The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2021-3928 | vim is vulnerable to Use of Uninitialized Variable | MEDIUM | Nov 5, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-4192 | vim is vulnerable to Use After Free | MEDIUM | Jan 1, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4069 | vim is vulnerable to Use After Free | MEDIUM | Dec 9, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-3974 | vim is vulnerable to Use After Free | MEDIUM | Nov 19, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-3796 | vim is vulnerable to Use After Free | MEDIUM | Sep 15, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-4193 | vim is vulnerable to Out-of-bounds Read | MEDIUM | Jan 1, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0213 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Jan 15, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-4019 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Dec 4, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-3984 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Dec 3, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-3973 | vim is vulnerable to Heap-based Buffer Overflow | HIGH | Nov 19, 2021 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-3927 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Nov 5, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3903 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Oct 28, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3872 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Oct 23, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3875 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Oct 15, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2021-3778 | vim is vulnerable to Heap-based Buffer Overflow | MEDIUM | Sep 15, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2020-8991 | vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad memory leak, as demonstrated by running pvs. NOTE: RedHat disputes CVE-2020-8991 as not being a vulnerability since there’s no apparent route to either privilege escalation or to denial of service through the bug | MEDIUM | Feb 20, 2020 | 10.17.41.20 (Wind River Linux LTS 17) |
| CVE-2022-23308 | valid.c in libxml2 before 2.9.13 has a use-after-free of ID and IDREF attributes. | MEDIUM | Feb 21, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2018-19489 | v9fs_wstat in hw/9pfs/9p.c in QEMU allows guest OS users to cause a denial of service (crash) because of a race condition during file renaming. | LOW | Nov 25, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2020-10188 | utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions. | HIGH | Mar 6, 2020 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2018-6764 | util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module. | MEDIUM | Feb 23, 2018 | 10.17.41.6 (Wind River Linux LTS 17) |
| CVE-2020-8617 | Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. | MEDIUM | May 22, 2020 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2017-13711 | Use-after-free vulnerability in the sofree function in slirp/socket.c in QEMU (aka Quick Emulator) allows attackers to cause a denial of service (QEMU instance crash) by leveraging failure to properly clear ifq_so from pending packets. | Medium | Sep 5, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-0861 | Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors. | MEDIUM | Nov 16, 2017 | 10.17.41.10 (Wind River Linux LTS 17) |
| CVE-2017-14746 | Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote attackers to execute arbitrary code via a crafted SMB1 request. | HIGH | Nov 27, 2017 | 10.17.41.4 (Wind River Linux LTS 17) |
| CVE-2020-15436 | Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | HIGH | Nov 23, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
| CVE-2017-17975 | Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label\'s code attempts to both access and free this data structure. | MEDIUM | Jan 2, 2018 | 10.17.41.7 (Wind River Linux LTS 17) |
| CVE-2022-0729 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4440. | MEDIUM | Feb 25, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0685 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4418. | MEDIUM | Feb 20, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0554 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-23134 | Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.4 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. | MEDIUM | May 10, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
| CVE-2022-1154 | Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. | HIGH | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2021-41043 | Use after free in tcpslice triggers AddressSanitizer, no other confirmed impact. | MEDIUM | Jan 5, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2017-15412 | Use after free in libxml2 before 2.9.5, as used in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | MEDIUM | Aug 28, 2018 | 10.17.41.11 (Wind River Linux LTS 17) |
| CVE-2022-3256 | Use After Free in GitHub repository vim/vim prior to 9.0.0530. | -- | Sep 23, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2345 | Use After Free in GitHub repository vim/vim prior to 9.0.0046. | MEDIUM | Jul 8, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-2289 | Use After Free in GitHub repository vim/vim prior to 9.0. | MEDIUM | Jul 3, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1796 | Use After Free in GitHub repository vim/vim prior to 8.2.4979. | MEDIUM | May 20, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1968 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Jun 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-1898 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | May 27, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-0443 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-0413 | Use After Free in GitHub repository vim/vim prior to 8.2. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2022-1616 | Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | MEDIUM | May 8, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2020-12464 | usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. | HIGH | Apr 29, 2020 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2022-28388 | usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free. | MEDIUM | Apr 4, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2020-26137 | urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. | MEDIUM | Sep 30, 2020 | 10.17.41.24 (Wind River Linux LTS 17) |
| CVE-2019-9948 | urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for remote attackers to bypass protection mechanisms that blacklist file: URIs, as demonstrated by triggering a urllib.urlopen(\'local_file:///etc/passwd\') call. | Medium | Mar 25, 2019 | 10.17.41.16 (Wind River Linux LTS 17) |
| CVE-2020-25219 | url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. | MEDIUM | Sep 12, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
| CVE-2020-26154 | url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. | MEDIUM | Oct 9, 2020 | 10.17.41.24 (Wind River Linux LTS 17) |
| CVE-2018-19518 | University of Washington IMAP Toolkit 2007f on UNIX, as used in imap_open() in PHP and other products, launches an rsh command (by means of the imap_rimap function in c-client/imap4r1.c and the tcp_aopen function in osdep/unix/tcp_unix.c) without preventing argument injection, which might allow remote attackers to execute arbitrary OS commands if the IMAP server name is untrusted input (e.g., entered by a user of a web application) and if rsh has been replaced by a program with different argument semantics. For example, if rsh is a link to ssh (as seen on Debian and Ubuntu systems), then the attack can use an IMAP server name containing a -oProxyCommand argument. | HIGH | Nov 25, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2022-30631 | Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. | -- | Jun 1, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
