (CVE-ID: CVE-2023-48795)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to incorrect implementation of the SSH Binary Packet Protocol (BPP), which mishandles the handshake phase and the use of sequence numbers. A remote attacker can perform MitM attack and delete the SSH2_MSG_EXT_INFO message sent before authentication starts, allowing the attacker to disable a subset of the keystroke timing obfuscation features introduced in OpenSSH 9.5.
The vulnerability was dubbed "Terrapin attack" and it affects both client and server implementations.
158) Information disclosure (CVE-ID: CVE-2023-4641)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to an error in gpasswd(1), which fails to clean memory properly. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. A local user with enough access can retrieve the password from the memory.
159) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2023-29383)
The vulnerability allows a local user to inject arbitrary code.
The vulnerability exists due to an input validation error when processing fields provided to the SUID program chfn (change finger). A local user can inject and execute arbitrary code or misrepresent existing files.
160) Buffer overflow (CVE-ID: CVE-2022-4899)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in util.c when processing empty arguments in the command line tool. A remote attacker can pass an empty string as an argument, trigger buffer underflow and crash the application.
161) Memory leak (CVE-ID: CVE-2023-33460)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to memory leak within the yajl_tree_parse() function. A remote attacker can perform a denial of service attack.
162) Integer overflow (CVE-ID: CVE-2022-40303)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in parse.c when processing content when XML_PARSE_HUGE is set. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
163) Resource management error (CVE-ID: CVE-2022-40304)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in entities.c due to the way libxml2 handles reference cycles. The library does not anticipate that entity content can be allocated from a dict and clears it upon reference cycle detection by setting its first byte to zero. This can lead to memory corruption issues, such as double free errors and result in a denial of service.
164) Cross-site scripting (CVE-ID: CVE-2016-3709)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
165) Out-of-bounds read (CVE-ID: CVE-2023-39615)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the xmlSAX2StartElement() function in /libxml2/SAX2.c. A remote attacker can pass specially crafted XML input to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
166) Resource management error (CVE-ID: CVE-2023-29469)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources when working with hashes of empty dict strings. A remote attacker can and perform a denial of service (DoS) attack.
167) Off-by-one (CVE-ID: CVE-2021-46848)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an ETYPE_OK off-by-one error in asn1_encode_simple_der in Libtasn1. A remote attacker can pass specially crafted data to the application, trigger an off-by-one error and perform a denial of service (DoS) attack.
168) OS Command Injection (CVE-ID: CVE-2022-2068)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).
169) Off-by-one (CVE-ID: CVE-2022-3821)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an off-by-one error within the format_timespan() function in time-util.c. A local user can trigger an off-by-one error and perform a denial of service (DoS) attack.
170) Out-of-bounds write (CVE-ID: CVE-2020-22218)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to usage of an uninitialized value within the _libssh2_transport_read() function in transport.c. A remote attacker can pass specially crafted input to the application, trigger memory corruption and perform a denial of service (DoS) attack.
171) Heap-based buffer overflow (CVE-ID: CVE-2023-2137)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted HTML content in sqlite. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
172) Security features bypass (CVE-ID: CVE-2022-46908)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper implementation of the azProhibitedFunctions protection mechanism, which allows UDF functions such as WRITEFILE when relying on --safe for execution of an untrusted CLI script. A local user can escalate privileges on the system.
173) Incorrect Regular Expression (CVE-ID: CVE-2023-28756)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing strings that have specific characters. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
174) Incorrect Regular Expression (CVE-ID: CVE-2023-28755)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing URLs. A remote attacker can pass specially crafted URL to the application and perform regular expression denial of service (ReDos) attack.
175) Incorrect Regular Expression (CVE-ID: CVE-2021-41817)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing regular expressions on date parsing methods. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
176) HTTP response splitting (CVE-ID: CVE-2021-33621)
The vulnerability allows a remote attacker to perform HTTP splitting attacks.
The vulnerability exists due to software does not corrector process CRLF character sequences when handling cookies. A remote attacker can send specially crafted request containing CRLF sequence and make the application to send a split HTTP response.
Successful exploitation of the vulnerability may allow an attacker perform cache poisoning attack.
177) Out-of-bounds write (CVE-ID: CVE-2023-4016)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
178) Integer overflow (CVE-ID: CVE-2022-41409)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in pcre2test. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and perform a denial of service (DoS) attack.
179) OS Command Injection (CVE-ID: CVE-2022-1292)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
180) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2022-4304)
The vulnerability allows a remote attacker to obtain sensitive information.
The vulnerability exists due to a timing based side channel exists in the OpenSSL RSA Decryption implementation. A remote attacker can perform a Bleichenbacher style attack and decrypt data sent over the network.
To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE.
181) Input validation error (CVE-ID: CVE-2023-24329)
The vulnerability allows a remote attacker to bypass implemented filters.
The vulnerability exists due to insufficient validation of URLs that start with blank characters within urllib.parse component of Python. A remote attacker can pass specially crafted URL to bypass existing filters.
182) Improper Certificate Validation (CVE-ID: CVE-2020-9488)
The vulnerability allows a remote attacker to perform man-in-the-middle attack.
The vulnerability exists due to the Apache Log4j SMTP appender does not validate SSL certificates. A remote attacker can perform a MitM attack, intercept and decrypt network traffic.
183) Information disclosure (CVE-ID: CVE-2023-43804)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to urllib does not strip the "Cookie" HTTP header during cross-origin HTTP redirects. A remote attacker can gain unauthorized access to sensitive information.
184) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-40217)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to an error in ssl.SSLSocket implementation when handling TLS client authentication. A remote attacker can trick the application to send data unencrypted.
185) Input validation error (CVE-ID: CVE-2023-27043)
The vulnerability allows a remote attacker to bypass filtration.
The vulnerability exists due to insufficient validation of user-supplied input when parsing email address with a special character. A remote attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain.
186) Command Injection (CVE-ID: CVE-2023-5752)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to improper input validation when installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip. A remote attacker who controls the repository can use the specified Mercurial revision to inject arbitrary configuration options to the "hg clone" call (ie "--config").
187) Improper Certificate Validation (CVE-ID: CVE-2023-31484)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to missing verification of the TLS certificate when downloading distributions. A remote attacker can perform MitM attack and trick the application into downloading a malicious file.
188) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-43642)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to missing upper bound check on chunk length. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
189) Stack-based buffer overflow (CVE-ID: CVE-2022-45688)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists in the XML.toJSONObject component. A remote unauthenticated attacker can send a specially crafted JSON or XML data, trigger stack-based buffer overflow and perform a denial of service attack.
190) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-5072)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to allocation of resources without limits or throttling. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
191) Insufficient entropy (CVE-ID: CVE-2023-31582)
The vulnerability allows a remote attacker to brute-force JWT token.
The vulnerability exists due to usage of insufficient entropy when generating JWT token. A remote attacker can brute-force the JWT token and gain unauthorized access to the application.
192) Inclusion of Sensitive Information in Log Files (CVE-ID: CVE-2023-44483)
The vulnerability allows a remote user to gain access to sensitive information.
The vulnerability exists due to software stores sensitive information into log files when using the JSR 105 API. A remote user can obtain a private key when generating an XML Signature with debug level enabled.
193) Resource exhaustion (CVE-ID: CVE-2023-42503)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing .tar archives. A remote attacker can pass a specially crafted archive to the application and consume excessive CPU usage.
194) Use-after-free (CVE-ID: CVE-2023-0215)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the BIO_new_NDEF function. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
195) Untrusted search path (CVE-ID: CVE-2023-38408)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to usage of an insecure search path within the PKCS#11 feature in ssh-agent. A remote attacker can trick the victim into connecting to a malicious SSH server and execute arbitrary code on the system, if an agent is forwarded to an attacker-controlled system.
Note, this vulnerability exists due to incomplete fix for #VU2015 (CVE-2016-10009).
196) Missing Encryption of Sensitive Data (CVE-ID: CVE-2022-2097)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to an error in AES OCB mode for 32-bit x86 platforms using the AES-NI assembly optimized implementation. Under specific circumstances OpenSSL does not encrypt the entire message and can reveal sixteen bytes of data that was preexisting in the memory that wasn't written. A remote attacker can gain access to potentially sensitive information.
197) Double Free (CVE-ID: CVE-2022-4450)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the PEM_read_bio_ex() function. A remote attacker can pass specially crafted PEM file to the application, trigger a double free error and perform a denial of service (DoS) attack.
198) Resource management error (CVE-ID: CVE-2023-3817)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when checking the long DH keys. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
199) Resource management error (CVE-ID: CVE-2023-3446)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the DH_check(), DH_check_ex() and EVP_PKEY_param_check() function when processing a DH key or DH parameters. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
200) Resource management error (CVE-ID: CVE-2023-2650)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application when processing OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS subsystems with no message size limit. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
201) Security features bypass (CVE-ID: CVE-2023-0466)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error within the X509_VERIFY_PARAM_add0_policy() function, which does not perform the certificate policy check despite being implicitly enabled. A remote attacker can bypass expected security restrictions and perform MitM attack.
202) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2023-0465)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error when validating certificate policies in leaf certificates. A remote attacker that controls a malicious CA server can issue a certificate that will be validated by the application.
203) Resource exhaustion (CVE-ID: CVE-2023-0464)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when verifying X.509 certificate chains that include policy constraints. A remote attacker can create a specially crafted certificate to trigger resource exhaustion and perform a denial of service (DoS) attack.
204) Type Confusion (CVE-ID: CVE-2023-0286)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a type confusion error related to X.400 address processing inside an X.509 GeneralName. A remote attacker can pass specially crafted data to the application, trigger a type confusion error and perform a denial of service (DoS) attack or read memory contents.
In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
205) Use-after-free (CVE-ID: CVE-2023-1829)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the tcindex_delete() function. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
206) Type Confusion (CVE-ID: CVE-2023-1077)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error within the pick_next_rt_entity() function pick_next_rt_entity(). A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.
207) Cross-site scripting (CVE-ID: CVE-2023-39319)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists within the html/template package caused by improperly applied rules for handling occurrences of "<script", "<!--", and "</script" within JS literals in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
208) Improper Certificate Validation (CVE-ID: CVE-2023-29409)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to verifying certificate chains containing large RSA keys is slow. A remote attacker can cause a client/server to expend significant CPU time verifying signatures.
209) Resource management error (CVE-ID: CVE-2023-24536)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within mime/multipart and net/textproto components when parsing multipart forms. A remote attacker can pass specially crafted request to the application and perform a denial of service (DoS) attack.
210) Resource exhaustion (CVE-ID: CVE-2022-30631)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in Reader.Read method when handling an archive that contains a large number of concatenated 0-length compressed files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
211) Use of insufficiently random values (CVE-ID: CVE-2022-30629)
The vulnerability allows a remote attacker gain access to sensitive information.
The vulnerability exists in crypto/tls implementation when generating TLS tickets age. The newSessionTicketMsgTLS13.ageAdd is always set to "0" instead of a random value.
212) Integer overflow (CVE-ID: CVE-2022-28327)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to integer overflow in the Golang's library crypto/elliptic. A remote attacker can send a specially crafted scalar input longer than 32 bytes to cause P256().ScalarMult or P256().ScalarBaseMult to panic and perform a denial of service attack.
213) Input validation error (CVE-ID: CVE-2022-41716)
The vulnerability allows a local user to execute arbitrary OS commands on the system.
The vulnerability exists due to insecure processing of unsanitized NUL values in syscall.StartProcess and os/exec.Cmd. A local user on the Windows operating system can set a specially crafted environment variable and execute arbitrary OS commands on the system.
214) Cross-site scripting (CVE-ID: CVE-2023-24539)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when handling angle brackets in CSS context. A remote attacker can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
215) Input validation error (CVE-ID: CVE-2023-39323)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when processing line directives (e.g. "//line") in the code. A remote attacker can bypass restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build".
216) Cross-site scripting (CVE-ID: CVE-2023-39318)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the html/template package when handling HMTL-like "<!--" and "-->" comment tokens, nor hashbang "#!" comment tokens, in <script> contexts. A remote attacker can pass specially crafted input to the application and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
217) Double Free (CVE-ID: CVE-2022-2509)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within gnutls_pkcs7_verify() function when verifying the pkcs7 signatures. A remote attacker can pass specially crafted data to the application, trigger a double free error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
218) Buffer overflow (CVE-ID: CVE-2022-24675)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists in the Golang's library encoding/pem. A remote attacker can send to victim a large (more than 5 MB) PEM input to cause a stack overflow in Decode and perform a denial of service (DoS) attack.
219) Inadequate Encryption Strength (CVE-ID: CVE-2023-0361)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to an error in the TLS RSA key exchange. A remote attacker can perform Bleichenbacher oracle attack and decrypt information.
220) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2022-34903)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error in GnuPG, which allows signature spoofing via arbitrary injection into the status line. A remote attacker who controls the secret part of any signing-capable key or subkey in the victim's keyring, can take advantage of this flaw to provide a correctly-formed signature that some software, including gpgme, will accept to have validity and signer fingerprint chosen from the attacker.
221) Use-after-free (CVE-ID: CVE-2023-4813)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the gaih_inet() function when the getaddrinfo() function is called and the hosts database in
/etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
222) Input validation error (CVE-ID: CVE-2023-25180)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when handling a serialised variant. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
223) Input validation error (CVE-ID: CVE-2023-24593)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when handling a text-form variant. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
224) NULL pointer dereference (CVE-ID: CVE-2020-7731)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
225) OS Command Injection (CVE-ID: CVE-2022-31249)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation. A remote unauthenticated attacker can pass specially crafted data to the application and execute arbitrary OS commands on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
226) Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-ID: CVE-2022-43756)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper neutralization of special elements in output used by a downstream component. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
227) Input validation error (CVE-ID: CVE-2022-21698)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within method label cardinality. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
228) Stored cross-site scripting (CVE-ID: CVE-2023-40577)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed to the /api/v1/alerts endpoint in the Alertmanager UI. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
229) Resource exhaustion (CVE-ID: CVE-2022-41725)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper control over internal resources in net/http and mime/multipart. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
230) Input validation error (CVE-ID: CVE-2022-32189)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in
Float.GobDecode. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
231) Out-of-bounds read (CVE-ID: CVE-2023-4156)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in builtin.c. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
232) Resource exhaustion (CVE-ID: CVE-2022-28131)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when calling Decoder.Skip when parsing a deeply nested XML document. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
233) Code Injection (CVE-ID: CVE-2023-24540)
The vulnerability allows a remote attacker to execute arbitrary JavaScript code.
The vulnerability exists due to improper input validation when processing whitespace characters. A remote attacker can send a specially crafted request and execute arbitrary JavaScript code.
234) Code Injection (CVE-ID: CVE-2023-29402)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the cgo go command when building code that contains directories with newline characters in their names. A remote attacker can pass specially crafted input to the cgo command at build time and potentially compromise the system.
Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).
235) Resource exhaustion (CVE-ID: CVE-2023-24534)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing HTTP and MIME headers in net/textproto. A remote attacker can cause an HTTP server to allocate large amounts of memory from a small request and perform a denial of service (DoS) attack.
236) Resource exhaustion (CVE-ID: CVE-2022-1962)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in go/parser. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
237) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-29403)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists within Go runtime due to application allows to execute setuid/setgid binaries without any restrictions. An attacker with ability to control the application flow can execute arbitrary code on the system with elevated privileges.
238) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-39533)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
239) Resource exhaustion (CVE-ID: CVE-2022-30635)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when calling Decoder.Decode on a message which contains deeply nested structures. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
240) Resource exhaustion (CVE-ID: CVE-2022-30632)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when calling Glob on a path that contains a large number of path separators. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
241) Resource management error (CVE-ID: CVE-2022-41724)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources in crypto/tls when handling large TLS handshake records. A remote attacker can send specially crafted data to the application and perform a denial of service (DoS) attack.
The vulnerability affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth >= RequestClientCert).
242) Code Injection (CVE-ID: CVE-2023-29405)
The vulnerability allows a remote attacker to compromise the affected system.
command which builds untrusted code.A remote attacker can inject and execute arbitrary code on the target system at build time when using cgo.
243) Improper Neutralization of HTTP Headers for Scripting Syntax (CVE-ID: CVE-2023-29406)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to improper input validation in HTTP/1 client when handling HTTP Host header. A remote non-authenticated attacker can send a specially crafted HTTP request with a maliciously crafted Host header and inject additional headers or entire requests.
Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.
244) Code Injection (CVE-ID: CVE-2023-29404)
The vulnerability allows a remote attacker to compromise the affected system.
command which builds untrusted code.A remote attacker can inject and execute arbitrary code on the target system at build time when using cgo.
245) Input validation error (CVE-ID: CVE-2022-2880)
The vulnerability allows a remote attacker to perform parameter smuggling attacks.
The vulnerability exists due to incorrect handling of requests forwarded by ReverseProxy in net/http/httputil. A remote attacker can supply specially crafted parameters that cannot be parsed and are rejected by net/http and force the application to include these parameters into the forwarding request. As a result, a remote attacker can smuggle potentially dangerous HTTP parameters into the request.
246) Cross-site scripting (CVE-ID: CVE-2023-29400)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data when processing HTML attributes. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
247) Security features bypass (CVE-ID: CVE-2022-32148)
The vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to unexpected behavior of httputil.ReverseProxy.ServeHTTP. When the method is called with a Request.Header map containing a nil value for the X-Forwarded-For header, ReverseProxy would set the client IP as the value of the X-Forwarded-For header, contrary to its documentation.
248) Resource exhaustion (CVE-ID: CVE-2022-30630)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when calling Glob on a path that contains a large number of path separators. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
249) Incorrect calculation (CVE-ID: CVE-2023-24532)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars.
250) Code Injection (CVE-ID: CVE-2023-24538)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in html/template when handling JavaScript templates that contain backticks in code. If a template contains a Go template action within a JavaScript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary JavaScript code into the Go template.
251) Inconsistent interpretation of HTTP requests (CVE-ID: CVE-2022-1705)
The vulnerability allows a remote attacker to perform HTTP request smuggling attacks.
The vulnerability exists due to improper validation of Transfer-Encoding headers in HTTP/1 responses. A remote attacker can send a specially crafted HTTP/1 response to the client and smuggle arbitrary HTTP headers.
Successful exploitation of vulnerability may allow an attacker to poison HTTP cache and perform phishing attacks.
252) Code Injection (CVE-ID: CVE-2022-30580)
The vulnerability allows a local user to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation in Cmd.Start in os/exec allows execution of any binaries in the working directory named either "..com" or "..exe" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset. A remote attacker can send a specially crafted request and execute arbitrary code on the target system.
253) Resource management error (CVE-ID: CVE-2022-2879)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to absent limits on the maximum size of file headers within the Reader.Read method in archive/tar. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.
254) Resource exhaustion (CVE-ID: CVE-2022-30633)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when calling Unmarshal on a XML document into a Go struct which has a nested field that uses the any field tag. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
255) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-49292)
The vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions. A remote attacker can call functions Encapsulate(), Decapsulate() and ECDH() to recover any private key that interacts with it.
256) Integer overflow (CVE-ID: CVE-2023-2004)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the tt_hvadvance_adjust() function in src/truetype/ttgxvar.c. A remote attacker can pass specially crafted data to the application, trigger an integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
257) Infinite loop (CVE-ID: CVE-2023-24537)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when calling any of the Parse functions on Go source code which contains //line directives with very large line numbers. A remote attacker can consume all available system resources and cause denial of service conditions.
258) Resource exhaustion (CVE-ID: CVE-2022-48063)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the load_separate_debug_files() function in dwarf2.c. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
259) Heap-based buffer overflow (CVE-ID: CVE-2023-1579)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the bfd_getl64() function in binutils-gdb/bfd/libbfd.c. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
260) NULL pointer dereference (CVE-ID: CVE-2022-4285)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when parsing an ELF file containing corrupt symbol version information. A remote attacker can pass a specially crafted file to the application and perform a denial of service (DoS) attack.
261) Out-of-bounds write (CVE-ID: CVE-2021-32256)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a boundary error when processing untrusted input in demangle_type in rust-demangle.c. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger an out-of-bounds write and perform a denial of service attack.
262) Use of uninitialized resource (CVE-ID: CVE-2023-25585)
The vulnerability allows a local user to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized field in the struct module *module. A local user can trick the victim into opening specially crafted data, leading to an application crash and local denial of service.
263) Use of uninitialized resource (CVE-ID: CVE-2023-25588)
The vulnerability allows a local user to perform a denial of service attack.
The vulnerability exists due to field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function. A local user can trick the victim into opening specially crafted data, leading to an application crash and local denial of service.
264) Heap-based buffer overflow (CVE-ID: CVE-2022-45703)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the display_debug_section() function in readelf.c. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
265) Heap-based buffer overflow (CVE-ID: CVE-2022-44840)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the find_section_in_set() function in readelf.c. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
266) Out-of-bounds read (CVE-ID: CVE-2022-47673)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the parse_module() function in addr2line. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
267) Input validation error (CVE-ID: CVE-2022-47695)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the bfd_mach_o_get_synthetic_symtab() function in match-o.c in objdump. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
268) Input validation error (CVE-ID: CVE-2022-47696)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the compare_symbols() function in objdump. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
269) Memory leak (CVE-ID: CVE-2022-48065)
The vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak within the find_abstract_instance() function in dwarf2.c. A remote attacker can force the application to leak memory and perform denial of service attack.
270) Buffer overflow (CVE-ID: CVE-2020-19726)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in libbfd.c when handling the auxiliary symbol data. A remote attacker can trick the victim to pass specially crafted data to the application and perform a denial of service (DoS) attack.
271) Heap-based buffer overflow (CVE-ID: CVE-2023-1972)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the _bfd_elf_slurp_version_tables() function in bfd/elf.c. A remote attacker can pass specially crafted file to the application, trigger a heap-based buffer overflow and perform a denial of service (DoS) attack.
272) NULL pointer dereference (CVE-ID: CVE-2022-35206)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error. A local user can trigger denial of service conditions via function read_and_display_attr_value in file dwarf.c.
273) Reachable Assertion (CVE-ID: CVE-2022-35205)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the display_debug_names() function. A remote attacker can trick the victim to pass specially crafted input to the application and crash it.
274) Resource exhaustion (CVE-ID: CVE-2023-3341)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling control channel messages . A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
275) Resource management error (CVE-ID: CVE-2023-2911)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application. If the recursive-clients quota is reached on a BIND 9 resolver configured with both stale-answer-enable yes; and stale-answer-client-timeout 0;, a sequence of serve-stale-related lookups could cause named to loop and terminate unexpectedly due to a stack overflow.
276) Resource exhaustion (CVE-ID: CVE-2023-2828)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can cause the amount of memory used by a named resolver to go well beyond the configured max-cache-size limit. The effectiveness of the attack depends on a number of factors (e.g. query load, query patterns), but since the default value of the max-cache-size statement is 90%, in the worst case the attacker can exhaust all available memory on the host running named, leading to a denial-of-service condition.
277) Reachable Assertion (CVE-ID: CVE-2023-38472)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the avahi_rdata_parse() function. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
278) Reachable Assertion (CVE-ID: CVE-2023-38473)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the avahi_alternative_host_name() function. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
279) Reachable Assertion (CVE-ID: CVE-2023-38470)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion within the avahi_escape_label() function. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
280) Resource exhaustion (CVE-ID: CVE-2022-48064)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the bfd_dwarf2_find_nearest_line_with_alt() function in dwarf2.c. A remote attacker can trigger resource exhaustion via a crafted ELF file and perform a denial of service (DoS) attack.
281) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2023-31124)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to an error when cross-compiling c-ares and using the autotools build system. As a result, the CARES_RANDOM_FILE is not be set, which results in usage of a rand() function as a fallback, leading to weak entropy.
282) Use-after-free (CVE-ID: CVE-2022-43680)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate. A remote attacker can trigger a use-after-free error and perform a denial of service (DoS) attack.
283) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2023-23916)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect implementation of the "chained" HTTP compression algorithms, where the number of links in the decompression chain was limited for each header instead of the entire request. A remote attacker can send a specially crafted compressed HTTP request with numerous headers and perform a denial of service (DoS) attack.
284) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-30630)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions when executing the command with the "--dump-bin" option. A local user can overwrite arbitrary files on the system and escalate privileges.
285) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-34969)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in the dbus-daemon when sending a reply message from the "bus driver". If a local privileged user (e.g. root) is using the org.freedesktop.DBus.Monitoring interface to monitor message bus traffic, another unprivileged user with the ability to connect to the same dbus-daemon can force the service to send an unreplyable message and perform a denial of service (DoS) attack.
286) Resource exhaustion (CVE-ID: CVE-2022-32206)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure processing of compressed HTTP responses. A malicious server can send a specially crafted HTTP response to curl and perform a denial of service attack by forcing curl to spend enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
287) External control of file name or path (CVE-ID: CVE-2023-38546)
The vulnerability allows an attacker to inject arbitrary cookies into request.
The vulnerability exists due to the way cookies are handled by libcurl. If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific
file on disk, the cloned version of the handle would instead store the
file name as none (using the four ASCII letters, no quotes).
none - if such a file exists and is readable in the current directory of the program using libcurl. 288) Resource exhaustion (CVE-ID: CVE-2023-38039)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not limit the size of received headers from a single request that are stored for future reference. A remote attacker can send overly large HTTP responses to the application and consume all memory resources.
289) Information disclosure (CVE-ID: CVE-2023-27538)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way libcurl handles previously used connections in a connection pool for subsequent transfers. Several SSH settings were left out from the configuration match checks, resulting in erroneous matches for different resources. As a result, libcurl can send authentication string from one resource to another, exposing credentials to a third-party.290) State Issues (CVE-ID: CVE-2023-27536)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to cURL will reuse a previously created connection even when the GSS delegation (CURLOPT_GSSAPI_DELEGATION) option had been changed that could have changed the user's permissions in a second transfer. libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, this GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.
291) State Issues (CVE-ID: CVE-2023-27535)
The vulnerability allows a remote attacker to gain unauthorized access to FTP server.
The vulnerability exists due to cURL will reuse a previously created FTP connection even when one or more options had been changed that could have made the effective user a very different one. A remote attacker can connect to the FTP server using credentials supplied by another user and gain access to otherwise restricted functionality.
The settings in questions are CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL level.
292) Input validation error (CVE-ID: CVE-2023-27534)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to insufficient validation of user-supplied input in the SFTP support when handling the tilde "~" character in the filepath. cURL will replace the tilde character to the current user's home directory and can reveal otherwise restricted files.
293) Input validation error (CVE-ID: CVE-2023-27533)
The vulnerability allows a remote attacker to manipulate requests.
The vulnerability exists due to missing documentation of the TELNET protocol support and the ability to pass on user name and "telnet options" for the server negotiation. A remote attacker can manipulate the connection sending unexpected data to the server via the affected client.
294) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-23915)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to state issues when handling multiple transfers in parallel, which results in ignoring HSTS support. A remote attacker can perform MitM attack.295) Buffer Underwrite ('Buffer Underflow') (CVE-ID: CVE-2023-31130)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a buffer underflow when using certain IPv6 addresses, such as 0::00:00:00/2". A local privileged user can trigger a boundary error and crash the service.
296) Cleartext transmission of sensitive information (CVE-ID: CVE-2023-23914)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to state issues when handling multiple requests, which results in ignoring HSTS support. A remote attacker can perform MitM attack.297) Use-after-free (CVE-ID: CVE-2022-43552)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error while processing denied requests from HTTP proxies when using SMB or TELNET protocols. A remote attacker can trigger a use-after-free error and crash the application.
298) Security features bypass (CVE-ID: CVE-2022-43551)
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists in the way curl handles IDN characters in hostnames. The HSTS mechanism could be bypassed if the hostname in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Then in a subsequent request it does not detect the HSTS state and makes a clear text transfer.
299) Incorrect Conversion between Numeric Types (CVE-ID: CVE-2023-3635)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
300) Incorrect default permissions (CVE-ID: CVE-2020-8908)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for files located in the temporary directory set by the Guava com.google.common.io.Files.createTempDir(). A local user with access to the system can view contents of files and directories or modify them.
301) Incorrect default permissions (CVE-ID: CVE-2023-2976)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions in com.google.common.io.FileBackedOutputStream. A local user with access to the system can view contents of files and directories or modify them.
302) Improper input validation (CVE-ID: CVE-2023-35116)
The vulnerability allows a remote authenticated user to perform service disruption.
The vulnerability exists due to improper input validation within the Oracle Database Fleet Patching and Provisioning (jackson-databind) in Oracle Database Server. A remote authenticated user can exploit this vulnerability to perform service disruption.
303) Deserialization of Untrusted Data (CVE-ID: CVE-2023-6378)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insecure input validation when processing serialized data in logback receiver component. A remote attacker can pass specially crafted data to the application and cause a denial of service condition on the target system.
304) Input validation error (CVE-ID: CVE-2023-32067)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing DNS responses. A remote attacker can send a specially crafted DNS response to the application and perform a denial of service (DoS) attack.
305) Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (CVE-ID: CVE-2023-31147)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to usage of a rand() function in case /dev/urandom or RtlGenRandom() are unavailable. A remote attacker can perform spoofing attack.
306) Resource exhaustion (CVE-ID: CVE-2022-41715)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in regexp/syntax when handling regular expressions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
307) Path traversal (CVE-ID: CVE-2022-29804)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error within the filepath.Clean function on Windows, which can convert certain invalid paths to valid, absolute paths, potentially allowing a directory traversal attack. A remote attacker can pass specially crafted data to the application and perform directory traversal attacks.
308) Use-after-free (CVE-ID: CVE-2023-33288)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the bq24190_remove function in drivers/power/supply/bq24190_charger.c. A local authenticated user can trigger a use-after-free error and perform a denial of service (DoS) attack.
309) Double Free (CVE-ID: CVE-2023-28464)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the hci_conn_cleanup() function in net/bluetooth/hci_conn.c in Linux kernel. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
310) Improper update of reference count (CVE-ID: CVE-2023-2019)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper update of reference count within the scheduling of events in drivers/net/netdevsim/fib.c. A local privileged user can perform a denial of service (DoS) attack.
311) Improper validation of array index (CVE-ID: CVE-2023-2008)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect validation of array index within a fault handler in drivers/dma-buf/udmabuf.c. A local privileged user can execute arbitrary code with kernel privileges.
312) Security features bypass (CVE-ID: CVE-2023-1998)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to incorrect implementation of the Spectre v2 SMT mitigations, related to calling prctl with PR_SET_SPECULATION_CTRL. An attacker can gain unauthorized access to kernel memory from userspace.
313) Use-after-free (CVE-ID: CVE-2023-1990)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the ndlc_remove() function in drivers/nfc/st-nci/ndlc.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
314) Use-after-free (CVE-ID: CVE-2023-1989)
The vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to a use-after-free error within the btsdio_remove() function in driversluetoothtsdio.c. A local user can trigger a
use-after-free error and escalate privileges on the system.
315) Use-after-free (CVE-ID: CVE-2023-1855)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the xgene_hwmon_remove() function in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). A local user can trigger a use-after-free error and execute arbitrary code on the system.
316) Use-after-free (CVE-ID: CVE-2023-1670)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Xircom 16-bit PCMCIA (PC-card) Ethernet driver. A local user can trigger a use-after-free error and execute arbitrary code on the system.
317) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-0386)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to unauthorized access to execution of setuid files in OverlayFS subsystem when copying a capable file from a nosuid mount into another mount. A local user can execute arbitrary code with root privileges.
318) Improper Initialization (CVE-ID: CVE-2022-2196)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper initialization within nVMX in Linux kernel. A local user can perform speculative execution attacks and escalate privileges on the system.
319) Race condition (CVE-ID: CVE-2023-28466)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition caused by a missing lock_sock call within the do_tls_getsockopt() function in net/tls/tls_main.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
320) NULL pointer dereference (CVE-ID: CVE-2023-28327)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the unix_diag_get_exact() function in net/unix/diag.c. A local user can perform a denial of service (DoS) attack.
321) Use-after-free (CVE-ID: CVE-2023-2235)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux Kernel Performance Events system. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
322) Return of pointer value outside of expected range (CVE-ID: CVE-2023-23001)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exist due to the regulator_get() function in drivers/scsi/ufs/ufs-mediatek.c misinterprets the return value. A local user can perform a denial of service (DoS) attack.323) Use-after-free (CVE-ID: CVE-2023-1838)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
324) Use-after-free (CVE-ID: CVE-2023-1652)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the nfsd4_ssc_setup_dul() function in fs/nfsd/nfs4proc.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
325) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2023-1637)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due speculative execution behavior in the Linux kernel X86 CPU Power management options functionality. A local user can gain access to sensitive information.
326) Use-after-free (CVE-ID: CVE-2023-1611)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the btrfs_search_slot() function in fs/btrfs/ctree.c. A local user can trigger a use-after-free error and crash the kernel.
327) Race condition (CVE-ID: CVE-2023-1582)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within fs/proc/task_mmu.c. A local user can exploit the race and crash the kernel.
328) Improper Initialization (CVE-ID: CVE-2023-1513)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to improper initialization when calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems. A local user can run a specially crafted application to gain access to sensitive information.
329) Use-after-free (CVE-ID: CVE-2023-1281)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Linux kernel traffic control index filter (tcindex) when the tcf_exts_exec() function is called with the destroyed tcf_ext. A local user attacker can trigger a use-after-free error and execute arbitrary code with elevated privileges.
330) NULL pointer dereference (CVE-ID: CVE-2023-0394)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.
331) Double Free (CVE-ID: CVE-2022-4744)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the tun_free_netdev() function in the Linux kernel’s TUN/TAP device driver. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
332) Out-of-bounds read (CVE-ID: CVE-2023-2176)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the compare_netdev_and_ip() function in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.
333) NULL pointer dereference (CVE-ID: CVE-2023-23006)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the mlx5_get_uars_page() function in drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c. A local user can pass specially crafted data to the systen and perform a denial of service (DoS) attack.
334) NULL pointer dereference (CVE-ID: CVE-2023-28328)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.
335) Reachable Assertion (CVE-ID: CVE-2023-2156)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion when handling IPv6 RPL protocol. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.
336) Use-after-free (CVE-ID: CVE-2023-32233)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in Netfilter nf_tables when processing batch requests. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.
337) Out-of-bounds write (CVE-ID: CVE-2023-31436)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the qfq_change_class() function in net/sched/sch_qfq.c when handling the MTU value provided to the QFQ Scheduler. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
338) Deadlock (CVE-ID: CVE-2023-31084)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a deadlock in drivers/media/dvb-core/dvb_frontend.c when a task is in !TASK_RUNNING. A local user can trigger a deadlock and crash the kernel.
339) Input validation error (CVE-ID: CVE-2023-30456)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of consistency for for CR0 and CR4 in arch/x86/kvm/vmx/nested.c in the Linux kernel. A local user can execute arbitrary code with elevated privileges.
340) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2023-3006)
The vulnerability allow a local user to gain access to sensitive information.
The vulnerability exists due to a known cache speculation vulnerability (Spectre-BHB) for the new hw AmpereOne. A local user can gain access to sensitive information.
341) Buffer overflow (CVE-ID: CVE-2023-28410)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.
342) Use-after-free (CVE-ID: CVE-2023-2513)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the ext4 filesystem in the way it handled the extra inode size for extended attributes. A local user can trigger a use-after-free error and escalate privileges on the system.
343) Race condition (CVE-ID: CVE-2023-2483)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in Qualcomm EMAC Gigabit Ethernet Controller. An attacker with physical access to system can remove the device before cleanup in the emac_remove() function is called, trigger a use-after-free error and crash the kernel.
344) Improper locking (CVE-ID: CVE-2023-2269)
The vulnerability allows a local user to perform a denial of service attack (DoS).
The vulnerability exists due to double-locking error in table_clear in drivers/md/dm-ioctl.c. A local user can perform a denial of service (DoS) attack.
345) Use-after-free (CVE-ID: CVE-2023-2162)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to a use-after-free error within the scsi_sw_tcp_session_create() function in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. A local user can trigger a use-after-free error and gain access to sensitive information.
346) Out-of-bounds read (CVE-ID: CVE-2023-2124)
The vulnerability allows a local user to perform a denial of service (DoS) attack..
The vulnerability exists due to a boundary condition within the XFS subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and crash the kernel.
347) Race condition (CVE-ID: CVE-2023-30772)
The vulnerability allows an attacker to compromise the affected system.
The vulnerability exists due to a race condition in rivers/power/supply/da9150-charger.c in Linux kernel. An attacker with physical access to device can trigger a race condition while unplugin the device and execute arbitrary code on the system.
348) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-2002)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper permissions check in the Bluetooth subsystem when handling ioctl system calls of HCI sockets. A local user can acquire a trusted socket, leading to unauthorized execution of management commands.
349) NULL pointer dereference (CVE-ID: CVE-2023-1382)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in net/tipc/topsrv.c within the TIPC protocol implementation in the Linux kernel. A local user can perform a denial of service (DoS) attack.
350) Out-of-bounds read (CVE-ID: CVE-2023-1380)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Broadcom Full MAC Wi-Fi driver (brcmfmac.ko). A local user can trigger an out-of-bounds read error and read contents of kernel memory on the system.
351) Use-after-free (CVE-ID: CVE-2023-1079)
The vulnerability allows an attacker to compromise the vulnerable system.
The vulnerability exists due to a use-after-free error within the asus_kbd_backlight_set() function when plugging in a malicious USB device. An attacker with physical access to the system can inject a malicious USB device, trigger a use-after-free error and execute arbitrary code.
352) Use-after-free (CVE-ID: CVE-2022-45919)
The vulnerability allows a local user to escalate privileges on the system.
353) Race condition (CVE-ID: CVE-2022-45887)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition in drivers/media/usb/ttusb-dec/ttusb_dec.c in Linux kernel. A local user can exploit the race and crash the kernel.
354) Use-after-free (CVE-ID: CVE-2022-45886)
The vulnerability allows a local user to escalate privileges on the system.
355) Use-after-free (CVE-ID: CVE-2022-45885)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvb_frontend.c in Linux kernel. A local user can trigger a race condition and execute arbitrary code with elevated privileges.
356) Use-after-free (CVE-ID: CVE-2022-45884)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvbdev.c in Linux kernel related to dvb_register_device() function dynamically allocating fops. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
357) Deadlock (CVE-ID: CVE-2022-4269)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in the Linux kernel Traffic Control (TC) subsystem. A local user can use a specific network configuration (redirecting egress packets to ingress using TC action "mirred") to trigger a CPU soft lockup.
358) Information disclosure (CVE-ID: CVE-2017-5753)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.
359) Use-after-free (CVE-ID: CVE-2023-25012)
The vulnerability allows an attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the bigben_remove() function in drivers/hid/hid-bigbenff.c. An attacker with physical access to the system can attach a specially crafted USB device to the system and cause a denial of service condition.
360) Infinite loop (CVE-ID: CVE-2022-30634)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop in crypto/rand on Windows when handling buffer larger than 1 << 32 - 1 bytes. A remote attacker can consume all available system resources and cause denial of service conditions.
361) Resource exhaustion (CVE-ID: CVE-2023-44487)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
362) Improper Authentication (CVE-ID: CVE-2023-3128)
The vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in Azure AD OAuth implementation. Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. A remote attacker can modify their profile and provide the email address of an existing Grafana user, bypass authentication process and gain unauthorized access to the application.
The vulnerability affects Grafana installations with Azure AD OAuth configured for a multi-tenant app.
363) Deserialization of Untrusted Data (CVE-ID: CVE-2022-28948)
The vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to insecure input validation when processing serialized data in the Unmarshal function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
364) Out-of-bounds read (CVE-ID: CVE-2021-38561)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition. A remote attacker can pass specially crafted input to the application, trigger an out-of-bounds read error and perform a denial of service (DoS) attack.
365) Resource exhaustion (CVE-ID: CVE-2022-32149)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to ParseAcceptLanguage does not properly control consumption of internal resources. A remote attacker can send a specially crafted Accept-Language header that will take a significant time to parse and perform a denial of service (DoS) attack.
366) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-29526)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the Faccessat function can incorrectly report that a file is accessible, when called with a non-zero flags parameter. An attacker can bypass implemented security restrictions.
367) Input validation error (CVE-ID: CVE-2021-44716)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
368) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2022-41717)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
369) Infinite loop (CVE-ID: CVE-2021-33194)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop. A remote attacker can pass crafted ParseFragment input to the application, consume all available system resources and cause denial of service conditions.
370) Input validation error (CVE-ID: CVE-2022-27664)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
371) Resource exhaustion (CVE-ID: CVE-2022-41723)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources in the HPACK decoder. A remote attacker can send a specially crafted HTTP/2 stream to the application, cause resource exhaustion and perform a denial of service (DoS) attack.
372) Input validation error (CVE-ID: CVE-2021-43565)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing a Signer to ServerConfig.AddHostKey in cases where the Signer passed to AddHostKey does not implement AlgorithmSigner or the Signer passed to AddHostKey returns a key of type “ssh-rsa” from its PublicKey method. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
373) Improper synchronization (CVE-ID: CVE-2023-2801)
The vulnerability allows a remote user to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect synchronization when processing multiple requests. A remote user can query multiple distinct data sources using mixed queries via public dashboard or API and crash Grafana instances.
374) Use of a broken or risky cryptographic algorithm (CVE-ID: CVE-2022-27191)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to an error in golang.org/x/crypto/ssh before 0.0.0-20220314234659-1baeb1ce4c0b, as used in Go programming language. A remote attacker can crash a server in certain circumstances involving AddHostKey.
375) Resource exhaustion (CVE-ID: CVE-2023-45142)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect processing of HTTP header User-Agent and HTTP method. A remote attacker can send multiple requests with long randomly generated HTTP methods or/and User agents and consume memory resources, leading to a denial of service condition.376) Resource exhaustion (CVE-ID: CVE-2023-47108)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to grpc Unary Server Interceptor does not properly control consumption of internal resources when processing multiple requests. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
377) Code Injection (CVE-ID: CVE-2023-39320)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation within the go.mod toolchain directive. A remote attacker can execute scripts and binaries relative to the root of the module when the "go" command was executed within the module. This applies to modules downloaded using the "go" command from the module proxy, as well as modules downloaded directly using VCS software.
378) Input validation error (CVE-ID: CVE-2023-39322)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in crypto/tls when processing post-handshake message on QUIC connections. A remote attacker can send an incomplete post-handshake message for a QUIC connection and perform a denial of service (DoS) attack.
379) Input validation error (CVE-ID: CVE-2023-39321)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in crypto/tls when processing post-handshake message on QUIC connections. A remote attacker can send an incomplete post-handshake message for a QUIC connection and perform a denial of service (DoS) attack.
380) Path traversal (CVE-ID: CVE-2022-41720)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to the way os.DirFS function and http.Dir type handle empty values on Windows, allowing an attacker with control over the path to view arbitrary files on the system.
381) Path traversal (CVE-ID: CVE-2022-41722)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences within the filepath.Clean() function on Windows, which can transform an invalid path such as "a/../c:/b" into the valid path "c:". As a result, an attacker can read arbitrary files on the system.
382) Observable discrepancy (CVE-ID: CVE-2023-45287)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a timing discrepancy when handling RSA based TLS key exchanges. A remote attacker can perform a Marvin attack and gain access to sensitive information.
383) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2023-46324)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to pkg/suci/suci.go in free5GC udm may compute a shared secret via an uncompressed public key that has not been validated. A remote attacker can send arbitrary SUCIs to the UDM to gain unauthorized access to sensitive information on the system.
384) Missing Authorization (CVE-ID: CVE-2023-2183)
The vulnerability allows a remote user to bypass implemented security restrictions.
The vulnerability exists due to missing authorization in the alerts feature within API. A remote user can use the API to send multiple alert messages to e-mail and Slack, spamming users, prepare Phishing attack or block SMTP server.
385) Stored cross-site scripting (CVE-ID: CVE-2023-22462)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Text plugin. A remote user with Editor role can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
386) NULL pointer dereference (CVE-ID: CVE-2023-23004)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the get_sg_table() function in drivers/gpu/drm/arm/malidp_planes.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
387) Input validation error (CVE-ID: CVE-2023-22995)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of user-supplied input within the dwc3_qcom_acpi_register_core() function in drivers/usb/dwc3/dwc3-qcom.c. A local user can execute arbitrary code on the system with elevated privileges.
388) NULL pointer dereference (CVE-ID: CVE-2023-23000)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the tegra_xusb_find_port_node() function in drivers/phy/tegra/xusb.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.
389) Return of pointer value outside of expected range (CVE-ID: CVE-2023-22998)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to unexpected value of the pointer returned as value in the drm_gem_shmem_get_sg_table() function in drivers/gpu/drm/virtio/virtgpu_object.c. A local user can perform a denial of service (DoS) attack.
390) Use-after-free (CVE-ID: CVE-2023-1118)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in the Linux kernel integrated infrared receiver/transceiver driver "drivers/media/rc/ene_ir.c" when detaching rc device. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
391) NULL pointer dereference (CVE-ID: CVE-2023-1095)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in the nf_tables_updtable() function within the netfilter subsystem. A local user can perform a denial of service (DoS) attack.
392) Out-of-bounds write (CVE-ID: CVE-2023-1078)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the rds_rm_zerocopy_callback() function in Linux kernel RDS (Reliable Datagram Sockets) protocol. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.
393) Type Confusion (CVE-ID: CVE-2023-1076)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error during initialization of TUN/TAP sockets. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.
394) Type Confusion (CVE-ID: CVE-2023-1075)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error within the tls_is_tx_ready() function in the net/tls stack of the Linux Kernel. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.
395) Use-after-free (CVE-ID: CVE-2022-3523)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when in mm/memory.c in Linux kernel. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.
396) Double Free (CVE-ID: CVE-2023-26545)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a double free in net/mpls/af_mpls.c during the renaming of a device. A local user can trigger a double free error and execute arbitrary code with elevated privileges.
397) Integer overflow (CVE-ID: CVE-2023-23559)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to integer overflow within the rndis_query_oid() function in drivers/net/wireless/rndis_wlan.c. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.
398) Memory leak (CVE-ID: CVE-2023-0597)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to memory leak within the Linux kernel cpu_entry_area mapping of X86 CPU data. A local user can gain access to sensitive information.
399) Path traversal (CVE-ID: CVE-2022-32275)
The vulnerability allows a remote user to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.
Exploitation example:
/dashboard/snapshot/%7B%7Bconstructor.constructor'/.. /.. /.. /.. /.. /.. /.. /.. /etc/passwd
400) Use-after-free (CVE-ID: CVE-2023-0461)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error within the Upper Level Protocol (ULP) subsystem in Linux kernel caused by improper handling of sockets entering the LISTEN state in certain protocols. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.
401) Security features bypass (CVE-ID: CVE-2023-0045)
The vulnerability allows a local user to bypass implemented security restrictions.
The vulnerability exists due to Linux kernel does not correctly mitigate SMT attacks. A local user can bypass Spectre-BTI user space mitigations and gain access to sensitive information.
402) NULL pointer dereference (CVE-ID: CVE-2022-38096)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. A local user can perform a denial of service (DoS) attack.
403) Out-of-bounds write (CVE-ID: CVE-2022-36280)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.
404) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-5528)
The vulnerability allows a remote user to escalate privileges on the system.
The vulnerability exists due to improper access restrictions. A remote user with ability to create pods and persistent volumes on Windows nodes can obtain admin privileges on those nodes.
The vulnerability affects Kubernetes clusters only, if they are using an in-tree storage plugin for Windows nodes.
405) Unprotected storage of credentials (CVE-ID: CVE-2019-11250)
The vulnerability allows a local user to gain access to other users' credentials.
The vulnerability exists due Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected. A local user can view contents of the configuration file and gain access to passwords for 3rd party integration.
406) Resource exhaustion (CVE-ID: CVE-2023-34462)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources if no idle timeout handler was configured. A remote attacker can send a client hello packet, which leads the server to buffer up to 16MB of data per connection and results in a denial of service condition.
407) Information disclosure (CVE-ID: CVE-2023-25165)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to insecure usage of the getHostByName template function. A remote attacker can use DNS exfiltration technique to gain access to sensitive information.
408) Out-of-bounds read (CVE-ID: CVE-2023-4693)
The vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the NTFS driver in grub-core/fs/ntfs.c when reading data from the resident $DATA attribute. A attacker with physical access to the system use a specially crafted NTFS file system image to read arbitrary memory locations, such as data cached in memory or EFI variables values.
409) Out-of-bounds write (CVE-ID: CVE-2023-4692)
The vulnerability allows a local user to bypass secure boot protection.
The vulnerability exists due to a boundary error in NTFS driver implementation in grub-core/fs/ntfs.c when parsing the $ATTRIBUTE_LIST attribute for the $MFT file. A local user can pass a specially crafted image to the application, trigger an out-of-bounds write and bypass secure boot protection.
Remediation
Install update from vendor's website.
References
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6e43b8aa7cd3c3af686caf0c2e11819a886d705
- https://kernel.dance/e6e43b8aa7cd3c3af686caf0c2e11819a886d705
- https://bugzilla.redhat.com/show_bug.cgi?id=2240561
- https://github.com/torvalds/linux/commit/7644b1a1c9a7ae8ab99175989bfc8676055edb46
- https://bugzilla.kernel.org/show_bug.cgi?id=218032#c4
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bb5ed01cd2428cd25b1c88a3a9cba87055eb289f
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.5.3
- https://security.netapp.com/advisory/ntap-20231110-0001/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3bb2a01caa813d3a1845d378bbe4169ef280d394
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e91b0ebd994635df2346353322ac51ce84ce6d8
- https://kernel.dance/3e91b0ebd994635df2346353322ac51ce84ce6d8
- https://lists.debian.org/debian-lts-announce/2023/10/msg00027.html
- https://access.redhat.com/security/cve/CVE-2023-39198
- https://bugzilla.redhat.com/show_bug.cgi?id=2218332
- https://www.zerodayinitiative.com/advisories/ZDI-24-994/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ff0a3a7d52ff7282dbd183e7fc29a1fe386b0c30
- https://www.zerodayinitiative.com/advisories/ZDI-24-995/
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00794.html
- https://www.zerodayinitiative.com/advisories/ZDI-23-439/
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=3bcd6c7eaa53
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8fc134fee27f2263988ae38920bc03da416b03d8
- https://kernel.dance/8fc134fee27f2263988ae38920bc03da416b03d8
- https://access.redhat.com/security/cve/CVE-2023-6039
- https://bugzilla.redhat.com/show_bug.cgi?id=2248755
- https://github.com/torvalds/linux/commit/1e7417c188d0a83fb385ba2dbe35fd2563f2b6f3
- https://kernel.dance/b3d26c5702c7d6c45456326e56d2ccf3f103e60f
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d26c5702c7d6c45456326e56d2ccf3f103e60f
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-6.1.y&id=790c2f9d15b594350ae9bca7b236f2b1859de02c
- https://kernel.dance/790c2f9d15b594350ae9bca7b236f2b1859de02c
- https://www.debian.org/security/2023/dsa-5492
- https://bugzilla.redhat.com/show_bug.cgi?id=2235306
- https://bugzilla.redhat.com/show_bug.cgi?id=2235467
- https://patchwork.kernel.org/project/linux-btrfs/patch/20220324134454.15192-1-baijiaju1990@gmail.com/
- https://access.redhat.com/security/cve/CVE-2023-4389
- https://bugzilla.redhat.com/show_bug.cgi?id=2219271
- https://seclists.org/oss-sec/2023/q4/14
- https://access.redhat.com/security/cve/CVE-2023-42753
- https://www.openwall.com/lists/oss-security/2023/09/22/10
- https://bugzilla.redhat.com/show_bug.cgi?id=2239843
- https://seclists.org/oss-sec/2023/q3/216
- https://bugzilla.redhat.com/show_bug.cgi?id=2213802
- https://bugzilla.redhat.com/show_bug.cgi?id=2229642
- https://bugzilla.redhat.com/show_bug.cgi?id=2226788
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-18111/
- https://github.com/torvalds/linux/commit/dfa73c17d55b921e1d4e154976de35317e43a93a
- https://bugzilla.redhat.com/show_bug.cgi?id=2226787
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-18866/
- https://lore.kernel.org/all/20230828221255.124812-1-wander@redhat.com/
- https://bugzilla.redhat.com/show_bug.cgi?id=2226784
- https://www.zerodayinitiative.com/advisories/ZDI-CAN-18408/
- https://lore.kernel.org/all/20230828132107.18376-1-wander@redhat.com/
- https://kernel.dance/32671e3799ca2e4590773fd0e63aaa4229e50c06
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/kernel/events?id=32671e3799ca2e4590773fd0e63aaa4229e50c06
- https://access.redhat.com/security/cve/CVE-2023-6176
- https://bugzilla.redhat.com/show_bug.cgi?id=2219359
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cfaa80c91f6f99b9342b6557f0f0e1143e434066
- https://bugzilla.redhat.com/show_bug.cgi?id=2184395
- https://lore.kernel.org/all/20230313090002.3308025-1-zyytlz.wz@163.com/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ea4f1009408efb4989a0f139b70fb338e7f687d0
- https://curl.haxx.se/docs/CVE-2022-35252.html
- https://bugs.openldap.org/show_bug.cgi?id=9904
- https://access.redhat.com/security/cve/CVE-2023-2953
- https://dev.gnupg.org/T6284
- https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f61a5ea4e0f6a80fd4b28ef0174bee77793cf070
- https://www.debian.org/security/2022/dsa-5305
- https://gitlab.com/gnutls/gnutls/-/issues/1511
- https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23
- https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html
- https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-x7ch-h5rf-w2mf
- https://developer.arm.com/Arm%20Security%20Center/GCC%20Stack%20Protector%20Vulnerability%20AArch64
- https://github.com/json-c/json-c/pull/592
- https://github.com/openSUSE/libeconf/releases/tag/v0.5.2
- https://github.com/openSUSE/libeconf/issues/178
- https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-22652
- https://raw.githubusercontent.com/yangjiageng/PoC/master/libeconf-PoC/tst-write-string-data.c
- https://github.com/yangjiageng/PoC/blob/master/libeconf-PoC/econf_writeFile_546
- https://raw.githubusercontent.com/yangjiageng/PoC/master/libeconf-PoC/tst-logindefs1.c
- https://github.com/openSUSE/libeconf/issues/177
- https://github.com/yangjiageng/PoC/blob/master/libeconf-PoC/read_file_503
- https://curl.haxx.se/docs/CVE-2022-32208.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2069726
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=71b547f561247897a0a14f3082730156c0533fed
- https://github.com/ZoneMinder/zoneminder/releases/tag/1.36.33
- https://www.ibm.com/support/pages/node/6999699
- https://github.com/gwsw/less/commit/a78e1351113cef564d790a730d657a321624d79c
- http://www.greenwoodsoftware.com/less/news.609.html
- https://www.openwall.com/lists/oss-security/2023/02/07/7
- http://www.openwall.com/lists/oss-security/2023/02/07/7
- https://github.com/krb5/krb5/compare/krb5-1.20.1-final...krb5-1.20.2-final
- https://github.com/krb5/krb5/commit/ef08b09c9459551aabbe7924fb176f1583053cdd
- https://github.com/krb5/krb5/compare/krb5-1.21-final...krb5-1.21.1-final
- https://www.samba.org/samba/security/CVE-2022-42898.html
- https://access.redhat.com/security/cve/CVE-2023-5178
- https://bugzilla.redhat.com/show_bug.cgi?id=2241924
- https://lore.kernel.org/linux-nvme/20231002105428.226515-1-sagi@grimberg.me/
- https://bugzilla.redhat.com/show_bug.cgi?id=2226777
- https://www.zerodayinitiative.com/advisories/ZDI-24-592/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6eaf41e87a223ae6f8e7a28d6e78384ad7e407f8
- https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230720071721.14777-1-pablo@netfilter.org/
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.18
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.20
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.21
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.25
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.26
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.27
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.28
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.29
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.30
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.31
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.18
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.20
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.21
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.25
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.26
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.27
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.28
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.29
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.30
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.31
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.32
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.33
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.34
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.35
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.36
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.37
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.38
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.39
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.40
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.41
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.42
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.43
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.44
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.45
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.46
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.47
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.48
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.49
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.50
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.51
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.52
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.53
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.54
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.55
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.56
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.57
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.58
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.59
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.60
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.61
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.62
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.63
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.64
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.65
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.66
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.67
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.68
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.69
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.70
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.71
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.72
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.73
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.74
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.75
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.5/ChangeLog-2.5.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.0
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.13.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.8.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.100
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.101
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.18
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.20
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.21
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.25
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.26
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.27
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.28
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.29
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.30
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.31
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.32
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.33
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.34
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.35
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.36
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.37
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.38
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.39
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.40
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.41
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.42
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.43
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.44
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.45
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.46
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.47
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.48
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.49
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.50
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.51
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.52
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.53
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.54
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.55
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.56
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.57
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.58
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.59
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.60
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.61
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.62
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.63
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.64
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.65
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.66
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.67
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.68
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.69
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.70
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.71
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.72
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.73
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.74
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.75
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.76
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.77
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.78
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.79
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.80
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.81
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.82
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.84
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.85
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.86
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.87
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.88
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.89
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.90
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.91
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.92
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.93
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.94
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.95
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.96
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.97
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.98
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.0.99
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.1.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.100
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.101
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.102
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.103
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.104
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.105
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.106
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.107
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.108
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.18
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.20
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.21
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.25
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.26
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.27
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.28
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.29
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.30
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.31
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.32
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.33
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.34
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.35
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.36
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.37
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.38
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.39
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.40
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.41
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.42
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.43
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.44
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.45
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.46
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.47
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.48
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.49
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.50
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.51
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.52
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.53
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.54
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.55
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.56
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.57
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.58
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.59
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.60
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.61
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.62
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.63
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.64
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.65
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.66
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.67
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.68
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.69
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.70
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.71
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.72
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.73
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.74
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.75
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.76
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.77
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.78
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.79
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.80
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.81
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.82
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.84
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.85
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.86
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.87
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.88
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.89
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.90
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.91
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.92
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.93
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.94
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.95
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.96
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.97
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.98
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.10.99
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.11.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.11.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.11.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.11.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.11.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.11.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.11.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.11.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.11.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.11.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.18
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.20
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.21
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.25
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.26
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.27
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.28
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.29
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.30
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.31
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.32
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.33
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.34
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.35
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.36
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.37
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.38
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.39
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.40
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.41
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.42
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.43
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.44
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.45
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.46
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.47
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.48
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.49
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.50
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.51
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.52
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.53
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.54
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.55
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.56
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.57
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.58
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.59
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.60
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.61
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.62
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.63
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.64
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.65
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.66
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.67
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.68
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.69
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.70
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.71
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.72
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.73
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.74
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.12.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.13.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.13.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.13.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.13.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.13.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.13.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.13.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.13.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.13.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.13.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.13.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.18
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.20
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.21
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.25
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.26
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.27
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.28
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.29
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.30
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.31
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.32
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.33
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.34
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.35
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.36
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.37
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.38
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.39
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.40
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.41
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.42
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.43
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.44
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.45
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.46
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.47
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.48
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.49
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.50
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.51
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.52
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.53
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.54
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.55
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.56
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.57
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.58
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.59
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.60
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.61
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.62
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.63
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.64
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.65
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.66
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.67
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.68
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.69
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.70
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.71
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.72
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.73
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.74
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.75
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.76
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.77
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.78
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.79
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.14.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.15.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.15.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.15.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.15.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.15.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.15.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.15.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.15.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.15.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.15.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.36
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.37
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.38
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.39
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.40
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.41
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.42
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.43
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.44
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.45
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.46
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.47
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.48
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.49
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.50
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.51
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.52
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.53
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.54
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.55
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.56
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.57
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.58
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.59
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.60
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.61
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.62
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.63
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.64
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.65
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.66
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.67
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.68
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.69
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.70
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.71
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.72
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.73
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.74
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.75
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.76
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.77
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.78
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.79
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.80
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.81
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.82
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.84
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.16.85
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.17.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.17.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.17.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.17.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.17.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.17.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.17.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.17.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.100
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.101
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.102
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.103
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.104
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.105
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.106
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.107
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.108
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.109
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.110
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.111
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.112
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.113
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.114
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.115
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.116
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.117
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.118
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.119
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.120
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.121
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.122
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.123
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.124
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.125
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.126
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.127
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.128
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.129
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.130
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.131
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.132
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.133
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.134
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.135
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.136
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.137
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.138
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.139
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.140
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.18
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.20
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.21
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.25
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.26
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.27
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.28
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.29
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.30
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.31
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.32
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.33
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.34
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.35
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.36
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.37
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.38
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.39
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.40
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.41
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.42
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.43
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.44
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.45
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.46
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.47
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.48
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.49
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.50
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.51
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.52
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.53
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.54
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.55
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.56
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.57
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.58
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.59
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.60
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.61
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.62
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.63
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.64
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.65
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.66
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.67
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.68
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.69
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.70
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.71
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.72
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.73
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.74
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.75
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.76
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.77
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.78
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.79
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.80
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.81
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.82
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.84
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.85
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.86
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.87
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.88
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.89
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.90
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.91
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.92
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.93
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.94
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.95
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.96
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.97
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.98
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.18.99
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.19.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.19.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.19.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.19.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.19.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.19.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.19.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.19.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.10
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.100
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.101
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.102
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.11
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.12
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.13
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.14
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.15
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.16
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.17
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.18
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.19
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.20
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.21
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.22
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.23
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.24
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.25
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.26
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.27
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.28
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.29
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.30
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.31
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.32
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.33
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.34
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.35
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.36
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.37
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.38
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.39
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.40
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.41
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.42
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.43
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.44
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.45
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.46
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.47
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.48
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.49
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.50
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.51
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.52
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.53
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.54
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.55
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.56
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.57
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.58
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.59
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.60
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.61
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.62
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.63
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.64
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.65
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.66
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.67
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.68
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.69
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.7
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.70
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.71
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.72
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.73
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.74
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.75
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.76
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.77
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.78
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.79
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.8
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.80
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.81
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.82
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.83
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.84
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.85
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.86
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.87
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.88
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.89
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.9
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.90
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.91
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.92
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.93
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.94
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.95
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.96
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.97
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.98
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.2.99
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.3.1
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.3.2
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.3.3
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.3.4
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.3.5
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.3.6
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.0/ChangeLog-3.3.7
- https://mirrors.edge.kernel.org/pub/li
- https://xenbits.xen.org/xsa/advisory-441.html
- https://lore.kernel.org/all/687864524.118195.1681799447034.JavaMail.zimbra@nod.at/
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=181d8d2066c0
- https://bugzilla.redhat.com/show_bug.cgi?id=2175903
- https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00020.html
- https://lists.gnu.org/archive/html/bug-ncurses/2023-04/msg00029.html
- https://lore.kernel.org/lkml/CAJedcCwkuznS1kSTvJXhzPoavcZDWNhNMshi-Ux0spSVRwU=RA@mail.gmail.com/T/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2b947f8769be8b8181dc795fd292d3e7120f5204
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.2
- https://lore.kernel.org/all/20230327121700.52d881e0@canb.auug.org.au/
- https://github.com/google/security-research/security/advisories/GHSA-m7j5-797w-vmrh
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=74e19ef0ff8061ef55957c3abd71614ef0f42f47
- https://xenbits.xen.org/xsa/advisory-435.html
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=363a5328f4b0
- https://bugzilla.redhat.com/show_bug.cgi?id=2224048
- https://access.redhat.com/security/cve/CVE-2023-3812
- https://lore.kernel.org/netfilter-devel/20230705121515.747251-1-cascardo@canonical.com/T/
- https://www.openwall.com/lists/oss-security/2023/07/05/3
- http://www.openwall.com/lists/oss-security/2023/07/05/3
- https://www.debian.org/security/2023/dsa-5453
- https://kernel.dance/1240eb93f0616b21c675416516ff3d74798fdc97
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97
- https://www.debian.org/security/2023/dsa-5448
- https://lore.kernel.org/netfilter-devel/20230705121627.GC19489@breakpoint.cc/T/
- https://www.openwall.com/lists/oss-security/2023/07/05/2
- http://www.openwall.com/lists/oss-security/2023/07/05/2
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1240eb93f0616b21c675416516ff3d74798fdc97
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=07db5e247ab5858439b14dd7cc1fe538b9efcf32
- https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/commit/?id=b250b32ab1d044953af2dc5e790819a7703b7ee6
- https://lock.cmpxchg8b.com/zenbleed.html
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7008.html
- https://lore.kernel.org/lkml/20230307173900.1299387-1-zyytlz.wz@163.com/T/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3228cec23b8b29215e18090c6ba635840190993d
- https://lore.kernel.org/all/a4dafa22-3ee3-dbe1-fd50-fee07883ce1a@xs4all.nl/
- https://lore.kernel.org/all/49bb0b6a-e669-d4e7-d742-a19d2763e947@xs4all.nl/
- https://lore.kernel.org/lkml/20230318085023.832510-1-zyytlz.wz@163.com/t/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=30cf57da176cca80f11df0d9b7f71581fe601389
- https://source.android.com/docs/security/bulletin/pixel/2023-07-01
- https://www.openwall.com/lists/oss-security/2023/06/07/1
- https://git.kernel.org/linus/4d56304e5827c8cc8cc18c75343d283af7c4825c
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.7
- http://www.openwall.com/lists/oss-security/2023/06/17/1
- https://seclists.org/oss-sec/2023/q2/213
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.15.y&id=0e388fce7aec40992eadee654193cad345d62663
- https://kernel.dance/4716c73b188566865bdd79c3a6709696a224ac04
- https://kernel.dance/0e388fce7aec40992eadee654193cad345d62663
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.10.y&id=4716c73b188566865bdd79c3a6709696a224ac04
- https://kernel.dance/ef7dfac51d8ed961b742218f526bd589f3900a59
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ef7dfac51d8ed961b742218f526bd589f3900a59
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b3d40c3ec3dc4ad78017de6c3a38979f57aaaab8
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=53ffa6a9f83b2170c60591da1ead8791d5a42e81
- https://github.com/torvalds/linux/commit/504a10d9e46bc37b23d0a1ae2f28973c8516e636
- https://bugzilla.redhat.com/show_bug.cgi?id=2214348
- https://bugzilla.redhat.com/show_bug.cgi?id=2213485
- https://github.com/torvalds/linux/commit/2b09d5d364986f724f17001ccfe4126b9b43a0be
- https://lore.kernel.org/lkml/CAPDyKFoV9aZObZ5GBm0U_-UVeVkBN_rAG-kH3BKoP4EXdYM4bw@mail.gmail.com/t/
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.3.4
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=63264422785021704c39b38f65a78ab9e4a186d7
- https://patchwork.kernel.org/project/linux-btrfs/patch/20220721074829.2905233-1-r33s3n6@gmail.com/
- https://security.netapp.com/advisory/ntap-20230703-0007/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=90cbed5247439a966b645b34eb0a2e037836ea8e
- https://kernel.dance/90cbed5247439a966b645b34eb0a2e037836ea8e
- https://source.android.com/docs/security/bulletin/2023-05-01
- https://android.googlesource.com/kernel/common/+/ec6fe823507b2f6ef4a58f3a9bee9a5ec086c32c
- https://android.googlesource.com/kernel/common/+/984241bdc04f401c423005a52eb013b00e19358c
- https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-7005
- http://xenbits.xen.org/xsa/advisory-434.html
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7031.html
- https://lore.kernel.org/lkml/CAO4mrfcV_07hbj8NUuZrA8FH-kaRsrFy-2metecpTuE5kKHn5w@mail.gmail.com/
- https://bugzilla.redhat.com/show_bug.cgi?id=2154178
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=98bea253aa28ad8be2ce565a9ca21beb4a9419e5
- https://bugzilla.redhat.com/show_bug.cgi?id=2218943
- https://access.redhat.com/security/cve/CVE-2023-3772
- http://www.openwall.com/lists/oss-security/2023/08/10/1
- http://www.openwall.com/lists/oss-security/2023/08/10/3
- https://bugzilla.redhat.com/show_bug.cgi?id=2235470
- https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230812110526.49808-1-fw@strlen.de/
- https://access.redhat.com/security/cve/CVE-2023-4569
- https://bugzilla.redhat.com/show_bug.cgi?id=2219268
- https://github.com/torvalds/linux/commit/edf410cb74dc612fd47ef5be319c5a0bcd6e6ccd
- https://access.redhat.com/security/cve/CVE-2023-4459
- https://access.redhat.com/security/cve/CVE-2023-4387
- https://bugzilla.redhat.com/show_bug.cgi?id=2219270
- https://github.com/torvalds/linux/commit/9e7fef9521e73ca8afd7da9e58c14654b02dfad8
- https://bugzilla.redhat.com/show_bug.cgi?id=2221609
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3TYLSJ2SAI7RF56ZLQ5CQWCJLVJSD73Q/
- https://github.com/torvalds/linux/commit/d42334578eba1390859012ebb91e1e556d51db49
- https://lore.kernel.org/all/20230731164237.48365-1-lersek@redhat.com/
- https://lore.kernel.org/all/20230731164237.48365-2-lersek@redhat.com/
- https://access.redhat.com/security/cve/CVE-2023-4194
- https://lore.kernel.org/all/20230731164237.48365-3-lersek@redhat.com/
- https://bugzilla.redhat.com/show_bug.cgi?id=2229498
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/344H6HO6SSC4KT7PDFXSDIXKMKHISSGF/
- https://access.redhat.com/security/cve/CVE-2023-4147
- https://www.spinics.net/lists/stable/msg671573.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2225239
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ebc1064e4874d5987722a2ddbc18f94aa53b211
- https://www.debian.org/security/2023/dsa-5480
- https://github.com/torvalds/linux/commit/dbe836576f12743a7d2d170ad4ad4fd324c4d47a
- https://bugzilla.redhat.com/show_bug.cgi?id=2221700
- https://bugzilla.redhat.com/show_bug.cgi?id=2221702
- https://bugzilla.redhat.com/show_bug.cgi?id=2225511
- https://lore.kernel.org/netdev/193d6cdf-d6c9-f9be-c36a-b2a7551d5fb6@mojatatu.com/
- https://access.redhat.com/security/cve/CVE-2023-4128
- https://access.redhat.com/security/cve/CVE-2023-3863
- https://github.com/torvalds/linux/commit/6709d4b7bc2e079241fdef15d1160581c5261c10
- https://bugzilla.redhat.com/show_bug.cgi?id=2225126
- https://syzkaller.appspot.com/bug?extid=18996170f8096c6174d0
- https://lore.kernel.org/all/000000000000c0ffe505fe86c9ca@google.com/T/
- https://lore.kernel.org/all/000000000000e56434059580f86e@google.com/T/
- https://lore.kernel.org/all/CA+UBctC3p49aTgzbVgkSZ2+TQcqq4fPDO7yZitFT5uBPDeCO2g@mail.gmail.com/
- https://kernel.dance/4bedf9eee016286c835e3d8fa981ddece5338795
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=4bedf9eee016286c835e3d8fa981ddece5338795
- https://www.debian.org/security/2023/dsa-5461
- https://xenbits.xen.org/xsa/advisory-432.html
- https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7007.html
- https://www.zerodayinitiative.com/advisories/ZDI-23-440/
- https://github.com/torvalds/linux/commit/b04e75a4a8a81887386a0d2dbf605a48e779d2a0
- https://bugzilla.redhat.com/show_bug.cgi?id=2225275
- https://access.redhat.com/security/cve/CVE-2023-4004
- https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230719190824.21196-1-fw@strlen.de/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=0323bce598eea038714f941ce2b22541c46d488f
- https://kernel.dance/0323bce598eea038714f941ce2b22541c46d488f
- https://kernel.dance/3e337087c3b5805fe0b8a46ba622a962880b5d64
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e337087c3b5805fe0b8a46ba622a962880b5d64
- https://kernel.dance/04c55383fa5689357bcdd2c8036725a55ed632bc
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=04c55383fa5689357bcdd2c8036725a55ed632bc
- https://www.spinics.net/lists/stable-commits/msg285184.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2221463
- https://lore.kernel.org/lkml/1682238502-1892-1-git-send-email-yangpc@wangsu.com/T/
- https://www.openwall.com/lists/oss-security/2023/04/13/4
- https://www.openwall.com/lists/oss-security/2023/04/12/5
- http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56
- https://github.com/nghttp2/nghttp2/blob/e7f59406556c80904b81b593d38508591bb7523a/lib/nghttp2_session.c#L3346
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-jfxv-29pc-x22r
- https://patchwork.kernel.org/project/linux-fsdevel/patch/87iltzn3nd.fsf_-_@email.froward.int.ebiederm.org/
- http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html
- https://github.com/xerial/snappy-java/releases/tag/v1.1.10.1
- https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r
- https://medium.com/@zenmoviefornotification/saidov-maxim-cve-2023-26604-c1232a526ba7
- https://github.com/systemd/systemd/blob/main/NEWS#L4335-L4340
- https://blog.compass-security.com/2012/10/dangerous-sudoers-entries-part-2-insecure-functionality/
- https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
- https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13
- https://www.sudo.ws/releases/stable/#1.9.13p2
- https://www.openwall.com/lists/oss-security/2023/02/28/1
- http://www.openwall.com/lists/oss-security/2023/03/01/8
- https://www.sqlite.org/src/info/c431b3fd8fd0f6a6
- https://www.sqlite.org/src/info/a67cf5b7d37d5b14
- https://spring.io/security/cve-2023-34034
- https://security.netapp.com/advisory/ntap-20230814-0008/
- https://spring.io/security/cve-2023-34035
- https://github.com/xerial/snappy-java/security/advisories/GHSA-pqr6-cmr2-h8hf
- https://huntr.dev/bounties/be837427-415c-4d8c-808b-62ce20aa84f1
- https://github.com/emicklei/go-restful/commit/fd3c327a379ce08c68ef18765bdc925f5d9bad10
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OBDD3Q23RCGAGHIXUCWBU6N3S4RNAKXB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/575BLJ3Y2EQBRNTFR2OSQQ6L2W6UCST3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/
- https://savannah.gnu.org/bugs/?62387
- https://savannah.gnu.org/patch/?10307
- https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c
- https://github.com/opencontainers/runc/pull/3785
- https://github.com/opencontainers/runc/issues/3751
- https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9
- https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334
- https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html
- https://github.com/advisories/GHSA-vpvm-3wq2-2wvm
- https://github.com/opencontainers/runc/security/advisories/GHSA-m8cg-xc2p-r3fc
- https://github.com/opencontainers/runc/commit/0d62b950e60f6980b54fe3bafd9a9c608dc1df17
- https://github.com/psf/requests/security/advisories/GHSA-j8r2-6x86-q33q
- https://github.com/psf/requests/releases/tag/v2.31.0
- https://github.com/psf/requests/commit/74ea7cf7a6a27a4eeb2ae24e162bcc942a6706d5
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AW7HNFGYP44RT3DUDQXG2QT3OEV2PJ7Y/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KOYASTZDGQG2BWLSNBPL3TQRL2G7QYNZ/
- https://github.com/pytest-dev/py/blob/cb87a83960523a2367d0f19226a73aed4ce4291d/py/_path/svnurl.py#L316
- https://github.com/pytest-dev/py/issues/287
- https://github.com/advisories/GHSA-w596-4wvx-j9j6
- https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97
- https://github.com/pyca/cryptography/pull/9926
- https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a
- https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
- https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3
- https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/oxX69KFvsm4/m/yLohoVqtCgAJ
- https://github.com/certifi/python-certifi/security/advisories/GHSA-43fp-rhv2-5gv8
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/583
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/344
- http://www.openwall.com/lists/oss-security/2023/10/06/5
- https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200
- https://pyup.io/posts/pyup-discovers-redos-vulnerabilities-in-top-python-packages/
- https://github.com/pypa/setuptools/compare/v65.5.0...v65.5.1
- https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be
- https://pyup.io/vulnerabilities/CVE-2022-40897/52495/
- https://github.com/systemd/systemd/commit/b7641425659243c09473cd8fb3aef2c0d4a3eb9c
- https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4
- https://saltproject.io/security-announcements/2023-10-27-advisory/
- https://huntr.dev/bounties/b2989095-88f3-413a-9a39-c1c58a6e6815
- https://github.com/vim/vim/commit/7ac5023a5f1a37baafbe1043645f97ba3443d9f6
- https://github.com/nodejs/node/blob/75b68c6e4db515f76df73af476eccf382bbcb00a/deps/zlib/inflate.c#L762-L764
- https://github.com/ivd38/zlib_overflow
- https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1
- https://github.com/madler/zlib/blob/21767c654d31d2dccdde4330529775c6c5fd5389/zlib.h#L1062-L1063
- http://www.openwall.com/lists/oss-security/2022/08/05/2
- https://www.winimage.com/zLibDll/minizip.html
- https://github.com/madler/zlib/pull/843
- https://chromium.googlesource.com/chromium/src/+/d709fb23806858847131027da95ef4c548813356
- https://chromium.googlesource.com/chromium/src/+/de29dd6c7151d3cd37cb4cf0036800ddfb1d8b61
- https://github.com/madler/zlib/blob/ac8f12c97d1afd9bafa9c710f827d40a407d3266/contrib/README.contrib#L1-L4
- http://www.openwall.com/lists/oss-security/2023/10/20/9
- https://xenbits.xen.org/xsa/advisory-446.html
- https://xenbits.xen.org/xsa/advisory-445.html
- https://xenbits.xen.org/xsa/advisory-444.html
- https://xenbits.xen.org/xsa/advisory-442.html
- https://xenbits.xen.org/xsa/advisory-443.html
- https://xenbits.xen.org/xsa/advisory-438.html
- https://github.com/vim/vim/commit/d13dd30240e32071210f55b587182ff48757ea46
- https://huntr.dev/bounties/4d0a9615-d438-4f5c-8dd6-aa22f4b716d9
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IE44W6WMMREYCW3GJHPSYP7NK2VT5NY6/
- https://github.com/vim/vim/commit/e0f869196930ef5f25a0ac41c9215b09c9ce2d3c
- https://huntr.dev/bounties/2d4d309e-4c96-415f-9070-36d0815f1beb
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PDVN5HSWPNVP4QXBPCEGZDLZKURLJWTE/
- https://github.com/vim/vim/releases/tag/v9.0.1873
- https://huntr.dev/bounties/c867eb0a-aa8b-4946-a621-510350673883
- https://github.com/vim/vim/commit/f6d28fe2c95c678cc3202cc5dc825a3fcc709e93
- https://lists.debian.org/debian-lts-announce/2023/09/msg00035.html
- https://github.com/vim/vim/commit/41e6f7d6ba67b61d911f9b1d76325cd79224753d
- https://huntr.dev/bounties/2c2d85a7-1171-4014-bf7f-a2451745861f
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDDWD25AZIHBAA44HQT75OWLQ5UMDKU3/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VGTVLUV7UCXXCZAIQIUCLG6JXAVYT3HE/
- https://github.com/vim/vim/commit/ab9a2d884b3a4abe319606ea95a5a6d6b01cd73a
- https://huntr.dev/bounties/31e67340-935b-4f6c-a923-f7246bc29c7d
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PCLJN4QINITA3ZASKLEJ64C5TFNKELMO/
- https://huntr.dev/bounties/3451be4c-91c8-4d08-926b-cbff7396f425
- https://github.com/vim/vim/commit/caf642c25de526229264cab9425e7c9979f3509b
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LOJP6M7ZTKZQYOGVOOAY6TIE6ACBJL55/
- https://github.com/vim/vim/commit/d1ae8366aff286d41e7f5bc513cc0a1af5130aad
- https://huntr.dev/bounties/1679be5a-565f-4a44-a430-836412a0b622
- https://github.com/vim/vim/commit/4c6fe2e2ea62469642ed1d80b16d39e616b25cf5
- https://huntr.dev/bounties/688e4382-d2b6-439a-a54e-484780f82217
- https://github.com/vim/vim/releases/tag/v9.0.1847
- https://github.com/vim/vim/commit/889f6af37164775192e33b233a90e86fd3df0f57
- https://github.com/vim/vim/releases/tag/v9.0.1848
- https://github.com/vim/vim/commit/ced2c7394aafdc90fb7845e09b3a3fee23d48cb1
- https://huntr.dev/bounties/9fc7dced-a7bb-4479-9718-f956df20f612
- https://github.com/vim/vim/releases/tag/v9.0.1840
- https://github.com/vim/vim/commit/e1dc9a627536304bc4f738c21e909ad9fcf3974c
- https://huntr.dev/bounties/1ce1fd8c-050a-4373-8004-b35b61590217
- https://github.com/vim/vim/releases/tag/v9.0.1857
- https://github.com/vim/vim/commit/fc68299d436cf87453e432daa77b6d545df4d7ed
- https://huntr.dev/bounties/1ab3ebdf-fe7d-4436-b483-9a586e03b0ea
- https://github.com/vim/vim/releases/tag/v9.0.1858
- https://github.com/vim/vim/commit/ee9166eb3b41846661a39b662dc7ebe8b5e15139
- https://huntr.dev/bounties/85f62dd7-ed84-4fa2-b265-8a369a318757
- https://github.com/urllib3/urllib3/security/advisories/GHSA-g4mx-q9vg-27p4
- https://www.rfc-editor.org/rfc/rfc9110.html#name-get
- https://github.com/urllib3/urllib3/commit/4e98d57809dacab1cbe625fddeec1a290c478ea9
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PPDPLM6UUMN55ESPQWJFLLIZY4ZKCNRX/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4R2Y5XK3WALSR3FNAGN7JBYV2B343ZKB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5F5CUBAN5XMEBVBZPHFITBLMJV5FIJJ5/
- https://github.com/python/cpython/issues/98433
- https://www.openssl.org/news/secadv/20231106.txt
- https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.10.4
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/647e072ea0a2f12687fa05c172f4c4713fdb0c4f
- https://www.openssh.com/openbsd.html
- https://github.com/openssh/openssh-portable/commits/master
- https://www.openssh.com/txt/release-9.6
- https://www.terrapin-attack.com
- https://bugzilla.redhat.com/show_bug.cgi?id=2215945
- https://github.com/shadow-maint/shadow/commit/65c88a43a23c2391dcc90c0abda3e839e9c57904
- https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797
- https://github.com/shadow-maint/shadow/pull/687
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/
- https://github.com/facebook/zstd/pull/3220
- https://bugzilla.redhat.com/show_bug.cgi?id=2179864
- https://bugzilla.suse.com/show_bug.cgi?id=1209533
- https://github.com/lloyd/yajl/issues/250
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/ffaec75809a315457891a0e54f8828bc6e056067
- https://packetstormsecurity.com/files/download/169825/GS20221114165129.txt
- http://aix.software.ibm.com/aix/efixes/security/libxml2_advisory4.asc
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/644a89e080bced793295f61f18aac8cfad6bece2
- https://mail.gnome.org/archives/xml/2018-January/msg00010.html
- https://gitlab.gnome.org/GNOME/libxml2/-/issues/535
- https://gitlab.gnome.org/GNOME/libxml2/-/commit/09a2dd453007f9c7205274623acdd73747c22d64
- https://gitlab.com/gnutls/libtasn1/-/issues/32
- https://gitlab.com/gnutls/libtasn1/-/commit/44a700d2051a666235748970c2df047ff207aeb5
- https://www.openssl.org/news/secadv/20220621.txt
- https://github.com/systemd/systemd/issues/23928
- https://github.com/systemd/systemd/commit/9102c625a673a3246d7e73d8737f3494446bad4e
- https://github.com/systemd/systemd/pull/23933
- https://bugzilla.redhat.com/show_bug.cgi?id=2139327
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RVBQC2VLSDVQAPJTEMTREXDL4HYLXG2P/
- https://github.com/libssh2/libssh2/pull/476
- https://github.com/libssh2/libssh2/commit/0b44e558f311671f6e6d14c559bc1c9bda59b8df
- https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
- https://crbug.com/1430644
- https://sqlite.org/src/info/cefc032473ac5ad2
- https://sqlite.org/forum/forumpost/07beac8056151b2f
- https://news.ycombinator.com/item?id=33948588
- https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
- https://www.ruby-lang.org/en/news/2023/03/28/redos-in-uri-cve-2023-28755/
- https://hackerone.com/reports/1254844
- https://www.ruby-lang.org/en/news/2021/11/15/date-parsing-method-regexp-dos-cve-2021-41817/
- https://www.ruby-lang.org/en/news/2022/11/22/http-response-splitting-in-cgi-cve-2021-33621/
- https://bugzilla.redhat.com/show_bug.cgi?id=2230186
- https://bugzilla.redhat.com/show_bug.cgi?id=2228494
- https://gitlab.com/procps-ng/procps/-/issues/297#note_1496932093
- https://www.freelists.org/post/procps/ps-buffer-overflow-CVE-20234016
- https://github.com/PCRE2Project/pcre2/issues/141
- https://github.com/PCRE2Project/pcre2/commit/94e1c001761373b7d9450768aa15d04c25547a35
- https://www.openssl.org/news/secadv/20220503.txt
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=548d3f280a6e737673f5b61fce24bb100108dfeb
- https://www.openssl.org/news/secadv/20230207.txt
- https://www.tenable.com/security/tns-2023-11
- https://pointernull.com/security/python-url-parse-problem.html
- https://github.com/python/cpython/pull/99421
- https://github.com/python/cpython/issues/102153
- https://docs.python.org/3.10/whatsnew/changelog.html#python-3-10-12-final
- https://docs.python.org/3.9/whatsnew/changelog.html#python-3-9-17-final
- https://docs.python.org/3.8/whatsnew/changelog.html#python-3-8-17-final
- https://docs.python.org/3.7/whatsnew/changelog.html#python-3-7-17-final
- https://docs.python.org/3.11/whatsnew/changelog.html#python-3-11-14-final
- https://issues.apache.org/jira/browse/LOG4J2-2819
- https://github.com/urllib3/urllib3/security/advisories/GHSA-v845-jxx5-vc9f
- https://mail.python.org/archives/list/security-announce@python.org/thread/PEPLII27KYHLF4AK3ZQGKYNCRERG4YXY/
- https://docs.python.org/3.11/whatsnew/changelog.html#python-3-11-5-final
- https://github.com/python/cpython/issues/102988
- https://python-security.readthedocs.io/vuln/email-parseaddr-realname.html
- https://security.netapp.com/advisory/ntap-20230601-0003/
- https://mail.python.org/archives/list/security-announce@python.org/thread/F4PL35U6X4VVHZ5ILJU3PWUWN7H7LZXL/
- https://github.com/pypa/pip/pull/12306
- https://github.com/andk/cpanpm/pull/175
- https://www.openwall.com/lists/oss-security/2023/04/18/14
- https://metacpan.org/dist/CPAN/changes
- https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/
- http://www.openwall.com/lists/oss-security/2023/04/29/1
- https://github.com/xerial/snappy-java/security/advisories/GHSA-55g7-9cwv-5qfv
- https://github.com/xerial/snappy-java/commit/9f8c3cf74223ed0a8a834134be9c917b9f10ceb5
- https://github.com/dromara/hutool/issues/2748
- https://github.com/stleary/JSON-java/issues/708
- https://github.com/stleary/JSON-java/issues/771
- https://github.com/stleary/JSON-java/issues/758
- https://bitbucket.org/b_c/jose4j/issues/203/insecure-support-of-setting-pbe-less-then
- https://github.com/KANIXB/JWTIssues/blob/main/jose4j%20issue.md
- https://lists.apache.org/thread/vmqbp9mfxtrf0kmbnnmbn3h9j6dr9q55
- http://www.openwall.com/lists/oss-security/2023/10/20/5
- https://issues.apache.org/jira/browse/COMPRESS-612
- https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05
- https://github.com/openbsd/src/commit/7bc29a9d5cd697290aa056e94ecee6253d3425f8
- https://www.openssh.com/txt/release-9.3p2
- https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
- https://blog.qualys.com/vulnerabilities-threat-research/2023/07/19/cve-2023-38408-remote-code-execution-in-opensshs-forwarded-ssh-agent
- https://news.ycombinator.com/item?id=36790196
- https://github.com/openbsd/src/commit/f8f5a6b003981bb824329dc987d101977beda7ca
- https://github.com/openbsd/src/commit/f03a4faa55c4ce0818324701dadbf91988d7351d
- https://www.openssh.com/security.html
- https://security.gentoo.org/glsa/202307-01
- https://www.openssl.org/news/secadv/20220705.txt
- https://www.openssl.org/news/secadv/20230731.txt
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528
- https://www.openssl.org/news/secadv/20230719.txt
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb
- http://www.openwall.com/lists/oss-security/2023/07/19/5
- http://www.openwall.com/lists/oss-security/2023/07/19/4
- http://www.openwall.com/lists/oss-security/2023/07/19/6
- https://www.openssl.org/news/secadv/20230530.txt
- https://www.openssl.org/news/secadv/20230328.txt
- https://www.openssl.org/news/secadv/20230322.txt
- https://kernel.dance/#8c710f75256bb3cf05ac7b1672c82b92c43f3d28
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c710f75256bb3cf05ac7b1672c82b92c43f3d28
- https://seclists.org/oss-sec/2023/q1/126
- https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM/m/F5bwBlXMAQAJ?pli=1
- https://go.dev/issue/62197
- https://go.dev/cl/515257
- https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ
- https://pkg.go.dev/vuln/GO-2023-1987
- https://go.dev/issue/61460
- https://go.dev/cl/482077
- https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8
- https://go.dev/cl/482076
- https://go.dev/cl/482075
- https://go.dev/issue/59153
- https://pkg.go.dev/vuln/GO-2023-1705
- https://bugzilla.redhat.com/show_bug.cgi?id=2107342
- https://github.com/golang/go/issues/52814
- https://github.com/golang/vulndb/issues/531
- https://groups.google.com/g/golang-announce
- https://groups.google.com/g/golang-announce/c/oecdBNLOml8
- https://bugzilla.redhat.com/show_bug.cgi?id=2077689
- https://go.dev/cl/446916
- https://pkg.go.dev/vuln/GO-2022-1095
- https://go.dev/issue/56284
- https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ
- https://go-review.googlesource.com/c/go/+/491615
- https://pkg.go.dev/vuln/GO-2023-2095
- https://groups.google.com/g/golang-announce/c/XBa1oHDevAo
- https://go.dev/cl/533215
- https://go.dev/issue/63211
- https://go.dev/issue/62196
- https://access.redhat.com/security/cve/CVE-2022-2509
- https://lists.gnupg.org/pipermail/gnutls-help/2022-July/004746.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2077688
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2023&m=slackware-security.345884
- https://dev.gnupg.org/T6027
- https://bugs.debian.org/1014157
- https://www.openwall.com/lists/oss-security/2022/06/30/1
- http://www.openwall.com/lists/oss-security/2022/07/02/1
- https://www.debian.org/security/2022/dsa-5174
- https://bugzilla.redhat.com/show_bug.cgi?id=2237798
- https://access.redhat.com/security/cve/CVE-2023-4813
- http://www.openwall.com/lists/oss-security/2023/10/03/8
- https://discourse.gnome.org/t/multiple-fixes-for-gvariant-normalisation-issues-in-glib/12835
- https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3126
- https://bugzilla.redhat.com/show_bug.cgi?id=2181182
- https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3125
- https://bugzilla.redhat.com/show_bug.cgi?id=2181183
- https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMRUSSELLHAERINGGOSAML2-608302
- https://github.com/russellhaering/gosaml2/issues/59
- https://github.com/russellhaering/gosaml2/security/advisories/GHSA-prjq-f4q3-fvfr
- https://bugzilla.suse.com/show_bug.cgi?id=1200299
- https://bugzilla.suse.com/show_bug.cgi?id=1205296
- https://github.com/prometheus/client_golang/pull/962
- https://github.com/prometheus/client_golang/releases/tag/v1.11.1
- https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p
- https://github.com/prometheus/client_golang/pull/987
- https://github.com/prometheus/alertmanager/releases/tag/v0.26.0
- https://github.com/prometheus/alertmanager/releases/tag/v0.25.1
- https://go.dev/issue/58006
- https://go.dev/cl/468124
- https://pkg.go.dev/vuln/GO-2023-1569
- https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
- https://github.com/golang/go/issues/53871
- https://github.com/golang/vulndb/issues/537
- https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.html
- https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.html
- https://bugzilla.redhat.com/show_bug.cgi?id=2215930
- https://bugzilla.redhat.com/show_bug.cgi?id=2107390
- https://github.com/golang/go/issues/59721
- https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ
- https://pkg.go.dev/vuln/GO-2023-1839
- https://go.dev/issue/60167
- https://go.dev/cl/501226
- https://go.dev/issue/58975
- https://pkg.go.dev/vuln/GO-2023-1704
- https://go.dev/cl/481994
- https://bugzilla.redhat.com/show_bug.cgi?id=2107376
- https://pkg.go.dev/vuln/GO-2023-1840
- https://go.dev/cl/501223
- https://go.dev/issue/60272
- https://github.com/libp2p/go-libp2p/commit/e30fcf7dfd4715ed89a5e68d7a4f774d3b9aa92d
- https://github.com/libp2p/go-libp2p/pull/2454
- https://github.com/quic-go/quic-go/pull/4012
- https://github.com/libp2p/go-libp2p/security/advisories/GHSA-876p-8259-xjgg
- https://github.com/libp2p/go-libp2p/commit/0cce607219f3710addc7e18672cffd1f1d912fbb
- https://github.com/golang/go/commit/2350afd2e8ab054390e284c95d5b089c142db017
- https://github.com/golang/go/issues/61460
- https://github.com/libp2p/go-libp2p/commit/445be526aea4ee0b1fa5388aa65d32b2816d3a00
- https://bugzilla.redhat.com/show_bug.cgi?id=2107388
- https://bugzilla.redhat.com/show_bug.cgi?id=2107386
- https://pkg.go.dev/vuln/GO-2023-1570
- https://go.dev/cl/468125
- https://go.dev/issue/58001
- https://go.dev/issue/60306
- https://pkg.go.dev/vuln/GO-2023-1842
- https://go.dev/cl/501224
- https://groups.google.com/g/golang-announce/c/2q13H6LEEx0
- https://go.dev/cl/506996
- https://pkg.go.dev/vuln/GO-2023-1878
- https://go.dev/issue/60374
- https://go.dev/issue/60305
- https://pkg.go.dev/vuln/GO-2023-1841
- https://go.dev/cl/501225
- https://go.dev/issue/54663
- https://groups.google.com/g/golang-announce/c/xtuG5faxtaU
- https://go.dev/cl/432976
- https://pkg.go.dev/vuln/GO-2022-1038
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/THKJHFMX4DAZXJ5MFPN3BNHZDN7BW5RI/
- https://github.com/golang/go/issues/59722
- https://bugzilla.redhat.com/show_bug.cgi?id=2107383
- https://bugzilla.redhat.com/show_bug.cgi?id=2107371
- https://go.dev/cl/471255
- https://pkg.go.dev/vuln/GO-2023-1621
- https://groups.google.com/g/golang-announce/c/3-TpUx48iQY
- https://go.dev/issue/58647
- https://go.dev/cl/482079
- https://pkg.go.dev/vuln/GO-2023-1703
- https://go.dev/issue/59234
- https://bugzilla.redhat.com/show_bug.cgi?id=2107374
- https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ
- https://go.dev/cl/403759
- https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e
- https://pkg.go.dev/vuln/GO-2022-0532
- https://go.dev/issue/52574
- https://go.dev/issue/54853
- https://go.dev/cl/439355
- https://pkg.go.dev/vuln/GO-2022-1037
- https://bugzilla.redhat.com/show_bug.cgi?id=2107392
- https://github.com/ecies/go/security/advisories/GHSA-8j98-cjfr-qx3h
- https://github.com/ecies/go/commit/c6e775163866d6ea5233eb8ec8530a9122101ebd
- https://github.com/ashutosh1206/Crypton/blob/master/Diffie-Hellman-Key-Exchange/Attack-Invalid-Curve-Point/README.md
- https://github.com/ecies/go/releases/tag/v2.0.8
- https://bugzilla.redhat.com/show_bug.cgi?id=2186428
- https://access.redhat.com/security/cve/CVE-2023-2004
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50462
- https://github.com/freetype/freetype/commit/e6fda039ad638866b7a6a5d046f03278ba1b7611
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NGWWGQULJ7QRNP4GY57HE7OO7VMRWMPN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FEJZMAUB4XP44HSHEBDWEKFGA7DUHY42/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4AOSGAOPXLBK4A5ZRTVZ4M6QKVLSWMWG/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJQI63HWZFL6M26Q6UOHKDY6LD2PFC5Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KDNGTGQAUZJ6YQDI2AVGYIFFPUMMZLKS/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VRSEIYMPWLVPGTC34N2Q3WAUHGGOWSWP/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SFZWDF43D73C5KWFF26GIIVZJKEFPS3K/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IHHD6KNH4WLUE6JG6HRQZWNAJMHJ32X7/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SLO7BL2MHZYPY6O3OAEAQL3SKYMGGO6M/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ES2CDRHR2Y4WY6DNDIAPYZFXJU3ZBFAV/
- https://go.dev/cl/482078
- https://go.dev/issue/59180
- https://pkg.go.dev/vuln/GO-2023-1702
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75393a2d54bcc40053e5262a3de9d70c5ebfbbfd
- https://sourceware.org/bugzilla/show_bug.cgi?id=29924
- https://security.netapp.com/advisory/ntap-20231006-0008/
- https://sourceware.org/bugzilla/show_bug.cgi?id=29988
- https://security.netapp.com/advisory/ntap-20230511-0009/
- https://bugzilla.redhat.com/show_bug.cgi?id=2180905
- https://bugzilla.redhat.com/show_bug.cgi?id=2150768
- https://sourceware.org/bugzilla/show_bug.cgi?id=29699
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5c831a3c7f3ca98d6aba1200353311e1a1f84c70
- https://bugs.launchpad.net/ubuntu/+source/binutils/+bug/1927070
- https://security.netapp.com/advisory/ntap-20230824-0013/
- https://sourceware.org/bugzilla/show_bug.cgi?id=29892
- https://bugzilla.redhat.com/show_bug.cgi?id=2167498
- https://access.redhat.com/security/cve/CVE-2023-25585
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=65cf035b8dc1df5d8020e0b1449514a3c42933e7
- https://security.netapp.com/advisory/ntap-20231103-0003/
- https://bugzilla.redhat.com/show_bug.cgi?id=2167505
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d12f8998d2d086f0a6606589e5aedb7147e6f2f1
- https://access.redhat.com/security/cve/CVE-2023-25588
- https://sourceware.org/bugzilla/show_bug.cgi?id=29677
- https://sourceware.org/bugzilla/show_bug.cgi?id=29799
- https://security.netapp.com/advisory/ntap-20231006-0003/
- https://sourceware.org/bugzilla/show_bug.cgi?id=29732
- https://sourceware.org/bugzilla/show_bug.cgi?id=29876
- https://sourceware.org/bugzilla/show_bug.cgi?id=29846
- https://sourceware.org/bugzilla/show_bug.cgi?id=29925
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d28fbc7197ba0e021a43f873eff90b05dcdcff6a
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GLZXZXFX2ZWTDU2QZUSZG36LZZVTKUVG/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/
- https://sourceware.org/bugzilla/show_bug.cgi?id=26241
- https://sourceware.org/bugzilla/show_bug.cgi?id=26240
- https://bugzilla.redhat.com/show_bug.cgi?id=2185646
- https://sourceware.org/bugzilla/show_bug.cgi?id=30285
- https://sourceware.org/git/?p=binutils-gdb.git;a=blobdiff;f=bfd/elf.c;h=185028cbd97ae0901c4276c8a4787b12bb75875a;hp=027d01437352555bc4ac0717cb0486c751a7775d;hb=c22d38baefc5a7a1e1f5cdc9dbb556b1f0ec5c57;hpb=f2f9bde5cde7ff34ed0a4c4682a211d402aa1086
- https://sourceware.org/bugzilla/show_bug.cgi?id=29290
- https://sourceware.org/bugzilla/show_bug.cgi?id=29289
- https://security.netapp.com/advisory/ntap-20231006-0010/
- https://kb.isc.org/docs/cve-2023-3341
- https://kb.isc.org/docs/cve-2023-2911
- https://kb.isc.org/docs/cve-2023-2828
- https://bugzilla.redhat.com/show_bug.cgi?id=2191692
- https://access.redhat.com/security/cve/CVE-2023-38472
- https://access.redhat.com/security/cve/CVE-2023-38473
- https://bugzilla.redhat.com/show_bug.cgi?id=2191694
- https://bugzilla.redhat.com/show_bug.cgi?id=2191690
- https://github.com/lathiat/avahi/issues/454
- https://sourceware.org/bugzilla/show_bug.cgi?id=29922
- https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8f2c64de86bc3d7556121fe296dd679000283931
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3XKYUAIORNQ32IZUOZFURECZKEXOHX7Z/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NSUNHSOWWLLNGHRM5TUBNCJHEYHPDX2M/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KGSKF4GH7425S6XFDQMWTJGD5U47BAZN/
- https://seclists.org/oss-sec/2023/q2/188
- https://github.com/c-ares/c-ares/releases/tag/cares-1_19_1
- https://github.com/libexpat/libexpat/pull/650
- https://github.com/libexpat/libexpat/pull/616
- https://github.com/libexpat/libexpat/issues/649
- https://curl.haxx.se/docs/CVE-2023-23916.html
- https://lists.nongnu.org/archive/html/dmidecode-devel/2023-03/msg00003.html
- https://github.com/adamreiser/dmiwrite
- https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=6ca381c1247c81f74e1ca4e7706f70bdda72e6f2
- https://git.savannah.nongnu.org/cgit/dmidecode.git/commit/?id=d8cfbc808f387e87091c25e7d5b8c2bb348bb206
- https://gitlab.freedesktop.org/dbus/dbus/-/issues/457
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BZYCDRMD7B4XO4HF6C6YTLH4YUD7TANP/
- https://curl.haxx.se/docs/CVE-2022-32206.html
- https://curl.haxx.se/docs/CVE-2023-38546.html
- https://curl.haxx.se/docs/CVE-2023-38039.html
- https://curl.haxx.se/docs/CVE-2023-27538.html
- https://curl.haxx.se/docs/CVE-2023-27536.html
- https://curl.haxx.se/docs/CVE-2023-27535.html
- https://curl.haxx.se/docs/CVE-2023-27534.html
- https://curl.haxx.se/docs/CVE-2023-27533.html
- https://curl.haxx.se/docs/CVE-2023-23915.html
- https://curl.haxx.se/docs/CVE-2023-23914.html
- https://curl.haxx.se/docs/CVE-2022-43552.html
- https://curl.haxx.se/docs/CVE-2022-43551.html
- https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b
- https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195/
- https://github.com/google/guava/commit/fec0dbc4634006a6162cfd4d0d09c962073ddf40
- https://github.com/google/guava/issues/4011
- https://lists.apache.org/thread.html/r215b3d50f56faeb2f9383505f3e62faa9f549bb23e8a9848b78a968e@%3Ccommits.ws.apache.org%3E
- https://lists.apache.org/thread.html/r4776f62dfae4a0006658542f43034a7fc199350e35a66d4e18164ee6@%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/r68d86f4b06c808204f62bcb254fcb5b0432528ee8d37a07ef4bc8222@%3Ccommits.ws.apache.org%3E
- https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a0569e00ef5e12bd5f6ba@%3Cissues.maven.apache.org%3E
- https://lists.apache.org/thread.html/rb8c0f1b7589864396690fe42a91a71dea9412e86eec66dc85bbacaaf@%3Ccommits.cxf.apache.org%3E
- https://lists.apache.org/thread.html/rbc7642b9800249553f13457e46b813bea1aec99d2bc9106510e00ff3@%3Ctorque-dev.db.apache.org%3E
- https://lists.apache.org/thread.html/rc2dbc4633a6eea1fcbce6831876cfa17b73759a98c65326d1896cb1a@%3Ctorque-dev.db.apache.org%3E
- https://lists.apache.org/thread.html/rd5d58088812cf8e677d99b07f73c654014c524c94e7fedbdee047604@%3Ctorque-dev.db.apache.org%3E
- https://snyk.io/vuln/SNYK-JAVA-COMGOOGLEGUAVA-1015415
- https://github.com/google/guava/issues/2575
- https://github.com/google/guava/releases/tag/v32.0.0
- https://www.oracle.com/security-alerts/cpuoct2023.html
- https://logback.qos.ch/news.html#1.3.12
- https://go.dev/issue/55949
- https://pkg.go.dev/vuln/GO-2022-1039
- https://go.dev/cl/439356
- https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290
- https://pkg.go.dev/vuln/GO-2022-0533
- https://go.dev/cl/401595
- https://go.dev/issue/52476
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=47c29d69212911f50bdcdd0564b5999a559010d4
- https://lore.kernel.org/all/CAHk-=whcaHLNpb7Mu_QX7ABwPgyRyfW-V8=v4Mv0S22fpjY4JQ@mail.gmail.com/
- https://lore.kernel.org/lkml/20230309174728.233732-1-zyytlz.wz@163.com/
- https://github.com/torvalds/linux/commit/47c29d69212911f50bdcdd0564b5999a559010d4
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.9
- https://seclists.org/oss-sec/2023/q1/200
- https://lore.kernel.org/lkml/20230309074645.74309-1-wzhmmmmm@gmail.com/
- https://www.zerodayinitiative.com/advisories/ZDI-23-442/
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=180a6a3ee60a
- https://www.zerodayinitiative.com/advisories/ZDI-23-441/
- https://github.com/torvalds/linux/commit/05b252cccb2e5c3f56119d25de684b4f810ba4
- https://kernel.dance/#6921ed9049bc7457f66c1596c5b78aec0dae4a9d
- https://github.com/google/security-research/security/advisories/GHSA-mj4w-6495-6crx
- https://github.com/torvalds/linux/commit/6921ed9049bc7457f66c1596c5b78aec0dae4a9d
- https://lore.kernel.org/all/20230312160837.2040857-1-zyytlz.wz@163.com/
- https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=f132c2d13088
- https://lore.kernel.org/all/20230318122758.2140868-1-linux@roeck-us.net/
- https://lore.kernel.org/all/20230316161526.1568982-1-zyytlz.wz@163.com/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2e7eab81425ad6c875f2ed47c0ce01e78afc38a5
- https://kernel.dance/#2e7eab81425a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
- https://bugzilla.redhat.com/show_bug.cgi?id=2177382
- https://lore.kernel.org/netdev/e04315e7c90d9a75613f3993c2baf2d344eef7eb.camel@redhat.com/
- https://lore.kernel.org/netdev/CAO4mrfdvyjFpokhNsiwZiP-wpdSD0AStcJwfKcKQdAALQ9_2Qw@mail.gmail.com/
- https://kernel.dance/fd0815f632c24878e325821943edccc7fde947a2
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fd0815f632c24878e325821943edccc7fde947a2
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.3
- https://github.com/torvalds/linux/commit/3ba880a12df5aa4488c18281701b5b1bc3d4531a
- https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang@redhat.com/T/
- https://access.redhat.com/security/cve/cve-2023-1652
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e2a1256b17b16f9b9adf1b6fea56819e7b68e463
- https://sourceware.org/bugzilla/show_bug.cgi?id=27398
- https://bugzilla.redhat.com/show_bug.cgi?id=2181342
- https://lore.kernel.org/linux-btrfs/35b9a70650ea947387cf352914a8774b4f7e8a6f.1679481128.git.fdmanana@suse.com/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZWECAZ7V7EPSXMINO6Q6KWNKDY2CO6ZW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5QCM6XO4HSPLGR3DFYWFRIA3GCBIHZR4/
- https://lore.kernel.org/linux-mm/Yg6ac8WlwtnDH6M0@kroah.com/
- https://bugzilla.redhat.com/show_bug.cgi?id=2179892
- https://github.com/torvalds/linux/commit/2c10b61421a28e95a46ab489fd56c0f442ff6952
- https://lore.kernel.org/kvm/20230214103304.3689213-1-gregkh@linuxfoundation.org/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee059170b1f7e94e55fa6cadee544e176a6e59c2
- https://kernel.dance/#ee059170b1f7e94e55fa6cadee544e176a6e59c2
- https://seclists.org/oss-sec/2023/q1/41
- https://lore.kernel.org/netdev/Y7s%2FFofVXLwoVgWt@westworld/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cb3e9864cdbe35ff6378966660edbcbac955fe17
- https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e
- https://bugzilla.redhat.com/show_bug.cgi?id=2156322
- https://www.spinics.net/lists/linux-rdma/msg114749.html
- https://github.com/torvalds/linux/commit/6b8b42585886c59a008015083282aae434349094
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.13
- https://bugzilla.redhat.com/show_bug.cgi?id=2177389
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0ed554fd769a19ea8464bb83e9ac201002ef74ad
- https://lore.kernel.org/lkml/CAO4mrfcPHB5aQJO=mpqV+p8mPLNg-Fok0gw8gZ=zemAfMGTzMg@mail.gmail.com/
- https://mirrors.edge.kernel.org/pub/linux/kernel/v3.
- https://www.zerodayinitiative.com/advisories/ZDI-23-547/
- https://bugzilla.redhat.com/show_bug.cgi?id=2196292
- http://www.openwall.com/lists/oss-security/2023/05/17/9
- http://www.openwall.com/lists/oss-security/2023/05/17/8
- http://www.openwall.com/lists/oss-security/2023/05/18/1
- https://github.com/torvalds/linux/commit/c1592a89942e9678f7d9c8030efa777c0d57edab
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1592a89942e9678f7d9c8030efa777c0d57edab
- https://www.openwall.com/lists/oss-security/2023/05/08/4
- https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13
- https://www.spinics.net/lists/stable-commits/msg294885.html
- https://www.debian.org/security/2023/dsa-5402
- https://www.zerodayinitiative.com/advisories/ZDI-24-593/
- https://lore.kernel.org/all/CA+UBctCu7fXn4q41O_3=id1+OdyQ85tZY1x+TkT-6OVBL6KAUw@mail.gmail.com/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6HIEOLEOURP4BJZMIL7UGGPYRRB44UDN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AOATNX5UFL7V7W2QDIQKOHFFHYKWFP4W/
- https://github.com/torvalds/linux/commit/112e66017bff7f2837030f34c2bc19501e9212d5
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.8
- https://git.kernel.org/pub/scm/linux/kernel/git/arm64/linux.git/commit/?id=0e5d5ae837c8
- https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html
- https://github.com/torvalds/linux/commit/67d7d8ad99be
- https://lore.kernel.org/all/20220616021358.2504451-1-libaokun1@huawei.com/
- https://bugzilla.redhat.com/show_bug.cgi?id=2193097
- https://bugzilla.redhat.com/show_bug.cgi?id=2192667
- https://github.com/torvalds/linux/commit/6b6bc5b8bd2d
- https://lore.kernel.org/lkml/ZD1xyZxb3rHot8PV@redhat.com/t/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63AJUCJTZCII2JMAF7MGZEM66KY7IALT/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FBLBKW2WM5YSTS6OGEU5SYHXSJ5EWSTV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IXHBLWYNSUBS77TYPOJTADPDXKBH2F4U/
- https://www.spinics.net/lists/linux-scsi/msg181542.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html
- https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html
- https://seclists.org/oss-sec/2023/q2/62
- https://lore.kernel.org/linux-xfs/20230412214034.GL3223426
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=06615d11cc78162dfd5116efb71f29eb29502d37
- https://bugzilla.suse.com/show_bug.cgi?id=1210329
- https://seclists.org/oss-sec/2023/q2/31
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f81f5b2db869
- https://lore.kernel.org/linux-bluetooth/20230416081404.8227-1-lrh2000
- https://lore.kernel.org/linux-bluetooth/20230416080251.7717-1-lrh2000
- https://bugzilla.redhat.com/show_bug.cgi?id=2177371
- https://lore.kernel.org/netdev/bc7bd3183f1c275c820690fc65b708238fe9e38e.1668807842.git.lucien.xin@gmail.com/T/#u
- https://seclists.org/oss-sec/2023/q1/141
- https://seclists.org/oss-sec/2023/q1/123
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4ab3a086d10eeec1424f2e8a968827a6336203df
- https://lore.kernel.org/linux-media/20221121063308.GA33821@ubuntu/T/#u
- https://security.netapp.com/advisory/ntap-20230113-0008/
- https://lore.kernel.org/linux-media/20221115131822.6640-5-imv4bel@gmail.com/
- https://lore.kernel.org/linux-media/20221115131822.6640-1-imv4bel@gmail.com/
- https://security.netapp.com/advisory/ntap-20230113-0006/
- https://lore.kernel.org/linux-media/20221115131822.6640-3-imv4bel@gmail.com/
- https://lore.kernel.org/linux-media/20221115131822.6640-2-imv4bel@gmail.com/
- https://lore.kernel.org/linux-media/20221115131822.6640-4-imv4bel@gmail.com/
- https://lore.kernel.org/netdev/33dc43f587ec1388ba456b4915c75f02a8aae226.1663945716.git.dcaratti%40redhat.com/
- https://01.org/security/advisories/intel-oss-10002
- https://seclists.org/oss-sec/2023/q1/53
- https://lore.kernel.org/all/20230125-hid-unregister-leds-v1-1-9a5192dcef16@diag.uniroma1.it/
- https://go.dev/cl/402257
- https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863
- https://go.dev/issue/52561
- https://pkg.go.dev/vuln/GO-2022-0477
- https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76
- https://github.com/grafana/grafana/releases/tag/v9.3.16
- https://github.com/grafana/grafana/releases/tag/v9.2.20
- https://grafana.com/security/security-advisories/cve-2023-3128/
- https://github.com/go-yaml/yaml/issues/666
- https://bugzilla.redhat.com/show_bug.cgi?id=2100495
- https://go.dev/cl/442235
- https://go.dev/issue/56152
- https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ
- https://pkg.go.dev/vuln/GO-2022-1059
- https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU
- https://go.dev/issue/52313
- https://bugzilla.redhat.com/show_bug.cgi?id=2084085
- https://github.com/golang/go/issues/50058
- https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ
- https://pkg.go.dev/vuln/GO-2022-1144
- https://go.dev/cl/455717
- https://go.dev/issue/56350
- https://go.dev/cl/455635
- https://groups.google.com/g/golang-announce/c/wPunbCPkWUg
- https://github.com/golang/net/commit/37e1c6afe02340126705deced573a85ab75209d7
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4CHKSFMHZVOBCZSSVRE3UEYNKARTBMTM/
- https://groups.google.com/g/golang-announce/c/x49AQzIVX-s
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/
- https://go.dev/cl/468135
- https://go.dev/issue/57855
- https://go.dev/cl/468295
- https://pkg.go.dev/vuln/GO-2023-1571
- https://pkg.go.dev/vuln/GO-2021-0356
- https://grafana.com/security/security-advisories/cve-2023-2801/
- https://groups.google.com/g/golang-announce/c/-cp44ypCT5s
- https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr
- https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-8pgv-569h-w5rw
- https://github.com/open-telemetry/opentelemetry-go-contrib/pull/4322
- https://github.com/open-telemetry/opentelemetry-go-contrib/commit/b44dfc9092b157625a5815cb437583cee663333b
- https://github.com/open-telemetry/opentelemetry-go-contrib/blob/9d4eb7e7706038b07d33f83f76afbe13f53d171d/instrumentation/google.golang.org/grpc/otelgrpc/interceptor.go#L327
- https://github.com/open-telemetry/opentelemetry-go-contrib/blob/instrumentation/google.golang.org/grpc/otelgrpc/v0.45.0/instrumentation/google.golang.org/grpc/otelgrpc/config.go#L138
- https://pkg.go.dev/go.opentelemetry.io/otel/metric/noop#NewMeterProvider
- https://go.dev/issue/62198
- https://go.dev/issue/62266
- https://pkg.go.dev/vuln/GO-2022-1143
- https://go.dev/cl/455716
- https://go.dev/issue/56694
- https://pkg.go.dev/vuln/GO-2023-1568
- https://go.dev/cl/468123
- https://go.dev/issue/57274
- https://go.dev/issue/20654
- https://go.dev/cl/326012/26
- https://groups.google.com/g/golang-announce/c/QMK8IQALDvA
- https://people.redhat.com/~hkario/marvin/
- https://pkg.go.dev/vuln/GO-2023-2375
- https://security.netapp.com/advisory/ntap-20240112-0005/
- https://github.com/free5gc/udm/pull/20
- https://github.com/free5gc/udm/compare/v1.1.1...v1.2.0
- https://www.gsma.com/security/wp-content/uploads/2023/10/0073-invalid_curve.pdf
- https://grafana.com/security/security-advisories/cve-2023-2183/
- https://github.com/grafana/bugbounty/security/advisories/GHSA-cvm3-pp2j-chr3
- https://security.netapp.com/advisory/ntap-20230706-0002/
- https://github.com/grafana/grafana/security/advisories/GHSA-7rqg-hjwc-6mjf
- https://github.com/torvalds/linux/commit/15342f930ebebcfe36f2415049736a77d7d2e045
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.19
- https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
- https://github.com/torvalds/linux/commit/fa0ef93868a6062babe1144df2807a8b1d4924d2
- https://github.com/torvalds/linux/commit/045a31b95509c8f25f5f04ec5e0dec5cd09f2c5f
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.0.3
- https://github.com/torvalds/linux/commit/c24968734abfed81c8f93dc5f44a7b7a9aecadfa
- https://github.com/torvalds/linux/commit/29b0589a865b6f66d141d79b2dd1373e4e50fe17
- https://github.com/torvalds/linux/commit/580077855a40741cf511766129702d97ff02f4d9
- https://bugzilla.redhat.com/show_bug.cgi?id=2173973
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=f753a68980cf4b59a80fe677619da2b1804f526d
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2023-1078
- https://bugzilla.suse.com/show_bug.cgi?id=1208603
- https://bugzilla.suse.com/show_bug.cgi?id=1208601
- https://seclists.org/oss-sec/2023/q1/124
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=66b2c338adce580dfce2199591e65e2bab889cff
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=a096ccca6e503a5c575717ff8a36ace27510ab0a
- https://seclists.org/oss-sec/2023/q1/125
- https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=ffe2a22562444720b05bdfeb999c03e810d84cbb
- https://vuldb.com/?id.211020
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=16ce101db85db694a91380aa4c89b25530871d33
- https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.1.13
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fda6c89fe3d9aca073495a664e1d5aea28cd4377
- https://github.com/torvalds/linux/commit/fda6c89fe3d9aca073495a664e1d5aea28cd4377
- https://security.netapp.com/advisory/ntap-20230316-0009/
- https://patchwork.kernel.org/project/linux-wireless/patch/20230110173007.57110-1-szymon.heidrich@gmail.com/
- https://git.kernel.org/linus/97e3d26b5e5f371b3ee223d94dd123e6c442ba80
- https://mirrors.edge.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2
- https://github.com/BrotherOfJhonny/grafana/blob/main/README.md
- https://github.com/grafana/grafana/issues/50336
- https://ubuntu.com/security/CVE-2023-0461
- https://github.com/es0j/CVE-2023-0045
- https://bugzilla.redhat.com/show_bug.cgi?id=2167288
- https://bugzilla.openanolis.cn/show_bug.cgi?id=2073
- https://bugzilla.openanolis.cn/show_bug.cgi?id=2071
- https://github.com/kubernetes/kubernetes/issues/121879
- https://groups.google.com/g/kubernetes-security-announce/c/SL_d4NR8pzA
- https://github.com/kubernetes/kubernetes/issues/81114
- https://security.netapp.com/advisory/ntap-20190919-0003/
- https://github.com/kubernetes/kubernetes/pull/81330/commits/010d8382642119c73cb2405286b347c08d704287#diff-f5423923c5f61f08517f3eb0014e48ee
- https://github.com/netty/netty/security/advisories/GHSA-6mjq-h674-j845
- https://github.com/helm/helm/security/advisories/GHSA-pwcw-6f5g-gxf8
- https://lists.gnu.org/archive/html/grub-devel/2023-10/msg00028.html