The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2015-9262 | _XcursorThemeInherits in library.c in libXcursor before 1.1.15 allows remote attackers to cause denial of service or potentially code execution via a one-byte heap overflow. | HIGH | Aug 7, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
| CVE-2019-14973 | _TIFFCheckMalloc and _TIFFCheckRealloc in tif_aux.c in LibTIFF through 4.0.10 mishandle Integer Overflow checks because they rely on compiler behavior that is undefined by the applicable C standards. This can, for example, lead to an application crash. | Medium | Aug 25, 2019 | 10.17.41.20 (Wind River Linux LTS 17) |
| CVE-2018-18065 | _set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service. | MEDIUM | Oct 8, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2017-14938 | _bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) via a crafted ELF file. | Medium | Oct 3, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2017-15225 | _bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, allows remote attackers to cause a denial of service (memory leak) via a crafted ELF file. | MEDIUM | Oct 10, 2017 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2022-37434 | zlib through 1.2.12 has a heap-based buffer over-read or buffer overflow in inflate in inflate.c via a large gzip header extra field. NOTE: only applications that call inflateGetHeader are affected. Some common applications bundle the affected zlib source code but may be unable to call inflateGetHeader (e.g., see the nodejs/node reference). | LOW | Aug 6, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2018-25032 | zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches. | MEDIUM | Mar 26, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2020-11800 | Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | HIGH | Oct 7, 2020 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-24130 | xterm through Patch 370, when Sixel support is enabled, allows attackers to trigger a buffer overflow in set_sixel in graphics_sixel.c via crafted text. | LOW | Feb 7, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-27135 | xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via a crafted UTF-8 combining character sequence. | HIGH | Feb 16, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-45088 | XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. | MEDIUM | Dec 16, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2017-12177 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ProcDbeGetVisualInfo function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-12179 | xorg-x11-server before 1.19.5 was vulnerable to integer overflow in (S)ProcXIBarrierReleasePointer functions allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-12184 | xorg-x11-server before 1.19.5 was missing length validation in XINERAMA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-12180 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 VidModeExtension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-12182 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DRI extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-12181 | xorg-x11-server before 1.19.5 was missing length validation in XFree86 DGA extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-12183 | xorg-x11-server before 1.19.5 was missing length validation in XFIXES extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-12186 | xorg-x11-server before 1.19.5 was missing length validation in X-Resource extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-12187 | xorg-x11-server before 1.19.5 was missing length validation in RENDER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-12185 | xorg-x11-server before 1.19.5 was missing length validation in MIT-SCREEN-SAVER extension allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-12176 | xorg-x11-server before 1.19.5 was missing extra length validation in ProcEstablishConnection function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2017-12178 | xorg-x11-server before 1.19.5 had wrong extra length check in ProcXIChangeHierarchy function allowing malicious X client to cause X server to crash or possibly execute arbitrary code. | HIGH | Jan 24, 2018 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2022-25235 | xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context. | HIGH | Feb 19, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2020-7595 | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | MEDIUM | Feb 15, 2020 | 10.17.41.20 (Wind River Linux LTS 17) |
| CVE-2019-20388 | xmlSchemaPreRun in xmlschemas.c in libxml2 2.9.10 allows an xmlSchemaValidateStream memory leak. | MEDIUM | Feb 15, 2020 | 10.17.41.20 (Wind River Linux LTS 17) |
| CVE-2019-19956 | xmlParseBalancedChunkMemoryRecover in parser.c in libxml2 before 2.9.10 has a memory leak related to newDoc->oldNs. | MEDIUM | Dec 26, 2019 | 10.17.41.20 (Wind River Linux LTS 17) |
| CVE-2022-25236 | xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs. | HIGH | Feb 19, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2017-14632 | Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing uninitialized memory in the function vorbis_analysis_headerout() in info.c when vi->channels<=0, a similar issue to Mozilla bug 550184. | HIGH | Sep 21, 2017 | 10.17.41.3 (Wind River Linux LTS 17) |
| CVE-2022-32278 | XFCE 4.16 allows attackers to execute arbitrary code because xdg-open can execute a .desktop file on an attacker-controlled FTP server. | MEDIUM | Jun 14, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2018-12436 | wolfcrypt/src/ecc.c in wolfSSL before 3.15.1.patch allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. | LOW | Jun 14, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
| CVE-2017-13078 | Wi-Fi Protected Access (WPA and WPA2) allowsreinstallation of the group key in the Four-way handshake. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13086 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Tunneled Direct-Link Setup (TDLS) PeerKey (TPK) key in the TDLS handshake. | MEDIUM | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13077 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the pairwise key in the four-way handshake. | MEDIUM | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13081 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the integrity group key in the Group Key handshake. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13079 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the integrity group key in the Four-way handshake. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13088 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the integrity group key (IGTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13080 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the group key in the Group Key handshake. | LOW | Oct 16, 2017 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2017-13087 | Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the group key (GTK) when processing a Wireless Network Management (WNM) Sleep Mode Response frame. | LOW | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-13082 | Wi-Fi Protected Access (WPA and WPA2) accepting a retransmitted Fast BSS Transition Reassociation Request and reinstalling the pairwise key while processing it. | MEDIUM | Oct 16, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-3735 | While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL since then. | MEDIUM | Aug 30, 2017 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2019-11038 | When using the gdImageCreateFromXbm() function in the GD Graphics Library (aka LibGD) 2.2.5, as used in the PHP GD extension in PHP versions 7.1.x below 7.1.30, 7.2.x below 7.2.19 and 7.3.x below 7.3.6, it is possible to supply data that will cause the function to use the value of uninitialized variable. This may lead to disclosing contents of the stack that has been left there by previous code. | Medium | Jun 20, 2019 | 10.17.41.17 (Wind River Linux LTS 17) |
| CVE-2020-7059 | When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. | MEDIUM | Feb 11, 2020 | 10.17.41.20 (Wind River Linux LTS 17) |
| CVE-2020-7060 | When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash. | MEDIUM | Feb 11, 2020 | 10.17.41.20 (Wind River Linux LTS 17) |
| CVE-2021-23214 | When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication, a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established, despite the use of SSL certificate verification and encryption. | MEDIUM | Nov 9, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-33656 | When setting font with malicous data by ioctl cmd PIO_FONT,kernel will write memory out of bounds. | -- | Jul 19, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2021-33655 | When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,kernel will write memory out of bounds. | -- | Jul 23, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-3775 | When rendering certain unicode sequences, grub2\'s font code doesn\'t proper validate if the informed glyph\'s width and height is constrained within bitmap size. As consequence an attacker can craft an input which will lead to a out-of-bounds write into grub2\'s heap, leading to memory corruption and availability issues. Although complex, arbitrary code execution could not be discarded. | -- | Nov 17, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2019-11036 | When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. | Medium | May 11, 2019 | 10.17.41.16 (Wind River Linux LTS 17) |
| CVE-2019-11034 | When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_process_IFD_TAG function. This may lead to information disclosure or crash. | Medium | May 2, 2019 | 10.17.41.16 (Wind River Linux LTS 17) |
