The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2020-29362 | An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been discovered in the RPC protocol used by thep11-kit server/remote commands and the client library. When the remote entity supplies a byte array through a serialized PKCS#11 function call, the receiving entity may allow the reading of up to 4 bytes of memory past the heap allocation. | MEDIUM | Dec 16, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
| CVE-2019-6111 | An issue was discovered in OpenSSH 7.9. Due to the scp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the scp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious scp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the scp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). | MEDIUM | Jan 14, 2019 | 10.17.41.15 (Wind River Linux LTS 17) |
| CVE-2019-6109 | An issue was discovered in OpenSSH 7.9. Due to missing character encoding in the progress display, a malicious server (or Man-in-The-Middle attacker) can employ crafted object names to manipulate the client output, e.g., by using ANSI control codes to hide additional files being transferred. This affects refresh_progress_meter() in progressmeter.c. | MEDIUM | Jan 14, 2019 | 10.17.41.15 (Wind River Linux LTS 17) |
| CVE-2019-13565 | An issue was discovered in OpenLDAP 2.x before 2.4.48. When using SASL authentication and session encryption, and relying on the SASL security layers in slapd access controls, it is possible to obtain access that would otherwise be denied via a simple bind for any identity covered in those ACLs. After the first SASL bind is completed, the sasl_ssf value is retained for all new non-SASL connections. Depending on the ACL configuration, this can affect different types of operations (searches, modifications, etc.). In other words, a successful authorization step completed by one user affects the authorization requirement for a different user. | MEDIUM | Jul 26, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
| CVE-2017-17840 | An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation. | MEDIUM | Dec 27, 2017 | 10.17.41.3 (Wind River Linux LTS 17) |
| CVE-2018-17204 | An issue was discovered in Open vSwitch (OvS) 2.7.x through 2.7.6, affecting parse_group_prop_ntr_selection_method in lib/ofp-util.c. When decoding a group mod, it validates the group type and command after the whole group mod has been decoded. The OF1.5 decoder, however, tries to use the type and command earlier, when it might still be invalid. This causes an assertion failure (via OVS_NOT_REACHED). ovs-vswitchd does not enable support for OpenFlow 1.5 by default. | MEDIUM | Sep 19, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2017-9227 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching. Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as an out-of-bounds read from a stack buffer. | HIGH | Jun 2, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-9224 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer. | HIGH | Jun 2, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-9229 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in left_adjust_char_head() during regular expression compilation. Invalid handling of reg->dmax in forward_search_range() could result in an invalid pointer dereference, normally as an immediate denial-of-service condition. | MEDIUM | Jun 2, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-9226 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of \'\\700\' would produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds write memory corruption. | HIGH | Jun 2, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2017-9228 | An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write occurs in bitset_set_range() during regular expression compilation due to an uninitialized variable from an incorrect state transition. An incorrect state transition in parse_char_class() could create an execution path that leaves a critical local variable uninitialized until it\'s used as an index, resulting in an out-of-bounds write memory corruption. | HIGH | Jun 2, 2017 | 10.17.41.1 (Wind River Linux LTS 17) |
| CVE-2019-16746 | An issue was discovered in net/wireless/nl80211.c in the Linux kernel through 5.2.17. It does not check the length of variable elements in a beacon head, leading to a buffer overflow. | High | Sep 24, 2019 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2019-18805 | An issue was discovered in net/ipv4/sysctl_net_ipv4.c in the Linux kernel before 5.0.11. There is a net/ipv4/tcp_input.c signed integer overflow in tcp_ack_update_rtt() when userspace writes a very large integer to /proc/sys/net/ipv4/tcp_min_rtt_wlen, leading to a denial of service or possibly unspecified other impact, aka CID-19fad20d15a6. | HIGH | Nov 14, 2019 | 10.17.41.19 (Wind River Linux LTS 17) |
| CVE-2021-39537 | An issue was discovered in ncurses through v6.2-1. _nc_captoinfo in captoinfo.c has a heap-based buffer overflow. | MEDIUM | Sep 20, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2022-23833 | An issue was discovered in MultiPartParser in Django 2.2 before 2.2.27, 3.2 before 3.2.12, and 4.0 before 4.0.2. Passing certain inputs to multipart forms could result in an infinite loop when parsing files. | MEDIUM | Feb 11, 2022 | 10.17.41.26 (Wind River Linux LTS 17) |
| CVE-2018-19052 | An issue was discovered in mod_alias_physical_handler in mod_alias.c in lighttpd before 1.4.50. There is potential ../ path traversal of a single directory above an alias target, with a specific mod_alias configuration where the matched alias lacks a trailing \'/\' character, but the alias target filesystem path does have a trailing \'/\' character. | MEDIUM | Nov 7, 2018 | 10.17.41.15 (Wind River Linux LTS 17) |
| CVE-2018-5710 | An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The pre-defined function strlen is getting a NULL string as a parameter value in plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in the Key Distribution Center (KDC), which allows remote authenticated users to cause a denial of service (NULL pointer dereference) via a modified kadmin client. | MEDIUM | Jan 16, 2018 | 10.17.41.15 (Wind River Linux LTS 17) |
| CVE-2021-22543 | An issue was discovered in Linux: KVM through Improper handling of VM_IO|VM_PFNMAP vmas in KVM can bypass RO checks and can lead to pages being freed while still accessible by the VMM and guest. This allows users with the ability to start and control a VM to read/write random pages of memory and can result in local privilege escalation. | MEDIUM | May 27, 2021 | 10.17.41.25 (Wind River Linux LTS 17) |
| CVE-2022-40303 | An issue was discovered in libxml2 before 2.10.3. When parsing a multi-gigabyte XML document with the XML_PARSE_HUGE parser option enabled, several integer counters can overflow. This results in an attempt to access an array at a negative 2GB offset, typically leading to a segmentation fault. | LOW | Oct 23, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2022-40304 | An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. | LOW | Oct 15, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2018-14599 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c is vulnerable to an off-by-one error caused by malicious server responses, leading to DoS or possibly unspecified other impact. | HIGH | Aug 25, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
| CVE-2018-14600 | An issue was discovered in libX11 through 1.6.5. The function XListExtensions in ListExt.c interprets a variable as signed instead of unsigned, resulting in an out-of-bounds write (of up to 128 bytes), leading to DoS or remote code execution. | HIGH | Aug 25, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
| CVE-2018-18661 | An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tif_lzw.c. | MEDIUM | Oct 26, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-17100 | An issue was discovered in LibTIFF 4.0.9. There is a int32 overflow in multiply_ms in tools/ppm2tiff.c, which can cause a denial of service (crash) or possibly have unspecified other impact via a crafted image file. | MEDIUM | Sep 16, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
| CVE-2018-17101 | An issue was discovered in LibTIFF 4.0.9. There are two out-of-bounds writes in cpTags in tools/tiff2bw.c and tools/pal2rgb.c, which can cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image file. | MEDIUM | Sep 16, 2018 | 10.17.41.12 (Wind River Linux LTS 17) |
| CVE-2018-19432 | An issue was discovered in libsndfile 1.0.28. There is a NULL pointer dereference in the function sf_write_int in sndfile.c, which will lead to a denial of service. | MEDIUM | Nov 24, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2018-19661 | An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2ulaw_array in ulaw.c that will lead to a denial of service. | Medium | Dec 18, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2018-19662 | An issue was discovered in libsndfile 1.0.28. There is a buffer over-read in the function i2alaw_array in alaw.c that will lead to a denial of service. | Medium | Dec 18, 2018 | 10.17.41.14 (Wind River Linux LTS 17) |
| CVE-2020-13113 | An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. | MEDIUM | May 21, 2020 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2020-13112 | An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. | MEDIUM | May 21, 2020 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2020-13114 | An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. | MEDIUM | May 22, 2020 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2020-29370 | An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. | MEDIUM | Nov 28, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
| CVE-2018-12581 | An issue was discovered in js/designer/move.js in phpMyAdmin before 4.8.2. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted database name to trigger an XSS attack when that database is referenced from the Designer feature. | MEDIUM | Jun 21, 2018 | 10.17.41.9 (Wind River Linux LTS 17) |
| CVE-2019-12381 | An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: this is disputed because new_ra is never used if it is NULL | Medium | Jun 9, 2019 | 10.17.41.17 (Wind River Linux LTS 17) |
| CVE-2019-12378 | An issue was discovered in ip6_ra_control in net/ipv6/ipv6_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service (NULL pointer dereference and system crash). NOTE: This has been disputed as not an issue | High | Oct 11, 2019 | 10.17.41.17 (Wind River Linux LTS 17) |
| CVE-2020-10531 | An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. | MEDIUM | Mar 12, 2020 | 10.17.41.21 (Wind River Linux LTS 17) |
| CVE-2022-39188 | An issue was discovered in include/asm-generic/tlb.h in the Linux kernel before 5.19. Because of a race condition (unmap_mapping_range versus munmap), a device driver can free a page while it still has stale TLB entries. This only occurs in situations with VM_PFNMAP VMAs. | -- | Sep 2, 2022 | 10.17.41.27 (Wind River Linux LTS 17) |
| CVE-2019-20175 | An issue was discovered in ide_dma_cb() in hw/ide/core.c in QEMU 2.4.0 through 4.2.0. The guest system can crash the QEMU process in the host system via a special SCSI_IOCTL_SEND_COMMAND. It hits an assertion that implies that the size of successful DMA transfers there must be a multiple of 512 (the size of a sector). NOTE: a member of the QEMU security team disputes the significance of this issue because a privileged guest user has many ways to cause similar DoS effect, without triggering this assert. | MEDIUM | Jan 15, 2020 | 10.17.41.20 (Wind River Linux LTS 17) |
| CVE-2021-3121 | An issue was discovered in GoGo Protobuf before 1.3.2. plugin/unmarshal/unmarshal.go lacks certain index validation, aka the skippy peanut butter issue. | HIGH | Jan 14, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
| CVE-2020-24659 | An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application\'s error handling path, where the gnutls_deinit function is called after detecting a handshake failure. | MEDIUM | Sep 6, 2020 | 10.17.41.23 (Wind River Linux LTS 17) |
| CVE-2018-6951 | An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuit_diff_type function in pch.c, aka a mangled rename issue. | MEDIUM | Feb 16, 2018 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2016-10713 | An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file. | MEDIUM | Feb 20, 2018 | 10.17.41.5 (Wind River Linux LTS 17) |
| CVE-2019-9071 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a stack consumption issue in d_count_templates_scopes in cp-demangle.c after many recursive calls. | Medium | Mar 15, 2019 | 10.17.41.16 (Wind River Linux LTS 17) |
| CVE-2019-9070 | An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.32. It is a heap-based buffer over-read in d_expression_1 in cp-demangle.c after many recursive calls. | Medium | Mar 15, 2019 | 10.17.41.16 (Wind River Linux LTS 17) |
| CVE-2018-18751 | An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt. | HIGH | Oct 29, 2018 | 10.17.41.13 (Wind River Linux LTS 17) |
| CVE-2019-9077 | An issue was discovered in GNU Binutils 2.32. It is a heap-based buffer overflow in process_mips_specific in readelf.c via a malformed MIPS option section. | Medium | Mar 15, 2019 | 10.17.41.16 (Wind River Linux LTS 17) |
| CVE-2019-12447 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. | High | May 29, 2019 | 10.17.41.17 (Wind River Linux LTS 17) |
| CVE-2019-12449 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file\'s user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. | High | May 29, 2019 | 10.17.41.17 (Wind River Linux LTS 17) |
| CVE-2019-12448 | An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn\'t implement query_info_on_read/write. | Medium | May 29, 2019 | 10.17.41.17 (Wind River Linux LTS 17) |
| CVE-2021-27218 | An issue was discovered in GNOME GLib before 2.66.7 and 2.67.x before 2.67.4. If g_byte_array_new_take() was called with a buffer of 4GB or more on a 64-bit platform, the length would be truncated modulo 2**32, causing unintended length truncation. | MEDIUM | Feb 16, 2021 | 10.17.41.24 (Wind River Linux LTS 17) |
